28
Dec 2000: Details of Alleged 3.7 Million Credit Card Number Theft (Updated
09 Jan 2001 - Egghead Refutes Allegations)
NIPC ADVISORY 00-063: New Year's DDOS Advisory
From NIPC: 12/29/2000
http://www.nipc.gov/warnings/advisories/2000/00-063.htm
"Based on FBI investigations and other information, the NIPC advises taking some extra precautions in computer security over the holiday period to reduce the possibility of, or damage from, Distributed Denial-of-Service (DDOS) and other cyber attacks which could occur.
The NIPC believes DDOS attacks could occur over the holiday. Several security companies have cited the threat of DDOS attacks, and some have taken place already. Double checking your network's firewall configuration is one method of preventing or reducing the effects of a DDOS attack. NIPC recommends the use of our "Find DDOS" utility to determine if your network has been victimized by implanting of DDOS Trojans including Trin00, Tribal Flood Net, TFN2K, MStream, Stacheldraht and Trinity v3. (The tool can be downloaded from http://www.nipc.gov/warnings/advisories/2000/00-44.htm ).
System administrators should also consider updating their virus definitions daily and performing thorough scans for viruses and worms. NT administrators should check for the presence of the SubSeven Trojan, which would indicate that your system has been penetrated. SubSeven has also specifically been associated with the proliferation of daemons used in DDOS attacks. (see NIPC Advisory 00-056). Companies should also consider having a contingency plan (including a point of contact with the Internet service provider) and a response team prepared in case of attack...."
ERRI computer security analysts said that if the attacks don't come during the holiday season, that it is possible that there may be "a cracker surprise" in February, similar to last year's DDoS attacks.
SEATTLE:
FBI Joins In Hacking Investigation
University of Washington Medical Center officials said on Friday (08 Dec 2000) that they are helping the Federal Bureau of Investigation probe the break-in of their computer network by a hacker who looked at sensitive information about thousands of patients. Thursday night the hospital said a hacker gained criminal access to administrative data bases that contained confidential information -- including Social Security numbers -- for about 5,000 cardiology and rehabilitation patients.
Privacy advocates say information like Social Security numbers could be used to steal someone's identity -- medical information might be used by potential employers or insurance companies to discriminate against people with certain ailments.
Earlier Thursday, the UW had strongly denied a report from an Internet news service that said a Dutch hacker had gained access to the school's computer system over the summer and downloaded patient information. When the media presented the UW with copies of records the hacker claimed to have taken, officials said the records were "tangible evidence" that someone had broken into their administrative data bases. Officials had said prior to that, the school's own investigation into the report had not turned up evidence of a breach...
ADVISORY 00-060
E-Commerce Vulnerabilities
December 1, 2000
Based on FBI investigations and other information, the NIPC has observed that there has recently been an increase in hacker activity specifically targeting U.S. systems associated with e-commerce and other internet-hosted sites. The majority of the intrusions have occurred on Microsoft Windows NT systems, although Unix based operating systems have been victimized as well. The hackers are exploiting at least three known system vulnerabilities to gain unauthorized access and download propriety information. Although these vulnerabilities are not new, this recent activity warrants additional attention by system administrators. In most cases, the hacker activity had been ongoing for several months before the victim became aware of the intrusion. The NIPC strongly recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary. Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business.
Please report any illegal or malicious activities to your local FBI office or the NIPC, and to your military or civilian computer incident response group, as appropriate. Incidents may be reported online at www.nipc.gov/incident/cirr.htm.
Source: http://www.nipc.gov/warnings/advisories/2000/00-060.htm
29 Nov 2000
Cyber-Crime Trends; Law Enforcement Behind the Curve??
A recent report by the Center for Strategic and International Studies (CSIS) stated that "a new breed of transnational criminals with high-tech methodologies has made its debut. They are recruiting top-drawer computer skills for their global operations that know no borders. Law enforcement, on the other hand, is stymied by frontiers that are not even lines on the map in cyberspace." Law-enforcement agencies, according to the study, are five to 10 years behind the cyber-criminals in acquiring and using technology.
18/19 Nov 2000
CHICAGO, IL:
XMAS Computer Attacks Planned??
