On Sun, 5 Aug 2001 aleph1at_private wrote: > This latest worm incident has left me wondering of what real use is > the NIPC. The certainly do not appear to be a rapid reaction force, > never mind that their web page defines them as providing "timely warnings > of international threats, comprehensive analysis and law enforcement > investigation and response". I have to agree with you. As a former computer crimes investigator with the government, I've contacted the NIPC after hours on many different occasions. To my knowledge, they have support personnel (non agent types) answering the phones and the agents get briefed (or so one would think) but I could never get an agent to the phone unless I contacted my agency rep. For those who don't know, most agencies have reps on the floor at NIPC. Agencies like NASA, USAF OSI, DCIS, NCIS and many others. As for the contacting the NIPC Watch Officer, I always found that to be totally useless when it came to intrusion notification or any other sort of incident. I would go the extra step and contact a sysadmin at the affected site and found that 99.99% of the time, they were very grateful and would address the problem or issue. I would also have them maintain the data as evidence in case an agency needed it. Here again, that was another purpose with contacting the NIPC but it was always useless. Contacting a Field Office would have been more beneficial IMO. > > Yesterday, I contacted the NIPC, informed them to the fact that a new > worm was on the loose, explained that it left behind a backdoor, that > I had a binary of it they were welcomed to have for analysis, and that > we would be happy to assist them in any way. The nice person I talked to > on the phone took down all of this and my information. > > I've yet to hear from the NIPC. Not a problem. I am probably not the > only person to report the worm. They are probably busy with their > own analysis. But it is surprising that they have yet to put out > an alert. > No, it's not suprising at all. The NIPC hasn't ever been on the 'leading edge' as far as I've ever seen. NASA, OSI and some other agencies have much better organization and intelligence when it comes to information technology crimes in my opinion. I simply got tired of having to deal with the NIPC because it's all take and no sharing. That is a very bad way to conduct business in this area as information sharing is critical to EVERYBODY in information assurance. > I guess national infrastructure guards don't work on weekends. > They're mostly agents and I have the same opinion. > CERT seems rather quiet on the topic as well. ******This information is my own opinion. It's not geared towards slamming the NIPC, FBI or anyone else who may work there but it may shed insight as to how I think their operation rates******** ================================================ Travis Email: Bonkat_private | Bonkat_private ================================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 18:22:46 PDT