NIPC Daily Report 21 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Bioterror risk high for rural America. Rural areas -- often remote from major medical centers and lacking physicians -- are particularly vulnerable to disease outbreaks and bioterrorist attacks, says a leading public health official in the Bush administration. While the events of Sept. 11 focused the nation's attention on New York City and Washington, D.C., public health advocates recognized that rural communities also were coping with anthrax threats and the potential of a bioterrorist attack. Unlike metropolitan centers, sparsely populated counties don't have nearly the same number of hospitals and physicians available to respond to an outbreak or intentionally released pathogen. Many are poorly connected to major health centers. And in some cases, the doctors are not trained to recognize and treat the illness in question. (timesunion.com, 19 Mar) Homeland defense may mean expanded role for leathernecks. In the event of a terrorist strike on US soil, the Marine Corps could contribute thousands of leathernecks to assist federal agencies at a moment's notice. Reservists from 2nd Battalion, 23rd Marines, based at Camp Pendleton, Calif., and an active-duty infantry battalion from Camp Lejeune, N.C., are part of a 45,000-Marine force at the disposal of federal agencies. Maj. Gen. Martin Berndt, commander of II Marine Expeditionary Force at Lejeune, commands the Marine homeland-security force. Government entities such as the Federal Emergency Management Agency and the Justice Department could use Marines to provide perimeter security or vehicle checkpoints at a crisis site. Agencies would request Marine Corps assistance through Joint Forces Command, the military headquarters for homeland security. (Marine Corps Times, 25 Mar) US space dominance faces growing threats, officials say. According to intelligence officials, the US faces growing threats to its space dominance, as potential adversaries are making significant progress in fielding their own space assets and developing tools to disrupt American space systems. Testifying before the Senate Armed Services Committee on 19 March, Navy Vice Admiral Thomas Wilson, director of the Defense Intelligence Agency, said that, by 2010, possible enemies are expected to have more means at their disposal to impede US space support systems. China and Russia have the most counter-space capabilities now, but other countries, as well as non-state entities, also are pursuing them in hopes of turning US reliance on space into a weakness that could be exploited in a conflict. Potential adversaries are exploring such capabilities as directed energy weapons, space object tracking systems, physical attacks on satellite ground stations, signals jamming, and information attacks against computer and communication systems. The least sophisticated options are the ones most likely to become available to a "broader array of actors," Wilson said. An attack on a ground station, for example, is "obviously the larger threat" than a direct assault on satellites. (Aerospace Daily, 20 Mar) Intelligence chiefs discuss threats to national security. Commercially available information technology will play a stronger role in "asymmetric" threats from terrorist groups and enemy states over the next decade, the nation's top intelligence officials told the Senate Armed Services Committee on 19 March. "Information operations can employ a range of capabilities, including electronic warfare, psychological operations, physical attack, denial and deception, computer network attack and the use of more exotic technologies such as directed energy weapons or electromagnetic-pulse weapons," Vice Admiral Thomas Wilson, director of the Defense Intelligence Agency said. Wilson said the global availability of hacking software over the Internet, for example, could provide "almost any interested US adversary" with, basic computer network attack capabilities. CIA Director George Tenet agreed that cyber warfare will become an "increasingly viable option" for terrorists and other adversaries as they become more familiar with potential critical infrastructure targets, and more adept at using technologies that could damage them. (National Journal's Technology Daily, 19 Mar) CIA removes tracking software. The agency removed software from one of its Web sites this week after a private group discovered that the CIA was using banned Internet tracking technology called "cookies," said Mike Stepp, who manages the CIA's public Web site. Stepp said an outside company had redesigned the reading room Web site, which was posted to the Internet on 29 January. "It was a mistake on our part. It was not intentional. Unbeknownst to us, it was loaded with some software, commercial off-the-shelf software used for Web analysis." The software included a cookie that tracked repeat visitors to the site. To make sure no improper information about site visitors had been recorded, Stepp said two sets of log files would be destroyed. (Associated Press, 20 Mar) Security flaw found in Microsoft Java software. Microsoft has released a bulletin advising of a second vulnerability in software that allows Windows users to run programs written in Java, a Microsoft program manager said 19 March. Microsoft and Sun Microsystems, creator of the Java programming language, released a joint bulletin about the first vulnerability affecting the Java Virtual Machine code on 4 March. Both vulnerabilities were rated "critical" because of the harm they could cause, however there have been no known attempts to exploit the vulnerabilities. An update to Microsoft's Java Virtual Machine released on 4 March fixes both vulnerabilities. Users are only at risk if they go through a proxy server to access Web sites, as is common in corporations but not homes. Proxy servers are commonly used to cache content on frequently accessed Web sites, housing it on a server closer to the end user so that the downloading is faster. (InfoSec News, 19 Mar) Best place for a break-in? The front door. A senior information security consultant emphasizes the importance of protecting beyond the firewall, encouraging focus on physical and procedural aspects of security as well as technology. Suggesting that much of the information malicious hackers would need to break into a system is easily obtained from unwary internal sources, he advocates not only the application of an enterprise-wide, standard operating environment, but a deliberate limiting of internal information availability. According to a senior scientist who monitors a quarter of all Federal Government agencies, probe packets detected at the top layer of these networks has increased from 300,000 to 1.2 million since the 11 September attack on the World Trade Center and the subsequent war in Afghanistan. "We have seen a significant increase in those emanating from the Middle East and South East Asia," he said. While he concedes many of these attacks are relatively harmless, he said the sheer quantity served to mask some of the more sophisticated and targeted attacks. (ZDNet Australia, 19 Mar) Social hacking hits IM. Users of public instant-messaging (IM) networks and Internet Relay Chat (IRC), beware: You may be the target of malicious hackers -- known as "crackers" - who want to use your computer in a distributed denial-of-service (DDoS) attack against other Web sites. Simple participation in those networks won't put you directly at risk. However, the CERT Coordination Center has published an incident note with a warning to anyone running a system that uses IRC or public IM networks. CERT says it has received reports of "social engineering attacks," where crackers trick unsuspecting users into downloading and executing software that can be used to launch a DDoS attack. (Internet News, 20 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:29 PDT