17 September 2001
National Infrastructure Protection Center
"Potential Distributed Denial of Service (DDoS) Attacks"
Advisory 01-021
The National Infrastructure Protection Center (NIPC) expects an increase in Distributed Denial of Service (DDoS) attacks. NIPC Advisory 01-020, "Increased Cyber Awareness" dated September 14, 2001 warned of threatened vigilante hacking activity against organizations associated with the perceived perpetrators of the September 11, 2001 terror attacks.
On September 12, 2001, a group of hackers named "the Dispatchers" claimed they had already begun network operations against information infrastructure components such as routers. The Dispatchers stated they were targeting the communications and finance infrastructures. They also predicted that they would be prepared for increased operations on or about Tuesday, September 18, 2001.
There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place. The Dispatchers claim to have over 1,000 machines under their control for the attacks. It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties.
System administrators are encouraged to check their systems for zombie agent software and ensure they institute best practices such as ingress and egress filtering. The NIPC has made available the "Find DDoS" tool to determine if your computer has been infected by the most common DDoS agents. The tool may be downloaded from the following website: http://www.nipc.gov/warnings/advisories/2000/00-055.htm.
Additionally, a list of best practices is available from the CERT/CC website, located at: http://www.cert.org/security-improvement.
Recipients of this advisory are encouraged to report computer intrusions to at either the email address or telephone number below, or NIPC, and to other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm.
The NIPC Watch and Warning Unit can be reached at (202)
323-3204/3205/3206 or nipc.watch@fbi.gov.
Recipients of this message are authorized to forward this Advisory to
associates within your organization, as well as others deemed appropriate.
Significant Changes and Assessment; FBI
The Federal Bureau of Investigation (FBI) Counter-terrorism Division's National Threat Warning System issued a Terrorist Threat advisory titled "Terrorist Attacks Against Multiple Targets in New York City and Washington, D.C." In short, it stated the FBI has no information of any additional specific threats directed against additional targets or critical infrastructures in the United States, however, infrastructure owners and operators should be at a heightened state of alert and should implement appropriate security measures, both physical and cyber.
The FBI has set up a special link on its Internet fraud tip site in order
to solicit information about yesterday's terrorist attacks. The FBI's
Internet Fraud Complaint Center, www.ifccfbi.gov, is a partnership between
the FBI and the National White Collar Crime Center. As the name implies, the
site is designed for people to report Internet-related fraud. After four US
domestic flights were hijacked yesterday government officials called on the
public to use the Web sites to report terrorist activity. The FBI has also
established a FBI Tip Hotline 1-866-483-5137 and a Victim Hotline
1-800-331-0075. (Source: Newsbytes, 12 September)
UNITED STATES:
Federal Law Enforcement To Target Cyber-Crime
U.S. Attorney General John Ashcroft has announced the creation of ten new special units to fight cyber-crime. The new Computer Hacking and Intellectual Property (CHIP) units are to be based in cities across the nation from Los Angeles to New York and will be backed up by the Federal Bureau of Investigation. Critics say the government is not up to the task of preventing cyber-crime - as illustrated by the latest Code-Red attack on the White House website.
According to a study by the U.S. Justice Department, 85 percent of U.S.
companies and federal agencies have been victims of crackers in the past
year. There will be 48 prosecutors working in the CHIP units, who will be
targeting hacking, copyright and trademark violations, theft of trade
secrets and economic espionage, fraud and other internet crimes. Ashcroft
justified the move by quoting a study by accountants PriceWaterhouseCoopers
that said businesses spent $300 billion fighting hackers and computer
viruses last year.
6/27/2001
Police Departments Targeted by Crackers; Four more
Police pages defaced
Courtesy of: Attrition.org
The group known as 'PoizonB0x' hit another string of 'police' domains. This time, it appears that each machine defaced actually belongs to Police departments.
