Return-Path: <sentto-279987-1551-996934075-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 04 Aug 2001 07:09:12 -0700 (PDT) Received: (qmail 4347 invoked by uid 510); 4 Aug 2001 13:10:13 -0000 Received: from n19.groups.yahoo.com (216.115.96.69) by 204.181.12.215 with SMTP; 4 Aug 2001 13:10:13 -0000 X-eGroups-Return: sentto-279987-1551-996934075-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by mw.egroups.com with NNFMP; 04 Aug 2001 14:07:56 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_2_0); 4 Aug 2001 14:07:55 -0000 Received: (qmail 47620 invoked from network); 4 Aug 2001 14:07:54 -0000 Received: from unknown (10.1.10.27) by l9.egroups.com with QMQP; 4 Aug 2001 14:07:54 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 4 Aug 2001 14:07:52 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA26144 for iwar@onelist.com; Sat, 4 Aug 2001 07:07:51 -0700 Message-Id: <200108041407.HAA26144@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 4 Aug 2001 07:07:51 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] news Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Wednesday August 1 3:29 PM ET Code Red Internet Worm Disturbs Pentagon Networks By Deborah Zabarenko WASHINGTON (Reuters) - The reawakened ``Code Red'' worm disturbed the Pentagon's computer networks on Wednesday, and the main U.S. computer monitoring center predicted it would infect as many systems as it did in its first incarnation in July. ``The worm is an ugly thing,'' U.S. Army Major Barry Venable said in a telephone interview from Colorado Springs, where the U.S. military monitors its networks. ``Here at DoD (Department of Defense), we've observed several disturbances to our networks as a result of this thing working on the Internet, but we've seen no significant degradation to DoD yet,'' Venable said. Code Red surreptitiously infects computers running Windows NT or 2000 operating systems and Microsoft Corp.'s IIS Web server software and then makes infected machines scan the Internet for more victims. It reawakened at 8 p.m. EDT on Tuesday after an 11-day dormant period. First recognized by Internet security watchdogs in mid-July, the time-linked worm reached its peak virulence on July 19 before shutting down on July 20. It is designed to resume multiplying on the first of the month. The Defense Department, which operates hundreds of Web sites, had to temporarily shut down public access to them during the July onslaught of Code Red. Venable would not elaborate on whether Wednesday's ''disturbances'' included slow operation or whether any systems were shut down, but said of Code Red, ``We will continue to evaluate the threat that it poses.'' The FBI-led National Infrastructure Protection Center said in an online update: ``Based on preliminary analysis, we expect a level of worm activity comparable to the July 19 Code Red infection, which resulted in infection of over 250,000 systems. It should achieve that level of activity by this afternoon.'' ... ============================================================================== French hobbyists crack Credit Card that uses chip and RSA encryption Security News Portal, 8/2/2001 http://www.securitynewsportal.com/ "The French Credit Card uses a state of the art technology: a chip embedded with strong encryption measures. The authentification keys are 320 and 728 bits long and are RSA encoded. As soon as the private key was anonymously published on the Net back in March 2000, French hobbyists started working on an emulator which resulted in a software program being developed which enables hackers and others to clone or emulate a valid credit card. The proof of the authentification flaw was first demonstrated by Serge Humpich on July 1998. He purchased Paris subway tickets with his self-made credit card and then was busted one month later. Now anyone is able to make their very own Credit Card with this new tool and because the RSA encryption is not even used during the transaction, one can purchase anything below 600 Francs (about $90). When the transaction amount is below 600 Francs the card's validity is not checked. Random CC number may then be used for real transaction. Since no link can be found in English, a translated review will be soon posted at alpha-solution.com" ============================================================================== * subscribe at http://techPolice.com "State's New Cyberpolice Off to Good Start" Baton Rouge Advocate (07/26/01) P. 6-D; McClain, Randy Louisiana law enforcement officials are pleased with its new computer crimes unit, which has caught several high-tech offenders, including child pornographers who were targeting local youth. The unit, which was developed last year, has been able to conduct investigations in 23 Louisiana parishes of computer hacking and email virus cases. According to the FBI, computer crimes are on the rise, with 85 percent of U.S. companies and government agencies reporting computer breaches within the past year. Louisiana authorities noted the program was established in December with the help of a $35,000 grant from the state's Commission on Law Enforcement. The unit utilizes such tools as NeoTrace, which is able to locate the addresses of offending computers within minutes. (www.theadvocate.com) ============================================================================== Press Release dated 1st August 2001 DEMONSTRATION AGAINST ISRAEL Friday 3rd Aug 2001 from Regents Park Mosque to the US Embassy After Jumma prayer Following