Return-Path: <sentto-279987-1364-993259317-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 22 Jun 2001 18:22:07 -0700 (PDT) Received: (qmail 12471 invoked by uid 510); 23 Jun 2001 00:23:43 -0000 Received: from b05.egroups.com (208.50.144.96) by 204.181.12.215 with SMTP; 23 Jun 2001 00:23:43 -0000 X-eGroups-Return: sentto-279987-1364-993259317-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by b05.egroups.com with NNFMP; 23 Jun 2001 01:21:57 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_1_3); 23 Jun 2001 01:21:56 -0000 Received: (qmail 54937 invoked from network); 23 Jun 2001 01:21:56 -0000 Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 23 Jun 2001 01:21:56 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 23 Jun 2001 01:21:56 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id SAA23778 for iwar@onelist.com; Fri, 22 Jun 2001 18:21:55 -0700 Message-Id: <200106230121.SAA23778@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 22 Jun 2001 18:21:55 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] news excerpts... Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Thursday June 21 3:19 PM ET Russia, China Working on Cyber Warfare -US Official By Jim Wolf WASHINGTON (Reuters) - Russia and China appear to be developing computer-based tools with the potential to do long-lasting harm to the U.S. economy, a top intelligence official told Congress on Thursday. Such arms will give future foes new leverage over the United States, including a way to ratchet up pressure and the prospect of anonymity, said Lawrence Gershwin, the national intelligence officer for science and technology. Testifying before the Joint Economic Committee, Gershwin cited what he called some nations' public acknowledgment of the role cyber attacks would play as the ``next wave of military operations.'' ``We've certainly seen that from countries such as China and Russia,'' he said. While he mentioned no other states by name, he said a ``fair number'' had ``active'' programs, adding that most of his information on the subject was classified. ``We watch them very intensely,'' Gershwin said. ``Some of them are aimed at the United States and some of the others are probably aimed at others.'' ``For the next five to 10 years or so, only nation-states appear to have the discipline, commitment and resources to fully develop capabilities to attack critical infrastructures,'' he said. The United States itself is working to integrate keyboard-launched attacks and network defense into ``all military plans and operations,'' Army Lt. Gen. Edward Anderson, deputy commander in chief of the U.S. Space Command, told House Armed Service Committee members Wednesday. ``We need to continue developing computer network attack strategies through simulations and war-gaming to improve our understanding of the potential collateral effects associated with such actions,'' he said. ``Collateral'' damages is military jargon for spillover to civilians. ==================== U.S. Forces in Gulf on High Alert Possible Terrorist Threat Detected, Ships Leave Ports June 22 - U.S. Navy warships have pulled out of Persian Gulf ports following the detection of a possible "imminent" terrorist threat against an American target in the region, ABCNEWS has learned. Administration officials say they are aware of an imminent, but unspecified terrorist threat against Americans. The State Department is expected to issue a worldwide alert in the coming hours. Military sources say the threat is "credible, and actionable," meaning it is serious enough for the military to pull ships out of port, standard procedure after the Navy ship USS Cole was hit by a terrorist attack while refueling in the Yemen port of Aden nine months ago. Seventeen sailors were killed. U.S. military installations in the region that were not at the highest state of alert, "Threatcon Delta," have been raised to that status, warranting a series of protective actions military commanders take to safeguard forces. The moves come a day after federal prosecutors indicted 14 people in the Khobar Towers truck bombing in Saudi Arabia, which killed 19 U.S. servicemen nearly five years ago. ================= From a Federal Department: Apparently someone is dialing our prefix seeking a modem connection (ala War Games). The agency reported the incident to us. ================= OCC issues cyberthreat alert ABA Bank Compliance, 6/22/2001 No URL available. ABSTRACT: In OCC Alert 2001-4, on April 24, 2001, OCC issued an alert outlining steps that banks should take to protect electronic network data from hackers and other cyberthreats. BODY: On April 24, 2001, OCC issued an alert outlining steps that banks should take to protect electronic network data from hackers and other cyberthreats. OCC Alert 2001-4. The alert was prompted by a recent report from the National Infrastructure Protection Center, a group made up of representatives from federal, state and local agencies and the private sector formed to safeguard U.S. essential infrastructure, about increasing numbers of attacks on electronic commerce. The alert said that banks and service providers should take the following steps to respond to network vulnerabilities: Identify systems vulnerabilities; Eliminate unwarranted risks by applying vendor-provided software fixes, commonly called "patches;" Ensure that exploitable files and services are assessed and removed or disabled; Ensure that changes to security configurations are documented, approved, and tested; Update vulnerability scanning and intrusion detection tools to identify known vulnerabilities and related unauthorized activities; Conduct subsequent penetration testing and vulnerability assessments, as needed; Review contracts with service providers to ensure that security maintenance and reporting responsibilities are clearly described, including notice by service providers of systems security breaches that may affect the bank; and Establish monitoring, reporting, and investigation controls that identify unusual funds transfer activities as a potential indicator of system security breaches. The alert is available on OCC's website at www.occ.treas.gov ===================== FBI reviewing IT security By Christopher J. Dorobek, Federal Computer Week, 6/22/2001 http://www.fcw.com/fcw/articles/2001/0618/web-webster-06-21-01.asp The FBIs information technology security practices are part of an internal review of the bureaus counterespionage efforts, said former FBI director William Webster, who is leading that review. Attorney General John Ashcroft specifically requested that the review cover IT security, Webster said during testimony before the Senate Judiciary Committee on Wednesday. Webster said the review is looking at: * The adequacy of the FBIs protection of computer and telecommunications systems. * The bureaus audit trail capabilities examining the FBIs ability to track who has access to what information. * The FBIs implementation of automated tripwire detection systems, which are used to notify officials when somebody is looking at information unrelated to their work. Webster was brought in by FBI Director Louis Freeh, who steps down this week, in the wake of the arrest of Robert Hanssen, a veteran FBI counterintelligence agent who was arrested in February on charges of spying for the Russians for 15 years. =================== N. Korea masses forces http://www.washtimes.com/national/20010622-319858.htm U.S. intelligence agencies are closely watching the east and west coast of North Korea. Last week, large numbers of amphibious assault vehicles and craft were spotted getting into formation. Officials said the forces were probably preparing for military exercises. The amphibious-warfare equipment was photographed by a U.S. spy satellite and included air-cushioned landing craft and troop- and tank-transport ships. The massing of forces coincided with the incursion of a North Korean merchant ship into South Korean waters on June 13. ============ Asymmetric threats http://www.washtimes.com/national/20010622-319858.htm Army Gen. Tommy Franks, commander of the U.S. Central Command, is warning that the United States must prepare itself for a future "asymmetric" Pearl Harbor-like sneak attack. "The asymmetric threat is serious and deserves our focused thought and preparation," Gen. Franks said in a recent speech to the Operations Security Professionals Society. "The point is to avoid another Pearl Harbor-like event by recognizing the threat and preparing to meet this growing challenge." How to deal with asymmetric threats will be addressed in the ongoing defense-transformation efforts by the military, he said. Asymmetric warfare threats include efforts by weaker powers to defeat stronger ones using attacks that can include weapons of mass destruction, the use of computer-based information warfare, and terrorism. ============= Lots more is hapenning out there today... FC -- Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225 Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171 Fred Cohen - Practitioner in Residence - The University of New Haven This communication is confidential to the parties it is intended to serve. PGP keys: https://all.net/pgpkeys.html - Have a great day!!! ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:18 PDT