Fort Myers Police Department (PoizonB0x)
http://defaced.alldas.de/mirror/2001/06/23/www.fmpolice.com/
Suffern Police, NY (PoizonB0x)
http://defaced.alldas.de/mirror/2001/06/25/www.suffernpolice.com/
Saskatoon Police (PoizonB0x)
http://defaced.alldas.de/mirror/2001/06/26/www.police.saskatoon.sk.ca/
York, Ontario, Canda Police (site not answering)
http://defaced.alldas.de/mirror/2001/06/24/www.police.york.on.ca/
The information and commentary is Copyright 2001, by the individual
author. Permission is granted to quote, reprint or redistribute provided the
text is not altered, and the author and attrition.org is credited. The
opinions expressed in this mail are not necessarily the opinion of all
Attrition staff members. (EmergencyNet Editor's note: Caution - Defacements
may contain profanity)
14:00CDT - 20 June 2001
World Bank On-line Meeting Threatened...
Chicago, IL (EmergencyNet News) -- Emergency Response & Research Institute (ERRI) computer security analysts have learned that threats have been issued to disrupt an upcoming World Bank on-line teleconference. Reportedly, so-called "hactivists," who say they are at odds with the World Bank policies concerning globalization issues and third world debt, have threatened to attack next week's on-line meeting.
The World Bank meeting on "developmental economics" was
reportedly moved to the internet after violent demonstrations in Gotheburg
and a clear and present danger that thousands of protesters would descend
on Barcelona, where the meetings were originally scheduled to be held.
EmergencyNet News continues to monitor events surrounding the World Bank
meeting and will provide additional details as circumstances warrant...
09 June 2001
UNITED STATES
Hackers Said To Threaten California Electrical Power
The Los Angeles Times was reporting on Saturday that at the
height of the California energy crisis, a key computer system involved in moving
electricity throughout the state was targeted by hackers. The limited success of
the hackers exposed security weaknesses in the system used by the California
Independent System Operator, which oversees most of the state's electricity
transmission grid. Officials said the problems have been corrected and there was
no threat to the grid, even though the hackers came close to accessing critical
parts of the system and could have disrupted the movement of power.
May 22, 2001
REMARKS OF ATTORNEY GENERAL JOHN ASHCROFT
FIRST ANNUAL COMPUTER PRIVACY, POLICY & SECURITY INSTITUTE
Good afternoon. It is a pleasure for me to speak with you, and I am grateful to Senator Conrad Burns and to Rocky Mountain College for their kind invitation.
The concerns that bring you to this Institute - computer security and threats to information assets - are of central importance to us all. A few years ago, these conferences were quite rare. "Worms" and "viruses" were described in biology textbooks, not police reports. Today terms like these bring to mind crashed networks, massive disruptions in communications and infrastructure systems, and billions of dollars in damages.
Like revolutionary technologies before it, the Internet carries enormous potential both for advancement and for abuse. Attacks on networks, frauds, software piracy, corporate espionage, and trafficking in child pornography are just some of the crimes facilitated by the Internet. The Department of Justice is committed to fighting these crimes, and I am here to ask for your partnership. Without your leadership, without your help, and without our collective efforts, the Department's mission - to make our country a safer and more secure place for all Americans - can not be fulfilled....
Read the whole statement at:
http://www.usdoj.gov/criminal/cybercrime/AGCPPSI.htm
The Emergency Response & Research Institute (ERRI), parent of
this website, is currently considering building/offering a "Information Sharing
and Analysis Center (ISAC)," under the present NIPC/USDOJ model, for the
emergency service sector, IF an an adequate level of funding can be
obtained. It is believed that at least some of the of the needed resources to
implement an effective ISAC already exist within our ERRI/EmergencyNet News
Watch Desk operation. Questions, comments, recommendations, or available
resources applicable to this idea can be forwarded to
webmaster@emergency.com for consideration and potential future action...
