[iwar] Historical posting


From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com

Mon, Jan 1, 1999


fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

          

Student charged with U.S. gov't hacks
A Northeastern University student was charged Wednesday with
hacking into federal government computers, including systems
at NASA and the Defense Department, in a coast-to-coast attack
on public and private Web sites and servers, authorities said.
If convicted Ikenna Iffih, 28, faces up to 10 years in prison
and a $250,000 fine. U.S. Attorney Donald Stern said Iffih
seized control of a NASA Web server in Maryland last year
and was able to read, delete and alter files, as well as
intercept and save login names. The compromised server did not
contain classified or sensitive information and was not
involved with the command or control of satellites, Stern said.
Using the NASA computer as a platform, Iffih allegedly attacked
the Interior Department's Web server, defacing the agency's Web
page, prosecutors said. Prosecutors also said Iffih got access
to a Defense Department computer, as well as the Web site of an
Internet service provider (ISP) in Washington state where he
"recklessly caused damage" and caused a "significant" loss of
business, prosecutors said.
http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2445501%2C00.html
http://www.mercurycenter.com/premium/business/docs/hacker24.htm
http://www.computerworld.com/home/print.nsf/all/000224EF42
http://www.wired.com/news/technology/0,1282,34539,00.html
http://www.gcn.com/vol1_no1/daily-updates/1395-1.html

EBay sees no revenue loss from hackers
Online auctioneer eBay Inc said Thursday that recent hacker
attacks had only cost the company about $80,000 in new expenses
and nothing in lost revenues due to the unique nature of its
business. Meg Whitman, president and chief executive of the
company, told Reuters during a visit to the company's German
unit that unlike brokerage or retail Internet services, clients
were not deprived of essential services during the partial
blackout. ``What happens with eBay is that if a user comes on
and the site isn't functioning perfectly, they'll often come
back three or four hours later and list their item (for sale)
or make a bid,'' she said. ``It's not like an airplane seat
where after the airplane leaves that seat has gone wasted,''
she said, adding that the costs had come primarily from
overtime payment for engineers.
http://www.sjmercury.com/svtech/news/breaking/merc/docs/030409.htm

Alleged kidnap attempt on Chinese ISP ends in arrest
While Chinese Internet startups may be looking to backers for
their businesses, the latest in a series of crimes committed
by hackers highlights dangers the world's largest nation faces
from cyber criminals. The latest crime concerns a hacker who
allegedly attempted to kidnap a local Internet Service Provider
in China's northeast Liaoning province and surf the Net free of
charge. But he has been arrested by police, the official Xinhua
news agency said in a report. China last week pledged to play a
key role in the international effort to clamp down on computer
crimes and curb a rising tide of hacker attacks, many of them
copycats crimes to those committed in the United States. The
hacker, identified only by the surname Xie, was accused of
destroying the mail server of the unnamed ISP by downloading
hacking software from the Internet and causing the collapse
of the mail service system.
http://www.deseretnews.com/dn/view/0,1249,150015533,00.html

Security group offers a plan for defending against attacks
On the heels of recent distributed denial-of-service attacks
on commercial Web sites, a public-private security group has
published a document to help organizations deal with systems
security. The document, from the Project for the Partnership
for Critical Infrastructure Security, focuses on four
immediate steps to reduce the risk of attack and includes
suggestions for long-term efforts at protection. The matter
is important because distributed denial-of-service attacks
could strike at the heart of the Internet, said Alan Paller,
director of research at the SANS Institute of Bethesda, Md.
"What's new is that this can do big damage," he said during
a session at the Virtual Government Conference in Washington.
"It can damage the trust we have in the Internet."
http://www.gcn.com/vol1_no1/daily-updates/1394-1.html
http://www.currents.net/newstoday/00/02/24/news1.html
http://www.currents.net/newstoday/00/02/24/news2.html

Germany Takes Aim at Hackers
German Interior Secretary Otto Schily is setting up a Task Force
to deal with the hacker threat following a spate of recent attacks
on popular US Web sites. The committee is intended to clarify the
hacker potential in Germany and take measures to strengthen and
coordinate the fight against such attacks. German security
authorities will also take up contact with US authorities, in
order to form a common defense policy against all hacker attacks.
"Security in information technology is a key problem for every
modern political economy," said Schily. "For this reason the
federal government will take all available measures to enable
IT security to be guaranteed in future."
http://www.internetnews.com/intl-news/article/0,1087,6_307271,00.html