(Emergencynet News) -- Fragementary and as yet unconfirmed reports coming in to the EmergencyNet News Watchdesk suggest that there may be a new series of "Denial of Service" attacks during the coming holiday season. According to at least two computer security firms, they have gathered intelligence indicating that attacks similar to those launched against Amazon.com, CNN, EBay, and other commercial internet sites last February may be forthcoming between now and the end of the year. EmergencyNet News continues to gather facts surrounding these reports and will provide additional details if/when they become available...
Instant 
08:00CDT - 10 Nov 2000
Jewish Students Threatened With New "Kristallnacht"
KNPQwest, a German internet company is reporting an massive e-mail spam, that threatened a group of Jewish students in Germany with a new "Kristallnacht" or "Night of Broken Glass," and shut down a server for two hours on Tuesday.
Reportedly, the blast of e-mail messages was signed by "adolf@hitler.com." KNPQwest said that the messages had come through a server in the United States, but could not verify if that is where they originated. German police, in the southern state of Baden-Wuerttemberg, reportedly said that they may have difficulty in prosecuting "hate crimes that originate in other countries."
ERRI computer security analysts said that such spam attacks are only one iteration of what appears to be an ever escalating pattern of "Hacktivism" in support of varying kinds of ideology....both good and bad.
Instant 10:00CDT - 05 Nov 2000
Cyber-Jihad Reportedly Enters Phase III...
Call it "hacktivism," or "Cyber-Terrorism," or even a simple "propaganda campaign," -- but, in any case it involves a "tit-for-tat" exchange of webpage defacements, Syn-Floods, E-mail spamming, attempted root cracking, and the spreading of misinformation and potentially damaging pictures. We're talking about the on-going conflict in cyber-space between Pro-Palestinian and Pro-Israeli crackers.
According to the Daily Star newspaper in Lebanon, the conflict has now moved to "Phase III," because pro-Israeli hackers reportedly targeted Hezbullah’s Al-Manar Television website. Pro-Palestinian crackers also said that they were considering entering "Phase IV" of their plan, announcing that they plan to attack Israeli-related e-commerce sites.
But, there's the catch....according to a number of computer experts monitoring the clashes in cyber-space, a number of Israeli e-commerce and other sites have already been moved to network servers in the United States. Thus, making the likelihood of attacks on servers in the USA increase.
ERRI's Clark Staten, who has been following the exchange of internet "dirty tricks" since their inception, said, "We believe we are seeing the beginnings of what a real 'cyberwar' might look like...although the tactics being used so far are not particularly cutting edge, they do give us an inkling of what might be expected if/when the United States were to be involved in some future conflict." "There are many 'lessons to be learned' by studying the tactics and techniques of the adversaries in these Mid-East incidents...and, more importantly they bring up both ethical and strategic questions about the use of both offensive and defensive cyberwar," Staten added.
Instant 18:00CST - 03 Nov 2000 -
Lucent Says Mid-East Crack Was Mistaken...
A report filed later today by APBNews indicated that an alleged attack by crackers against Lucent Technologies of Murray Hill, N.J., has now proven to be false. On Thursday, Lucent announced that the Pakistani hackers allegedly had cracked the company's Internet homepage. But today (Friday), Lucent spokesman John Skalko told APBnews.com the original report "was a mistake." Lucent is hit frequently by hackers, and a technical engineer studying daily attack data erroneously identified a hacker as being from the a Middle-Eastern anti-Israeli group.An FBI/NIPC advisory on "Cyber Attacks Against U. S.
Web Sites in On-going Middle East Conflict," Dtd. 03 Nov 2000, can be
accessed at: http://www.nipc.gov/warnings/advisories/2000/00-058.htm
Please report any illegal or malicious activities to your local FBI office or
the NIPC, and to your military or civilian computer incident response group, as
appropriate. Incidents may be reported online at www.nipc.gov/cirr.htm.
*****
Instant 11:00CST - 03 Nov 2000
Palestinian/Israeli Conflict Continues to Spread into Cyberspace
The New York Times, in a by-lined article by John Schwartz, is today reporting that the Web site for the American Israel Public Affairs Committee, a lobbying group, was defaced Wednesday with anti-Israeli commentary — an increasingly common occurrence as the escalating conflict between Israelis and Palestinians has spilled over into cyberspace. But this time the intruders also downloaded some 3,500 e-mail addresses and 700 credit card numbers from the site, sent anti-Israeli diatribes to the mailing list and published the credit card data on the Internet.
