CRIME FW: NIPC Daily Report 16 November 2001

From: George Heuston (georgeh@private)
Date: Fri Nov 16 2001 - 17:24:54 PST

  • Next message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: IHT News Alert for November 19"

     
    
    -----Original Message-----
    From: NIPC Watch
    To: daily
    Sent: 11/16/01 9:35 AM
    Subject: NIPC Daily Report 16 November 2001
    
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    the report nor does this constitute endorsement by the NIPC or the FBI.
    
    Significant Changes and Assessment - No significant changes.
    
    Private Sector - NTR
    
    Military - According to the officer who spearheads the Navy's efforts to
    assess network security, some Navy networks have virtually no protection
    from cyberattacks.  Such vulnerabilities have resulted in 40 instances
    of root access to Navy systems this year, including some that took days
    to detect, said Capt. Jim Newman, who leads the Navy's "Red Team," the
    group of 20 sailors and civilian personnel who attempt to break network
    defenses.  Newman said the Navy Marine Corps Intranet has proven to be
    much more secure and offers some inherent security advantages.  So far
    this year, the Navy has tracked some 16,000 incidents where somebody
    attempted to enter a Navy system.  Of those, about 400 were considered
    significant attempts to obtain root access the level at which someone
    can access the network's functions.  Of those attempts, about 40
    succeeded in gaining root access.  (Source: Federal Computer Weekly, 16
    November)
    
    International - A Chinese court has ordered local firms to stop using
    Internet domain names linked to 11 international brands as part of a
    crackdown on intellectual property rights, state press said.  The court
    said two Chinese firms had "maliciously registered" site names belonging
    to firms including KFC, Subway, Boss and Olay, the China Daily newspaper
    said.  They had to stop using the sites within 10 days and pay
    compensation to the firms, the Beijing No. 2 Intermediate People's Court
    ordered.  Sites involved included "www.kfc.com.cn" and
    "www.boss.com.cn," the report said, adding authorities were particularly
    clamping down on brand name abuse because of China's imminent entry to
    the World Trade Organization (WTO).  (Source: Agence France Press, 16
    November)
    
    According to a British media report, confidential information is leaking
    out of offices throughout London as companies make use of new technology
    that enables computers to be connected up to wireless networks.  As well
    as opening themselves up to hackers, major city firms could be in breach
    of data protection rules if they allow personal data to be intercepted.
    Earlier this month a team of security experts, using a laptop and a
    mobile device costing just £130, walked the streets of the capital to
    try to pick up data being carried over wireless local area networks
    (WLANS).  The technology allows computers and other devices within a
    60-200 meter radius from a transmitter to be connected to a company's
    network and is increasingly being used by firms with mobile workforces
    and 'hot-desking' policies.  With proper security in place the
    information is secure, but the team discovered that two-thirds of the
    124 WLANS located in and around the city had no security protection at
    all.  (Source: Guardian, UK, 16 November)
    Government: NTR
    
    U.S. SECTOR INFORMATION:
    
    Gas and Oil Storage Distribution - Major gas transmission companies have
    agreed to reconstitute a partnership to carry natural gas from Alaska to
    markets in Canada and the lower 48 US states, Alaska's Sen. Frank
    Murkowski announced on 15 November.  Murkowski said 10 energy companies
    have agreed to return to the Alaskan gas transportation partnership, and
    will immediately begin working on a pipeline proposal to present to
    Alaskan natural gas producers by the end of this year.  "While this does
    not guarantee construction of an Alaska North Slope delivery system, it
    is a big set in the right direction," Murkowski said.  The pipeline
    would stretch over 1700 miles, from the North Slope of Alaska to
    northwest Alberta, Canada.  The gas would then be transported from
    northwest Alberta to markets throughout Canada and the United States.
    (Source: Reuters, 15 November)
    
    Telecommunications - Congress and the GAO will scrutinize agency IT and
    telecommunications disaster recovery plans next year to see whether they
    could ensure continuity after a cyber-attack or other terrorist damage.
    Rep. Tom Davis (R-Va.), chairman of the House Government Reform
    subcommittee on Technology and Procurement Policy, said this week that
    GAO is collecting information about the recovery plans for review by the
    subcommittee over the next few months.  (Source: Government Computer
    Week, 15 November)
    
    Transportation - Congress is poised to overwhelmingly pass legislation
    to permanently strengthen airport and airline security and give a
    holiday lift to an aviation industry devastated by the terrorist
    attacks.  President Bush lauded the compromise plan forged after weeks
    of difficult negotiations, saying that by putting the federal government
    in charge of aviation security Congress was "making airline travel safer
    for the American people." In addition to putting airport screening under
    federal control with a federal work force, the legislation moves toward
    inspection of all checked bags, requires fortified cockpit doors,
    increases the use of air marshals on flights and law enforcement in all
    areas of airports, and increases coordination between DoT and law
    enforcement agencies to cross-check passengers.  (Source: Associated
    Press, 16 November)
    
    Electrical Power - Electric utilities are on 24-hour watch for
    cyberterrorist activity amid warnings from experts that networks
    connecting providers have left the nation's power grid more vulnerable
    than ever.  To that end, 10 energy companies recently launched an
    operations center to monitor and report on the risks of physical and
    online threats.  The Energy Information Sharing and Analysis Center
    (Energy/ISAC) collects threat and vulnerability information from
    worldwide law enforcement agencies, energy companies, security watch
    groups and major technology vendors.  The group then examines the size
    and scope of the threats and reports the results to ISAC members, each
    of which pays $7,500 a year for access to a secure informational Web
    site.  ISAC members not only are alerted to potential threats, but are
    also instructed on how to respond, by Predictive Systems which operates
    the command center in Reston, Virginia.  (Source: InternetWeek 16
    November)
    
    Banking and Finance - NTR
    Emergency Services - NTR
    Government Services - NTR
    Water Supply - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:29 PDT