Argentine Sites Easy Targets, Says Hacker
Argentine Web sites are an easy target for hackers, according to
an Argentine accused by the U.S. Federal Bureau of Investigation
of hacking into U.S. Navy and NASA space agency Internet sites.
"About 45 percent of Argentine Web sites are without any protection
although there's growing consciousness about security," 26-year-old
Julio Cesar Ardita told Reuters in an interview this week. Ardita,
who now runs his own software security company, came to prominence
in 1996 when the FBI used Internet wiretap software to track the
man who allegedly hacked into the U.S. Navy and NASA sites. No
arrest was made. The security issue has surfaced because an
Internet revolution is under way in Latin America, despite low
wages, sometimes unreliable postal services and low use of bank
accounts and credit cards.
http://news.excite.com/news/r/000223/18/net-argentina-hacker

Reno on New Code War
Attorney General Janet Reno discussed Internet security this
morning, reviewing both pending legislation and the potential
threat to the United States from foreign countries. The issue
was first raised Wednesday, when the Central Intelligence Agency
said in testimony to Congress that there are increasing signs that
such countries as Russia and China were developing tools that could
attack commercial computer networks within the United States. So
what should the role of the Justice Department be in countering
these potential threats? "I would not comment on any particular
country, but it's important that we realize that we must be prepared
to protect the information infrastrucure of this country and the
industries," Reno urged. "Whether it be the government or key private
sector [companies]... this is one of the most important issues we face."
http://www.zdnet.com/zdtv/cybercrime/fedwatch/story/0,9955,2445792,00.html

Computer crime outpacing cybercops
In the wake of recent hacker attacks on corporate Web sites,
law-enforcement agencies from the FBI to local police forces
are struggling to recruit and keep knowledgeable cybersleuths
and prosecutors. The dearth of computer security experts could
be hurting the FBI's probe of the attacks on Yahoo!, E-Trade
and other firms two weeks ago. "Our resources are stretched
paper thin," FBI Director Louis Freeh told a Senate subcommittee
last week. He said officials have seen a 39% increase in computer
crimes from 1998 to 1999. The nation has only several hundred
high-caliber forensic computer experts. Many of them are lured
by technology firms and private security outfits waving salary
offers of $150,000 to $250,000, twice their government paychecks.
http://www.usatoday.com/life/cyber/tech/cth404.htm

Educate, Don't Regulate
A raft of computer experts - including the man long considered
the father of the Internet - asked Congress to forestall any
legislation that would unnecessarily regulate cybersecurity,
and instead advocated the role government could play in educating
its members and the public about Internet security. "It is my
judgment that the Internet itself is for the most part secure,
though there are steps we know (that) can be taken to improve
security and resilience," said Vinton G. Cerf, senior vice
president of Internet architecture and technology at
MCI/WorldCom, who spoke today before the Joint Economic
Committee. "Most of the vulnerabilities arise from those who
use the Internet - companies, governments, academic institutions,
and individuals alike - but who do not practice what I refer to
as good cyber-hygiene."
http://www.currents.net/newstoday/00/02/24/news4.html

Congress Examines Silencing Hack Attacks
Government can reduce the threat of computer attacks by getting
its own house in order and bringing businesses together to share
information. But industry must take the lead, security experts
told a Senate committee Wednesday.
http://www.techweb.com/wire/story/TWB20000223S0014

Pentagon security cracked during testing
Information warfare tests conducted in September 1999 on the
Pentagon's $1.6 billion Defense Message System found serious
deficiencies in the system's security protections. During
operational tests of DMS software Version 2.1, conducted last
year by the Defense Department's Office of Operational Test
and Evaluation, an information warfare test team "was able to
penetrate all but one test site with only a moderate level of
effort," according to the DOD's 1999 annual OT&E report,
released this week. As a result of the failure, the Pentagon's
OT&E director concluded that DMS Version 2.1 was "not
operationally effective." DMS was scheduled to replace the
Pentagon's aging Automatic Digital Network (Autodin) message
system at the end of last year. Developed in the 1960s, Autodin
passes message traffic through a global network of highly secure
but antiquated mainframes that use tape reels for data storage.
http://cnn.com/2000/TECH/computing/02/22/pentagon.bad.dms.idg/index.html