In a separate incident, CNET news is reporting on Friday that Lucent Technologies on Thursday confirmed that its Web site was the victim of at least one attack by pro-Palestinian hackers. Lucent was reportedly hit by what is called a "Defend tool," which is similar to the "FloodNet" program designed and used by Zapatista rebels against the Mexican government.
As first reported by EmergencyNet News on 28 Oct 2000, ERRI computer security analysts say that they fear that additional corporate and government sites could be targeted in the United States...
12:00CDT
- 28 Oct 2000
Street Battles Accompanied By Cyber-Warfare??
Fairfax, VA (EmergencyNet News) -- According to a report issued yesterday by iDEFENSE Intelligence Services (http://www.idefense.com), battles on the streets of West Bank and Gaza are being accompanied by an increasing number of cyber-warfare attacks. iDefense computer security specialists say that at least 27 cyber-space attacks have been carried out by both pro-Palestinian and pro-Israeli groups.
Attack tactics, so far, have reportedly included e-mail spamming, webpage defacements, "disinformation," and the use of a FloodNet type tool. One pro-Palestinian protester has called the current actions an "e-Jihad." Another term that has begun to crop up in mainstream fundamentalist bulletin boards and email lists is "cyber jihad."
iDefense says that sites targeted by the Pro-Israeli side include: Almanar.com.lb, Hamas.org, Hizbollah.com Attack, pna.org, palestine-info.net, nasrallah.net, moqawama.org, manartv.com, and JMJ Internet Services.
Sites targeted by the Pro-Palestinian side include: Bank of Israel, Tel Aviv Stock Exchange, Netvision, Wizel.com, Cairo.eun.eg/hacked.asp, Ebrick, Inc., Gega Net ISP, Gilo.jlm.k12.il Attack, Israel.org, Israeli Academic Sub-Domain, Israeli Defense Forces (IDF) and the Israeli Foreign Ministry.
ERRI analysts this morning said that cyber-warfare tactics being exhibited in the Palestinian/Israeli conflict could escalate as tensions in the region continue. Additionally, one analyst said that there is also a possibility that similar attacks could be directed at U.S., U.K. or other allied nations.
Related reference:
"Middle East E-mail Flooding and Denial of Service (DoS) Attacks"
Issued at 10:20 p.m. EDT, 10/26/2000 -- By National Infrastructure
Protection Center
Instant 09:00CDT - 27 Oct
2000
SEATTLE, WA: Hackers reportedly broke into Microsoft Corp's computer network and may have stolen software for the latest versions of the company's Windows and Office software. Microsoft confirmed the electronic break-in late last night and said it was working with law enforcement to investigate. A Microsoft spokesman would not confirm whether the hackers may have accessed any of Microsoft's source code, the blueprints for such products as the Windows operating system.
Instant 19:30CDT - 23 Oct 2000
Israel Says They Are Under Cyber-Attack...
CYBER TERRORISM – Israel’s largest ISP (Internet Service Provider), Netvision, reportedly has been experiencing connectively and other difficulties throughout the night. The problem has been traced to what is believed to be a "cyber-attack" against the Israeli Defense Forces website which resides on a Netvision server. The attack allegedly originated in or passed through a server in the United States (strategic circumstances would suggest "passed through" in an effort to avert detection or divert responsibility). On Monday morning, computer experts also managed to repel a cyber attack against government computers, allegedly originating with Islamic elements trying to inundate the systems with email messages.