the latest murders in Palestine perpetrated by the Israeli regime of Ariel Sharon (the butcher of Sabra and Shatila), Muslims in Britain will be demonstrating to create awareness about the illegitimate state of Israel and will be calling for Muslims to support the Jihad against this fascist State verbally, financially and physically this Friday. Worse than Nazi Germany and Apartheid South Africa in terms of atrocities having been committed there is no doubt in the minds of any Muslim that there can never be any peace in Palestine until the State of Israel is eradicated. The latest missile attacks against innocent civilians are typical of these spineless murderers. However the promise of their annihilation was foretold 1300 years ago by the Messenger Muhammad (saw) and it is an inevitability which the Muslims carry as a decisive belief and which the Israeli occupiers fear every day. ... ============================================================================== CODE RED - A RED HERRING Wayne Madsen 30 July 2001 Washington, DC Here we go again folks. The White House, NSA, and National Infrastructure Protection Center (NIPC) are warning of a dangerous new Internet worm called "Code Red." We've been here before. Just last year, we were all treated to the impending doom caused by a series of "Distributed Denial of Service Attacks" that resulted in a host of web sites going down. Imagine the disruption to the nation's infrastructure caused by someone's failure to auction off their great grandmother's curios on e-Bay. Conveniently, a few weeks after the dreaded attacks on the dot coms (many of which are now dot gones - and it wasn't a result of hackers), President Clinton hosted a cyber-security roundtable at the White House. The gloom and doom sayers pointed out why the nation was on the verge of an "electronic Pearl Harbor." Chief among them was Richard Clarke, the National Security Council's "Dr. Strangelove" of cyber-security. However, it is not an e-Pearl Harbor we must be concerned about but an e-Reichstag Fire. Back in 1933, Hitler's Propaganda Minister Joseph Goebbels, a pioneer of perception management, hired a bunch of Nazi hooligans to burn down the Reichstag. The next day, while the German Parliament was still smoldering, the Nazis passed the Reichstag Decree, which effectively relegated the German Constitution and all of its civil liberty provisions to the toilet. But would the United States take advantage of such a situation in cyber-space to advance a secret agenda? They've probably already done so. Back in 1988, the Internet was treated to its first worm. Programmed and launched by Robert Morris, Jr., the worm crippled hundreds of thousands of computers connected to the Internet. It just so happened that young Mr. Morris's dad was the Chief Scientist at NSA - during a period when the agency was feverishly trying to test the vulnerabilities of various operating systems and application programs. But that was then, and Code Red is now. We are told that Code Red only affects web sites relying on Windows NT and Windows 2000. Of course, why would any self-respecting 24-hour cable news network want to show a housewife trying to struggle with a virus-infected home computer operating Windows 95? Better to capture viewers' attention with hordes of computer programmers and managers wrestling with downed web sites at Ford, Xerox, Charles Schwab, and Amazon.com. And that's the way the government (and apparently Microsoft) wants it. Microsoft, the humbled post-anti trust suit corporate giant, seems to be cozying up with the Feds and their cyber-security agenda as of late. At a recent Interagency Technical Forum at the National Institute of Standards and Technology (NIST), Microsoft's director of Mobile Code Security revealed that Microsoft now maintains a full-time resident office at NSA headquarters with a fully-cleared staff. Even the term Code Red is a red herring. Just like Distributed Denial of Service attack, it is more out of the Pentagon's lexicon than that of computer crackers. Code Red is just too campy - seems like it belongs in the same league with the movies "Deep Impact" and "Armageddon." But Code Red is just the kind of term that might impress our otherwise attention deficit disordered President. Computer crackers, of course, like to be a bit more original and artsy, opting for terms like "Melissa," "Back Orifice," and "Michaelangelo" How many original code names ever came out of NSA? "Echelon," for example. Boring! Now Code Red, that's something that could have been conjured up by the Faulkners of the Fort! Why the Code Red hoopla? Well, in a few weeks, President Bush (with Dick Cheney looming over his shoulder) will be issuing a new Executive Order on Cyber-Security. He will appoint an inter-agency Cybersecurity and Continuity of Operations Board and his current cyber-security guru Clarke stands a good chance of being selected chairman. If so, Clarke will have transcended three administrations in essentially the same executive branch job - a record surpassed only by FBI Director J. Edgar Hoover. And tomorrow NIPC head Ron Dick gets a jump start on things with a press conference on cyber security at the National Press Club. Hyping Code Red is a sure fire way to ensure the conference is covered by all the talking head networks. And it does not hurt that today, while FBI Director designate Robert Mueller is fielding some questions on what the FBI will do on cyber security during his Senate conformation