CRIME NIPC Daily Report 7 June 02

From: George Heuston (GeorgeH@private)
Date: Fri Jun 07 2002 - 12:48:59 PDT

  • Next message: Jerry Krummel: "RE: CRIME Kayak rental info."

    President Bush proposed a Cabinet-level Department of Homeland Security. 
    Among the new government functions the president's proposal would create 
    are a threat analysis unit office and an office to coordinate federal 
    programs with state and local officials. Those additions - as well as 
    the management and administration of the new agency - would be paid for 
    through savings from eliminating redundant functions in other agencies, 
    the report said. The new department would have four divisions, Border 
    transportation and security, Information analysis and infrastructure 
    protection, Emergency preparedness and response, and Chemical, 
    biological, radiological and nuclear countermeasures. The Secret 
    Service, which specializes in threat assessments and security at 
    high-profile events, would remain intact after moving from Treasury to 
    the new department. It is one of several agencies that would continue 
    their varied non-homeland defense chores at the new department. The FBI 
    and CIA would remain independent agencies. But one question remained 
    muddy: just what authority any new secretary of homeland security would 
    have over the FBI and CIA. A senior administration official briefing 
    reporters at the White House said the secretary could not order - only 
    strongly suggest - that the FBI investigate a lead. (CNN, 6 June)
    
    Bush plan backs IT infrastructure. The White House proposes developing a 
    single information technology infrastructure cutting across the many 
    federal organizations that would be folded into the Department of 
    Homeland Security. A system for interoperable communications between 
    emergency personnel and other first responders will be a "top priority" 
    for the Department, according to the plan. (Federal Computer Week, 6 June)
    
    FEMA will oversee all wireless efforts. The Federal Emergency Management 
    Agency will coordinate all federal wireless communications projects in a 
    bid to ensure interoperability and standards while avoiding stove-piped 
    systems. FEMA will take over Project SAFECOM, an Office of Management 
    and Budget e-government initiative, according to FEMA CIO Ron Miller. 
    The purpose of Project SAFECOM is to bring wireless project managers 
    together. SAFECOM will have four deputy program managers--from Commerce, 
    FEMA, Justice and Treasury--to oversee initiatives, Miller said. It also 
    will have a steering committee composed of representatives from user 
    groups such as the International Association of Chiefs of Police. 
    (Government Computer News, 5 June)
    
    WWU Comment: The previous two articles reflect the federal emphasis on 
    information sharing. Interoperability and timeliness is critical both 
    horizontally across similar levels of government such as in the FEMA and 
    Homeland Security examples as well as vertically between federal, state, 
    and local governments. State and local organizations will have the 
    greatest need for information in their front-line roles and have 
    valuable input to be considered when designing communication and 
    information systems.
    
    Smart card use booming. Smart cards, which contain a chip that can store 
    data such as a person's name and fingerprints, can help protect 
    agencies' networks, buildings and data against unauthorized access, said 
    Paul Kurtz, senior director for national security in the White House's 
    Office of Cyberspace Security. "Smart cards represent a possible 
    solution to the architectural problems of secure, mobile 
    identification," Kurtz said. Still, there are challenges, including 
    interoperability, infrastructure, privacy, security and cost. However, 
    smart cards are not the only solution, nor a "panacea," Kurtz warned. 
    The cards are a piece of a larger, coordinated effort to protect the 
    nation's infrastructure. (Federal Computer Week, 5 June)
    
    TSA plans two smart card pilot projects. The Transportation Security 
    Administration (TSA) plans to launch at least two pilot projects this 
    year for a smart card program that eventually will put the 
    identification technology into the hands of 10 million to 15 million 
    workers, a transportation official said June 5. The Aviation and 
    Transportation Security Act, signed in the wake of the Sept. 11 
    terrorist attacks, requires the department to develop a universal worker 
    identification system. The cards will provide secure access to buildings 
    and computer networks and will hold biometrics, most likely in the form 
    of fingerprints. TSA will also set the policy for trusted traveler cards 
    for frequent airline passengers in the near future. John Magaw, 
    Transportation undersecretary for security, has said that there is no 
    card that will allow people to get through security completely. The 
    trusted traveler cards could be developed in tandem with the smart cards 
    and will use the same architecture. TSA is coordinating its effort with 
    the Federal Aviation Administration, which is moving forward with its 
    own smart card pilot project. Both agencies will align their programs 
    with GSA-developed smart card interoperability specifications. (Federal 
    Computer Week, 6 June)
    
    WWU Comment: The benefits of smart cards in terms of interoperability, 
    standardization, and convenience must be weighed against security and 
    privacy concerns. The above articles refer to privacy concerns but do 
    not cite the security risks of having a single method to control 
    identification, physical access, network access, and personal 
    information. Multiple layers of security are necessary to protect 
    against a compromise due to greater access granted to protected areas 
    and data more so than may actually be required for one to perform their job.
    
