-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Monday, October 29, 2001 8:48 AM To: daily Subject: NIPC Daily Report for 29 October, 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI. Significant Changes and Assessment - No significant changes. Private Sector - According to a report published by CERT/CC, the widespread use of poorly configured network routers has opened the door to an imminent spate of attacks that could slow Internet traffic to a crawl. "Routing protocol attacks are being actively discussed in some intruder circles and have become agenda items" at public hacker conferences according to the report. It notes that intruders are increasingly compromising routers using vendor-supplied default passwords. The traffic-routing circuits are then redirected for use in DDoS attacks. The attacks usually emanate from a number of different compromised systems, and are generally very difficult to defend against. Routers make tempting targets because they are often less protected by security policy and monitoring technology than other computer systems, which also allows intruders to operate with less chance of being discovered. The report also cites an increase in the number of DDoS attacks perpetrated over private and public Internet relay chat (IRC) networks. For a copy of the CERT/CC report, visit: http://www.cert.org/archive/pdf/DoS_trends.pdf . (Source: Newsbytes, 28 October) An e-mail announcing a new Trojan horse scanner, that is itself a worm program, could flood e-mail servers with useless mail. At least three variations of Antset (W32.Anset.A@mm, W32.Anset.B@mm, and W32.Anset.C@mm) are floating around the Internet. Antset is only capable of sending multiple e-mail messages and does not damage PCs. The subject line reads "ANTS Version 3.0." The body of text for the original worm is in German, but translates into English as "Hi, attached you will find the brand new version 3.0 of ANTS, the unique freeware Trojan scanner. To install ANTS, simply run the attached setup file." The body text concludes with the following salutation "Adieu, Andreas webmaster@private http://www.ants-online.de." (Source: ZDNet, 26 October) (NIPC Comment: US anti-virus vendors are rating the threat from this worm as low due to the lack of a destructive payload and German text, which is not likely to entice many English-speaking recipients to double click on the attachment. The AV community does, however, warn that this worm has a high distribution potential as evidenced by the numerous confirmed cases in Germany. Currently, indications are that it will remain chiefly confined to Germany. NIPC will continue to monitor and advise as appropriate.) International - The Greek Army General Staff is now including "Internet Piracy" (Hacking) in the list of "asymmetrical threats," as the threat of terrorism is being referred to in the Greek National Defense Ministry. The top officials of YES (Greek army General Staff) insist that the problem with the hackers has gotten out of control and that there is leakage of information that is directly related to defense and security in the country. For this reason, they created a special service to fight "Internet Piracy." In view of the fact that computer networks will soon be linked to the corresponding networks of the other relevant ministries, YES took the initiative to call all the ministries to cooperate, in order to deal with this phenomenon, "once and for all." (Source: Athens To Vima in Greek, 27 October) Mark Deuis, a consultant with Internet Security Systems, states that looming privacy laws and an increasingly volatile market have spurred Australian companies and government agencies to reassess their haphazard attitude towards online security. Deus told delegates at the Dimension Data Security Forum in Melbourne earlier this month that there are two main elements fueling the recent upsurge in interest for online security. Until now, he said, it has been quietly accepted that vulnerability was the price companies paid for online business. Australia has issued new privacy legislation that goes into effect December 2001. Under this new legislation, individuals face personal legal liability for security breaches if it can be shown that all necessary steps have not been taken to secure sensitive data. (Source: InfoSecurity News, 29 October) Government - New Jersey officials removed from the Internet some Web pages that officials fear could be useful to terrorists in planning attacks. The state Department of Environmental Protection (DEP) recently removed a database listing the hazardous chemicals and substances used or stored at 33,000 businesses throughout the state. The department also removed maps showing New Jersey's reservoirs, which serve 4 million people. The information was removed "for security reasons temporarily," DEP spokeswoman Loretta O'Donnell told the Daily Record of Parsippany. The DEP felt it was safer to remove it from the Internet, where it could be downloaded and used in computer mapping programs, she said. (Source: Associated Press, 26 October) President Bush signed anti-terrorism legislation called the USA Patriot Act on 26 October. The law gives government investigators broad powers to track wireless phone calls, intercept e-mail messages, monitor computer use, and listen to voice mail messages. President Bush said the new law replaces statutes that were written "in the era of rotary telephones" and are inadequate in an age of e-mail, wireless phones and Internet communications. But civil rights advocates said the new law poses serious threats to civil liberties. It gives a green light to "the investigation and surveillance of wholly innocent Americans," said Laura Murphy, director of the Washington office of the American Civil Liberties Union. The threats to privacy are great, said Sen. Patrick Leahy (D-Vt.). For example, vast amounts of information are gathered in criminal investigations, including information about people not involved in illegal activity, such as witnesses or acquaintances of the accused. Under the new law, all of that information could be widely shared among government agencies. Leahy and other lawmakers leery of the new law added a four-year "sunset clause" that causes may of the provisions to expire after four years. The sunset clause and "close congressional oversight will be crucial in making sure that these new law enforcement powers are not abused," Leahy said. (Source: Federal Computer Week, 26 October) Military - The DoD is seeking information from technology vendors on how to defend against DDoS attacks, according to a special notice published on 25 October. The Defense Advanced Research Projects Agency (DARPA) and the Joint Task Force for Computer Network Operations (JTF-CNO) have invited vendors to submit an application to present "technologies or techniques that defend against increasingly prevalent DDoS attacks" according to the announcement at the Federal Business Opportunities site. An unspecified number of applicants will be invited to demonstrate their solutions to an audience of government and military personnel at the Denial of Service Defenses Technology Conference, to be held 18-19 December. (Source: Newsbytes, 26 October) U.S. SECTOR INFORMATION: Transportation - Oakland Police Department has extended its facial biometrics system to include Oakland International Airport. The system will allow police and other security staff common access to centralized images for arrestee verification, identification and processing. Plans call for employing the technology to track and identify known re-offenders in the county-wide image database in an effort to fight crime and terrorism. (Source: InfoSecurity News, 26 October) For the first time, Maryland state employees will be allowed to help overburdened airline and federal security personnel at Baltimore-Washington International (BWI) Airport, Federal Aviation Administrator (FAA) Jane Garvey said 27 October. Under a deal worked out by Garvey and Maryland Lt. Gov. Kathleen Kennedy Townsend, police officers and other state workers can work at BWI's security checkpoints. Previously, FAA interpretations of federal regulations limited security workers to agents of the airlines and the federal government, such as National Guardsmen, Garvey said. Garvey said the airlines will remain responsible for the checkpoints and will pay the cost of the state workers. Other details of the plan were still being worked out between the airlines, the state and the FAA. (Source: Associated Press, 27 October) Telecommunications - The Honolulu Advertiser reports that a Verizon telephone worker accidentally cut a fiber cable in Kalihi, Hawaii on 28 October, setting off a chain reaction that resulted in the most widespread phone failure in the Islands in recent years. About 120,000 telephone customers in Kalihi and Kailua had sporadic service for more than seven hours. On Maui, 80,000 Verizon customers could not make off-island calls, and often even local calls would not go. First Hawaiian Bank's ATM system came down, as well as the 911 system. Some sectors were restored to service fairly rapidly, however, the total outage lasted 7 hours. (Source: Honolulu Advertiser, 29 October) Emergency Services - NTR Gas and Oil Storage Distribution - NTR Electrical Power - NTR Government Services - NTR Water Supply - NTR Banking and Finance - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:29:01 PDT