-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, November 21, 2001 9:55 AM To: daily Subject: NIPC Daily Report 21 November 2001 Importance: High NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - The National Infrastructure Protection Center (NIPC) is monitoring a potential new remotely exploitable vulnerability associated with the Washington University File Transfer Protocol (WU-FTP) Software Package. WU-FTP is a common package used to provide FTP Services. Details on the vulnerability are currently unavailable, but due to the nature and severity of previous WU-FTP vulnerabilities, the NIPC is warning administrators to closely monitor their WU-FTP systems. Depending on the importance of the FTP service being provided, administrators may consider disabling the service until additional details and any required corrections are available. Additionally, here is a new worm called W32/SQLWorm that has been found in the wild which targets insecure (default) configurations of Microsoft's SQL server that have either (1) "sa" accounts with an empty password and/or (2) the "Extended Stored Procedure Parameter Parsing" vulnerability discussed in Microsoft Security Bulletin MS00-092. The SQL Worm reportedly propagates itself by scanning for systems that have opened port 1433. When it finds a system that has the port open, it downloads the files dnsservice.exe,win 32mon.exe, and win32bnc.exe from foo.com (IP Address 207.29.192.160) and starts them. The files appear to be variants of a Distributed Denial of Service tool called "Katen" or "Kaiten." The system then connects to an IRC channel, bots.kujikiri.net, on port 6669 and starts scanning for other vulnerable systems. The NIPC has not received any specific reports of infections, but is currently monitoring this worm and will advise of any changes. Additional details on the worm can be found on the SecurityFocus.com Web site. Private Sector - Ziff Davis Media, which publishes such popular technical titles such as Yahoo Internet Life and PC Magazine, accidentally posted the personal information of about 12,500 magazine subscribers on its Web site. On 19 November, Ziff Davis removed the data, which included hundreds of credit card numbers, and said its engineers had taken steps to prevent additional security leaks. "We discovered that there was a problem on the site and we pulled the information down," said spokesman Randy Zane. "We're contacting all the subscribers, the people who were affected." Because Ziff Davis' file included names, mailing addresses, e-mail addresses, and in some cases, credit card numbers, a thief who downloaded it would have enough information to make fraudulent mail-order purchases. (Source: Wired News, 20 November) According to Computer Economics, a US-based research firm, the global cost of virus attacks on information systems such as Melissa, Anna Kournikova, and the Code Red worm, have this year reached $11.8 billion. But lately, the need to combat cyberwarfare is intensifying. "The increasing paranoia among business since September has compelled companies to take a more serious approach to securing enterprise networks," said Jaclynn Bumback, research analyst at US-based Cahners In-Stat Group, a digital-communications research group. (Source: Far Eastern Economic Review, 18 November) According to a Business Week article, the major high-speed Internet service providers discourage the use of personal firewalls, citing finicky configuration problems, even though most security experts urge home PC users to run an inexpensive personal firewall. Despite a wide consensus in the security community that firewalls are a must for always-on connections, the vast majority of broadband ISPs that offer cable and digital subscriber line reportedly have yet to acknowledge this reality to their customers. The problem is that if a cable company tells the average customer that it does not support firewalls, in all likelihood that customer will shut down his security software at the first hint of trouble, leaving himself completely vulnerable to cyber attack. Perhaps more serious, a customer's unprotected connection could do serious damage to the ISP if it's used to launch a bandwidth-hogging denial of service attack. The broadband ISPs say supporting firewalls is not easy, suggesting customers should be responsible for anything they choose to put on their computer. (Source: Business Week, 20 November) International - Tens of thousands of high-speed Internet users were unable to access the Web on the morning of 20 November, because of a serious system failure on British Telecom's (BT) network. The crash hit ADSL subscribers early 20 November. According to one report, over 110,000 users were affected, as well as some narrow-band unmetered customers. A BT spokesman confirmed that there was a fault with BT's IP backbone network, known as Colossal. "The service is now restored, and engineers are checking the resilience of the network now," he told said. It is unclear what caused the fault. "That's something that the engineers are investigating now," said the spokesman. (Source: ZD News, UK, 20 November) A group of so-called "white hat" Filipino hackers called Asian Pride launched a series of attacks on 16 November on several Web sites. The hackers, who apparently are based outside the Philippines, claim they are out to teach Filipino local ISPs a lesson in Internet security. Calling it "the 4 o Clock project," Asian Pride, which claims to be composed of Filipino freelance security enthusiasts, was allegedly able to intrude into the servers of local ISP Mosaic Communications Inc, uploading executable programs that would eventually modify a Web site's main page. White hat hackers claim that they are not out to cause any damage, but only hack into systems to test vulnerabilities. (Source: INQ7.net, 19 November) The Federal Agency of Government Communication and Information (FAPSI) is exhibiting the latest protection systems for technical means of data storage, processing and transmission at the Intellectual Cards of Russia 2001 exhibition that opened in Moscow on 20 November. The FAPSI and its licensees are exhibiting the latest developments in the sphere of Russian intellectual cards, as well as electronic documents designed on their basis to identify a Russian citizen and ensure cryptographic protection of identification data. Among the technical solutions related to data protection in the sphere of economy that FAPSI licensees came up with are cryptographic