[iwar] [fc:NIPC.Daily.Report.9.October.2001]

From: Fred Cohen (fc@all.net)
Date: 2001-10-09 17:16:09
Next message: Fred Cohen: "[iwar] [fc:More.intel.autopsy:.From.Bobby.Inman,.no.less]"
Previous message: Fred Cohen: "[iwar] [fc:the.Special.Advisor.to.the.President.for.Cyberspace.Security]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110100016.RAA28271@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Tue, 9 Oct 2001 17:16:09 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:NIPC.Daily.Report.9.October.2001]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

NIPC Daily Report 9 October 2001

NOTE: Please understand that this is for informational purposes only and
does not constitute any verification of the information contained in the
report nor does this constitute endorsement by the NIPC or the FBI. 

Significant Changes and Assessment - The National Infrastructure
Protection Center (NIPC) continues to observe hacking activity targeting
the E-Commerce or E-Finance/Banking industry.  Over the past several
months, hackers have increased their targeting of several third-party
service providers, because of the access they have into a partner
company and the proprietary information contained therein.  This
information is detailed in NIPC Advisories 01-003 and 01-0023, titled
"E-Commerce Vulnerabilities," dated 8 March and 4 October 2001
respectively. 

Private Sector - A research organization called Men &amp; Mice reported
that Domain Name Servers present a vulnerability to 80% of .com Web
sites because they offer little to no protection from hackers or natural
outages.  Research has found that a quarter of Fortune 1000 companies
were running servers with vulnerable DNS setups, and around 250
multinational cooperates are at risk of losing their Web sites.  If the
single network segment housing their DNS servers fails, the site goes
down.  Despite high profile attacks followed by higher profile warnings
and advisories about configuration and flaws in the Bind software, a
majority of Web sites still suffer from DNS bugbears.  The results of
the latest Domain Health Survey from August, shows that 78.96% of 5000
randomly selected Internet zones have incorrect setups.  (Source:
Vnunet, 8 October)

Government - Three months ago, a new alliance of state computer security
organizations described the top threat to the nation's information
infrastructure as attacks from “insiders.” Indeed, studies cited by the
newly formed West Virginia Information Assurance and Computer Security
Alliance indicate that three-quarters of business and government
computer downtime stems from sabotage by frustrated employees or
ex-employees.  But after the 11 September terrorist attacks, the world
has become wide awake to a different sort of threat.  A spokesman
explaining the rationale for the alliance's first meeting on 9 October
talks mainly about “outsiders.” The two main speakers for 9 October are
William Gerber of the FBI's National Infrastructure Protection Center in
Washington, D.C., and Dick Johnston, director of the National White
Collar Crime Center.  (Source: NewsEdge, 8 October)

Military- NTR

International - On 5 October, a Japanese government-affiliated agency
said it had received 218 reported cases of computer damage caused by the
W32/Nimda virus.  The Information Technology Promotion Agency said the
damage cases were among 323 reports detecting the virus filed in
September.  The first report was filed on 19 September.  In nearly half
of the 218 cases of computer damage, the virus was apparently
transmitted simply by viewing Web sites using Internet Explorer
software, a characteristic which made the virus more virulent than
others, said the agency affiliated with the Ministry of Economy, Trade
and Industry.  The agency also received 704 reports of detection of the
SIRCAM virus, which is chiefly transmitted by e-mail.  Including these,
virus reports in September totaled 2,238, exceeding 2,000 for a second
month in a row, according to the agency.  (Source: JPP, 5 October)

A UK computer consultant found guilty of hacking into an United Arab
Emirates (UAE) ISP has had his appeal overturned.  Lee Ashurst was
initially found guilty of breaking into and misusing the services of
Etisalat, the UAE's only Internet service provider.  Ashurst appealed
against the verdict but was found guilty by the Dubai Appeals Court of
opening the private e-mails of Etisalat employees.  The court also
upheld the initial charge.  The court case has prompted a federal
cabinet committee in the UAE to examine the introduction of cybercrime
legislation to bridge the grey areas highlighted by Ashurst's actions. 
Ashurst appealed against the first ruling last month after a forensic
lab verified that his laptop had been used to access the ISP's network. 
(Source: vnunet.com, 8 October)