11 May 2001
WORLDWIDE:
Thankfully, Experts Say Porn Computer Virus Fizzles Out
After what had been believed to be a strong start, the Homepage e-mail virus has luckily fizzled out barely a day after it first appeared. The Homepage virus outbreak started on 9 May, hitting organizations in Asia before being sent via the internet across the world and infecting companies in Europe and the US. According to reports from "down-under," Australian companies may have also been hard hit by the virus. But now computer security companies are reporting that far fewer infected messages are being sent, and the outbreak appears to have been contained.
Early fears that the virus was a misguided marketing attempt to drum up business for porn sites have been confirmed. On 9 May, anti-virus companies were fearing another serious outbreak when the Homepage virus, or "VBSWG.X" as it was officially dubbed, started clogging mail servers with infected messages. Like the Love Bug and Kournikova viruses, Homepage exploited the security failings of Microsoft Outlook to attach a payload to an innocent looking message.
The e-mail message carrying the virus is tagged with the
subject "Homepage," and in the message body it says: "Hi! You've got to
see this page! It's really cool ;O)." The attachment is called "homepage.html.vbs."
Anyone opening the attachment will be directed to one of four pornographic
websites and find that the home page of their browser has been re-set to
one of the sits. The virus also raids the address book of Outlook and
tries to mail infected messages to every name it finds.
08 May 2001
CHINA:
Reported Truce Called In US-China Hacker War
It is being reported that computer hackers in China have called a halt to their internet war with their counterparts in the United States. The "Honker Union of China" - an informal group of Chinese hackers - says it was successful in attacking more than 1,000 United States websites.
Now the hackers say they have reached their goal and are calling a truce. The "cyber-war" began after a mid-air collision between a US Navy surveillance plane and a Chinese fighter jet on 1 April. A statement by the Honker Union, carried by Chinese portal Chinabyte, said: "Any attacks from this point on have no connection to the Honker Union." The statement also called for improving network security in China, and said that the sites that were violated were mostly small.
ERRI computer security analysts say that it is
likely that at least some hacker activity from China will continue, but probably
at a lower level than in the past week. Additionally, other pertinent
anniversary dates, including the date of the U.S. bombing of a Chinese embassy
in Yugoslavia/Serbia may also prompt increased Chinese hacker activity later
this month.
WASHINGTON, DC:
National Security Advisor Concerned about Computer "Soft Underbelly"
According to Jim Wolf and the Reuters News Service, heavy reliance on computers has become the "soft underbelly" of U.S. life and a juicy target for foes, National Security Advisor Condoleezza Rice said in her first major policy address. "Our gaming exercises have told us for some time that a few well-organized hackers could disrupt everything from our power lines to our 911 (emergency telephone) systems," she said in a speech at an Internet security forum organized by CIO and Darwin magazines.
NYC:
How the NYPD Cracked the Ultimate Cyberfraud
Tuesday, March 20, 2001 By Murray Weiss
NEW YORK — Using computers in a local library, a Brooklyn busboy pulled off the largest identity-theft in Internet history, victimizing more than 200 of the "Richest People in America" listed in Forbes magazine, authorities say.
The New York Post broke the story in Tuesday's edition...click here to read all
about it...
08 Mar 2001
FBI/NIPC NEWS:
One Million Credit Card Numbers Reportedly Stolen By Computer Hackers; Extortion Plots
The Federal Bureau of Investigation said on Thursday that Russian and Ukrainian computer hackers have stolen more than one million credit card numbers as part of a massive extortion scheme. The hackers gained access to the networks of companies involved in e-commerce or e-banking and downloaded customer databases, credit card numbers and proprietary information.
The criminals then contact the firms and threaten to publish the information if they are not paid. The FBI said that paying the hackers is not a guarantee that they will not pass the stolen information on anyway. An FBI statement said: "Investigators believe that in some instances the credit card information is being sold to organized crime groups." The FBI is reportedly investigating the possibility that governments are supporting the hackers.
