Return-Path: <sentto-279987-4605-1017848231-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 03 Apr 2002 07:51:08 -0800 (PST)
Received: (qmail 12467 invoked by uid 510); 3 Apr 2002 15:46:59 -0000
Received: from n18.grp.scd.yahoo.com (66.218.66.73) by all.net with SMTP; 3 Apr 2002 15:46:59 -0000
X-eGroups-Return: sentto-279987-4605-1017848231-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.201] by n18.grp.scd.yahoo.com with NNFMP; 03 Apr 2002 15:37:12 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_3_1); 3 Apr 2002 15:37:11 -0000
Received: (qmail 87084 invoked from network); 3 Apr 2002 15:36:41 -0000
Received: from unknown (66.218.66.216) by m9.grp.scd.yahoo.com with QMQP; 3 Apr 2002 15:36:41 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 3 Apr 2002 15:36:39 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g33Fbq932740 for iwar@onelist.com; Wed, 3 Apr 2002 07:37:52 -0800
Message-Id: <200204031537.g33Fbq932740@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 3 Apr 2002 07:37:52 -0800 (PST)
Subject: [iwar] News article of possible interest
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
http://www.techtv.com/news/security/story/0,24195,3376038,00.html
Secret Service Combats Cybercrime
See how a new task force is fighting illegal online activities,
Wednesday 3/13 at 9 p.m. Eastern on 'Tech Live.'
By Gary Nurenberg, Tech Live
March 13, 2002
The Secret Service was mandated by the USA Patriot Act to establish a
nationwide network of Electronic Crimes Task Forces, modeled after the
Secret Service's New York electronic crimes office. So far, eight have
been implemented.
The task forces mark a new direction for the Secret Service. That
direction involves a more inclusive approach to crime fighting that
invites industry and academia to join law enforcement in attacking
cybercrime. The experts on these task forces have already worked on
some high-profile cases.
"Virtually every criminal investigation that we get involved in involves
the use of some kind of computer," said John Novak of the Secret
Service. So when Washington, DC, police searched for missing federal
government intern Chandra Levy, they employed one of the task forces to
examine her computer.
"The totality of looking at one's computer really gives you the ability
to get a psychological profile of what [a person] may have been engaged
in," said Bryan Palma of the Secret Service.
And almost no one has more experience at looking at someone's computer
than agent Geoffrey Weidner. He says he always starts by looking at the
hard drive.
"What I've done is removed the suspect hard drive, and what I'll do is
set it aside [and] continue to process the evidence," Weidner said.
"When I'm ready I'll take the hard drive again and hook it up to my
forensics computer. My forensics computer is set up so when I boot with
this hard drive attached, it will write-lock the hard drive so I can't
alter the hard drive."
To preserve the original evidence, he works from the copy.
The task forces actively seek the involvement of business as well, and
the Secret Service won some points by cracking a fraud case involving
the airlines' online ticketing.
"Not only did we bring down a criminal organization that exploited this
technology that was affecting the travel industry at the rate of
millions of dollars, but we were able also to illustrate to this same
business sector that this kind of activity can occur, and there's things
that you can do as preventative measures," said Secret Service special
agent John Frazzini.
This form of reaching out is a different approach for the Secret
Service, but it is key when dealing with cybercrimes.
"Law enforcement is at a significant disadvantage when it comes to
technology," Palma said. "You know everyone knows they're behind the
curve. They don't have the budget typically associated with the private
sector, so what we've done is reached out to local, state, and federal
law enforcement agencies and said, 'Look, come to our office, and we'll
work together.'"
That office is loaded with forensics computers that can trace in detail
the online or off-line activities of any suspect unlucky enough to be
ordered to surrender their computer.
The Secret Service's fight against electronic crime is a work in
progress, and task force directors say they're looking for whatever help
they can get. The task forces are located in Boston, Chicago, Las
Vegas, Miami, New York, San Francisco, Washington, DC, and Charlotte,
North Carolina.