U.S.  SECTOR INFORMATION:

Telecommunications - On 5 October, US federal regulators conditionally
approved the requests by five wireless companies to extend the timetable
for more precisely pinpointing the location of people calling 911 from
their mobile telephones.  The Federal Communications Commission (FCC)
said the biggest US mobile telephone carriers, Verizon Wireless, Sprint
PCS and Nextel Communications had met all the requirements for providing
plans for phasing in enhanced 911 services.  While the agency approved
part of the plans by Cingular Wireless and AT&amp;T Wireless Services
Inc., the FCC said it was examining possible sanctions against the two
for failing to timely submit compliance plans for other parts of their
networks.  The deadline was 1 October for US wireless companies to begin
offering improved location identification, including the sale of
handsets equipped to accomplish that goal.  The roll-out of E-911
location identification is slated to be completed by 31 December 2005. 
(Source: Reuters, 5 October)

Gas and Oil Storage Distribution - In an apparently random act of
vandalism, a bullet punched a hole in the trans-Alaska oil pipeline on 4
October, sending oil spewing for hours in a remote area north of
Fairbanks.  A man who lives near the pipeline was arrested in connection
with the shooting.  At least 70,000 gallons of crude oil sprayed into
the scrub and spruce forest near the small community of Livengood, 107
miles north of Fairbanks on the Elliott Highway.  The spill is the
biggest along the pipeline in 23 years.  Alaska State Troopers charged
an identified individual who lives near Livengood with criminal
mischief.  (Source: Anchorage Daily News, 5 October)

According to a new report to the Secretary of Energy by the National
Petroleum Council (NPC), oil and natural gas companies are not
adequately prepared to cope with cyber-disruptions.  While these
companies have long had the capacity to recover quickly from physical
infrastructure problems, the report concludes that "processes are
inadequate to deal with the changes that are accompanying the increased
dependence on cyber and other electronic systems." According to the
report, almost 62% of the energy used in the US is provided by the oil
and natural gas industries.  The report suggests some pro active
measures for protection.  Each company should conduct regular
vulnerability assessments on systems and operations, assess
vulnerabilities of partners, and implement best practices, such as ISO
17799 (an internationally recognized information security standard), to
reduce threats to electronic systems.  Next, the report recommends the
establishment of a mechanism for sharing information about threats and
responses, similar to the information sharing and analysis centers
(ISACs) that exist in other industries.  Information shared within this
ISAC would be confidential and restricted to members.  (Source: Security
Management, 8 October)

Water Supply - The House Water Resources and Environment Subcommittee
has scheduled a hearing on 10 October, to review the ongoing efforts of
federal agencies, local governments, and the private sector to prevent
water supply systems, wastewater treatment plants, dams and reservoirs,
federally-owned power plants and hazardous chemicals from being used
against the US in a terrorist attack.  Witnesses are expected to include
Ronald Dick, the director of the FBI's National Infrastructure
Protection Center; Assistant Secretary of the Army for Civil Works
Michael Parker; Glenn L.  McCullough Jr., chairman of the board of
directors of the Tennessee Valley Authority; and the US Environmental
Protection Agency's Special Assistant to the Administrator for Homeland
Security Robert Bostock, in addition to local government and private
sector representatives.  (Source: Water Technology Online, 8 October)

Transportation - NTR
Electrical Power - NTR
Government Services - NTR
Banking and Finance - NTR
Emergency Services - NTR

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:More.intel.autopsy:.From.Bobby.Inman,.no.less]"
Previous message: Fred Cohen: "[iwar] [fc:the.Special.Advisor.to.the.President.for.Cyberspace.Security]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST