Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting
China's 'serious threat': FBI Director Louis Freeh and CIA Director George Tenet are expected to brief the Senate Intelligence Committee today on what Freeh calls a "very serious" espionage threat from China. Freeh will also cite Russia and Cuba as having stepped up their intelligence activities aimed at the US. http://www.cnn.com/2000/US/03/08/freeh.spy/index.html
Chinese cyberforce: Chinese computer hackers are preparing to launch a cyberattack (click on "Cyberforce Threatens Taiwan") on election centers, financial institutions, and military command posts before Taiwan's presidential elections to be held this month. http://www.the-times.co.uk/news/pages/Times/timconcon01001.html
Vandal alters Gallup Internet site just before primaries An unknown hacker vandalized the Internet site for the Gallup Organization just before today's presidential primary elections, but didn't change survey data from one of the nation's oldest and most respected polling companies. Gallup said none of its poll data was compromised because its vandalized Web site, at www.gallup.com, won't be connected to internal computers that store polling results until Sept. 1. That's when Gallup plans to make available through its Web site 65 years of data. ``We have until September 1 to guarantee that we have addressed all issues of security,'' said Phil Ruhlmon, Gallup's chief information officer. http://www.sjmercury.com/svtech/news/breaking/merc/docs/011662.htm
Internet Increasingly Used To Commit Identity Fraud Criminals are increasingly turning to the Internet for information they need to assume another person's identity and commit fraudulent financial transactions, officials from the Secret Service and the Federal Trade Commission (FTC) said Tuesday. In testimony before the Senate Judiciary Committee's Subcommittee on Technology, Terrorism and Government Information, government officials argued that financial institutions, credit reporting bureaus and information vendors need to be held responsible for failing to conduct adequate inquiries into the true identity of consumers who make large purchases. Gregory Regan, special agent in charge of the Secret Service's Financial Crimes Division, told lawmakers that the confidentiality of consumers' personal and financial data is being compromised by online data collection firms that often are more concerned with selling that information than safeguarding it against misuse. http://www.newsbytes.com/pubNews/00/145187.html
Customs team to look at fresh cyber menace
A 70-member Customs computer-crime team has been set up to battle copyright pirates and smugglers in cyberspace. Commissioner of Customs and Excise John Tsang Chun-wah said yesterday the team would map out tactics in the coming year based on computer-crime trends. It follows the success of a 185-member taskforce established last June which has successfully controlled copyright piracy, Mr Tsang said. http://www.technologypost.com/internet/DAILY/20000307115714123.asp?Section=Main
Taiwan Says Prepared for Internet Attack
Taiwan's military said on Tuesday it has set up Internet defenses in the run up to the March 18 presidential election after discovering more than 7,000 attempts by Chinese hackers to enter the country's security systems. "We have set up a round-the-clock monitor system and installed various security programs and firewalls to keep the Chinese Communists from trying to disrupt our networks," said Chang Chia-sheng, the defense ministry's cyber information head. http://www.thestandard.net/article/display/0,1151,12661,00.html http://www.technologypost.com/internet/DAILY/20000307160423235.asp?Section=Main
Sprint PCS explains alleged privacy violation somewhere in middle of handy 6,000-word document: Users of Sprint's new wireless data service take note: Sprint PCS cell phones automatically transmit your phone number to every Web site you visit while using the service. If you were previously unaware of this alleged privacy violation, you can read more about it somewhere within the 6,000-word service agreement on the Sprint Web site. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/03/07/BU94577.DTL&type=business
British Parliament to approve ill-conceived threat to civil liberties: British Parliament debated legislation Monday that would classify ISPs as telecom operators, thereby allowing the government to monitor private email and mobile phone conversations. While supporters of the bill say it's simply designed to implement regulations governing traditional telephony services across new technologies, critics see it for the breach of civil rights it is... http://www.stand.org.uk/ http://www.theregister.co.uk/000306-000020.html http://www.wired.com/news/politics/0,1283,34776,00.html http://www.newsbytes.com/pubNews/00/145168.html
