CRIME NIPC Daily Report 5 Jun 02

From: George Heuston (GeorgeH@private)
Date: Wed Jun 05 2002 - 08:24:00 PDT

  • Next message: Alan: "Re: CRIME Thursday night's Town Hall at PSU"

    NIPC issues Advisory 02-004, "ISC BIND 9 DoS Vulnerability." The 
    vulnerability is in version 9.x below 9.2.0. The exploitation of this 
    vulnerability will cause vulnerable BIND server(s) to abort and shut 
    down, which could possibly cause a Denial-of- Service (DoS). The NIPC 
    urges the community to apply patches from vendors to upgrade their 
    version of BIND 9 to BIND 9.2.1. The NIPC's Advisory can be viewed at 
    www.nipc.gov/warnings/advisories/2002/02-004.htm.
    
    Utilities unite against power-grid oversight. A coalition of Pacific 
    Northwest public utilities stepped up its opposition to federal plans 
    for a regional agency to oversee electricity transmission across the 
    West, claiming it would boost rates and open the grid to Enron-style 
    market abuse. Coalition leaders say the proposed "regional transmission 
    organization," or RTO, would add a layer of costly federal bureaucracy 
    that would strip control of the power grid from local governments and 
    utilities that are accountable to voters and customers. FERC Chairman 
    Patrick Wood III acknowledged the concerns of the utilities and said he 
    wants to make sure any new regional organization would be able to 
    prevent price manipulation or the kinds of energy deregulation problems 
    that led to a January 2001 statewide emergency in California. However, 
    Mr. Wood would not back off plans to develop the new organization, 
    saying regional cooperation on energy planning is needed to sustain 
    economic growth and prevent transmission-system bottlenecks. FERC has 
    called for establishing the new regional organization as part of a 
    broader federal effort to standardize transmission systems across the 
    country. (Seattle Times, 4 June)
    
    Electric Power Research Institute (EPRI) Reliability Initiative 
    identifies industry best practices. On 13 May EPRI, a non-profit center 
    for public interest energy and environmental research, announced the 
    completion of the first comprehensive database of electricity 
    distribution practices across the nation. The information was gathered 
    during EPRIs Power Delivery Reliability Initiative Distribution Project 
    and will be used by utility companies to develop strategies for 
    improving system reliability in the most cost-effective manner. Funded 
    entirely by 40-plus utility members, the Reliability Initiative was 
    directed by EPRI on behalf of the electric power industry, in 
    coordination with the North American Electric Reliability Council 
    (NERC). EPRIs Distribution Program Knowledge Base now contains detailed 
    descriptions of hundreds of distribution system practices. By using the 
    database, distribution companies learn how other utilities solve 
    reliability problems and can adapt the appropriate practices to improve 
    their own system performance. (Power Engineering International, 3 June)
    
    Privacy vs. security. Driven by provisions in the USA Patriot Act 
    (anti-terror legislation approved after Sept. 11); banks, securities 
    firms and other companies are installing computer systems that draw 
    together millions of transactions in the search for money laundering, 
    terrorist financing or other unusual patterns. Congress also requires 
    that financial companies authenticate new customers, check their 
    identities against government watch lists and maintain records for 
    government scrutiny. The law encourages financial institutions to share 
    information among themselves about customers suspected of being involved 
    in terrorism or money laundering, and it gives them protection from 
    legal liability for doing so. In addition, it gives law enforcement and 
    intelligence agencies greater access to confidential information without 
    a subpoena in requiring that credit bureaus secretly turn over credit 
    reports to the CIA, National Security Agency and other intelligence 
    agencies when presented with a request signed by a senior agency 
    official. (Washington Post, 3 June)
    
    DOT expects baggage screeners to be out of view. Checked bags should be 
    screened for explosives as they travel from the ticket counter to the 
    airplane, the head of the Transportation Security Administration says. 
    The intention is for bags to be examined after check-in but before being 
    loaded on the plane. The inspections would be done without the 
    passengers watching, though a traveler could be called if the machine's 
    alarm goes off and the bag needs to be opened and searched by hand, 
    officials said. The process would not add to the congestion of the 
    check-in and passenger screening process, instead becoming part of the 
    normal process of transferring the baggage from the ticket counter to 
    the airplane. (Associated Press, 4 June)
    
    Pakistan - War in cyberspace. Pakistan is both overtly and covertly 
    causing cyber disturbances in India. Among the covert activities, 
    Pakistan has started supporting and funding groups involved in cyber 
    attacks on Indian nets. Such cyber attacks have been directed against 
    the Indian government and corporate nets. Cyber attacks intensify when 
    the physical tensions escalate between the two nations. The present 
    tensions could also have renewed attacks from Pakistani cyber forces. 
    (Asia Intelligence Wire, 31 May)
    
    Download sites hacked, source code contaminated. According to the 
    program developer, the source code to the Dsniff, Fragroute and 
    Fragrouter security tools was contaminated on 17 May after an attacker 
    gained unauthorized access to the site. When installed on a Unix-based 
    machine, the modified programs open a backdoor accessible to a remote 
    server hosted by RCN Corporation, according to an excerpt of the 
    contaminated Fragroute program posted on 31 May to Bugtraq. Nearly 2,000 
    copies of the booby-trapped security programs were downloaded by 
    unsuspecting Internet users before the malicious code was discovered on 
    24 May. (Security Focus, 3 June)
    
    City landlords get a primer for spotting terrorist tenants. Landlords 
    should be suspicious of tenants who insist on first-floor apartments, 
    have little furniture, use cash, prefer pay phones and try to hide their 
    identities, New York Police Department officials said at a 3 June 
    briefing on fighting terrorism. The closed three-hour meeting at 1 
    Police Plaza drew 250 landlords and real estate executives, who were 
    given a 38-page handbook that covered topics including understanding 
    terrorist goals, spotting fake
    passports and ingredients used in making a pipe bomb. (New York Times, 4 
    June)
    
    Training targets computer crimes. In an attempt to reduce criminal 
    activity in the PC world, additional training on investigating and 
    prosecuting cyber criminals will be available this fall to personnel in 
    the offices of the attorneys general in each of the 50 states. Criminal 
    activity over the Internet and on computer systems has become more 
    sophisticated, making it extremely difficult to investigate crimes and 
    prosecute "hackers." The difficulty magnifies when computers and other 
    equipment are used to commit crimes across jurisdictional boundaries. 
    (Federal Computer Week, 4 June)
    



    This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 09:22:06 PDT