FW: NIPC Daily Report for 29 October, 2001

From: George Heuston (georgeh@private)
Date: Mon Oct 29 2001 - 12:51:07 PST

  • Next message: Alan: "Re: FW: NIPC Daily Report for 29 October, 2001"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Monday, October 29, 2001 8:48 AM
    To: daily
    Subject: NIPC Daily Report for 29 October, 2001
    
    
    NOTE: Please understand that this is for informational purposes only and
    does not constitute any verification of the information contained in the
    report nor does this constitute endorsement by the NIPC of the FBI.
    
    Significant Changes and Assessment - No significant changes.
    
    Private Sector -   According to a report published by CERT/CC, the
    widespread use of poorly configured network routers has opened the door
    to an imminent spate of attacks that could slow Internet traffic to a
    crawl.  "Routing protocol attacks are being actively discussed in some
    intruder circles and have become agenda items" at public hacker
    conferences according to the report.  It notes that intruders are
    increasingly compromising routers using vendor-supplied default
    passwords. The traffic-routing circuits are then redirected for use in
    DDoS attacks.  The attacks usually emanate from a number of different
    compromised systems, and are generally very difficult to defend
    against.  Routers make tempting targets because they are often less
    protected by security policy and monitoring technology than other
    computer systems, which also allows intruders to operate with less
    chance of being discovered.  The report also cites an increase in the
    number of DDoS attacks perpetrated over private and public Internet
    relay chat (IRC) networks.  For a copy of the CERT/CC report, visit:
    http://www.cert.org/archive/pdf/DoS_trends.pdf .  (Source: Newsbytes, 28
    October)
    
    An e-mail announcing a new Trojan horse scanner, that is itself a worm
    program, could flood e-mail servers with useless mail.  At least three
    variations of Antset (W32.Anset.A@mm, W32.Anset.B@mm, and
    W32.Anset.C@mm) are floating around the Internet.  Antset is only
    capable of sending multiple e-mail messages and does not damage PCs. The
    subject line reads "ANTS Version 3.0."  The body of text for the
    original worm is in German, but translates into English as "Hi, attached
    you will find the brand new version 3.0 of ANTS, the unique freeware
    Trojan scanner.  To install ANTS, simply run the attached setup file."
    The body text concludes with the following salutation "Adieu, Andreas
    webmaster@private http://www.ants-online.de."  (Source: ZDNet, 26
    October)  (NIPC Comment:  US anti-virus vendors are rating the threat
    from this worm as low due to the lack of a destructive payload and
    German text, which is not likely to entice many English-speaking
    recipients to double click on the attachment.  The AV community does,
    however, warn that this worm has a high distribution potential as
    evidenced by the numerous confirmed cases in Germany.  Currently,
    indications are that it will remain chiefly confined to Germany. NIPC
    will continue to monitor and advise as appropriate.)
    
    International - The Greek Army General Staff is now including "Internet
    Piracy" (Hacking) in the list of "asymmetrical threats," as the threat
    of terrorism is being referred to in the Greek National Defense
    Ministry.  The top officials of YES (Greek army General Staff) insist
    that the problem with the hackers has gotten out of control and that
    there is leakage of information that is directly related to defense and
    security in the country.  For this reason, they created a special
    service to fight "Internet Piracy."  In view of the fact that computer
    networks will soon be linked to the corresponding networks of the other
    relevant ministries, YES took the initiative to call all the ministries
    to cooperate, in order to deal with this phenomenon, "once and for
    all."  (Source: Athens To Vima in Greek, 27 October)
    
    Mark Deuis, a consultant with Internet Security Systems, states that
    looming privacy laws and an increasingly volatile market have spurred
    Australian companies and government agencies to reassess their haphazard
    attitude towards online security.  Deus told delegates at the Dimension
    Data Security Forum in Melbourne earlier this month that there are two
    main elements fueling the recent upsurge in interest for online
    security.  Until now, he said, it has been quietly accepted that
    vulnerability was the price companies paid for online business.
    Australia has issued new privacy legislation that goes into effect
    December 2001.  Under this new legislation, individuals face personal
    legal liability for security breaches if it can be shown that all
    necessary steps have not been taken to secure sensitive data.  (Source:
    InfoSecurity News, 29 October)
    