U.S. lets professor put encryption on Internet
The United States will allow a computer scientist to put
instructions for writing a powerful computer data-scrambling
program on his Web site, but his high-profile lawsuit challenging
U.S. export restrictions on encryption may continue, his lawyer
said Thursday. President Bill Clinton in January dramatically
liberalized once-strict U.S. export limits on encryption programs,
which scramble information and render it unreadable without a
password or software ``key.'' The changes recognized that encryption,
used in everything from Web browsing software to cellular telephones,
has become essential for securing electronic commerce and global
communications. The move also followed a May 6, 1999 decision by a
U.S. Appeals Court panel that the old rules barring University of
Illinois professor Daniel Bernstein from posting instructions for
his ``Snuffle'' program on the Internet were an unconstitutional
violation of the scientist's freedom of speech.
http://www.sjmercury.com/svtech/news/breaking/merc/docs/055344.htm

Victory for Israel Hack Meet?
A proposed ban on the upcoming worldwide hacker conference to be
held here is not gaining support and Y2hacK is likely to go on as
planned. Michael Eitan said Tuesday during a meeting of the Knesset's
Committee for Scientific and Technological Research and Development
that canceling the conference would be a mistake -- and a missed
opportunity to learn from the hackers. Last week, committee head
Anat Maor wrote a letter to the attorney general calling for the
worldwide hacker conference to be outlawed. "It's absurd. [Hacking]
is illegal in Israel and many other countries, including the US,"
Maor said. "If there was going to be a conference of thieves, or a
conference of men who beat their wives, how would you feel? You
can't allow a conference that goes against the law."
http://www.wired.com/news/politics/0,1283,34504,00.html

Top secret spy agency predictably "out of control":
According to a special European Union parliament-commissioned
report on the Echelon spy-network, a U.S.-led communications
monitoring network is in fact intercepting "billions of
messages per hour" including telephone calls, fax transmissions
and private e-mails. The author of the report claims the
intelligence network monitors and intercepts sensitive European
wide commercial communications and also involves a number of
other country to a lesser degree. Washington and London have
both, of course, vehemently denied the allegations. Plausible
deniability, anyone?
(New York Times story, free registration required)
http://www.cyber-rights.org/interception/stoa/ic2kreport.htm#Report
http://www.nytimes.com/library/tech/00/02/biztech/articles/24spy.html

Poll: Net privacy fears increase
A majority of users say the Internet has made their lives better,
but almost half are worried that their privacy and security might
be compromised online, according to a Gallup Poll survey released
on Wednesday. According to the Gallup Poll, 62 percent of Internet
users thought the Internet is a better use of time, compared with
25 percent that valued TV.
http://www.zdnet.com/zdnn/stories/news/0,4586,2445454,00.html

Internet Scandal in Qatar
Thousands of Qataris have finally discovered why their Internet
access bills inexplicably soared like the price of oil in recent
weeks: Their usernames and passwords were being sold on CDs.
More than 6,000 usernames and their relevant passwords were being
sold in the capital city of Ad Doha and other cities for between
500 and 1,000 Qatari riyals (US$137-275) over the past several
weeks. Many of the usernames and passwords apparently belonged to
corporate accounts of several ministries, major companies, and
even the Emiri (Royal) Court.
http://www.wired.com/news/politics/0%2C1283%2C34515%2C00.html

Battling the hack-attack
Businesses must avoid the reactive model. Businesses need to
combat cyber vandals by building stronger defences, a security
expert says. High-tech security is possible, says Kevin McCormick,
professor of justice and public safety at Georgian College in
Barrie, Ont.. But first, he says, businesses must alter their way
of thinking and throw away masking tape solutions. He suggests
developing a combative frontline force against cyber vandals -
stopping them before they strike. Ideally, he says, businesses
should focus on securing weak links in their computer systems
and developing crisis teams who can identify and fix problems,
if a hack occurs. Understanding computer security may be as easy
as one simple analogy. Think of your computer like a house, he
says. Imagine it has similar doors that allow people to walk in
and out of them. Picture the windows capable of opening and
closing. Than ask yourself, 'How difficult would it be to break
into this house? Would it be possible?' According to McCormick,
the answer is probably yes.
http://www.canoe.ca/TechNews0002/22_cybersecurity.html

FC