13 Oct 2000
NIPC advisory 00-055: "Trinity v3/ Stacheldraht 1.666" Distributed Denial of Service Tool
New variants of the Trinity and Stacheldraht Distributed Denial of Service (DDoS) tools have been found in the wild. As was demonstrated in February of this year, DDoS attacks can bring down networks by flooding target machines with more traffic than the machines can process. This advisory provides an update to previous NIPC DDoS advisories (issued since December 1999) on similar tools such as "mstream," "Tribal Flood Network," and "trinoo." The NIPC has recently determined that masters tied to zombies have been placed on many users' systems, heightening the possibility of a DDoS attack in the future. In addition to large corporate and university systems, affected users also include those with home computers having broadband access such as DSL and cable modem. The NIPC recommends that all computer network owners and organizations examine their systems for evidence of DDoS tools, including Trinity and Stacheldraht.... (Article continues)
View the entire article at:
17 Sep 2000
UNITED STATES:
Cyber-Security Called "Dismal"
A recent House panel found that many government agencies have inadequate computer security and are at risk from computer hackers and cyber-terrorists. The U.S. Department of Health and Human Services is among the seven agencies that were given a failing grade for computer security. House Subcommittee on Government Management, Information and Technology chairman Representative Stephen Horn feels that it is necessary for agencies to correct the problems immediately, as hacking and cyber-terrorist efforts continue to become more numerous and sophisticated.
According to Joel C. Williamson of the General Accounting Office's Accounting and Information Management Division, the U.S. Department of Treasury may be subject to losses and fraud, and the Department of Defense may have classified data changed, stolen, or disclosed to the public if proper action is not taken. The agencies have asked for approximately $2 billion in federal money to help beef up their computer security.
Distributed Denial of Service Tools
Source: http://www.cert.org/incident_notes/IN-2000-10.html
In addition to the installation of rootkits, we have observed a significant increase in the installation of distributed denial of service (DDoS) tools on hosts compromised through these two vulnerabilities. In one incident, we recorded over 560 hosts at 220 Internet sites around the world as being a part of a Tribe Flood Network 2000 (TFN2K) DDoS network. The hosts we were able to identify were compromised via either the rpc.statd or wu-ftpd vulnerabilities. We have commonly seen the following DDoS tools installed by intruders.
- Tribe Flood Network (TFN) - see IN-99-07, Distributed Denial of Service Tools
- Tribe Flood Network 2000 (TFN2K) - see CA-99-17, Denial-of-Service Tools
- Stacheldraht 1.666+smurf+yps - modified version of the tool discussed in CA-2000-01 Denial-of-Service Developments
For more information about distributed denial of service attacks, please see
- Results of the Distributed-Systems Intruder Tools Workshop - HTML format
- Results of the Distributed-Systems Intruder Tools Workshop - PDF format (Note: the file require Adobe .PDF reader)
Impact
The combination of widespread, automated exploitation of two common vulnerabilities and an associated increase in distributed denial of service tool installation poses a significant threat to Internet sites and the Internet infrastructure.
NEW YORK CITY: Officials confirmed that the private credit information of up to 20,000 Western Union customers was vulnerable on Saturday following a reported security breach at Westerunion.com. Western Union said that someone had broken into the web site and may had copied information. The money transfer company was contacting 10,000 to 20,000 customers to suggest they cancel credit and debit cards utilized for transactions on the site. Westernunion.com has been temporarily shut down and the company is conducting an investigation into the breach.
FOR IMMEDIATE RELEASE
September 1, 2000
Philippines Trojan Horse
On September 1, 2000, the NIPC Watch Office received notification that a Trojan horse was reported in the wild. This Trojan horse is spread as an e-mail attachment with the President of the Philippines Joseph Estrada's nickname ("erap estrada") in the subject line. Once the attachment is opened the DonaldD.trojan is executed and can be exploited to collect user names and passwords from the victim. Currently, the Trojan horse is proliferating mainly in the Philippines and is considered a low threat to the United States by the anti-virus industry. Commercial anti-virus software that is updated in accordance with the anti-virus industry's recommendations will detect the DonaldD.trojan. [Update your anti-virus software frequently.] Source: National Infrastructure Protection Center
July/August, 2000
WASHINGTON, DC: According to a new
study on the structure of the worldwide computer network by Notre Dame
University researchers, the Internet's reliance on a few key nodes makes
it especially vulnerable to organized attacks by hackers and terrorists.
Researchers say that like the airline hub system that falls apart when
weather shuts down airports in Chicago or Dallas, the Internet could
collapse if its major nodes were targeted in a malicious attack. Such a
massive cyber-assault has never occurred in the Internet's history, though
it is an increasingly tempting target with the rapid growth of e-commerce
and the increasing importance of the network for businesses, governments
and the public...