    Government - New Jersey officials removed from the Internet some Web
    pages that officials fear could be useful to terrorists in planning
    attacks.  The state Department of Environmental Protection (DEP)
    recently removed a database listing the hazardous chemicals and
    substances used or stored at 33,000 businesses throughout the state.
    The department also removed maps showing New Jersey's reservoirs, which
    serve 4 million people.  The information was removed "for security
    reasons temporarily," DEP spokeswoman Loretta O'Donnell told the Daily
    Record of Parsippany.  The DEP felt it was safer to remove it from the
    Internet, where it could be downloaded and used in computer mapping
    programs, she said. (Source: Associated Press, 26 October)
    
    President Bush signed anti-terrorism legislation called the USA Patriot
    Act on 26 October.  The law gives government investigators broad powers
    to track wireless phone calls, intercept e-mail messages, monitor
    computer use, and listen to voice mail messages.  President Bush said
    the new law replaces statutes that were written "in the era of rotary
    telephones" and are inadequate in an age of e-mail, wireless phones and
    Internet communications.  But civil rights advocates said the new law
    poses serious threats to civil liberties.  It gives a green light to
    "the investigation and surveillance of wholly innocent Americans," said
    Laura Murphy, director of the Washington office of the American Civil
    Liberties Union.  The threats to privacy are great, said Sen. Patrick
    Leahy (D-Vt.).  For example, vast amounts of information are gathered in
    criminal investigations, including information about people not involved
    in illegal activity, such as witnesses or acquaintances of the accused.
    Under the new law, all of that information could be widely shared among
    government agencies.  Leahy and other lawmakers leery of the new law
    added a four-year "sunset clause" that causes may of the provisions to
    expire after four years.  The sunset clause and "close congressional
    oversight will be crucial in making sure that these new law enforcement
    powers are not abused," Leahy said.  (Source: Federal Computer Week, 26
    October)
    
    Military - The DoD is seeking information from technology vendors on how
    to defend against DDoS attacks, according to a special notice published
    on 25 October.  The Defense Advanced Research Projects Agency (DARPA)
    and the Joint Task Force for Computer Network Operations (JTF-CNO) have
    invited vendors to submit an application to present "technologies or
    techniques that defend against increasingly prevalent DDoS attacks"
    according to the announcement at the Federal Business Opportunities
    site.  An unspecified number of applicants will be invited to
    demonstrate their solutions to an audience of government and military
    personnel at the Denial of Service Defenses Technology Conference, to be
    held 18-19 December.  (Source:  Newsbytes, 26 October)
    
    U.S. SECTOR INFORMATION:
    
    Transportation - Oakland Police Department has extended its facial
    biometrics system to include Oakland International Airport.  The system
    will allow police and other security staff common access to centralized
    images for arrestee verification, identification and processing.  Plans
    call for employing the technology to track and identify known
    re-offenders in the county-wide image database in an effort to fight
    crime and terrorism. (Source: InfoSecurity News, 26 October)
    
    For the first time, Maryland state employees will be allowed to help
    overburdened airline and federal security personnel at
    Baltimore-Washington International (BWI) Airport, Federal Aviation
    Administrator (FAA) Jane Garvey said 27 October.  Under a deal worked
    out by Garvey and Maryland Lt. Gov. Kathleen Kennedy Townsend, police
    officers and other state workers can work at BWI's security
    checkpoints.  Previously, FAA interpretations of federal regulations
    limited security workers to agents of the airlines and the federal
    government, such as National Guardsmen, Garvey said.  Garvey said the
    airlines will remain responsible for the checkpoints and will pay the
    cost of the state workers.  Other details of the plan were still being
    worked out between the airlines, the state and the FAA.  (Source:
    Associated Press, 27 October)
    
    Telecommunications - The  Honolulu Advertiser reports that a Verizon
    telephone worker accidentally cut a fiber cable in Kalihi, Hawaii on 28
    October, setting off a chain reaction that resulted in the most
    widespread phone failure in the Islands in recent years.  About 120,000
    telephone customers in Kalihi and Kailua had sporadic service for more
    than seven hours. On Maui, 80,000 Verizon customers could not make
    off-island calls, and often even local calls would not go.  First
    Hawaiian Bank's ATM system came down, as well as the 911 system. Some
    sectors were restored to service fairly rapidly, however, the total
    outage lasted 7 hours.  (Source: Honolulu Advertiser, 29 October)
    
    Emergency Services - NTR
    Gas and Oil Storage Distribution - NTR
    Electrical Power - NTR
    Government Services - NTR
    Water Supply - NTR
    Banking and Finance - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:29:01 PDT