-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, September 12, 2001 9:25 AM To: daily@private Subject: NIPC Daily Report 11-12 September 01 Importance: High Attached is a copy of the today's Daily Report dated September 11-12, 2001. Sincerely, NIPC WWU Please understand that this is for informational purposes only and does not constitute any verification f the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - The Federal Bureau of Investigation (FBI) Counterterrorism Division's National Threat Warning System issued a Terrorist Threat advisory titled "Terrorist Attacks Against Multiple Targets in New York City and Washington, D.C." In short, it stated the FBI has no information of any additional specific threats directed against additional targets or critical infrastructures in the United States, however, infrastructure owners and operators should be at a heightened state of alert and should implement appropriate security measures, both physical and cyber. The FBI has set up a special link on its Internet fraud tip site in order to solicit information about yesterday's terrorist attacks. The FBI's Internet Fraud Complaint Center, www.ifccfbi.gov, is a partnership between the FBI and the National White Collar Crime Center. As the name implies, the site is designed for people to report Internet-related fraud. After four US domestic flights were hijacked yesterday government officials called on the public to use the Web sites to report terrorist activity. The FBI has also established a FBI Tip Hotline 1-866-483-5137 and a Victim Hotline 1-800-331-0075. (Source: Newsbytes, 12 September) Private Sector - Microsoft corporation has released Microsoft Security Bulletin MS01-048: "Malformed request to Remote Procedure Call (RPC) endpoint mapper can cause RPC service to fail." The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. The Windows NT 4.0 endpoint mapper contains a flaw that causes it to fail upon receipt of a request that contains a particular type of malformed data. Because the endpoint mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service itself to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. Normal service could be restored by rebooting the server. Additional information on this bulletin and a patch to fix this vulnerability is available at the following URL: http://www.microsoft.com/technet/security/bulletin/MS01-048.asp. (Source: Microsoft, 10 September) Federal agents have seized 10 computers and other computer gear from the home of a Snoqualmie, Washington teen suspected of hacking into Sony's extremely popular online game "EverQuest." The hacking would have given him access to personal information on hundreds of thousands of players and Sony employees. Agents also say the hacker, who was 17 at the time, was able to access the home computer of the company's vice president of product development, and downloaded documents for an unreleased version of the popular role-playing fantasy game. Sony, which declined comment on the investigation, says the game is played by as many as 400,000 people worldwide and draws more than $50 million a year in revenue. To this date, no arrests have been made, and no charges have been filed. (Source: Seattle Times, 31 August) International - The president of the Korea Information Security Agency (KISA), Cho Hwi-kap, stated that KISA should become an integrated specialized agency that will lead the development of information security technology with stronger industry-academia-government collaboration. The agency is required by the new "Act on the Protection of Information Communication Infrastructure" to provide protection support. The agency is required to analyze and evaluate areas of weakness in financial services, transportation, and telecommunications networks. He stated that the agency's relocation to a bigger office at IT Venture Tower has laid the groundwork for KISA to live up to its role as an integrated information security protection agency. Under ongoing development are cryptographic technology and other technologies that are costly to develop over long periods of time. (Source: KPP, 10 September) The computer systems at Los Pinos, Mexico, were reportedly penetrated, all while the office of the Mexican National Security Advisor was working with various civilian and military agencies on the construction of an information protection strategy, aimed at safeguarding the Federal Government's sensitive information. In an interview with El Universal, the National Security advisor and commissioner of the order and respect office, Adolfo Aguilar Zinser, points out that the National Investigations and Security Center, the Defense and Navy Secretariats, the Bank of Mexico, and the National Banking and Securities Commission are working with his office to create an information protection system for the Federal Government, beginning with the Presidency of the Republic. Work is being done now on the possible introduction of military techniques, such as the encryption of information, or security action, such as compartmentalizing the information, and restricting its use, so that not all personnel can consult it. (Source: Mexico City El Universal, 10 September) Military - US Space Command has not yet detected an increase in cyberattacks either in conjunction with or following the 11 September terrorist attacks on the Pentagon and the World Trade Center. The theory within information warfare circles in recent years has been that a massive terrorist or state attack of this magnitude could be preceded by, conducted in concert with, or followed by massive cyber attacks on the nation's critical infrastructure. Those cyber attacks - especially if conducted prior to a physical attack - could theoretically disrupt banking and finance activities, military command and control, and traffic control. US Space Command, the organization ultimately responsible for conducting cyber and nuclear warfare, is at maximum alert like the rest of the DoD, but networks so far are not under a coordinated attack. (Source: Federal Computer Week, 11 September) Joint Task Force for Computer Network Operations (JTF-CNO) office is