An article, "The 'Love Bug Virus Attacks,' Asymmetric Warfare; Future National Security Implications..." by C. L. Staten, CEO and Sr. Analyst, Emergency Response & Research Institute (ERRI) was released on Monday to EmergencyNet News subscribers and selected members of government and corporate agencies. Click here to review the article.
Cyber-defense Mired in Cold War??
"The absence of a catastrophic cyber-attack against the United States has created a false sense of cyber-security..."
"We’re still mired in a Cold War-era defense spending mentality," said Sen. Charles Schumer (D-N.Y.) at a symposium titled "Technological Change and American Security" and sponsored by The Brookings Institution.
The rapid advance of IT has created "real and potentially catastrophic vulnerabilities," Schumer said, adding that the consequences of a cyber-terrorist attack "could be devastating." Click here for the 06/19/2000 Dan Verton article in Federal Computer Week...
27 June 2000
Washington,
DC
Computer Industry Officials Lament Lack of Cooperation With Federal Agencies
According to an article in the 26 June edition of Federal Computer Week, Phillip Lacombe, a senior vice president with Veridian Corp., says that "...the National Infrastructure Protection Center is not going to work..." Speaking of Attorney General Janet Reno, Lacombe reportedly said, "Her agency is the worst" at cooperating. The bureau’s determination to have information flow in only one direction — in — prevents mutual cooperation, either between the bureau and industry or the bureau and other industries."
ERRI analysts said that this is not the first time that similar complaints have surfaced and that a senior ERRI officer had expressed a very similar concern to senior NIPC/FBI officials last year at a conference in the Washington area. Several members of Congress are also believed to be examining the issue of interagency [both public and private] cooperation very closely.
"This two-way cooperation is mandatory, if the NIPC and private industry ever hope to be able to adequately protect the nation's critical infrastructure," ERRI's Clark Staten said in an interview today. "Both sides [federal government and private industry] have essential pieces of the solution, involving what must be included in the nation's overall computer defense." "Put simply, we all have to find a way to work together in this effort if it is to succeed ," Staten concluded.
06 Apr 2000
TECHNOLOGY/ANONYMOUS DOMAIN NAMES
Internet: Privacy Vrs. Security Battle Shaping Up
It would appear that a battle is shaping up concerning the advisability of continuing to allow "anonymous" domain name registrations. At the heart of the matter is "The Need for Registrars to Obtain Accurate and Reliable Contact Information from Domain Name Registrants," as outlined in a call by the Federal Trade Commission for public comments.
EmergencyNet News is told that at least some internet pundits and privacy advocates are conceptually supporting loop-holes that could continue to allow individuals or corporations to use false or misleading information in the official registry of .com, .net., and .org domain names. Law enforcement advocates suggest that such practices would enable "bad guys" to remain anonymous and free to engage in fraud, child pornography, scams, and other computer crimes. ERRI/EmergencyNet News is currently studying the issue and its potential implications and will provide additional details in a story to be released soon...
SAN FRANCISCO, CA: In a year that saw some of the Internet's best-known sites almost wiped off the Web by hacker attacks, few computer users would question that cyber-security is a pressing concern. In an annual survey, the FBI and the San Francisco-based Computer Security Institute showed just how pressing: total verifiable losses in 1999 more than doubled to top $265 million, while more than 90 percent of respondents reported detecting some form of security breach in their systems. Click here to view Computer Security Institute's (CSI's) "2000 Computer Crime and Security Survey": http://www.gocsi.com/prelea_000321.htm
20 Mar 2000- 09:30CST Report entitled, "Recent DoS Attacks Point Out Already Known Vulnerability of U.S. Infrastructure"
11 Mar 2000 - From http://www.emergency.com/ennday.htm
TAIWAN/CHINA/USA:
Cyber-War Fears Escalate...
