-----Original Message----- From: NIPC Watch To: Daily/Warning Distribution Sent: 12/10/01 8:03 AM Subject: NIPC Daily Report 10 December 2001 Importance: High NIPC Daily Report, 10 December 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Developments - (U) Four Israeli youths in Israeli police custody have admitted to creating and spreading the Goner A computer worm. The four are high school students, ages 15 and 16. American anti?virus companies have reported more than 400 cases of Goner attacks worldwide. Israeli police had been investigating the case for about a week. One of the youths has admitted creating the worm and the other three confessed to spreading it. Under Israeli law, the suspects could face between three and five years in jail if convicted. (Source: Associated Press, 8 November 2001) Government - (U) The Chief Executive Officers of 11 top software companies have called for better government security practices and stronger enforcement of laws against hackers and copyright infringers. Speaking from the Business Software Alliance conference, the executives expressed their willingness to work more closely with the government to combat cyber crime and deter terrorism activity. Symantec CEO John Thompson suggested that the government / private sector collaboration used in response to the Y2K challenge might serve as the model for future collaborative endeavors. (Source: National Journal's Technology Daily, 7 December) (U) The Nevada Cyber Crime Task Force has opened a new forensics laboratory. The lab will serve a base of operations for cyber-crime investigators, and will facilitate information sharing among task force members. According to (Las Vegas) Metro Police Lt. Steve Franks, "The task force and this building allows us to pool all our resources, and gets all our equipment and experts on the same page." The state of Nevada created the task force in 1999 to investigate computer?related crimes. Membership in the task force includes Nevada law enforcement agencies (Las Vegas Metro; Clark County (Nevada) School District Police; Nevada Department of Investigation), DOE, FBI, Secret Service, Internal Revenue Service, US Postal Inspectors, and the Nevada State Attorney General's office. One function of the lab will be picking up electric footprints left by hackers, pirates and cyber criminals. (Source: Las Vegas Sun, 6 December) (U) Michael Vatis, Director of the Institute for Security Technology Studies at Dartmouth College, believes the federal government doesn't have the resources to investigate cyberattacks on a nationwide basis, and should enlist the help of state and local agencies. Commenting from the National Conference of State Legislatures meeting on anti?terrorism technology, Vatis says cyber attacks can arrive from many sources, not just terrorists. To be effective in the detection and prevention of such incidents, state and local agencies would have to be trained and equipped for such activity. Vatis and his group have been working with state and local agencies to determine equipment, training, and financial resource needs. (Source: Federal Computer Week, 7 December) (U) Senator Ron Wyden (D-Ore.) proposes forming a technology force comprised of federal, state, local and private volunteers to serve the country in national emergencies. The senator does not foresee the theoretical National Emergency Technology Guard, or NET Guard, as a large government program, but thinks, "the government must create a structure to accept and implement a treasure trove of technological counsel, state?of?the?art equipment and hands?on help." Senator Wyden claim NET Guard would have made a big difference after the 11 September terrorist attacks by rapidly restoring telecommunications and computer networks. Wyden is not introducing legislation for NET Guard, but he wants the administration and the private sector to cooperate on building such a force. (Source: Government Computer News, 7 December) International - (U) Four people have been jailed, and a fifth given community service in connection with a major UK Internet banking?fraud case. The five were charged for their part in what the National Crime Squad (NCS) termed a "conspiracy to defraud financial institutions." An NCS spokesperson said the group attempted to defraud six Internet financial institutions ? Egg, Cahoot, Smile, Marbles, MBNA and Sony Card. Egg, the only financial institution to admit the fraudsters were attempting to compromise its security systems last year, said the case involved multiple credit applications. (Source: Newsbytes, 7 December) (U) An international treaty designed to protect copyright holders in the "digital age" is ready to become law now that 30 countries, including Japan and the US, have ratified it. The World Intellectual Property Organization (WIPO) Copyright Treaty, or WCT, is designed to protect the rights of composers, artists, writers, and others whose work is distributed over the Internet or other digital media. The West African nation of Gabon acceded to the pact, allowing it to take effect 6 March 2002 WIPO said. Among major industrialized nations, only the US and Japan have ratified WCT thus far. The European Union (EU) is expected to do so, but the parliaments of all 15 EU member states must first separately pass an EU directive with similar provisions, a process expected to be completed by late December 2002. The new pact clarifies that the right of reproduction in the analogue world also applies to Internet and digital media. Older copyright agreements were designed for traditional media like broadcasting. (Source: IDG News Service, 7 December) U.S. SECTOR INFORMATION Electrical Power - (U) The Nuclear Regulatory Commission (NRC) said it will propose "performance?based" rules for US nuclear power plants to conduct drills to prepare for possible sabotage or attack. "The proposed rule would amend the Commission's regulations to require power reactor licensees to conduct drills and exercises to evaluate their protective strategy against a simulated design basis threat of radiological sabotage," the NRC said. The US nuclear industry maintains that it has tightened security, and that the NRC already supervises mock attacks to test a plant's safeguards. The draft rule will be published in January 2002. A final regulation should be ready by November after the nuclear industry, environmental groups and other interested parties have a chance to provide suggestions. (Source: Reuters, 7 December) Banking and Finance - (U) On 7 December, a Fleet credit card services customer discovered a serious flaw in one of the bank's Web sites (mycard.fleet.com), apparently revealing private details of hundreds of thousands of transactions, including Social Security numbers, account numbers, places of employment, and annual income. The flaw makes it possible to view records of transactions recorded at the site dating back to April of 2000. While many of the transactions are mundane address request changes or simple balance transfers that don't reveal any private information, others detail much private information, including everything needed for identity theft. It appears that nearly 600,000 transaction records were exposed to the flaw. The firm has over 9 million accounts and $15 billion in managed receivables, making it the ninth largest Visa/MasterCard issuer in the nation. (Source: MSNBC, 7 December) Transportation - (U) The Bush administration is seeking broad new powers to protect major seaports from terrorist attacks. Hoping to prevent a 11 September - style attack from the sea, Transportation Secretary Norman Mineta asked Congress last week for authority to take a number of new security measures aimed at tightening control of major ports. While most of the effort to improve homeland security has focused on aviation, there is growing concern in Washington that the nation's 361 ports may prove a more vulnerable target. That concern is building amid reports that Osama bin Laden maintains a secret fleet of ships, under a variety of flags, to transport arms, drugs and recruits for his terrorist network. "Perhaps the most vulnerable link in our transportation system is the component that few Americans ever see: our major seaports," said Sen. Ernest F. Hollings, chief sponsor of a bill to bolster port security. (Source: Dailypress.com, 9 December)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:02 PDT