The FBI and its computer-crimes division, the National Infrastructure Protection Center (NIPC), have identified more than 40 victims in 20 US states. The hackers take advantage of vulnerabilities in Microsoft Windows NT operating systems that have been known at least since 1998. Patches for these weaknesses are available for free downloading from the Microsoft website, but the FBI says many computer owners have not bothered to upgrade. The NIPC website provides a list of software vulnerabilities that have been exploited.
At least two companies have been the subject of $100,000 extortion demands. Both CD Universe and creditcards.com refused to pay hackers who identified themselves as Russian, and both saw thousands of credit card numbers from their database released to the public via a website.
Additional information on the thefts and corrective measures
are available at:
http://www.nipc.gov/warnings/advisories/2001/01-003.htm
http://www.microsoft.com/technet/security/nipc.asp
International Police Conference Identifies New Breed of
Cyber-Criminals
By Jeremy Zakis, ERRI Analyst
An international policing conference in Adelaide, South Australia
identified a need for "cyber-police" in the future, if law enforcement wants to
stay ahead of a new breed of cyber-criminals. On Wednesday, Australian Federal
Police Commissioned Mick Palmer addressed the conference saying that figures
from the United States showed 70 per cent of major corporations were reporting
cyber-crime instances, at an estimated cost of $US515.0 million a year. An
Australian computing firm also said that computer security incidents in
Australia had jumped from 1342 in 1998 to 8197 last year.
Most crimes committed on the Internet happen outside the jurisdiction
where the crimes occurred, making policing and legislation difficult. Mr Palmer,
who is also the chairman of the police commissioner's electronic crimes steering
committee, said police departments might need to create special cyber-police,
cyber-courts and cyber-judges to combat e-crime.
According to the Australian Federal Police, A typical cyber-criminal is
profiled as being a computer expert without criminal intent, but finds the
challenge of breaking down computer systems exciting. The immediate challenges
faced by police in combating such crime includes dealing with encryption
systems, locating and preserving evidence and responding quickly to stop the
offense continuing.
GERMANY/SWEDEN:
22:00CST - 02 Mar 2001
OS/COMET Satellite Codes Reportedly Stolen From Federal Computer System
From ERRI/EmergencyNet News Watch Desk
Washington DC (EmergencyNet News) -- Computer codes which enable ground-controllers to communicate and send commands to satellites have reportedly been stolen by a hacker from a restricted federal computer system. Although official details are still sketchy, it is believed that a hacker was able to breach security last December and obtain sources codes of the proprietary OS/COMET software, which was designed by Exigent International. It is used by the U.S. Air Force Space Command to control the NAVSTAR Global Positioning System (GPS) from its Colorado Springs Monitoring Station.
Emergency Response and Research Institute (ERRI) computer security analysts said that if these reports can be verified that this alleged compromise could potentially allow a talented young person (or group of people) from a "foreign power," to take our GPS system off-line or make it dangerously inaccurate.
Implication: many of our military, maritime, space, and commercial aviation systems are heavily tied to these GPS systems and could become inoperable or maybe be manipulated to cause a emergency situation, or worsen an already existing military or diplomatic crisis.
A major federal investigation is said to be
underway, but the FBI would not publicly comment on the alleged theft or
the nature of the investigation. EmergencyNet News and the ERRI analysts
continue to monitor this developing story and will provide additional
details as more facts become available...