The Secret Service wants to hear from businesses with cybercrime
problems or solutions. To contact the Electronic Crimes Task Force,
send an email to hightechcrime@usss.treas.gov.
... AND
============================================================================
Securities Industry News
April 01, 2002
LENGTH: 2026 words
HEADLINE: Experts: Industry Must Confront Growing Cyberthreat
BYLINE: Shane Kite
BODY:
Senior Staff Reporter
The average number of formidable Internet-based attacks currently are
twice as likely to affect power utilities in the United States than
financial firms. The bad news, however-according to Warren Axelrod,
director of global IT security at the Pershing division of Donaldson
Lufkin & Jenrette Securities-is the overall number of these attacks is
growing "very rapidly."
Speaking at a workshop sponsored by the Securities Industry Association
that included a former agent from the National Security Agency (NSA), a
Defense Department official, and a member of the New York City branch of
the Secret Service, Axelrod cautioned securities firms to prepare for
the worst in cyber-assaults.
"The potential damage in economic terms could be far greater than what
we experienced on September 11," Axelrod warned. "Cyberterror is much
more directed than typical hacking." Axelrod cited data pointing to an
increase in attacks collected by officials at Riptech, the Alexandria,
Va.-based firm that supports the Financial Services/Information Sharing
and Analysis Center (FS/ISAC)-a private data-sharing network that guards
financial firms against cyberterror. The information was extrapolated
from Riptech's groundbreaking Internet Security Threat Report, the first
study to present cyber-attack trends based on empirical analysis of
actual attacks detected against a global sample of security devices and
firewalls. The data shows a steady increase in such assaults,
particularly those targeted against the financial services, electric
power, energy, high-tech and media and entertainment industries. Not
only are these attacks on the rise, they're becoming more sophisticated,
experts say.
Of course, that the power utilities are facing the most threats should
not be reassuring to anyone, Axelrod said, due to the interdependency of
the services and the operations of the securities markets and the
nation's other critical infrastructures. Some experts have suggested
that the financial community create a distinct network like FinNet -a
reference to national cyberterror czar Richard Clarke's call for a
totally separate and secure Internet for the government, called
GovNet-to protect Wall Street from such assaults.
While most serious cyberthreats still emanate from inside a firm, such
as with a disgruntled employee seeking to destroy or steal important
documents, and outside threats remain dominated by the "blackhat"
hacker, often profiled as antisocial and bent on "gaming" or getting
back at the world, new data supports evidence that highly directed
attacks, possibly sponsored by governments or other groups, are on the
rise.
Geographically, according to the Riptech study, more cyber-attacks
originate in the United States than in any other country (30 percent),
followed by South Korea (9 percent) and China (8 percent). However,
based on the number of Internet users, the percentage of attacks coming
from Israel is almost double that of any other nation, the report said.
Possible government-sponsored assaults were mentioned by Tim Belcher,
CTO and founder of Riptech, speaking recently about Riptech's findings.
Axelrod quoted Belcher as saying that "for the first time, empirical
evidence has led to profiles of attacks that appear to be sponsored by
governments or other organizations."
FS/ISAC's chairman, Stanley "Stash" Jarocki, also a panelist at the SIA
show, cautioned against drawing conclusions about government-sponsored
hacking based on geographical evidence. For example, countries known to
show up on cyber "bad-guy lists" such as Russia, North Korea and the
Czech Republic, often have attacks "bounced" off their servers or relay
systems, Jarocki told Securities Industry News. Attacks can multiply
rapidly in one geographic area due in part to insecure local technology,
and then spread to other nations, perhaps creating the appearance of
state-sponsored assaults. Security precautions of some Internet Service
Providers (ISPs), for example, can be rather lax.
"I'm not going to say anything bad about governments. All I'm going to
say is their infrastructure is guilty of the last hop," Jarocki said.