Study highlights security risk of ATM, frame relay networks CORPORATE ENTERPRISES -- along with application service providers, ISPs, and others -- will spend about $60 million this year trying to fix security problems associated with ATM and frame relay networks, according to an upcoming report. The Yankee Group soon will release a new study blowing the whistle on ATM and frame relay vulnerability -- a "dirty little secret" of the industry. http://www.infoworld.com/articles/en/xml/00/03/07/000307enyankee.xml
Railtrack hacker arrested
A man has been released on police bail after being arrested in connection with the hack attacks that paralysed the Web sites of Lloyds of London and Railtrack at the beginning of the year. The man was arrested on Friday and but has to report back to police in June pending further enquiries. The alleged offences come under sections one and three of the Computer Misuse Act regarding unauthorised access and the modification of computer systems. He was arrested by officers from Scotland Yard's Computer Crime Unit. http://www.theregister.co.uk/000308-000020.html
Dutch server used to break into govt Web site
Police discovered Tuesday that the hacker who broke into the Web site of a government bureau in Osaka in January accessed the site via a Dutch server. The hacker erased most of the information on the site of the National Personnel Authority's Kinki Regional Bureau, including the contents of public servants' examinations. Police, who are tracing the hacker with the aid of Interpol, obtained access to records from Dutch police. The hacking incident came to light when an official of the bureau tried but failed to access the site Jan. 27. The bureau checked the site and found that 96 percent of the site's information on public servants examinations, including dates and samples of the exams, had been erased. After receiving the report, police began an investigation into the matter. http://www.yomiuri.co.jp/newse/0308cr06.htm
Hackers attacked official website twice last year
TWO unsuccessful hacker attacks on the government's computer home page last year have been reported to the police by the Information Technology (IT) Services Department. Director of IT Services Lau Kam-hung said both attempts failed in the face of anti-hacking installations in the government's network. These safeguards included firewalls (a security feature to prevent hackers from accessing a site) and virus and hacking detection systems. A department spokeswoman said the attempts happened in January and June. No data was lost. Police Commercial Crime Bureau Chief Superintendent Lo Yik-kee declined to reveal the progress of investigations. http://online.hkstandard.com/today/default.asp?PageType=aho11
Hack, it's just a job for the Russians
Unlike hackers in richer countries, most Russian ones are not just motivated by the thrill of cracking code but are driven by empty pockets. Mr Alexei Rayevsky understood early how lucrative computer hacking can be. As a teenager, he broke into corporate networks, then confronted the companies with his exploits -- and offered his expertise for making their systems more secure. Unlike their counterparts in richer countries, most Russian hackers are not just motivated by the subversive thrill of cracking code and embarrassing corporate titans or government agencies -- they're driven by empty pockets. Sure, Russian hackers still sometimes sabotage systems for fun or political reasons, and advertise their antics on irreverent websites. http://www.straitstimes.asia1.com/world/wrld1_0308.html
Chinese hackers turn to identity theft
Organised Chinese fraud rings on the mainland and overseas are more likely to hack databases to compromise credit and identity details than ply the more traditional avenues of bribing bank employees favoured by their Nigerian counterparts, a federal investigator claims. "The Chinese gangs have moved into the electronic age where they're using hacking techniques and Internet theft," US Secret Service Special Agent Gregory Regan explained in testimony before the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information Tuesday. Identity theft is an increasingly easy scam now that so much information is available on line, Regan warned. "The Internet makes it unnecessary for criminals to obtain identity documents," he said. The Net is creating a "faceless society" where it's easy for an identity fraudster, even one overseas, to open a credit account on line, sometimes with nothing but his victim's name and social security number, Regan observed. There were 1,147 cases of identity theft resulting in 644 convictions reported in the US during 1999 alone. The US Social Security Administration reports that over 81 percent of social security number misuse involves ID theft. Most incidents are part of some larger, organised criminal enterprise. http://www.theregister.co.uk/000308-000016.html