    Info sharing bill gains support. The Homeland Security Information 
    Sharing Act requires the administration to develop a plan within six 
    months that will outline how sensitive, but unclassified, federal 
    information can be shared with the appropriate officials within state 
    and local law enforcement. The plan must also outline a process for 
    removing sensitive information from classified information so that it 
    may be shared with these organizations. This will enable first 
    responders to receive more detailed, timely information on potential 
    threats. The Bill calls for the administration to outline systems that 
    can be used to share information in a timely manner, and it fosters the 
    use of existing systems, such as the National Law Enforcement 
    Telecommunication System (NTWS) and the Regional Information Sharing 
    Systems (RISS). (Federal Computer Week, 5 June)
    
    Tech factors in port protection. The Maritime Transportation 
    Anti-Terrorism Act authorizes $83 million annually in grants for 
    enhanced facility security at U.S. ports for the next three fiscal 
    years. These grants will help cover the cost of anti-terrorism 
    improvements and fund projects to determine which technologies will 
    improve port security the best. The legislation would give the Coast 
    Guard the authority deny entry to vessels from foreign ports with 
    inadequate security and dispatch "sea marshals" to respond to terrorist 
    threats. The legislation requires the government to develop 
    anti-terrorism cargo identification and screening systems for 
    containers. (Federal Computer Week, 6 June)
    
    New technology maximizes grid capacity, eliminating power outages. 
    "Electricity reliability is a major problem in the U.S. and around the 
    world," said Roberto Torres, an analyst with Frost & Sullivan. "The 
    smartest and quickest way to improve reliability is to maximize grid 
    capacity through improved technologies." A product called Advanced Grid 
    Observation Reliable Algorithms (AGORA), allows power system operators 
    to effectively simulate the activity on a power grid under any 
    condition, allowing for more accurate operations and planning. For more 
    than 30 years, the Newton-Raphson method has been used industry-wide as 
    a tool to analyze the behavior of electrical power systems. This method 
    can provide incorrect information that could result in inaccurate system 
    planning, especially in more complex electrical systems. (Utility 
    Automation, 6 June)
    
    Rocket cache found near Moscow airport. Detectives said on 6 June that 
    they had discovered a cache of surface-to-air rockets buried near a 
    Moscow airport. Following a tip, police uncovered the munitions hidden 
    in a cemetery directly under the flight path of aircraft landing at 
    Vnukovo airport, southwest of Moscow. ''One version (of the story) is 
    they were stolen from a military unit to be sold to criminal groups. The 
    second (version) is that a terrorist act was being planned against 
    aircraft, because this cache was located directly under the flight path 
    for landing,'' Moscow police spokesman Kiril Mazurin said. The airport 
    mainly handles domestic flights, but also some charter flights abroad. 
    According to experts, anyone with minimal training would be able to arm 
    and fire the rockets. (Reuters, 6 June)
    
    WWU Comment: Although this incident occurred in Russia, there are two 
    concerns for US transportation activity. American charter aircraft could 
    be targeted at this site or the operatives could be training and 
    developing techniques to be used in the US or at international airports 
    used by American carriers.
    
    FAA forges ahead with STARS. The Standard Terminal Automation 
    Replacement System (STARS) eventually will swap aging equipment for new 
    color displays, processors and computer software at 173 air traffic 
    control facilities nationwide. The Federal Aviation Administration plans 
    to install STARS in Philadelphia in November despite several unresolved 
    problems described in an inspector general report released June 5. STARS 
    has been used in pilot projects at airports in Syracuse, New York and El 
    Paso, Texas, since 1999. The agency "fundamentally disagrees" with the 
    conclusions of the report and contends "it will not deploy a system that 
    is unsafe," FAA Administrator Jane Garvey said in a memorandum to 
    Transportation Department Inspector General Kenneth Mead. (Federal 
    Computer Week, 6 June)
    
    FAA installs a new system for weather data. The Weather and Radar 
    Processor system recently went online in Fort Worth, Texas. It allows 
    controllers to see advanced Doppler radar weather information along with 
    aircraft position data. The system will help controllers reroute air 
    traffic to avoid severe weather, FAA officials said. This real time 
    information gives controllers a better view of localized precipitation 
    and helps them evaluate the weather's impact on flights. (Government 
    Computer Nws, 6 June)
    
    Clarke warns educators about need for better security. "Law enforcement 
    can't save the private sector," the president's cybersecurity czar, 
    Richard Clarke said. "We can't tell the energy companies and the 
    pipeline companies how to configure their systems. At a fundamental 
    level, it doesn't matter who the threat is." What matters, he said, are 
    the vulnerabilities within corporate networks that present risks to the 
    national infrastructure. The most vulnerable networks are those at 
    universities and college systems, many of which have little or no 
    protection -- and thus, make great launching pads for attacks against 
    infrastructure companies. To champion better security at the campuses, 
    Clarke said attendees needed to press university provosts and boards of 
    regents for better security programs and educational grants. 
    (Computerworld, 5 June)
    
