CRIME FW: NIPC Daily Report 21 November 2001

From: George Heuston (georgeh@private)
Date: Wed Nov 21 2001 - 10:15:02 PST

  • Next message: Crispin Cowan: "CRIME Kudos to Acting Police Chief Andrew Kirkland"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Wednesday, November 21, 2001 9:55 AM
    To: daily
    Subject: NIPC Daily Report 21 November 2001
    Importance: High
    
    
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    the report nor does this constitute endorsement by the NIPC or the FBI.
    
    Significant Changes and Assessment - The National Infrastructure
    Protection Center (NIPC) is monitoring a potential new remotely
    exploitable vulnerability associated with the Washington University File
    Transfer Protocol (WU-FTP) Software Package.  WU-FTP is a common package
    used to provide FTP Services.  Details on the vulnerability are
    currently unavailable, but due to the nature and severity of previous
    WU-FTP vulnerabilities, the NIPC is warning administrators to closely
    monitor their WU-FTP systems.  Depending on the importance of the FTP
    service being provided, administrators may consider disabling the
    service until additional details and any required corrections are
    available.
    
    Additionally, here is a new worm called W32/SQLWorm that has been found
    in the wild which targets insecure (default) configurations of
    Microsoft's SQL server that have either (1) "sa" accounts with an empty
    password and/or (2) the "Extended Stored Procedure Parameter Parsing"
    vulnerability discussed in Microsoft Security Bulletin MS00-092.  The
    SQL Worm reportedly propagates itself by scanning for systems that have
    opened port 1433.  When it finds a system that has the port open, it
    downloads the files dnsservice.exe,win 32mon.exe, and win32bnc.exe from
    foo.com (IP Address 207.29.192.160) and starts them.  The files appear
    to be variants of a Distributed Denial of Service tool called "Katen" or
    "Kaiten."  The system then connects to an IRC channel,
    bots.kujikiri.net, on port 6669 and starts scanning for other vulnerable
    systems.  The NIPC has not received any specific reports of infections,
    but is currently monitoring this worm and will advise of any changes.
    Additional  details on the worm can be found on the SecurityFocus.com
    Web site.
    
    Private Sector - Ziff Davis Media, which publishes such popular
    technical titles such as Yahoo Internet Life and PC Magazine,
    accidentally posted the personal information of about 12,500 magazine
    subscribers on its Web site.  On 19 November, Ziff Davis removed the
    data, which included hundreds of credit card numbers, and said its
    engineers had taken steps to prevent additional security leaks.  "We
    discovered that there was a problem on the site and we pulled the
    information down," said  spokesman Randy Zane.  "We're contacting all
    the subscribers, the people who were affected."  Because Ziff Davis'
    file included names, mailing addresses, e-mail addresses, and in some
    cases, credit card numbers, a thief who downloaded it would have enough
    information to make fraudulent mail-order purchases.  (Source: Wired
    News, 20 November)
    
    According to Computer Economics, a  US-based research firm, the global
    cost of virus attacks on information systems such as Melissa, Anna
    Kournikova, and the Code Red worm, have this year reached $11.8 billion.
    But lately, the need to combat cyberwarfare is intensifying.  "The
    increasing paranoia among business since September has compelled
    companies to take a more serious approach to securing enterprise
    networks," said Jaclynn Bumback, research analyst at US-based Cahners
    In-Stat Group, a digital-communications research group.  (Source: Far
    Eastern Economic Review, 18 November)
    
    According to a Business Week article, the major high-speed Internet
    service providers discourage the use of personal firewalls, citing
    finicky configuration problems, even though most security experts urge
    home PC users to run an inexpensive personal firewall.  Despite a wide
    consensus in the security community that firewalls are a must for
    always-on connections, the vast majority of broadband ISPs that offer
    cable and digital subscriber line reportedly have yet to acknowledge
    this reality to their customers.  The problem is that if a cable company
    tells the average customer that it does not support firewalls, in all
    likelihood that customer will shut down his security software at the
    first hint of trouble, leaving himself completely vulnerable to cyber
    attack.  Perhaps more serious, a customer's unprotected connection could
    do serious damage to the ISP if it's used to launch a bandwidth-hogging
    denial of service attack.  The broadband ISPs say supporting firewalls
    is not easy, suggesting customers should be responsible for anything
    they choose to put on their computer.  (Source: Business Week, 20
    November)
    
