Return-Path: <sentto-279987-2407-1001570249-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 26 Sep 2001 23:00:06 -0700 (PDT) Received: (qmail 2481 invoked by uid 510); 27 Sep 2001 05:57:46 -0000 Received: from n14.groups.yahoo.com (216.115.96.64) by 204.181.12.215 with SMTP; 27 Sep 2001 05:57:46 -0000 X-eGroups-Return: sentto-279987-2407-1001570249-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by jk.egroups.com with NNFMP; 27 Sep 2001 05:57:29 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 27 Sep 2001 05:57:29 -0000 Received: (qmail 91942 invoked from network); 27 Sep 2001 05:50:48 -0000 Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 27 Sep 2001 05:50:48 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 27 Sep 2001 05:50:48 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id WAA03174 for iwar@onelist.com; Wed, 26 Sep 2001 22:50:48 -0700 Message-Id: <200109270550.WAA03174@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 26 Sep 2001 22:50:48 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Terrorism-Related.Computer.Attacks.Fail.To.Develop.Against.DOD,.NIPC] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Terrorism-Related Computer Attacks Fail To Develop Against DOD, NIPC Says Defense Information and Electronics Report, 9/26/2001 No URL available After last week's terrorist attacks on the World Trade Center and Pentagon, the National Infrastructure Protection Center warned that increased computer attacks could be spurred by the incident. The predicted attacks, however, did not occur, as NIPC and Defense Department officials said this week they had not confirmed the existence of any attacks connected to terrorist activity. "The National Infrastructure Protection Center expects to see an upswing in incidents as a result of the tragic events of September 11, 2001," the Sept. 14 advisory stated. The advisory ascribed two possible motivations for a new wave of computer attacks. First, the center warned "political 'hacktivism' by self-described 'patriot' hackers targeted at those perceived to be responsible for the terrorist attacks" could increase. The NIPC received reports last week of hackers encouraging such "vigilante" activity, according to the advisory. The advisory also warns that old viruses could be "renamed to appear related to recent events." For example, "a new version of the life-stages.txt.shs virus was renamed wtc.txt.vbs to appear to be related to the World Trade Center," NIPC stated. As the government agency intended to help protect the nation's critical infrastructures against computer attack, the NIPC issues three levels of warnings: assessments, advisories and alerts. Critical infrastructures include financial markets, electricity grids, transportation systems and other critical networks whose infrastructure is owned primarily by private industry. Assessments are minor warnings that "address broad, general incident or issue awareness information and analysis," but do not usually necessitate action. An advisory "suggests a change in readiness posture, protective options and/or response." An alert, the most serious of warnings, indicates a "major threat . . . or in-progress attacks targeting specific national networks or critical infrastructures." The center issues alerts after receiving tips from a network of law enforcement, private sector and academic sources, including the FBI, various virus protection software companies, and entities like the Computer Emergency Response Team Coordination Center, a federally funded Internet security center operated by Carnegie Mellon University. The NIPC has issued just two alerts in 2001, one of which warned of the highly destructive "Code Red" worm. Advisories, however, are more common. Friday's warning of increased attacks spurred by the terrorist attacks was the thirteenth advisory the center has issued this year. Since that advisory, however, the NIPC has issued two more. The first of these, issued Sept. 17, warned that a group of hackers, calling themselves the "Dispatchers," claimed to be gearing up for a spate of distributed denial-of-service (DDOS) attacks against communications and finance infrastructures. A DDOS attack implants code on various computers around the Internet. This code directs infected computers to flood a pre-determined target with activity at a specific time. The activity comes in the form of an overload of requests sent to servers, routers, or other hardware that is designed to overwhelm the hardware and cause failure. It appears, however, that neither of the attacks anticipated by the two advisories have materialized. The NIPC has "not received any information that anything connected" to terrorist activity or inspired by the events of last week has actually occurred, according to Debbie Wireman, NIPC spokeswoman. Another NIPC advisory, however, issued Sept. 18, identifies a new worm called W32.Nimda.A@MM, which "is propagating extensively through the Internet worldwide." The "Nimda" worm exhibits "many traits of recently successful malicious code attacks such as Code Red but it is not simply another version of that worm," the advisory states. The worm spreads through e-mail and can infect those running Microsoft Outlook or Outlook Express e-mail software. Once it infects a computer, the new worm, like Code Red, scans "for more vulnerable systems on the local network, which may result in a denial of service for that network," the advisory states. Despite the timing of Nimda, it appears unrelated to any terrorist activity, according to Wireman. The U.S. Space Command's Joint Task Force for Computer Network Operations agrees that Nimda appears to be unrelated to last Tuesday's events. "We haven't detected any increased activity that correlates to any terrorist activity," a SPACECOM spokesman told DI&ER Wednesday. Sister publication Inside the Pentagon reported yesterday (Sept. 20) that DOD had been threatened by DDOS attacks that may be a result of the Nimda worm. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:50 PDT