Sprint to Hide Web Surfers' Phone Numbers
AT&T says it also transmits users' numbers to Net sites. After taking heat from privacy advocates, Sprint PCS yesterday said it plans to change its policy of transmitting customers' phone numbers to Web sites they access with their cell phones. But a second company, AT&T, confirmed yesterday that it, too, automatically sends customers' phone numbers to Web sites through its wireless data service. The phone numbers are embedded in every request for a Web page. Privacy watchdogs complained the practice makes it too easy for Web sites to forward the phone numbers to their sales department for follow-up calls. Moreover, Web site operators could potentially use databases to match the phone numbers with users' real names and other personal information. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/03/08/BU106575.DTL&type=tech_article http://www.newsbytes.com/pubNews/00/145264.html
Get thee hence, script kiddie
Those sys admins among you who've had your systems scanned after they'd only been running for a day or so and were allegedly concealed from the public view, would do well to read this deconstruction of the script kiddie methodology and some suggestions on how to protect yourself. http://rootprompt.org/article.php3?article=159 http://rootprompt.org/article.php3?article=167
UNIX (and Linux especially) viruses - the real story There's been a lot of fooferaw about UNIX viruses recently, and more specifically Linux viruses. A lot of it is complete garbage. Many of these articles seem to have gotten a hold of virus experts, which is good, but it seems these virus experts generally have little knowledge of UNIX, which isn't surprising as most viruses and anti-virus software is written for Windows (only in the last year or two have many anti-virus vendors ported their products to UNIX platforms). http://securityportal.com/direct.cgi?/closet/closet20000308.html
-- 6 March 2000 SouthPark Worm
The SouthPark e-mail worm, a variant of PrettyPark, sends itself to the infected computer's complete e-mail address book every half-hour. It also tries to connect to an Internet relay chat (IRC) server, and it could provide the worm's author with sensitive computer information while connected. http://www.currents.net/newstoday/00/03/06/news1.html
-- 6 March 2000 Scanning Tool Data Requires Experience to Interpret While security scanners provide reams of raw data about a network's potential vulnerabilities, experienced professionals are needed to interpret the information and translate it into concrete solutions. http://www.fcw.com/civic/articles/2000/march/civ-tech-03-06-00.asp
-- 6 March 2000 OMB Ties Money to Security
The Office of Management and Budget (OMB) will no longer pay for computer systems without adequate security, beginning in fiscal year 2002. http://www.fcw.com/fcw/articles/2000/0306/web-omb-03-06-00.asp
-- 6 March 2000 National Information Assurance Acquisition Policy After January 1, 2002, government agencies buying computer security products will be permitted to choose from only those products that have been evaluated by accredited national laboratories and that meet strict international standards, according to the National Information Assurance Acquisition Policy. http://www.fcw.com/fcw/articles/2000/0306/fcw-pol-regs-0306.asp http://www.currents.net/newstoday/00/03/06/news14.html
-- 4 March 2000 White House Report Says Anonymity is a Problem According to a forthcoming White House report, the Working Group on Unlawful Conduct on the Internet, created by President Clinton last August, wants law enforcement groups to have greater authority to trace Internet users' identities, and believes Internet service providers (ISPs) should be encouraged to keep track of their customers' on-line activity. http://www.wired.com/news/politics/0,1283,34659,00.html http://www.wired.com/news/politics/0,1283,34720,00.html Editor's Note (Cowan): Most of the evils of anonymity would be eased if strong authentication were pervasive. The problems are caused by forged identity. When Internet users are accustomed to seeing digitally signed traffic most of the time, then they will be able to accord truly anonymous traffic the credibility that it deserves, and people who truly need anonymity for whistle-blowing purposes could have it.
-- 3 March 2000 "Coolio" Admits Cracking, Denies Recent DDoS Attack
Involvement
The New Hampshire teenager who goes by the cracker handle "Coolio" admits
that he broke into as many as 100 computers and that he defaced three
web sites, including RSA.com and Dare.org. "Coolio" denies any
involvement with the round of DDoS attacks on sites such as Yahoo! and
Amazon.com, despite chat room transcripts which appear incriminating.
http://www.msnbc.com/news/377102.asp?0m=T11Q
http://www.usatoday.com/life/cyber/tech/cth492.htm
http://www.currents.net/newstoday/00/03/06/news2.html
FC