protection means for fiscal data in cash registers. (Source: Moscow Agentstvo Voyennykh Novostey, 20 November) Hackers have reportedly attacked 156 web sites in Vietnam, replacing the contents with self introductory information. The Web sites were attacked early in the morning on 18 November, and it took about 10 hours to restore the sites, Vietnam Data Communications (VDC) Co. said. VDC said the hackers were the same group that attacked 60 Vietnamese Web sites in August. It did not provide any more information about the attacks or the material placed on the Web pages. However, the Tuoi Tre (Youth) newspaper reported that the Web sites included those of prominent government agencies, such as the State Security Commission, the Communist umbrella group Vietnam Fatherland Front, the Vietnam Chamber of Commerce & Industry, and the Ministry of Education and Training. The hackers' group is named revengetheplanet, it said. (Source: Mercury News, 20 November) A new UN task force on technology vowed to fight poverty, improve education, and create jobs by expanding access to the Internet and other communications tools in the developing world. The task force joins other private and government initiatives already in place, but differs by tapping the UN's reputation and resources. "In spite of the other initiatives, the task is still daunting," said Jose Maria Figueres, task force chairman and former Costa Rican president. "The UN has many additional, competitive advantages that the other initiatives don't have." Many believe technology will be important in fighting poverty, illiteracy, AIDS and societal ills identified during last year's UN Millennium Summit. (Source: Associated Press, 20 November) Government: - The White House is moving forward with several IT initiatives to try to create a more secure government and nation, including a cyberwarning network. Among the top initiatives is the development and implementation of a National Infrastructure Simulation and Analysis Center, an idea from Sen. Pete Domenici (R-N.M.) that Congress incorporated into the USA Patriot Act of 2001. The act authorizes $20 million for the DoD in fiscal 2002. The center will provide modeling, simulation and analysis of the critical infrastructure, including the cyber, telecommunications and physical infrastructures, across federal, state and local governments and the private sector. The center's work is designed to enable the government to better understand the relationships among systems and networks, and to determine ways to mitigate threats to those systems and the infrastructure as a whole. (Source: Federal Computer Week, 19 November) A number of federal agencies are preparing to fight back against hackers who attack their computer systems. The Department of Veteran Affairs (VA) will soon ask industry to help it create an IT security center that can monitor agency systems for intrusions, retaliate against hackers, and gather forensic evidence of intrusions to use in prosecutions. "We want an operation that is ready to respond 24 hours a day," said Bruce Brody, associate deputy assistant secretary for computer security at VA. The DoD, which saw a doubling of attacks on its computer systems in the last year, also is looking to get tough with hackers. The efforts come amid warnings that hostile groups abroad are planning attacks on federal and private-sector networks. (Source: Federal Times, 20 November) Before 11 September, if one were clever enough to infiltrate a federal computer network, they were considered a hacker. Following the recent passage of the USA Act, which grants law enforcement sweeping powers to investigate and prosecute potential threats to national security, you could be labeled a "cyberterrorist" and face up to 20 years in prison. "I think it's going to make a lot of the hackers out there pause and think before they act," said Elgin K., a self described former white hat hacker who claims to have been associated with a group called The Cult of the Dead Cow. "On the flip side, there are probably a few demented souls who will find that an added attraction." (Source: USA Today Electronic News, 20 November) Military - NTR U.S. SECTOR INFORMATION: Transportation - Still reeling from the terrorist attacks, major airlines have eliminated huge numbers of IT workers and contractors, delayed network upgrades, and shelved other projects that do not directly contribute to the bottom line. Some of the priorities for their remaining IT resources are using the Web to smooth communications with frazzled travelers, cut costs, and boost airport security. A good example of the IT restructuring priorities most airlines have gone through is Delta's prioritization process. For example, projects that were close to completion or deemed critical to the airline were completed. Some were re-scoped and slowed down while others were postponed until 2002. The common strategy here being to put off technology growth expectations, like upgrades of decision support systems and internal servers that run some of the corporate communications until the middle of next year, when traffic is expected to come back. (Source: Internet Week, 20 November 2001) Emergency Services - Addressing the lack of interoperability among firefighters, police and emergency medical personnel, the Maryland state government is planning to install voice and data communications systems that would help such personnel talk with one other across jurisdictions. The voice system, which will be implemented in nine months, will provide coverage in most of central Maryland. The system is a patching network where up to five jurisdictions, for example, local, federal and military agencies, could be patched together with one another so there is fluid communication. Deployment of the connector devices will begin this month and go through several phases, including design, installation, training and then evaluation for performance. In case of a critical event during the interim, the state police have a mobile command post to facilitate voice interoperability, but it would be limited in scope. The system also will enable users to send messages within and outside their own agencies as well as record suspicious persons or vehicles and circumstances. (Source: Federal Computer Week, 20 November 2001) Electrical Power - NTR Water Supply - NTR Banking and Finance - NTR Government Services - NTR Gas and Oil Storage Distribution - NTR Telecommunications - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:41 PDT