CRIME NIPC Daily Report 08/02/02

From: George Heuston (GeorgeH@private)
Date: Fri Aug 02 2002 - 08:51:17 PDT

  • Next message: Zot O'Connor: "CRIME [Fwd: (uswisp) QWEST ADMITS SPELLING ERRORS]"

    When Dreamcasts attack. White hat hackers demonstrated at the Las Vegas
    Black Hat Briefings how to turn the defunct Sega Dreamcast into a disposable
    attack box designed to be dropped like a bug on corporate networks during
    covert black bag jobs. The "phone home" technique presented at the Black Hat
    Briefings takes advantage of the fact that firewalls effective in blocking
    entry into a private network are generally permissive in allowing
    connections the other way around. The Dreamcast was chosen for its small
    size, availability of an Ethernet adapter, and affordability -- the console
    was discontinued last year, and now sells used for under $100 on eBay.
    Loaded with custom Linux-based software and covertly plugged into a spare
    network port under a desk or above a ceiling, the harmless-looking toy
    becomes the enemy within, probing the company firewall for a way out to the
    Internet. The box cycles through the ports used for common services like
    SSH, Web surfing, and e-mail, which tend to be permitted by firewall
    configurations. Failing that, it tries getting "ping" packets out to the
    Internet, and finally looks for proxy servers bridging the network to the
    outside world. Whatever it finds, it uses to establish a tunnel through the
    firewall to the intruder's home machine. (Security Focus, 31 Jul)
    
    Fourteen Italian hackers arrested in police raids.  The Italian police have
    arrested fourteen Italian hackers, of whom four are underage. They have been
    charged with hacking the networks of NASA, the US Army and Navy, and hitting
    various universities around the world. Hiding behind names like "Mentor" and
    "Reservoir Dogs", the fourteen hackers used their skills to clone credit
    cards in order to make purchases online and to decode the new system of
    satellite television transmissions "Seca 2".  After a year of sophisticated
    surveillance, the Financial Police of Milan have charged them with computer
    crimes that could bring them eight years in jail.  Surveillance began in
    October of 2001, and officers of the Department of Finance executed a score
    of searches in Italy.  The hackers reportedly include a security manager of
    an important provider, the network security manager of a famous computer
    science company, and other respected security advisers. (Republicca.it, 1
    Aug)
    
    Bush adviser promotes responsible hacking. Computer security advisor Richard
    Clarke has told experts attending the Black Hat conference in Las Vegas they
    have an obligation to help to do more to help uncover software glitches. He
    says their help is needed because the software makers do not find the
    majority of bugs themselves. But Mr. Clarke insisted hackers must report
    their findings through the proper channels and condemned those who act
    maliciously. He said the US government is considering changing the law to
    protect those who hack for the right reasons. Mr. Clarke emphasized hackers
    should always immediately contact the software-maker on finding a
    vulnerability. They should then go to the government if that approach does
    not receive a positive response. He said he recognized that companies differ
    in their attitude to hackers, while some encourage or reward bug-hunters,
    others can respond by filing for civil or criminal charges. (Ananova, 1 Aug)
    
    Denial of service onslaught cripples music industry site.  In an apparently
    deliberate denial-of-service attack, an onslaught of traffic crippled the
    Web site for the Recording Industry Association of America last weekend.
    The disruptions began on 26 July, a day after Rep. Howard L. Berman,
    D-Calif., formally proposed giving the entertainment industry broad new
    powers, including deliberately interfering with file-sharing programs to try
    to stop people from downloading pirated music and movies. A denial of
    service attack directs so much traffic to the Web site as to effectively
    render it unusable for legitimate visitors. The RIAA said the attack
    continued through 27 July and did not involve breaking into internal
    systems. (Associated Press, 30 Jul)
    
    Germany signs declaration to Join U.S. Customs Container Security
    Initiative, strengthening Anti-Terror Coalition.  US Customs Commissioner
    Robert C. Bonner and Wolfgang Ischinger, Germany's Ambassador to the United
    States, today announced that the government of Germany has agreed to
    participate in the US Customs Container Security Initiative (CSI). CSI is a
    US Customs initiative designed to prevent the smuggling of terrorists or
    terrorist weapons in ocean-going cargo containers.  Under terms of the
    declaration, US Customs officers will be stationed at the German ports of
    Hamburg and Bremerhaven.  Commissioner Bonner stated that "This joint
    declaration with Germany will provide a significant measure of security for
    Europe, the United States, and the global trading system as a whole."  (US
    Customs Service, 1Aug)
    
    Fire damages Queens, NY power plant for second time this week.  Fires broke
    out at a power plant in Queens, NY early on 31 July for the second day this
    week, temporarily disrupting some power supplies in New York City.  The fire
    damaged a transformer at the Astoria power plant and kept approximately 140
    MW of generating capacity from getting to the city's power grid.  NRG, a
    subsidiary of Minneapolis-based energy giant Xcel Energy Inc., is now
    looking for a replacement transformer to make the plant fully operational
    again, a process that could take many months.  Late 29 July, there was
    another fire at the Astoria plant in a transformer owned by Reliant
    Resources Inc., which is majority owned by Houston-based energy giant
    Reliant Energy Inc.  Officials said the fires were not related.  The fire on
    29 July caused the 1,254 MW Astoria plant to shut down, knocking out power
    for nearly 9,000 customers in Consolidated Edison Inc.'s distribution system
    for a few hours.  There are three parts to the Astoria plant, the biggest
    power station in New York City. (Reuters, 31 Jul)
    
    Klez worm most common virus on Internet during July.  Yet again, variants of
    the Klez worm were by far the most common viruses circulating on the
    Internet in July.  That's according to MessageLabs which stopped more than
    475,000 copies of the virus in July, down from in excess of 788,000 infected
    emails it blocked in June.  It's the fourth month in succession that Klez
    has topped monthly virus charts.  MessageLabs reports that virus infection
    rates are currently running at around one per 256 emails, which compares to
    one in 30 infected emails at the heights of the Goner and Love Bug
    epidemics. (The Register, 31 Jul)
    
    Summer surprises with virus relief.  Antivirus firm Central Command has
    reported that the number of virus attacks it tracks around the Internet fell
    in July compared with June--the first time this year that reported virus
    infections dropped month-on-month. "In July, we finally saw a slight
    decrease in the number of tracked (virus attacks) from a prior month,"
    Steven Sundermeier, a product manager at Central Command, said in a
    statement. Observers hope that this decline suggests that consumers and
    corporations are taking a more responsible attitude to the security of their
    computers and IT systems, but Central Command expressed doubt. "Whether this
    is due to an increasing awareness of malicious code or simply because more
    users are on vacation and away from their computers, it's a trend we hope
    will continue," Sundermeier said. While the number of attacks may have
    decreased, the number of viruses on the prowl continues to proliferate, with
    Klez still at the top of the ranks in infection rates.  (CNET News, 1 Aug)
    
    
    _______________________________________________
    Infragard_unsecured mailing list
    Infragard_unsecured@private
    http://listserv.leo.gov/mailman/listinfo/infragard_unsecured
    



    This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 09:46:15 PDT