permanently on an "at-war footing" because of the constant computer attacks against Pentagon computer networks, according to JTF-CNO commander Army Maj. Gen. Dave Bryan. The threats to DoD computer networks continue to increase in number, sophistication and destructive potential, according to Bryan, who leads the task force responsible for defending DoD computer systems. Although DoD computers are increasingly threatened, Bryan claimed the JTF-CNO is doing a better job defending against those threats. There have been 28,106 events detected so far this year and 369 successful intrusions. (Source: Infosec News, 10 September) Government - NTR U.S. SECTOR INFORMATION: Telecommunications - Verizon Communications late 11 September detailed the extent of damage to its New York telecommunications operations following the devastation that hit the city. Verizon said two facilities that were destroyed when the building collapsed usually handle calls to and from the World Trade Center building. Verizon said at least 10 more wireless network cell sites in New York were knocked out of service when their connection facilities in the skyscraper were destroyed. Verizon employees have erected temporary mobile-phone cell sites in southern Manhattan that will be switched on when authorities give the go-ahead. Verizon is among many telecom companies hit by the New York disaster. AT&T also had telecom equipment housed in one of the World Trade Center buildings. Both AT&T and Sprint reported massive congestion on land and wireless networks into New York. (Source: Newsbytes, 12 September) The Internet's infrastructure has withstood its biggest structural attack to date, according to an Internet performance measurement company. Matrix.Net, which analyzes Net traffic at thousands of critical Internet nodes, said that damage to telecommunications and Internet infrastructure following the collapse of the World Trade Center's twin towers in New York immediately caused a drop in Internet connectivity. The company's graphical analysis revealed a spike in packet loss and the inaccessibility of many major Web sites. But the company says data shows the nation's main Internet infrastructure, nodes and backbones quickly returned to close to normal, allowing Americans to communicate online and gain access to news and services. (Source: Newsbytes, 12 September) Transportation - On 11 September, all US commercial aircraft not involved in the three hijacking attacks on the World Trade Center in New York, the Pentagon, and a fourth crash in Pennsylvania, were safely on the ground authorities said. Between 40 and 50 scheduled flights landed at various US airports, leaving no domestic airliners in US air space, the Federal Aviation Administration (FAA) said, putting to rest fears that more aircraft might have been hijacked. There were fewer than 22 US-bound flights from international locations still in the air that were given clearance to land at American airports. In an unprecedented move on the morning of 11 September the FAA issued its first ever national grounding of commercial aircraft after the attacks on US landmarks. Military and law enforcement flights were still flying. The FAA would not confirm the extent of military air traffic in commercial air space. (Source: Reuters, 11 September) Gas and Oil Storage Distribution - A senior Kuwait oil source said on 11 September that there will be no halt to oil supplies for world markets as result of terrorist attacks against the US Speaking to Kuna, the official said Kuwait is keen on world oil market stability, noting that "there will be no shortage of supplies and if there is a shortage Kuwait would take all necessary measures to secure world market stability in cooperation with all oil producing countries members of the organization of petroleum exporting countries." He said high prices of today that exceeded 31 dollars per barrel for brent oil were due to psychological reasons no more no less. He said it was natural that climates be greatly affected after suspension in world flights and airports as well as money markets. The official expressed belief that the situation would not last. (Source: Kuwait KUNA, Internet Version in English, 11 September) Banking and Finance - The terrorist attacks against the US political and financial centers are feared to cast a shadow over South Korea's efforts to boost exports in the information technology (IT) sector, government and industry experts said on 12 September. The attacks will likely deal a heavy blow to the IT sector, which the country has built up as a core export industry to replace such Old Economy's industry as cars and shipbuilding. "The United States accounts for 30% of Korea's IT exports but I am very much worried the terrorist attacks will dampen the global demand for the IT sector that has been already hit by a recession," said Lee Do-gyun, an official at the Ministry of Information and Communication. Officials at Korean companies involved in IT exports to the US expressed concern that the terrorist attacks will cause them to face setbacks in exports. There is also concern about the US financial market being paralyzed by the terrorist attacks, which could boost the won against the dollar and trim the country's export competitiveness. Korean startups, which form a considerable portion of the local IT industry, fear that the US incident will set back their overseas projects and drive them to a crisis of bankruptcy. Most Korean IT firms have depended on overseas markets to survive and called on the government to adopt measures to support the troubled industry. (Source: Seoul Yonhap in English, 12 September) Emergency Services - The emergency services sector in New York city suffered a significant blow with the collapse of the World Trade Center towers that took hundreds of responders' lives. (Multiple sources) Government Services - The federal government and most state governments in regions affected by the 11 September terrorist attacks against the US are fully operational 12 September. (Multiple sources) Water Supply - NTR Electrical Power - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:49 PDT