As tensions continue to heat up in the vicinity of Taiwan Strait, fears of future cyber-warfare are also being raised. In an U.S.News & World Report March 13th article "A Glimpse of Cyber-warfare," by Warren P. Strobel, he alleges that a recent attack on U.S. Transportation Department computers may have come from the XinAn Information Service Center in Beijing, which is believed to be part of the Ministry of Public Security -- China's secret police. Both Taiwan and U.S. defense officials have reportedly taken note of the fact that the Chinese government reportedly is considering whether to create a fourth branch of its armed services devoted just to to information warfare.
Instant Update - 09:30CST - 10 Mar 2000
02 Mar 2000 - From http://www.emergency.com/ennday.htm
UNITED STATES:
FBI Picks Up Malcontent Computer Cracker
According to a federal law enforcement official, FBI agents investigating last month's attacks on prominent Internet sites seized a 17-year-old New England male's computer, and prosecutors are considering charging him with cyber-crimes unrelated to those disruptions. On the Internet, the teenager uses the screen name "coolio," one of cracker aliases the FBI suspects may have been involved in February's sensational attacks against popular Web sites. But federal investigators believe the youth is only one of a number of people who have used "coolio" as a screen name.
The 17-year-old, who lives in New Hampshire, claimed to FBI agents that he had hacked into 100 Web sites, including one based in the city of Los Angeles. Los Angeles police became involved while investigating an attack on Dare.com, an anti-drug abuse site they founded. The Los Angeles police computer crimes unit traced that attack to the youth.
After the youth's residence was searched on Wednesday, he told investigators he has been using computers since he was 3-years old, and spends about 16 hours a day on the Internet. The boy claimed he had attacked a U.S. Commerce Department site that outlines rules for exporting chemicals that could be used to produce weapons. The teen also claimed he disrupted RSA.com, operated by RSA Security Inc., one of the nation's most prominent Internet security companies...
JAPAN:
Japanese Police Investigate Aum Shinrikyo Involvement in Development of Government Software
Tokyo, Japan -- Sources close to the Japanese National Police say that they fear that computer companies affiliated with the Aum Shin-Rikyo doomsday cult may have been involved in the development of software used by a number of Japanese government agencies. Computer and network systems of as many as 10 government agencies may be involved. The preliminary investigation shows that the agencies may have unknowingly subcontracted work to businesses affiliated with the cult. Pending further investigation, the Defense Ministry and the Nippon Telegraph and Telephone Corporation have reportedly suspended the use of all computer software developed by companies linked to Aum.
24 Feb 2000
CANADA:
Crackers: The Worst Is Yet To Come??
Alan Brill
and Samuel Porteous, security specialists from Kroll
and Associates are today telling the Toronto Globe and Mail that recent
Denial of Service (DoS) attacks are a "very loud wake-up call."
Brill and Porteous say that, "the attacks and their results should serve as a clear indicator that much remains to be done to ensure
e- commerce can
be conducted..."
Further, Brill and Porteous call the recent disruptions "guerrilla warfare motivated by an adolescent desire to "show off," and ask the most important rhetorical question that remains in the wake of the attacks on commercial sites two weeks ago, "what is going to happen when truly skilled hackers imbued with a taste for anarchy and disdain for capitalism try their hand at e-commerce disruption?"
ERRI computer security analysts today said that they essentially agree with the Brill and Porteous assessment and said that a larger and more important concern involves "coordinated attacks by skilled cyber-terrorists, or an attack by a nation-state with a actual desire to damage the infrastructure of the United States." "Computer attacks such as those that occurred during the week of the 15 February are only a precursor indicator of what could happen unless steps are taken to better secure our place in cyber-space," one analyst said today.
20 Feb 2000 - From http://www.emergency.com/ennday.htm
CHICAGO, IL:
New Denial of Service Trojan Discovered
According to preliminary information received today by EmergencyNet News, a new Trojan called "W32/Trinoo" that infects Windows 9X computers has been discovered "in the wild." The program is 23,145 bytes in length, and similar in nature to a Solaris or Unix program that was used in "Denial of Service" (DoS) attacks that disrupted major websites earlier this month. The Trojan reportedly installs a call to the executable in the Windows registry at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run=service.exe
If this program proliferates widely, it could make almost any unsuspecting Windows 95/98 computer into a "slave" agent to be used by crackers engaging in DoS attacks. EmergencyNet News is monitoring reports about this new development and will provide additional details as they become available...
