-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Thursday, September 13, 2001 10:45 AM To: daily@private Subject: NIPC Daily Report 13 September NIPC Daily Report, 13 September NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - Multiple information security groups are reporting that e-mail messages may be circulating on the Internet with virus-infected attachments, which have files names related to the terrorist events of 11 September. These sources have also stated that a Visual Basic Script (VBS) file named "wtc.txt.vbs" has been circulating on Internet Relay Chat (IRC), which is reportedly a variant of the lifestages.txt.vbs script that first appeared May, 2000. (NIPC Comment: The NIPC currently does not have information to substantiate this claim but is working closely with the anti-virus and information security communities. The NIPC will continue to monitor this claim and report as warranted). Private Sector - According to a new survey conducted by Netcraft, hundreds of thousands of sites running Microsoft's Web server software may be remotely controllable by attackers. An Internet analysis and security company found that nearly 13 percent of sites running Microsoft's Internet Information Server (IIS) may have a "back door" program installed that allows anyone on the Internet to execute system-level commands on the server. The back door program, a file called "root.exe," was most likely created on the server during recent widespread outbreaks of two worms: the Sadmind/IIS worm originally reported in May, and the Code Red II worm, which was first identified in early August. Both worms rename a Windows NT, Windows 2000 and Win 9x command program or "shell" named "cmd.exe" to "root.exe" and place it in a folder accessible from the Web. (Source: Newsbytes, 12 September) A Canadian teenage hacker nicknamed "Mafiaboy" was sentenced to eight months in a youth detention center on 12 September, a move welcomed by prosecutors as a strong message against the world's hacking community. Judge Gilles Ouellet ruled that the 17-year-old Montreal teenager committed a criminal act when he crippled Internet sites like Buy.com, eBay Inc., and Yahoo! last year, causing an estimated $1.7 billion in damages. The case underscored the Internet's vulnerability to cyber-attacks and fraud. The boy, who pleaded guilty in January to 55 charges of mischief, cannot be identified under a Canadian law protecting young offenders. (Source: MSNBC, 12 September) Government - The urgency of protecting the nation's critical infrastructure from terrorist acts took center stage in the Senate on 12 September, when experts said the federal government was lagging in its efforts to implement a comprehensive plan aimed at protecting services provided by utilities and the transportation and financial service sectors. Agencies are "inadequately implementing" Presidential Directive 63, proposed by the former Clinton administration in an effort to begin protecting critical infrastructure system from potential cyber-based attacks, NASA Inspector General Roberta Gross acknowledged to the Senate Government Affairs Committee. Gross said federal agencies often do not prioritize critical infrastructure protection programs and often misinterpret the intent of such programs. She added that such programs often are not adequately funded. (Source: National Journal's Technology Daily, 12 September) International - A Web site on the Talaban, the ruling Afghanistan's faction that is allegedly harboring terrorist Osama Bin Landin, was defaced with obscene messages that scrolled across a grainy picture of Bin Ladin. There was no unusual Internet activity on 11 September, however, on 12 September, infosec monitoring intercepted hacker messages calling for cyber attacks against suspected terrorist-related web assets. Michael Assante, VP of intelligence for MSSP Vigilinx said, "We have seen isolated comments by some underground figures trying to rally some patriotic revenge, and the link of Osama Bin Ladin web site being passed around." (Source: Security Wire Digest, 13 September) Military - NTR U.S. SECTOR INFORMATION: Telecommunications - A 13 September Newsbytes article reported that hackers are discussing performing retaliatory strikes against Arab and Islamic Web sites in Internet newsgroups. One such site, www.taleban.com, has already been defaced. Reports from Carnegie Mellon University's CERT/CC and postings to various information security mail lists state that, so far, there have not been significant increases of such incidents; however, companies need to maintain vigilance on their systems and continue to increase the overall security of their information technology infrastructure. A 12 September NewsFactor article reported that, "A number of 'hackers' have begun calling for and attacking both Arab nation state networks and terrorist related sites." One expert speculated that this activity could escalate along the lines of the Israeli/Palestinian cyber conflict. Past examples of this type of activity were illustrated during the recent crisis regarding the US reconnaissance plane that landed in China. US and Chinese hackers engaged in an exchange of hacking each others' Web sites. Also, similar activity emerged as part of the Israeli/Palestinian conflict that flared up last year that included targeting of some US sites. (Sources: Multiple Sources, 12 - 13 September) FCC Chairman Michael Powell urged Americans on 12 September to be patient as the nation's communications companies work to keep networks operating efficiently after the devastating airplane attacks. "I am grateful for the tireless and heroic efforts of those in the telecommunications industry who are working hard to keep our most fundamental communications systems, such as telephone service, wireless phone service and television service, operating efficiently under the circumstances," he said. Traditional land-line and wireless networks were overwhelmed on 11 September, as people called friends and relatives to verify their whereabouts after four planes were hijacked and three crashed into New York and Washington, D.C. landmarks. (Source: Reuters, 12 September) Cellular telephone carriers dispatched temporary cell towers on wheels to New York and Washington to handle increased traffic and replace permanent sites that were damaged in New York's terrorist attack. The carriers have also donated mobile phones and pagers to emergency personnel, with Cingular Wireless alone shipping 3,000 phones and 500 pages to Washington. (Source: ComputerWorld, 12 September) Banking and Finance - If your attempted cash withdrawal from an ATM is refused in the US don't panic. That's the message from Visa International, where, although the Visa network is functioning normally, there are known problems with the US telecommunications networks upon which many ATMs reply. A spokesperson for Visa International stated that, despite unconfirmed news reports of some ATM outages in the Eastern area of the US, all Visa member institutional networks, together with Visanet, the card issuers main network, are working as normal. (Source: Newsbytes, 12 September) US stock markets may remain shuttered for the rest of the week following the terrorist attacks that destroyed the World Trade Center complex. This closure would be the longest since 1933, according to Richard Grasso, chairman of the New York Stock Exchange. Despite the stock market closure, trading of government bonds will resume Thursday at approximately 8 a.m. EST. (Source: ABC News, 12 September) Transportation - The FAA mandated new measures on 12 September to strengthen security at airports nationwide after terrorist attacks at the World Trade Center and Pentagon. All terminals will be evacuated and canine teams will perform a "cleaning" operation at the airports, an FAA official said. The FAA will reinforce security staffs at the airports and step up random identification checks, he said. The agency will deploy bomb detection teams at airports for quick response and reduce the number of access points into the airports, he said. Airports will discontinue curbside check-ins and remove vehicles within 300 feet of terminals. The FAA will prohibit the sale of knives, plastic and metal, at airports, he said. Airport operators will issue improved security plans and keep security personnel informed of developments, he added. (Source: Government Computer News, 12 September) Emergency Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Electrical Power - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:50 PDT