31 Jan 2001
New Consumer Sentinel Program Announced
Source: http://www.consumer.gov/sentinel/
See how law enforcement all over the world work together to fight fraud,using Consumer Sentinel, an innovative, international law enforcement fraud-fighting program.
| Use this site to: | |
 |
get
the facts on consumer frauds from Internet cons, prize promotions, work-at-home schemes, and telemarketing scams to identity theft. |
|
report your fraud complaints so they can be shared with law enforcement officials across the U.S. and around the world. |
|
learn how U.S., Canadian, and Australian law enforcers work together with private sector companies and consumer organizations to combat fraud. |
|
see trends and the types of complaints consumers file. |
Consumer Sentinel Project Team
600 Pennsylvania Avenue NW
Washington, DC 20580
Additional information about Consumer Sentinel:
Bob Kuykendall, Project Manager
202-326-3182
rkuykendall@ftc.gov
Information about how to spot and
avoid fraud and deception:
Federal Trade Commission
toll-free 1-877-FTC-HELP (382-4357)
www.ftc.gov/ftc/consumer.htm
30 Jan 2001
INFRASTRUCTURE FAILURES/ENERGY SHORTAGES:
ERRI Emergency Service Analysts Studying Problems Relating To Possible "Cascading Failures"
Chicago, IL (EmergencyNet News) -- Emergency service analysts at the Emergency Response & Research Institute (ERRI - parent organization of this website) are currently studying the possible ramifications of multiple infrastructure failures caused by shortages of energy products and electricity. The power crisis in California has pointed out some of the possible scenarios that could affect consumers if additional shortages of electricity were to strike any given section of the country.
Additionally, ERRI analysts say that the problems in California are also starting to impact people in other states in the Southwest and Northwest sections of the country, thus pointing out the possibility of "cascading failures," if the problems aren't addressed in a comprehensive (national) manner.
Finally, ERRI crisis experts say they are
also trying to gain a better understanding of the implications of a
wide-spread "cracker attack" on the electricity and communications systems
of the United States. At least one thing is obvious at the onset of the
study -- analysts say -- that the new Bush management team has an
opportunity to address the critical infrastructure needs and
vulnerabilities of the USA that may have been neglected by the previous
administration. Watch this news page for additional reports and
recommendations...
(See update
18 May 2001 - 09:30CDT --
ERRI COMMENTARY-OP/ED: Emerging
Infrastructure Failures and the "NIMBY" Syndrome)
09:00CST - 30 Jan 2001
DNS Vulnerability Cited
A VULNERABILITY RECENTLY discovered in the software used in most DNS (Domain Name System) servers may be the most serious security threat yet found on the Internet, allowing hackers effectively to shut down ISPs and corporate Web servers as well as steal confidential data, according to a report by Stephen Lawson in InfoWorld today.
The problem relates to two widely used versions of BIND
(Berkeley Internet Name Domain) that could be (or have been) exploited by
crackers, according to InfoWorld. Carnegie-Mellon University's Computer
Emergency Response Team (CERT) Coordination Center is reportedly set to issue a
fix for the problem...
INSTANT 
- 19:00CST - 25 Jan 2001
Microsoft Security Saga Continues...
Redmond, WA (EmergencyNet News) -- According to MSNBC, Microsoft websites suffered another outage again today at about 12:30EST. Today's outage is reportedly being blamed on some sort of denial of service attack. Six hours after it began, Microsoft issued a news release saying, “Microsoft was the target of a denial-of-service attack against the routers that direct traffic to the company’s Web sites.”
Speculation is running rampart in the
information security community that both Wednesday and Thursday's attacks
were somehow connected and "caused by crackers." But
Microsoft, in its statement today, denied there was any connection between
Wednesday’s inaccessibility and Thursday’s attack. Company officials were
not immediately available for further comment.
(See story below) EmergencyNet News continues to monitor events surround a
recent rash of cyber-security events, involving both a number of companies
and government agencies. We will bring you "Instant Updates" as
circumstances warrant...
*****
INSTANT
- 10:00CST - 25 Jan 2001
Microsoft Issues Statement About Outages
"Microsoft Explains Site
Access Issues
On Tuesday evening and
Wednesday, many Microsoft customers had difficulty accessing the company's Web
sites. The cause has been determined, and the issue is resolved.
