-----Original Message----- From: NIPC Watch To: daily@private Sent: 9/10/01 9:05 AM Subject: NIPC Daily Report for 10 September NIPC Daily Report, 10 September NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI Significant Changes and Assessment - No significant changes Private Sector - The U.S. Commerce Department said the Bureau of Export Administration had suspended the export privileges of InfoCom Corporation for at least six months because the company is suspected of violating U.S. export control laws. Officers of InfoCom were served with notice of the Commerce Department's action as the North Texas Joint Terrorism Task Force completed a three-day search of the Web-hosting business, which serves 500 clients in the U.S. and the Middle East. One of those clients is Holy Land Foundation for Relief and Development, a Palestinian charity that Israel has labeled a fund-raising arm of Hamas. The U.S. and Israel have labeled Hamas a terrorist organization. A task force spokeswoman said she could not comment on what was removed during the search of InfoCom, which involved dozens of officers from six federal agencies. No charges have been filed against InfoCom or its officers, although all were made subject to the Commerce Department's temporary export ban. (Source: Dallas Morning News, 8 September) Anti-virus firm McAfee.com has received numerous reports in South America and Europe of a variant of Magistr.a named W32/Magistr.b@mm. It has been rated "medium risk" for corporate and home users due to the number of reports coming from the two continents. So far McAfee.com has received relatively few reports coming from within the U.S. The problem for businesses though is that this virus is a mass-mailing virus that may delete .NTZ files and disable firewalls. The messages sent by the worm contain various subject headings, body text, and attachments. The body of the message is derived from the contents of other files on the victim's computer. It may send more than one attachment and may include non-.EXE or non-viral files along with an infectious .EXE file. From a sampling of some 150,000 computers, there has been a 12% infection rate worldwide, with 6% in South America, 12% in Europe, 10% Australia and 13% North America. (Source: Internet.com Corporation, 10 September) (NIPC Comment: W32/Magistr.b@mm was first reported in the 5 September NIPC Daily Report) Government - According to 2001 Technology Collection Trends in the U.S. Defense Industry report, 63 countries were involved in "suspicious" efforts to obtain sensitive U.S. technology with military applications last year, up more than 10% from 1999. The study by the Defense Security Service was based on reporting by companies cleared to do business with the Pentagon. Information systems topped the reported target list again last year followed by, in order, sensors and lasers, aeronautics systems, armaments and associated materials, and electronics. The report documented a steady rise in the number of countries whose companies, individuals, governments, or intelligence services were said to be improperly targeting classified U.S. technology or that requiring an export license. In 1999, 56 countries were linked to suspicious activity, up from 47 in 1998 and 37 in 1997. ( Source: Reuters, 7 September) The Attorney's office in New York said it's forming a Computer Hacking and Intellectual Property (CHIPs) unit to specialize in cybercrime. Five prosecutors will comprise the unit, which is one of 10 CHIPs units within the U.S. created in late July by U.S. Attorney General John Ashcroft. The New York CHIPs unit will focus on a variety of electronic crimes, including Internet and computer fraud, computer system break-ins, trade secrets theft and economic espionage, and criminal copyright and trademark offenses. (Source: InfoSec News, 7 September) The National Science Foundation (NSF) is creating a new research program to raise the basic level of security in commercial technology used by government and the public. The Trusted Computing program will aim to foster research on making information systems able to withstand internal and external security breaches. "As computer systems and computer networks are increasingly used to create, store, process, and transmit information that is critical to citizens, industry, government, and academia, the design and development of security, safe software and systems has become a fundamental problem," the announcement states. The basic problem is that as new and upgraded software is delivered more and more quickly to the commercial market, developers are not taking the time to put the products through the kind of testing needed to ensure a secure product. The Trusted Computing program seeks to establish research that will change the way software developers think about security. Between $4-6 million will be available for 20-25 grants each year. (Source: Federal Computer Weekly, 10 September) International - Half of China's Internet users have been affected by hackers in the past year alone, according to a survey cited by state media on 10 September, with most of the country's online population knowing little about computer security. The study showed an "alarming level of carelessness and ignorance about security among online users," the China Daily newspaper said. Almost half of those asked in the survey never changed their passwords for e-mail accounts, the China Internet Network Information Center found. "It is urgent to improve the awareness of Chinese citizens," the newspaper quoted the group's report as saying. The English-language daily did not specify what sort of hacking was involved. (Source: China Daily News, 10 September) UK firm ProCheckUp has developed an online tool to expose network security flaws by using artificial intelligence (AI) to mimic the actions of a hacker. However, experts question how successful the software will be at detecting security holes. Using an AI knowledge base, automated Web agents, protocol specialist programs, flaw verification and four levels of internal error correction, the ProCheckNet tool can bypass commercial intrusion-detection systems, penetrate firewalls, and evaluate the vulnerability of systems to DoS attacks, said the company. The tool then produces a report that alerts managers to potential security flaws and offers advice on how to fix them. (Source: ZDNet UK, 8 September) Military - After months of negotiations, Pentagon and Navy officials have crafted an agreement to provide conditional approval for the $6.9 billion Navy Marine Corps Intranet (NMCI) to proceed. The Navy and the Pentagon have been at loggerheads regarding the level of testing required to validate NMCI. Congress approved NMCI on the condition that the Navy institute a "strategic pause" after rolling out a percentage of desktops. The agreement seeks to let the Navy move forward with outsourcing its information technology infrastructure to lead vendor EDS Corp., and it lays parameters for the DoD CIO to conduct reviews at specific milestones before the project proceeds. (Source: Federal Computer Weekly, 10 September) U.S. SECTOR INFORMATION: Telecommunications - Cisco Systems Incorporated announced on 4 September it is expanding its intrusion protection offerings with the introduction of the Cisco IDS Host Sensor, a host-based solution for enterprise-wide intrusion protection, and enhancements to its network-based IDS software. Unlike traditional host-based intrusion detection systems (IDS), which log attacks but do nothing to prevent them, Cisco IDS Host Sensor software proactively detects malicious activity and blocks access to server resources before serious damage can occur. The software accomplishes this by intercepting system and API level calls to the operating system before the OS processes the calls. It then determines if the call is malicious or benign. If the call is malicious, the Cisco IDS Host Sensor's policy database dictates which preventative action should be taken, such as terminating the call, terminating the process that launched the call or sending out alerts about the suspicious activity. Cisco news and information are available at www.cisco.com. (Source: Cisco News Release, 4 September) Banking and Finance - NTR Transportation - NTR Emergency Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Electrical Power - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:39 PDT