-----Original Message----- From: NIPC Watch To: daily Sent: 10/24/01 8:38 AM Subject: NIPC Daily Report for 24 October NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. NIPC Daily Report for 24 October Significant Changes and Assessment - No significant changes. Private Sector - The latest online update of Red Hat Linux, also known by its code name, "Enigma," which was released 23 October, could have been tampered with by attackers, a security expert warned. Copies of Red Hat Linux 7.2 available from some download sites were not digitally signed by the developer, Red Hat Inc., according to Kurt Seifried, author of an online book entitled "Linux Administrator's Security Guide." "Either Red Hat did not sign these packages, or someone subverted the distribution process before the files got to various sites," said Seifried in a security advisory issued 23 October. Without such signatures, "it becomes trivial for an attacker to replace packages on a distribution site with no one being able to easily verify that they have been subverted," said Seifried's advisory. A Red Hat spokesperson said the company was studying the security report. (Source: Newsbytes, 23 October) Microsoft Corporation has released Microsoft Security Bulletin MS01-053, regarding the Macintosh OS X Operating System built-in support for both BinHex and MacBinary file types. These file types allow for the efficient transfer of information across networks by allowing information to be compressed by the sender and then decompressed by the recipient. This capability is particularly useful on the Internet, by allowing users to download compressed files. A vulnerability results because of a flaw in the way Mac OS X and Mac IE 5.1 interoperate when BinHex and MacBinary file types are downloaded. As a result, an application that is downloaded in either of these formats can execute automatically once the download is complete. A patch for this vulnerability is available at http://www.microsoft.com/technet/security/bulletin/ms01-053.asp <http://www.microsoft.com/technet/security/bulletin/ms01-053.asp> (Source: Microsoft Corporation, 23 October) Government - The White House will support proposals to withhold details about electronic attacks against the nation's most important computer networks, an administration official said on 18 October. The proposed changes, meant to encourage corporate victims of hackers to report crimes, would restrict government agencies' disclosures about attacks under the Freedom of Information Act. The proposal seeks to overcome traditional reluctance by industries, especially technology, to reveal potentially embarrassing details without fear of disclosure. In a different move to limit information available under the US information law, Attorney General John Ashcroft ordered federal agencies last week to review more closely which documents they release. Ashcroft's new policy allows officials to withhold information on any "sound legal basis." Under looser policies issued in 1993, agencies could hold back information to prevent "foreseeable harm." Ashcroft cited the 11 September terrorist attacks as reasons for the change. (Source: Associated Press , 22 October) The Nuclear Regulatory Commission (NRC) will act "expeditiously" in deciding whether to resume publication of the agency's daily nuclear power plant status report, NRC Chairman Richard Meserve said on 22 October. The agency halted publication of the market-sensitive report on 11 October, citing concerns that terror groups might try to use the plant-by-plant data. "I understand there is interest in that and we'll try to make a decision expeditiously," Meserve told reporters after addressing a nuclear safety conference. Meserve refused to give any sense of how soon a decision would be made. He said only that the fate of the daily report was a "hard policy issue yet to be determined." The NRC, which oversees operations of the nation's 103 nuclear power plants, compiles a daily status report noting which plants are temporarily closed for maintenance, refueling or other work. (Source: Reuters, 22 October) An exercise held last year to help officials in Utah prepare for a possible terrorist attack during the 2002 Winter Olympics may hold some of the most important lessons for infrastructure protection in the aftermath of the terrorist attacks. Next month marks the one year anniversary of the first regional such exercise known as "Black Ice" (no connection to the computer-security software). Sponsored by the Department of Energy (DOE) and the Utah Olympic Public Safety Command, Black Ice demonstrated how the effects of a major terrorist attack or natural disaster could be made significantly worse by a simultaneous cyber-attack. DOE is preparing a report detailing the impact of the terrorist attacks on various critical infrastructure sectors. Despite a few minor differences between the Black Ice scenario and the real-world scenario that unfolded on 11 September, the exercise proved to officials that future terrorist attacks could be far worse if they include a major cyber disruption. A report on the lessons learned and recommendations on how to prepare for such disaster was released in May. (Source: CNN, 21 October) International- On 23 October, a hacker was sentenced to two years' imprisonment by the Wuhua District People's Court in the capital of southwest China's Yunnan Province for a cyber- crime he committed. Lin Qican, a former employee of a bank in Xiamen City of east China's Fujian Province, was found to have destroyed the data base of a Kunming-based Yunnan Information Telecommunication Web site and replaced its home page with threats to dismember China on 26 December 00. Local police cracked the case on 9 January 01, by tracking the IP address he used. Lin was ordered to pay 4,300 yuan (about 518 US dollars) to compensate the plaintiff's losses. This is the first cyber-crime tried by Yunnan Province courts. (Source: Beijing Xinhua, 23 October) A hidden digital war between Cypriot and Turkish hackers is in progress on the Internet. Cypriot Internet specialists have already had access to important military, government, academic, and financial networks on Turkish computers. Recently, the Cypriot group managed to gain access to the central computer of a unit training operatives in Turkey in electronic war. They managed to get important information. The information was transferred quietly through the Internet in Cyprus and includes important facts of a military nature comprising over 500 typed pages. The relevant military services in Cyprus have already received the material, which they are examining carefully. Recently, the group of Cypriot hackers attacked 13 computer systems in Turkey. These include the computers of the Turkish Central Bank, the Turkish Army's School of Infantry Officers, the Thrace University, the Civil Engineers Faculty, and the Kocaeli University. (Source: Nicosia O Filelevtheros, 23 October) A Brisbane Australian man, Vitek Boden, 49, accused of hacking into computers to create raw sewage overflows on the Sunshine Coast had the know-how, equipment and opportunity, a court was told on 16 October. Crown prosecutor said Boden had a motive as a "disgruntled" former employee of the company which had installed the computerized system for Maroochy Shire Council. Boden faces 46 charges of computer hacking, two counts of causing serious environmental harm by means of sewage overflows, and two counts of stealing which involved the equipment needed to do the hardwiring, after he allegedly hacked into the council's sewage control computers early last year and used radio transmissions to alter pump station operations. The case is believed to be one of the world's first instances of online environmental vandalism. (Source: Queensland News, 17 October) Military - NTR U.S. SECTOR INFORMATION: Transportation - A state legislative committee took aim at the Federal Aviation Administration (FAA), on 23 October, for security problems at Logan Airport. The Massachusetts Port Authority (Massport) admitted to the Joint Transportation Committee that the state police, National Guard, and US marshals at Logan are simply monitoring people with the same equipment that was in place before 11 September. Legislators said that it is just a slower version of the same system. The legislators said that fault lies with the FAA, which has legal jurisdiction of security checkpoints. On 23 October, the airline industry declined an invitation to testify at the hearings. (Source: TheBostonChannel.com, 23 October) Electrical Power - NTR Water Supply - NTR Banking and Finance - NTR Telecommunications - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Emergency Services - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:28:41 PDT