    International - Tens of thousands of high-speed Internet users were
    unable to access the Web on the morning of 20 November, because of a
    serious system failure on British Telecom's (BT) network.  The crash hit
    ADSL subscribers early 20 November.  According to one report, over
    110,000 users were affected, as well as some narrow-band unmetered
    customers.  A BT spokesman confirmed that there was a fault with BT's IP
    backbone network, known as Colossal.  "The service is now restored, and
    engineers are checking the resilience of the network now," he told
    said.  It is unclear what caused the fault.  "That's something that the
    engineers are investigating now," said the spokesman.  (Source: ZD News,
    UK, 20 November)
    
    A group of so-called "white hat" Filipino hackers called Asian Pride
    launched a series of attacks on 16 November on several Web sites.  The
    hackers, who apparently are based outside the Philippines, claim they
    are out to teach Filipino local ISPs a lesson in Internet security.
    Calling it "the 4 o Clock project," Asian Pride, which claims to be
    composed of Filipino freelance security enthusiasts, was allegedly able
    to intrude into the servers of local ISP Mosaic Communications Inc,
    uploading executable programs that would eventually modify a Web site's
    main page.  White hat hackers claim that they are not out to cause any
    damage, but only hack into systems to test vulnerabilities.  (Source:
    INQ7.net, 19 November)
    
    The Federal Agency of Government Communication and Information (FAPSI)
    is exhibiting the latest protection systems for technical means of data
    storage, processing and transmission at the Intellectual Cards of Russia
    2001 exhibition that opened in Moscow on  20 November.  The FAPSI and
    its licensees are exhibiting the latest developments in the sphere of
    Russian intellectual cards, as well as electronic documents designed on
    their basis to identify a Russian citizen and ensure cryptographic
    protection of identification data.  Among the technical solutions
    related to data protection in the sphere of economy that FAPSI licensees
    came up with are cryptographic protection means for fiscal data in cash
    registers.  (Source: Moscow Agentstvo Voyennykh Novostey, 20 November)
    
    Hackers have reportedly attacked 156 web sites in Vietnam, replacing the
    contents with self introductory information.  The Web sites were
    attacked early in the morning on 18 November, and it took about 10 hours
    to restore the sites, Vietnam Data Communications (VDC) Co. said.  VDC
    said the hackers were the same group that attacked 60 Vietnamese Web
    sites in August.  It did not provide any more information about the
    attacks or the material placed on the Web pages.  However, the Tuoi Tre
    (Youth) newspaper reported that the Web sites included those of
    prominent government agencies, such as the State Security Commission,
    the Communist umbrella group Vietnam Fatherland Front, the Vietnam
    Chamber of Commerce & Industry, and the Ministry of Education and
    Training.  The hackers' group is named revengetheplanet, it said.
    (Source: Mercury News, 20 November)
    
    A new UN task force on technology vowed to fight poverty, improve
    education, and create jobs by expanding access to the Internet and other
    communications tools in the developing world. The task force joins other
    private and government initiatives already in place, but differs by
    tapping the UN's reputation and resources.  "In spite of the other
    initiatives, the task is still daunting," said Jose Maria Figueres, task
    force chairman and former Costa Rican president. "The UN has many
    additional, competitive advantages that the other initiatives don't
    have."  Many believe technology will be important in fighting poverty,
    illiteracy, AIDS and societal ills identified during last year's UN
    Millennium Summit.  (Source: Associated Press, 20 November)
    
