[iwar] [fc:Terrorism-Related.Computer.Attacks.Fail.To.Develop.Against.DOD,.NIPC]

From: Fred Cohen (fc@all.net)
Date: 2001-09-26 22:50:48


Return-Path: <sentto-279987-2407-1001570249-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 26 Sep 2001 23:00:06 -0700 (PDT)
Received: (qmail 2481 invoked by uid 510); 27 Sep 2001 05:57:46 -0000
Received: from n14.groups.yahoo.com (216.115.96.64) by 204.181.12.215 with SMTP; 27 Sep 2001 05:57:46 -0000
X-eGroups-Return: sentto-279987-2407-1001570249-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by jk.egroups.com with NNFMP; 27 Sep 2001 05:57:29 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 27 Sep 2001 05:57:29 -0000
Received: (qmail 91942 invoked from network); 27 Sep 2001 05:50:48 -0000
Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 27 Sep 2001 05:50:48 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 27 Sep 2001 05:50:48 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id WAA03174 for iwar@onelist.com; Wed, 26 Sep 2001 22:50:48 -0700
Message-Id: <200109270550.WAA03174@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 26 Sep 2001 22:50:48 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Terrorism-Related.Computer.Attacks.Fail.To.Develop.Against.DOD,.NIPC]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Terrorism-Related Computer Attacks Fail To Develop Against DOD, NIPC
Says Defense Information and Electronics Report, 9/26/2001
No URL available

After last week's terrorist attacks on the World Trade Center and
Pentagon, the National Infrastructure Protection Center warned that
increased computer attacks could be spurred by the incident.  The
predicted attacks, however, did not occur, as NIPC and Defense
Department officials said this week they had not confirmed the existence
of any attacks connected to terrorist activity. 

"The National Infrastructure Protection Center expects to see an upswing
in incidents as a result of the tragic events of September 11, 2001,"
the Sept.  14 advisory stated.  The advisory ascribed two possible
motivations for a new wave of computer attacks. 

First, the center warned "political 'hacktivism' by self-described
'patriot' hackers targeted at those perceived to be responsible for the
terrorist attacks" could increase.  The NIPC received reports last week
of hackers encouraging such "vigilante" activity, according to the
advisory. 

The advisory also warns that old viruses could be "renamed to appear
related to recent events." For example, "a new version of the
life-stages.txt.shs virus was renamed wtc.txt.vbs to appear to be
related to the World Trade Center," NIPC stated. 

As the government agency intended to help protect the nation's critical
infrastructures against computer attack, the NIPC issues three levels of
warnings: assessments, advisories and alerts.  Critical infrastructures
include financial markets, electricity grids, transportation systems and
other critical networks whose infrastructure is owned primarily by
private industry. 

Assessments are minor warnings that "address broad, general incident or
issue awareness information and analysis," but do not usually
necessitate action.  An advisory "suggests a change in readiness
posture, protective options and/or response." An alert, the most serious
of warnings, indicates a "major threat .  .  .  or in-progress attacks
targeting specific national networks or critical infrastructures."

The center issues alerts after receiving tips from a network of law
enforcement, private sector and academic sources, including the FBI,
various virus protection software companies, and entities like the
Computer Emergency Response Team Coordination Center, a federally funded
Internet security center operated by Carnegie Mellon University. 

The NIPC has issued just two alerts in 2001, one of which warned of the
highly destructive "Code Red" worm.  Advisories, however, are more
common. 

Friday's warning of increased attacks spurred by the terrorist attacks
was the thirteenth advisory the center has issued this year.  Since that
advisory, however, the NIPC has issued two more. 

The first of these, issued Sept.  17, warned that a group of hackers,
calling themselves the "Dispatchers," claimed to be gearing up for a
spate of distributed denial-of-service (DDOS) attacks against
communications and finance infrastructures. 

A DDOS attack implants code on various computers around the Internet. 
This code directs infected computers to flood a pre-determined target
with activity at a specific time.  The activity comes in the form of an
overload of requests sent to servers, routers, or other hardware that is
designed to overwhelm the hardware and cause failure. 

It appears, however, that neither of the attacks anticipated by the two
advisories have materialized. 

The NIPC has "not received any information that anything connected" to
terrorist activity or inspired by the events of last week has actually
occurred, according to Debbie Wireman, NIPC spokeswoman. 

Another NIPC advisory, however, issued Sept.  18, identifies a new worm
called W32.Nimda.A@MM, which "is propagating extensively through the
Internet worldwide." The "Nimda" worm exhibits "many traits of recently
successful malicious code attacks such as Code Red but it is not simply
another version of that worm," the advisory states.  The worm spreads
through e-mail and can infect those running Microsoft Outlook or Outlook
Express e-mail software.  Once it infects a computer, the new worm, like
Code Red, scans "for more vulnerable systems on the local network, which
may result in a denial of service for that network," the advisory
states. 

Despite the timing of Nimda, it appears unrelated to any terrorist
activity, according to Wireman. 

The U.S.  Space Command's Joint Task Force for Computer Network
Operations agrees that Nimda appears to be unrelated to last Tuesday's
events. 

"We haven't detected any increased activity that correlates to any
terrorist activity," a SPACECOM spokesman told DI&amp;ER Wednesday. 

Sister publication Inside the Pentagon reported yesterday (Sept.  20)
that DOD had been threatened by DDOS attacks that may be a result of the
Nimda worm. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:50 PDT