At 6:30 p.m. Tuesday (PST), a Microsoft technician made a configuration change
to the routers on the edge of Microsoft's Domain Name Server network. The DNS
servers are used to connect domain names with numeric IP addresses (e.g.
207.46.230.219) of the various servers and networks that make up Microsoft's
Web presence.
The mistaken configuration change limited communication between DNS servers on
the Internet and Microsoft's DNS servers. This limited communication caused
many of Microsoft's sites to be unreachable (although they were actually still
operational) to a large number of customers throughout last night and today.
This was an operational error, and not the result of any issue with Microsoft
or third-party products nor the security of our networks. Microsoft regrets
any inconvenience caused to customers due to this issue..."
Entire Microsoft statement is available at:
http://www.microsoft.com/info/siteaccess.htm
*****
11:50CST - 24 Jan 2001
Microsoft On-Line Sites Off-Line??
Redmond, WA (EmergencyNet News) -- Preliminary and as yet sketchy reports are coming into the EmergencyNet News Watch Desk that a number of websites and e-mail associated with Microsoft, Inc. are off-line today. Few official details are currently available, but users are complaining that they are having trouble accessing MSNBC.com, MSN.com, and the e-mail service Hotmail.com.
When EmergencyNet News staffers tried to access the MSNBC website shortly before noon (central time), we received the "The page cannot be displayed" message in our browser. During our test, we were able to access the MSN general search page at http://search.msn.com/ The cause of the outage(s) is not currently known, but speculation is centering on Domain Name Services (DNS) problems. That hypothesis has not been confirmed by Microsoft officials. The outages are believed to affect a significant number of users.
EmergencyNet News is monitoring these events closely and will provide additional details if/when they become available...
INSTANT
09:00CST - 23 Jan 2001
Webpage Defacements Cause for Concern; Three Continents Simultaneously
Chicago, IL (EmergencyNet News) -- Although few official
statements are available concerning simultaneous "graffiti attacks" that took
place against government web-servers in three different countries late last
week, some computer security experts say that they display an "increasing
amount of coordination," that could be cause for future concern. The exploits
used to post the graffiti were reportedly not sophisticated, they used known
vulnerabilities of similar systems, for which there are patches available.
Additional information concerning these incidents will be posted here if/when
it becomes available...
21 Jan 2001 - 23:00CST
AUSTRALIA HIT IN SERIES OF INTERNATIONAL WEBSITE ATTACKS
Australia has been the target in a series of mass website defacements during the weekend -- attacking governments worldwide. The messages posted appeared to be of a non-political nature, and were being attributed to a group/individual named "Pentaguard." Additional information available at:
http://www.theage.com.au/frontpage/2001/01/22/FFXSQNT09IC.html
EmergencyNet News is also examining allegations that a
number of U.S. government websites were also cracked over the weekend. A
preliminary report was submitted to ERRI that the U.S. Veteran's
Administration suffered an intrusion on Saturday.
18 Jan 2001
Fears of Electronic Disturbances Associated With Presidential Inauguration
Washington, DC (EmergencyNet News) -- ERRI computer security
analysts say that their most current assessment would suggest that there may
be "electronic disruption attempts" associated with this weekend's
Presidential Inauguration. "It would appear that so-called 'hacktivists' may
utilize various kinds of electronic means to try to demonstrate their
displeasure with the Inauguration of President-Elect G. W. Bush," one analyst
said in a conference call with law enforcement officials this morning. "We
would recommend that government network administrators and those from firms
associated with the Republican party and other 'conservative causes' be
especially alert this weekend," the analyst said...
10 Jan 2001 - 11:00CST
New DDoS Attacks?
Information is coming in to the EmergencyNet News Watch Desk concerning two different types of "Denial of Service" attacks that have reportedly occurred in the past 48 hours. One involves a reported attack on IRC chat channels and the other involves possible attempts to overwhelm Domain Name Servers (DNS). EmergencyNet News is gathering additional information and will provide additional reports as circumstances dictate...