19 Feb 2000
CHICAGO, IL:
ERRI Analysts Says 'Denial of Service Attacks' Only "Tip of Iceberg"
By Paul Anderson
ERRI's senior national security analyst, Clark Staten, said late yesterday during a teleconference that the "Denial of Service" attacks seen last week are only part of a much larger problem that has been "developing and evolving" for some time. "Data that we have gathered during the past two years would suggest that that attacks on corporate internet systems are vastly 'under-reported'," Staten said
"Corporations fear, and probably justifiably so, that customer/investor confidence will erode if they admit that they have been the victim of cracker intrusions or other kinds of attacks," the veteran network administrator continued. "Many are also concerned about the possibility of legal and public relations hassles that may arise if they report system problems to law enforcement authorities and that report becomes a matter of public record," he added.
"Corporate computer security managers have known for some time that vulnerabilities exist in any number of computer, router, and network systems," Staten said. "One of the problems for IT managers is trying to keep up with a proliferation of 'patches,' 'fixes,' and 'upgrades' that address the newest vulnerabilities that have been discovered by crackers," Staten said. "If operating system developers would address security issues more thoroughly before they release software into the community, that would also go a long way to help secure the overall environment," Staten concluded.
WASHINGTON, DC:
FBI Case Load "Quadrupled" in Past Week
FBI sources are reporting that their computer-related case load has "quadrupled" in the time since multiple "Denial of Service" attacks interrupted some of the leading websites on the internet last week. Investigators say that many of the cases relate to "copy-cat" type attacks on other websites. Director Louis Freeh on 16 Feb 2000, said that the computer crime squads were "already stretched thin" by an increasing number of internet-related crimes. Requests for an additional $37 million dollars have been sent to Congress by the Dept. of Justice...
15:00CST - 15 Feb 2000
President Proposes "Cyber-National Center" (Cyber-NIC)
Washington, DC (EmergencyNet News) -- President Bill Clinton today said that the federal government will devote $9 million dollars to "jump-start a cyber-space defense initiative. The money will be spent to "accelerate new programs to educate Americans for cyber-security careers, build a system for protecting Federal government computers, and create a new Institute for Information Infrastructure Protection," according to a statement issued this afternoon by the White House.
Clinton met this afternoon with about thirty members of America's techno-elite and discussed a series of denial of service attacks that struck several commercial sites last week. Clinton said of the incidents, "It was an alarm, not Pearl Harbor...It's a source of concern. We should leave with a sense of confidence that this was entirely predictable. Now we are here to figure out what to do next." Following the meeting, the White press secretary issued a series of reports concerning "Strengthening Cyber Security through [a] Public-Private Partnership"
14 Feb 2000
WASHINGTON, DC:
CSIS Experts Says Government Must Broaden Civilian Participation in CyberSpace Defense
Frank Cilluffo, cyberwar expert at the Center for Strategic and International Studies, is quoted by the The Christian Science Monitor as saying. "We have to rethink our national security. Our economic security is our national security. We have to expand who sits at the table." "It can no longer be a case of the government leading and the private sector following," Cilluffo added.
Several leading national security analysts on Monday said they couldn't agree more with Mr. Cilluffo's comments. At least one ERRI analyst said that similar recommendations were made to FBI/NIPC officials last fall in an attempt to encourage greater inclusiveness of both the private sector and local emergency service agencies. The analyst indicated that no reply was ever received from federal officials in regard to the recommendations.
Cillufffo comments come in regard to a scheduled White House meeting today (Tuesday) that is expected to bring at least 29 major players from the Silicon valley to meet with national security and law enforcement officials from the Clinton administration.
10 Jan 2000
USA/COMPUTER SECURITY:
$2.03 Billion Infrastructure Budget "Warranted"; "If Well Spent"
Information Security Magazine is today quoting ERRI's Clark Staten as saying that President Clinton's new Infrastructure Protection initiative, valued at $2.03 billion, is "more than warranted, because as our country becomes more technology-dependent, it also becomes more vulnerable."
"If the money is well spent, I think it could make a significant contribution to the overall defense of the country. But, there needs to be a marriage between both the civilian sector and the government to effectively use that money to protect the infrastructure," Staten added.