FC: Example of confidential email accidentally sent from FBI'S NIPC

From: Declan McCullagh (declanat_private)
Date: Thu Jul 26 2001 - 07:54:01 PDT

  • Next message: Declan McCullagh: "FC: Ebay yanks Gary-Condit-with-axe art at congressman's request"

    [unfortunately, or fortunately, this is a joke]
    
    ----- Forwarded message from Tim May <tcmayat_private> -----
    
    From: Tim May <tcmayat_private>
    Subject: Weird message from someone named "NIPC"
    To: cypherpunksat_private
    Date: Wed, 25 Jul 2001 18:42:34 -0700
    
    Cypherpunks,
    
    I've been getting anywhere from 10 to 30 "SirCam" worm messages a 
    day. The volume is now declining. Most have attached files containing 
    fragments of Microsoft Word documents, apparently extracted from the 
    disk drive of the sender. Most are the usual garbage people write to 
    each other, but some of the ones from corporations have been 
    interesting. And this one, assuming it is real, seems to have 
    orginated from within some department of the government called "NIPC."
    
    It must be bogus.This does not seem plausible, that they would send 
    me something, so I expect a hoax.
    
    The attached filed, with the message, is 926 K, so I'm only enclosing 
    a few tantalizing sections.
    
    I really cannot imagine why I am getting these SirCam messages from 
    some government agency named "NIPC," unless for some reason my e-mail 
    address is in their address book. How could that happen?
    
    (BTW, many of the SirCam messages have clock dates which are wrong. 
    This one is incorrectly dated "8/24/01".)
    
    At 2:39 PM -0400 8/24/01, NIPC Intern42 wrote:
    ------017B5BE9_Outlook_Express_message_boundary
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: message text
    
    Hi! How are you=3F
    
    I send you this file in order to have your advice
    
    See you later=2E Thanks
    
    ------017B5BE9_Outlook_Express_message_boundary
    Content-Type: application/mixed; name="DC TOOLZ.zip.bat"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;  filename="DC TOOLZ.zip.bat"
    
    
    The NIPC and FedCIRC have recently received information on attempts 
    to locate, obtain control of and plant new malicious code known as 
    "W32-Leaves.worm" on computers previously infected with the SubSeven 
    Trojan.
    
    The default ports for SubSeven to listen for network traffic are 
    16959/tcp and 27374/tcp, though the numbers can be changed. Full 
    descriptions and removal instructions of a number of SubSeven 
    variants can be found at various anti-virus firm Web sites, including 
    the following:
    
    
    
    A computer security unit within the U.S. Federal Bureau of 
    Investigation has detected a series of intrusions into U.S. 
    government networks under an investigation code named Moonlight Maze, 
    and the intrusions appear to have originated from Russia, an FBI 
    official told Congress this week. A spokesman for the Russian embassy 
    here today quoted the head of the press service for the Russian 
    foreign intelligence service, Nikita Rabusov, as saying the Russian 
    special services have "no relation whatsoever" to the theft of 
    information from computer networks of the U.S. federal agencies.
    
    "American specialists have failed to establish from where this 
    intrusion originated," the embassy official quoted Rabusov as saying 
    in an interview with the Russian news agency Itar-Tass. "They only 
    indicated that it comes from a software company said to be 
    reverse-engineering the products of leading American software 
    companies. Russian special services are not so stupid to undertake 
    such an operation, in case the necessity arises, directly from 
    Moscow."
    
    Please report computer crime to your local FBI office 
    (www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate 
    authorities. Incidents may be reported online at 
    www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit also 
    can be reached at (202) 323-3204/3205/3206, or nipc.watchat_private
    
    References to ECONCOM are to be deleted ASAP from all departmental 
    systems. SLAM DUNK cover to be vetted by NIPC for release to 
    journalists. Oakland and Monterey offices to coordinate.
    
    
    Michael Vatis, deputy assistant director and chief of the Federal 
    Bureau of Investigation's National Infrastructure Protection Center 
    (NIPC) created February 26, 1998, told the Senate Judiciary 
    Subcommittee on Terrorism, Technology and Government Information June 
    29 that 'crypto anarchists" see Washington's computers as "the final 
    exam, the ultimate challenge, the enemy which must be destroyed." 
    Agents are advised to seek out means of forcing these persons out of 
    the public debate.
    
    
    Internal Memorandum. The FRENZY Conference was a fantastic showing of 
    our capabilities for covert entry into target computers. PDs across 
    the country are asking how they can get their own CARNIVORE systems. 
    Here is one such request:
    
    "We've bought so many necessary items from vendors who attended the 
    last FRENZY Conference ... the Conference was definitely one of the 
    best I've attended. I was particularly impressed by how easy the 
    Carnivore system was to set up."
    
    Rick Smithman, Criminalistics Bureau Administrator, Lodi Police Department
    
    
    
    With this thought in mind, The Laissez Faire City Times interviewed 
    Ed Hertzog, editor of The Free Associator, an interesting e-zine that 
    wants to facilitate Digital Anarchy. This interview is a little 
    mirror of an underground, libertarian world, whose landmarks and 
    standard-bearers are John Perry Barlow and Neal Stephenson, Nicholas 
    Negroponte and Ayn Rand, Louis Rossetto and David Friedman.
    
    
    NIPC has been tasked to assist in the take-down of a high-profile 
    hacker terrorist at the DefCon conference next week in Las Vegas. The 
    take-down is being planned for maximal public impact, as per AG 
    Ashcroft's memo of 24JUN01. Full assistance will be provided by NIPC. 
    Plain clothes agents will be at the conference to render assistance.
    
    ----- End forwarded message -----
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 08:46:40 PDT