    Government: - The White House is moving forward with several IT
    initiatives to try to create a more secure government and nation,
    including a cyberwarning network.  Among the top initiatives is the
    development and implementation of a National Infrastructure Simulation
    and Analysis Center, an idea from Sen. Pete Domenici (R-N.M.) that
    Congress incorporated into the USA Patriot Act of 2001.  The act
    authorizes $20 million for the DoD in fiscal 2002.  The center will
    provide modeling, simulation and analysis of the critical
    infrastructure, including the cyber, telecommunications and physical
    infrastructures, across federal, state and local governments and the
    private sector.  The center's work is designed to enable the government
    to better understand the relationships among systems and networks, and
    to determine ways to mitigate threats to those systems and the
    infrastructure as a whole.  (Source: Federal Computer Week, 19 November)
    
    A number of federal agencies are preparing to fight back against hackers
    who attack their
    computer systems.  The Department of Veteran Affairs (VA) will soon ask
    industry to help it create an IT security center that can monitor agency
    systems for intrusions, retaliate against hackers, and gather forensic
    evidence of intrusions to use in prosecutions.  "We want an operation
    that is ready to respond 24 hours a day," said Bruce Brody, associate
    deputy assistant secretary for computer security at VA.  The DoD, which
    saw a doubling of attacks on its computer systems in the last year, also
    is looking to get tough with hackers.  The efforts come amid warnings
    that hostile groups abroad are planning attacks on federal and
    private-sector networks.  (Source: Federal Times, 20 November)
    
    Before 11 September, if one were clever enough to infiltrate a federal
    computer network, they were considered a hacker.  Following the recent
    passage of the USA Act, which grants law enforcement sweeping powers to
    investigate and prosecute potential threats to national security, you
    could be labeled a "cyberterrorist" and face up to 20 years in prison.
    "I think it's going to make a lot of the hackers out there pause and
    think before they act," said Elgin K., a self described former white hat
    hacker who claims to have been associated with a group called The Cult
    of the Dead Cow. "On the flip side, there are probably a few demented
    souls who will find that an added attraction."  (Source: USA Today
    Electronic News, 20 November)
    
    Military - NTR
    
    U.S. SECTOR INFORMATION:
    
    Transportation - Still reeling from the terrorist attacks, major
    airlines have eliminated huge numbers of IT workers and contractors,
    delayed network upgrades, and shelved other projects that do not
    directly contribute to the bottom line.  Some of the priorities for
    their remaining IT resources are using the Web to smooth communications
    with frazzled travelers, cut costs, and boost airport security.  A good
    example of the  IT restructuring priorities most airlines have gone
    through is Delta's prioritization process.  For example, projects that
    were close to completion or deemed critical to the airline were
    completed.  Some were re-scoped and slowed down while others were
    postponed until 2002.  The common strategy here being to put off
    technology growth expectations, like upgrades of decision support
    systems and internal servers that run some of the corporate
    communications until the middle of next year, when traffic is expected
    to come back.  (Source: Internet Week, 20 November 2001)
    
    Emergency Services - Addressing the lack of interoperability among
    firefighters, police and emergency medical personnel, the Maryland state
    government is planning to install voice and data communications systems
    that would help such personnel talk with one other across
    jurisdictions.  The voice system, which will be implemented in nine
    months, will provide coverage in most of central Maryland.  The system
    is a patching network where up to five jurisdictions, for example,
    local, federal and military agencies, could be patched together with one
    another so there is fluid communication.  Deployment of the connector
    devices will begin this month and go through several phases, including
    design, installation, training and then evaluation for performance.  In
    case of a critical event during the interim, the state police have a
    mobile command post to facilitate voice interoperability, but it would
    be limited in scope.  The system also will enable users to send messages
    within and outside their own agencies as well as record suspicious
    persons or vehicles and circumstances.  (Source: Federal Computer Week,
    20 November 2001)
    
    Electrical Power - NTR
    Water Supply - NTR
    Banking and Finance - NTR
    Government Services - NTR
    Gas and Oil Storage Distribution - NTR
    Telecommunications - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:41 PDT