-----Original Message----- From: NIPC Watch To: daily Sent: 12/3/01 8:23 AM Subject: The NIPC Daily Report for 3 December 2001 The NIPC Daily Report 3 December 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - No significant changes. Government - According to a mirror of the defacements captured by the Alldas defacement archive, two Web sites operated by the US government were attacked on 29 November by a group that threatened violence against Americans. The hackers vandalized the home page of the NOAA Office of High Performance Computing and Communications, as well a Web server operated by the National Institute of Health's National Human Genome Research Institute. In the message at the NIH site, the attackers called themselves "mujihadeens" and wrote "we are not hacker, we are just cyberterrorist." On the NOAA site, the group threatened "the greatest cyberterrorist attack against American government." The hackers did not identify the name of their group but signed the pages "anonymous." (Source: Newsbytes, 30 November) On 29 November, Mark Forman, Associate Director for IT and E-government at the Office of Management and Budget (OMB), told federal officials that they should strongly consider public-key infrastructures (PKI) to augment security for any new IT initiatives. Forman, who spoke at a PKI conference in Washington, stepped out of the usual OMB role to give IT managers guidance instead of just telling them what is expected of them. "PKI is integral to all of the president's management agenda," Forman told the audience of 500. "Agencies may not have thought too much about how certain projects involve security, but if they don't, they will not get funded. PKI has a bright future and is clearly an enabler." Since 1993, many agencies have tested forms of PKI for either their users or their customers, but few have moved to adopt it. "Government workers will be knowledge workers and must have information from multiple agencies to do their jobs," he said. "We need evolving platforms that will be open-source, such as Linux platforms." Officials from Veterans Affairs (VA), the Department Of Defense (DOD), and the Labor Department described their progress with PKI. VA plans to integrate PKI into its core financial system in March or April. DOD has issued more than 74,000 software certificates and plans to give all 3 million service members certificates over the next 18 months. (Source: Government Computer News, 29 November) International - A new school for computer hackers has opened in Paris, France. Zi Hackademy, based in Paris, charges approximately $61 US dollars, for a course of nine lessons in computer hacking. The teachers, none of whom go by their real names, have all worked on the French hackers' magazine Hackerz Voice, which teaches, amongst other things, how to invent false credit card details and fiddle your mobile phone bills. But the school maintains that the focus of the courses is ethical hacking and learning to protect yourself and your websites from malicious cyber attacks. The Paris police say they are watching the school with interest, but have not yet made any moves to close it down. (Source: Vnunet, 3 December) The number of required security patches and updates to security products during the past 12 months has so overwhelmed IT managers at most companies that the process now places network security at greater risk, a new study concludes. The study, conducted by UK-based managed security service provider Activis, a subsidiary of Germany-based Articon-Integralis AG, found that security managers at a company with an IT infrastructure consisting of only eight firewalls and nine servers would have had to make 1,315 updates to those systems in the past nine months alone, equal to five updates per working day. That number is based on the total number of updates and patches released during that time frame by some of the major software and security vendors. (Source: IDG News, 30 November) Military - NTR Private Sector - NTR U.S. SECTOR INFORMATION: Electrical Power - Legislation introduced on 29 November in the House and Senate would federalize nuclear security forces, stockpile radiation treatment drugs, call out the National Guard to protect nuclear power plants and change some Nuclear Regulatory Commission rules as a direct result of the 11 September terrorist attacks. The NRC "strongly opposes" the bill as drafted and the Nuclear Energy Institute calls the bill misguided. Senate Environment and Public Works Committee Chairman Jim Jeffords (I-Vt.), along with Majority Whip Harry Reid (D-Nev.) and Sens. Hillary Clinton (D-N.Y.) and Joseph Lieberman (D-Conn.), submitted the Nuclear Security Act of 2001. "Before the terrorist attacks on our homeland, security guards at nuclear facilities failed to defend their plants in mock terrorist attacks nearly 50 percent of the time. This is unacceptable," Reid said in a statement. "Our nation can't afford to have anything less than the best trained professionals guarding our nuclear power plants. If law enforcement agents are the right answer for America's airports [then] they are the right answer for guarding America's nuclear reactors." (Source: Environment and Energy Daily, 30 November) Telecommunications - On 1 December, At Home Corp. reached a tentative deal with a dozen cable companies to keep its high-speed Internet network up and running - at least temporarily. The cable companies signed a letter of intent with At Home to keep the service operating, a source close to the negotiations said yesterday. The deal does not include AT&T Broadband and its 800,000 customers, which were cut off from the Web and e-mail services 1 December after the nation's largest cable provider failed to reach an agreement with At Home to keep the service operating. At Home and the cable firms have been negotiating since 30 November after a federal bankruptcy judge in San Francisco ruled that the Internet service company had the right to end its contracts. (Source: Washington Post, 2 December) Transportation - NTR Banking and Finance -NTR Emergency Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:37 PDT