CRIME FW: NIPC Daily Report, 9 January 2002

From: George Heuston (GeorgeH@private)
Date: Wed Jan 09 2002 - 08:24:23 PST

  • Next message: George Heuston: "CRIME FW: NIPC Daily Report, 10 January 2002"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Wednesday, January 09, 2002 7:34 AM
    To: Daily Distribution
    Subject: NIPC Daily Report, 9 January 2002
    
    
    The NIPC Daily Report
    09 January 2002
    
    NOTE: Please understand that this is for informational purposes only and 
    does not constitute any verification of the information contained in the 
    report nor does this constitute endorsement by the NIPC or the FBI.
    
    The NIPC Watch and Warning Unit compiles this report to provide 
    situational awareness of issues impacting the integrity and capability 
    of the nation's critical infrastructures.
    
    Security bug affects all current versions of Internet Explorer for Windows
    
    Microsoft has a "severe" flaw in its Internet Explorer web browser. 
    According to ThePull, an independent security researcher who discovered 
    it, the vulnerability provides attackers with a grab-bag of techniques 
    for stealing other users' browser cookies, reading hard disk files, and 
    "spoofing" legitimate web sites. Concerned IE users can protect 
    themselves by disabling active scripting in their browser. (Newsbytes, 7 
    January)
    
    SWF/LFM-926 Virus infects Macromedia Flash; possibly intensifies 
    malicious code threat
    
    SWF/LFM is a "proof of concept" virus with a "relatively harmless" 
    payload. But this first-ever assault against Macromedia raises concerns 
    that malicious code writers will gain a new method for infecting 
    Internet users. According to Sophos, an anti-virus software firm, 
    SWF/LFM-926 infects Flash files with an .SWF extension in the current 
    directory on computers running Microsoft Windows operating systems. 
    SW/LFM-926 relies on ActionScript, a scripting language built into 
    Flash, the anti-virus software firm said. When the infected animation 
    plays, it invokes the DOS debugger program and creates a second program 
    that infects other Flash files. (Newsbytes 8 January)
    
    National Infrastructure Simulation and Analysis Center augments national 
    security defense
    
    The federal government plans to use computer?simulated attacks on the 
    nation's infrastructure to develop national security defenses. 
    Scientists and engineers at the center are putting together a computer 
    simulation of airlines, railroads, gas pipelines, telecommunications and 
    other networks in what the program's overseers call an "acupuncture map" 
    of the nation's critical infrastructures. The goal is to determine the 
    best responses to attacks or breakdowns of the systems that keep the US 
    working. (Washington Times, 9 January)
    
    Canadians see bin Laden as a cyber threat
    
    The Canadian Office of Critical Infrastructure Protection and Emergency 
    Services has raised the possibility of future cyber attacks by Osama bin 
    Laden agents or sympathizers against critical infrastructure facilities, 
    such as the US telecommunications grid, electric power facilities, or 
    oil and natural gas pipelines. Although there has been no evidence of 
    this kind of activity to date, the Canadians say that Bin Laden's vast 
    financial resources give him the capability to buy the equipment and 
    talent needed for a short order cyberattack. (Computer World, 8 January)
    
    Brits experience sharp increase in cyber attack
    
    British intelligence unit MI2G reports that attacks on government 
    domains ( .co.uk and .org.uk ) rose 378-percent, from 9 attacks in 2000 
    to 43 attacks in 2001. Anti-capitalist protests, criminal activities and 
    anti-NATO sentiments were the principal motivations behind the UK attacks.
    
    German study recommends counter-hacker options
    
    The German Ministry of Defense and the German Foreign Office, in a joint 
    study recommends creating a special office for handling hacker attacks. 
    Officials fear German communications networks and systems would fall too 
    easily to serious government-supported intrusions. The study recommends 
    increasing government spending for preparations against hacker attacks 
    and urges developing national software and cryptographic applications. 
    (Europemedia, 7 January)
    
    Livermore network intruder pleads guilty
    
    Benjamin Breuninger, AKA "KON" or "KONCEPTOR" online, admitted that he 
    hacked the Livermore network, installed programs to give him ongoing 
    access and downloaded lab budget information. Sentencing is set for 12 
    April. Breuninger could get five years in prison, and incur a $250,000 
    fine. (Associated Press, 8 January)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:18 PDT