    Malicious programs taking advantage of World Cup theme. Kaspersky Labs 
    warns users about the first appearance of malicious programs taking 
    advantage of the hugely popular and widespread World Cup theme. Users 
    are urged of the necessity to be extremely careful with e-mail 
    containing popular subject themes. Users should refrain from "checking 
    out" file attachments supposedly connected to the World Cup football 
    championship, especially without the use of an anti-virus program armed 
    with a freshly updated anti-virus database. For more detailed 
    information about this series of worm viruses, please go to the 
    following address: http://www.viruslist.com/eng/viruslist.html?id=48005 
    (Kaspersky Lab News, 6 June)
    
    Red-M's Bluetooth server vulnerable. Security researchers have 
    identified numerous flaws in the Bluetooth short-range wireless access 
    points sold by Red-M Communications Ltd., the most serious of which 
    could compromise the administration password. @stake Inc. discovered six 
    vulnerabilities in Red-M's 1050AP. (eWeek, 5 June)
    
    Evolving viruses threat many platforms. A new virus called Simile.D 
    could lead to a rethinking of the principles underlying antivirus 
    software. The fourth and latest variant of the virus can spread to both 
    Windows and Linux computers. If placed on the Internet, the virus could 
    cause some problems for administrators because of its ability to jump 
    from Windows to Linux and back again. While Simile.D spreads 
    successfully to Linux machines, the risk is lessened by the fact that 
    only systems running in so-called super-user mode can be fully infected. 
    (CNET News.com, 5 June)
    
    NRC holds firm on keeping nuclear security forces private. Nuclear 
    Regulatory Commission officials are continuing to resist efforts by 
    Congress to federalize security forces at the nation's nuclear 
    facilities. "The 2001 Nuclear Security Act," (S. 1746) would make more 
    than 5,000 nuclear security officers federal employees and establish a 
    training and evaluation process for them. Currently, NRC regulations put 
    private companies in charge of nuclear plant security. (Government 
    Executive Magazine, 5 June)
    
    Internet Explorer buffer overflow vulnerability. According to a 4 June 
    SecurityFocus News report, Microsoft's Internet Explorer web browser 
    contains a flaw in the Gopher client that could allow a malicious server 
    to take control of a victim's computer. The vulnerability was made 
    public by Jouko Pynnonen of Finland's Online Solutions, who was credited 
    by Microsoft last December with identifying a security flaw in IE that 
    allowed an attacker to exploit another user's computer by simply causing 
    the victim to view a web page or open an HTML e-mail. A user may be 
    affected by the newly discovered vulnerability by simply viewing a web 
    site that is maliciously designed to listen on a TCP port and write a 
    block of data, according to Pynnonen's advisory. Once a victim has been 
    compromised, the exploiter could do anything on the system that an 
    authorized user could do, including install, modify, or delete files. A 
    Microsoft representative said the company is investigating the report 
    but had no further comment. According to Pynnonen, concerned users can 
    protect themselves by simply disabling IE's built-in Gopher client from 
    the LAN settings section of the Connections menu in IE's Internet 
    Options folder. (SecurityFocus.com, 4 June)
    
    Shakira is the product of a VBS worm-generator kit. Most antivirus 
    software vendors already have protection available to block this worm, 
    hence the official name: Vbswg-aq. When the Shakira worm invades your 
    PC, it displays this message: "You have been infected by the ShakiraPics 
    Worm." Because Shakira is not destructive and just sends e-mail, it 
    currently ranks a 4 on the ZDNet Virus Meter. The Shakira worm arrives 
    as an e-mail with the subject line "Sharkira pics." The body text is 
    "Hi, I have sent the photos via attachment have fun..." The attached 
    file is shakirapics.jpg.vbs. If you open the attached file, the worm 
    copies itself into the Windows folder as shakirapics.jpg.vbs, then makes 
    a few changes to the registry. Users of Microsoft Outlook 2002 and users 
    of Outlook 2000 who have installed a recent Security Update should be 
    safe from the attached VBS file in Shakira. Users who have not upgraded 
    to Outlook 2002 or who have not installed the Security Update for 
    Outlook 2000 should do so. (CDNET, 6 June)
    
    Hacker group defaces naval websites. A Navy subdomain reported that 
    tracker.hroc.navy.mil, which is apparently used to track job 
    applications, was defaced by a group calling itself 'Infidelz'. 
    Confidential data was accessed and the hackers published and edited 
    documents on the defaced page purporting to be from the human resources 
    department of the Navy. A message from the defacers read: "Files on this 
    server were accessed containing names, social security numbers, 
    addresses, telephone numbers and the confidential personal information 
    of job applicants." The site has since been taken down, but yesterday 
    another Navy site, simamail.erl.mrms.navy.mil, was attacked in a similar 
    fashion by the same group. ( Vnunet.com, 6 June )
    



    This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 14:11:21 PDT