[iwar] news

From: Fred Cohen (fc@all.net)
Date: 2001-04-05 19:46:14

Return-Path: <sentto-279987-1099-986525176-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 05 Apr 2001 19:47:07 -0700 (PDT)
Received: (qmail 9643 invoked by uid 510); 6 Apr 2001 02:46:44 -0000
Received: from mv.egroups.com ( by with SMTP; 6 Apr 2001 02:46:44 -0000
X-eGroups-Return: sentto-279987-1099-986525176-fc=all.net@returns.onelist.com
Received: from [] by mv.egroups.com with NNFMP; 06 Apr 2001 02:46:16 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_1_1); 6 Apr 2001 02:46:15 -0000
Received: (qmail 65635 invoked from network); 6 Apr 2001 02:46:15 -0000
Received: from unknown ( by l9.egroups.com with QMQP; 6 Apr 2001 02:46:15 -0000
Received: from unknown (HELO all.net) ( by mta3 with SMTP; 6 Apr 2001 03:47:19 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id TAA11041 for iwar@onelist.com; Thu, 5 Apr 2001 19:46:14 -0700
Message-Id: <200104060246.TAA11041@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 5 Apr 2001 19:46:14 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Review shows hackers accessed 155 federal computer systems At least 155
federal computers systems -- some with sensitive research information or
personal data on Americans -- were temporarily taken over by hackers
last year, according to a review that found widespread lax computer
security.  The government's lack of safeguards against domestic and
foreign attackers who struck 32 federal agencies last year is
``chilling,'' one congresswoman said.  ``I think it would come as quite
a surprise for most Americans to learn the extent to which these federal
civilian agencies are the target of attacks by foreign and domestic
sources bent on espionage or other malicious actions,'' Rep.  Billy
Tauzin, R-La., said at a House Oversight and Investigations hearing


Pentagon networks attacked 715 times in 2000 The US Army, Navy and Air
Force combined suffered 715 cyber attacks last year, according to a
report from the General Accounting Office (GAO) released last week.  The
Navy reported the most attacks, 387, with the Army slightly behind at
299.  The Air Force suffered only 29 attacks in 2000, according to the
report, 'Information Security -- Challenges to Improving DOD's Incident
Response Capabilities.' The report says the three services suffered only
600 cyber attacks in 1999 -- significantly less than the 22,144
electronic assaults reported by the Defense Information Systems Agency
(DISA), the Pentagon's IT arm, for that year. 


Pentagon cyber defense impaired -- report The US military's ability to
defend against cyber attacks is hampered by a dearth of coordination
among the armed services, and a poorly implemented alert system,
according to a new report by government investigators.  The report,
"Information Security -- Challenges to Improving DOD's Incident Response
Capabilities," was issued last week by the General Accounting Office
(GAO), Congress' investigative arm.  It found the Defense Department
lacks a coordinated approach to ensuring that its systems are patched
against the latest software vulnerabilities, and to conducting security
assessments.  According to the report, the armed services performed over
150 computer security assessments last year, including some simulated
hack attacks by a National Security Agency (NSA) red team, and
identified hundreds of vulnerabilities in defense systems.  But those
audits were not coordination and prioritized. 


General says the "cyber" threat is real.  "My view is that as we look at
our computer systems, we'd be kidding ourselves if we thought they
weren't vulnerable," said Air Force Gen.  Ralph E.  Eberhart, U.S. 
Space Command commander in chief, during a March 28 interview with the
American Forces Information Service.  Eberhart's command assumed
responsibility for computer network defense in 1999, he said.  The
following year, it picked up the mission of computer network attack. 
Today's threats against DoD -- and private sector -- computer systems
run the spectrum from the curious, bored high school or college student
to state-sponsored 'cyber' war or computer network attack, he said. 


House members watch DOE official hack into federal computers Members of
Congress watched Thursday as an Energy Department cybersecurity expert
hacked into a computer hooked to the Internet, underscoring the federal
government's vulnerability to international information warfare. 
Members of the House Energy and Commerce Committee's Subcommittee on
Oversight and Investigations looked on as Jason Bellone, a member of
Energy's Office of Cybersecurity and Special Reviews, broke passwords
again and again with tools available for free download over the
Internet.  The federal government stores vast amounts of sensitive data,
said full committee chairman Billy Tauzin, R-La.  And when it comes to
computer security we are barely treading water.  In this increasingly
interconnected world, we're either going to prioritize our resources
better to meet this challenges ...  or we're going to find ourselves in
deep, deep trouble, Tauzin said. 


FBI struggles to retain cybercrime experts The FBI suffers from a high
turnover of experts in cybercrime but continues to get quality people,
FBI Director Louis Freeh said Wednesday.  "There's a bull market" for
skilled FBI cyber-crime workers, Freeh told a World Economic Forum event
held at the U.S.  Chamber of Commerce.  In order to keep workers in the
agency, he said, "we basically rely on people's patriotism." That can be
difficult when agency employees earning $50,000 to $55,000 interact
every day with former FBI workers now making six figures in the private
sector, he said.  Fortunately for the agency, the number of qualified
applicants continues to far outnumber the job vacancies.  The number of
criminal cases involving computer technology is growing exponentially,
Freeh said, and the top challenge facing the FBI in working against
cybercrime is maintaining the balance between protecting personal
privacy and enforcing laws.  He said the same constitutional balance
between privacy and the necessity of a government to stop crimes should
apply to the electronic age. 


Companies taking over cyberalerts Federal agencies soon will have a
commercial resource at their beck and call when dealing with security
vulnerabilities and cyberattacks.  The Federal Computer Incident
Response Capability, the central civilian organization for security
alerts and recovery, last week signed a contract with Science
Applications International Corp.  and its partner Global Integrity
Information Security to provide the day-to-day operations for the
center.  Responsibilities include issuing vulnerability alerts and
helping agencies respond and recover when actually hit with a
cyberattack, said Dave Jarrell, director of FedCIRC, which is based at
the General Services Administration. 


Bush, citing privacy, swears off E-Mailing family President Bush has
sworn off e-mail as a form of communication, citing privacy concerns. 
Bush used to have a wide circle of family and friends to whom he
exchanged e-mails as a way to stay in touch, particularly during his
presidential campaign when he traveled frequently.  But that has come to
a screeching halt now that Bush is in the White House.  ``I used to be
an avid e-mailer, and I e-mailed to my daughters or e-mailed to my
father, for example, and I don't want those e-mails to be in the public
domain,'' Bush said on Thursday to the American Society of Newspaper
Editors.  He said he does not e-mail out of concern his private
communications could be subject to freedom of information laws and could
be made public.  Bush said, however, that his administration will
cooperate fully with freedom of information requests if they do not
jeopardize national security. 


------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Do you have 128-bit SSL encryption server security?
Get VeriSign's FREE Guide, "Securing Your
Web Site for Business." Get it now!


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:06 PDT