hearings, Code Red is a backdrop. Coming on the heels of the G8 Summit in Genoa, Code Red also bolsters one of the items on the agenda of the leaders. It was at the G8 Summit in Lyon in 1996, that the leaders first put cyber crime on their docket, a decision that was ultimately manifested in the Council of Europe's soon-to-be-enacted Cyber Crime Treaty. When enacted, the treaty will enable police agencies to reach beyond borders to seize Internet communications record traffic. The anti-globalization Genoa Social Forum got a taste of what is to come when Italian police stormed their headquarters and seized computer disks and Inte rnet traffic records. This past April, the FBI, acting on behalf of the Canadian police, seized similar records from the Independent Media Center in Seattle after the Summit of the Americas in Quebec. Not to be outdone by his peers, British Prime Minister Tony Blair - who resembles Big Brother more and more every day - hurried back to London to urge Parliament to pass a bill that would equate computer hacking with terrorism. Perception Management actually was part and parcel of the agenda of the same coterie of Pentagon brass and Beltway Bandits who dreamt up information warfare in the first place. They knew to be successful, the public would have to be force fed large diets of disinformation and sensationalized news. Ah, Dr. Goebbels would be so proud of them. So in the meantime, we should all head for hills. Because just like Y2K, our government says our American Way of life is threatened by unknown computer toxins. Time to erect our Computer Defense Shield. Fear is the greatest weapon but the truth is the greater defense! POSTSCRIPT: Not getting the media bounce from the 8:00 PM EST Code Red meltdown hour on July 31 (nothing happened!), the FBI began spinning the story the very next morning that 22,000 computers had been hit with Code Red. Considering that viruses and worms probably strike many more computers than that on any given day, 22,000 is a relatively low number. The cyber-security perception management machinery was also put into high gear in the August 1 edtion of The Washington Times. A story by Ben Barber hyped the threat posed by Palestinian computer users who have launched a so-called "cyber-Jihad" against Israeli government and corporate computers. The article states that the U.S. government-funded firms RAND and iDefense are urging the United States to adopt the same cyber defenses as those used in Israel. And the article gives us the potential next phase of the U.S. government's perception management campaign: Palestinian sites will start distributing viruses aimed at the United States -- one Palestinian site is blamed for distributing the Love Bug and Melissa viruses. If one remembers, however, Love Bug originated in the Philippines while Melissa came from Trenton, New Jersey. They are a long way off from Nablus and Ramallah on the West Bank. Even in pseudo cyber-war, the truth is the greatest casualty! ============================================================================== From: Alan for the SANS NewsBites service Re: August 1 SANS NewsBites Kudos to the whole SANS community. You did a fantastic job in finding the Code Red worm, in getting the word out, in patching your systems and teaching others how to patch theirs, and in monitoring the worm's spread. Hour-by-hour infection data (from SANS Internet Storm Center - the Internet's early warning system) is posted at http://www.digitalisland.net/codered/ We didn't post it at our site because several hundred thousand visitors an hour was too much for us to handle and because we wanted to give the whole Windows community a free class on how to patch the current problem and how to change the ISAPI mapping of IIS web servers so that the Code Red vulnerability and future similar vulnerabilities cannot hurt them. ============================================================================== NEW YORK ELECRTONIC CRIMES TASK FORCE STATISTICAL OVERVIEW NYECTF TOTALS FROM JANUARY 1995 THROUGH JULY 2001 ARRESTS___________________________________832 (199 Federal, 633 State) PRESENTATIONS/DEMONSTRATIONS_________252 PLANTS SUPPRESSED________________________189 PBX 800 NUMBERS___________________________11,270 CREDIT CARD CALLING CARDS_______________196,257 CELLULAR INTERCEPTORS___________________117 PAGER INTERCEPTORS_______________________8 COMPUTER INTERCEPTORS___________________8 (MDT) CELLULAR PHONES/CLONED PHONES SEIZED__2,862 IDENTITY TAKEOVERS/SUBSCRIPTION FRAUD_3271 ESID'S_______________________________________874 PAGERS SEIZED______________________________183 MISSING & EXPLOITED CHILDREN ISSUES______2063 HANDGUNS/MACHINE GUNS__________________60 CROSSBOWS_________________________________2 CABLE TELEVISION BOXES___________________225 HEROIN/CRACK COCAINE/POT________________13.31 KILO'S ESN/MIN'S SEIZED___________________________180,283 CAP CODES_________________________________90,057 FORENSIC EXAMINATIONS___________________535 COMPUTERS SEIZED_________________________605 RE-MARKED CPU'S___________________________2,098 ASSET FOREFEITURE_________________________$7,026,625 (REAL PROPERTY NOT INCLUDED) COUNTERFEIT SOFTWARE____________________2,022 COUNTERFEIT HARDWARE___________________1070 ACTUAL/POTENTIAL FRAUD LOSS_____________$516,151,304.64 INTELLECTUAL PROPERTY UNITS_____________96,655 ELECTRONIC CRIMES TRAINING______________11,978 ASSISTANCE TO OUTSIDE AGENCIES__________8007 --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT