-----Original Message----- From: NIPC Watch To: daily Sent: 10/17/01 8:46 AM Subject: NIPC Daily Report, 17 October 01 NIPC Daily Report, 17 October 01 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - The National Infrastructure Protection Center (NIPC) issued "Cyber Protest: The Threat to the US Information Infrastructure, October 2001." This analytical paper discusses political events and emerging international situations that will increasingly lead to cyber protests. This information is posted on the NIPC Web site at http://www.nipc.gov/cyberprotests.pdf . Private Sector - Novell Inc. is urging users of its GroupWise software for messaging and collaboration to patch a security hole that could allow an intruder to view any file on a GroupWise server via the application's Web interface. The problem is found in the WebAccess system of the GroupWise 5.5 Enhancement Pack and in the most-recent GroupWise 6 release, Novell said. However, since GroupWise, like the competing Microsoft Exchange server, is most often found behind the firewalls of corporate intranets, those who might exploit the security hole are most likely to come from a company's own disgruntled ranks. Novell has additional information and a patch for the problem online at http://www.novell.com/products/groupwise. (Source: Newsbytes, 16 October) Computer security experts said on 16 October that a computer virus purporting to provide information about anthrax and its side effects has been discovered. The new computer virus, VBS.VBSWG.AF, which is technically a worm because it is self-propagating, is spreading through e-mail systems and instant relay chat channels on the Internet where people "talk" in real-time, according to Steven Sundermeier, product manager at Central Command which monitors corporate e-mail systems for viruses. The e-mail, written in Spanish, has a subject line that says "Antrax Info." The message claims that the attachment is a photo that shows what the side effects of anthrax are. Once the attachment is opened the worm spreads itself to everyone listed in the e-mail address book. The worm also can overwrite certain files on remote drives. (Source: Reuters, 16 October) (NIPC Comment: Major US anti-virus vendors are currently rating this worm a low threat and view the chances for significant propagation as very unlikely. NIPC will continue to monitor and advise of any changes.) A former employee of a company that makes guidance systems for the DoD has pleaded no contest to hacking into the company's computer system and shutting it down for 24 hours. Armen Oganesyan's trial was scheduled to start 16 October, but he pleaded no contest to one count of computer access and fraud. He also admitted causing more than $150,000 in property damage, prosecutors said. Oganesyan faces up to five years in state prison and restitution claims of more than $250,000 when he is sentenced on 19 November. Oganesyan, 27, was employed by H.R. Textron, a Valencia-based DoD contractor. He was let go in February 2000 after admitting hacking into the computer. Four separate locations including one in Ohio were affected. (Source: Associated Press, 16 October) Government - President Bush formed a new panel on 16 October, to fight cyberterrorism, noting that the nation's information systems are vital to business, government and national defense. The President's Critical Infrastructure Board will be charged with preventing disruptions of "critical infrastructure," Bush said in an executive order. A key task of the board will be coordinating with private industry, which runs many of the nation's information networks, the order states. Cabinet members will constitute most of the board, along with a host of other top presidential aides. There was no firm number for how many people will serve on the panel. (Source: Associated Press, 16 October) International - A leading IT security expert warned that one of the greatest terrorist threats to Britain lay in attacks on key computer systems and the public should be on alert for hackers seeking to cause havoc in IT systems. Andrew Steet, a partner at leading City consultants KPMG, said not only to protect the computer systems of financial firms, but also those of government, transport and public utilities. The US Congress of Science has already met to discuss the dangerous implications. "Computers in government, transport, public utilities, air traffic control, road systems, police and number of key installations are vulnerable to attack," he said. (Source: London Press Association, 16 October) Military -NTR U.S. SECTOR INFORMATION: Water Supply - A terrorist threat advisory to water supplies has been extended through 11 December and despite the lack of credible threats, water utilities have been encouraged to maintain security at "critical nodes" such as tunnels, pumping and storage facilities, and distribution systems. Potential bacterial, viral, and chemical sabotage substances have never been encountered in waters. Therefore, tests for them have not been incorporated into drinking water treatment unit product designs or performance standards. This means that no drinking water treatment products have been tested and certified for their effectiveness in reducing these exotic chemical or biological health threats. (Source: PR Newswire, 16 October) Gas and Oil Storage Distribution - An El Paso Energy Partners subsidiary said 16 October it has signed a letter of intent to build a 37-mile (60-km) pipeline that would deliver natural gas from the deep waters of the US Gulf of Mexico to markets in the Midwest and Northeast. Under the plan, a 12-inch diameter pipeline capable of shipping 160 million cubic feet a day would be built. The gas volumes would be about enough to drive a 1,000 megawatt gas-fired power plant. Construction of the pipeline is scheduled to begin in the spring of 2002 with first production expected in the fourth quarter of the same year. (Source: Reuters, 16 October) Transportation - NTR Telecommunications - NTR Electrical Power - NTR Government Services - NTR Banking and Finance -NTR Emergency Services - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:28:17 PDT