"I get a lot of spam right now that's coming out of .net, so when I go
and find out who netcom is, it ends up being a North Korea server-I
don't know who it is, I just know they're using this server. So I file
an abuse report with them saying Look, your network system is being
abused and it's abusing me: go find the perp and take care of him.'"
Most networks provide assistance when asked, Jarocki said, and some ISPs
offer firms free firewall protection to retain business. Nonetheless,
cooperation can vary. Jarocki cited a recent instance when a firm
refused a request for assistance about spam from a particular Web site.
"In this instance, there was no way of opting out, which was rather
nasty. Even when you called them up and said, Look, please take care of
this problem-I don't want any of your junk mail or spam'-they said they
had no obligation to remove you." Regarding attacks, Jarocki said ISPs
should post bulletins for users to lessen replication. "That's all I'm
asking: I want to reduce the participating entities that may not even
know that they're participants," he said.
No matter how the data is interpreted, cyberterror "is very real,"
Jarocki warned, "especially for those in the financial services sector."
He does not dispute Riptech's findings, agreeing that profiles are
emerging that point to organized hacking groups rather than individual
"gamers" looking for kicks or profit, due to the sophistication of the
assaults. Most telecommunications companies outside the United States
are still owned by the country in which they operate, he noted.
"Riptech is asking, Could these be done by an individual? We seriously
doubt it. Does it have to be that of a government? Probably so. Do all
governments do it? Well, yeah,'" Jarocki said. Like any research,
hacking knowledge doesn't stay corked in a bottle, he added, implying
that everybody-good guys and bad-research systems' vulnerabilities.
Jarocki's experience in the field dates back 35 years, when he helped
MIT computer whiz Dan Edwards develop the Trojan Horse-malicious coding
that appears harmless but can take over computer systems or destroy
files. Edwards and Jarocki perfected the code and applied their hacking
skills as agents for the NSA. The work on the Trojan Horse was one of
many initiatives sponsored by the Advanced Research Projects Agency
(ARPA), an organization funded by the Defense Department, now known as
DARPA, that led to the creation of the Stealth Bomber and the Internet,
among other things.
Most of the security included in today's operating systems-particularly
authentication and authorization systems-was developed under DARPA
efforts, Jarocki said. A project called Worldwide Command and Control
Systems (WWCCS), which originally emerged out of MIT, was one such
initiative. The "security game" really got hot in 1967 and 1968, around
the same time the NSA, anxious to develop such technology, pitched in
its support, Jarocki said. Firms at the time such as Burroughs (now
Unisys), General Electric and IBM began researching secure operating
systems as well.
Hackers in those days were mostly "white-hat" good guys with a talent
for tinkering, Jarocki said. Even today, "there are no bad computer
hackers" per se, Jarocki stressed, only criminals, known as "crackers,"
and cyberterrorists. In his chairman's role at FS/ISAC, of which he was
one of the original founders, Jarocki now facilitates communications
between the government and the financial markets to guard systems.
The Treasury Department is the government agency sponsor of FS/ISAC,
which was mandated by a 1998 presidential decision directive (PDD 63) to
protect the nation's critical infrastructures. ISAC sector heads meet
to discuss issues in a group known as the Partnership for Critical
Infrastructure Security (PCIS), Jarocki said. The effort is coordinated
through the National Infrastructure Protection Center (NIPC) and
includes finance, telecommunications, energy, water systems, food,
government operations and emergency services. ISACs covering four other
industries are currently under development, including one for gas and
oil. Core operations of FS/ISAC, including firewall detection, were
outsourced to Riptech in a December alliance by Global Integrity, a
division of New York City-based Predictive Systems. Predictive's Global
Integrity unit continues to maintain information-sharing and other
aspects of the FS/ISAC Web site.
As to what securities firms do when they or FS/ISAC isolate a serious
attack to a specific region, Jarocki said all cyber-communications are
cut off from the country of origin if it poses a serious enough threat.
Taking such precautions is necessary even in a global business
environment, because potential costs from security breeches often
outweigh any opportunity costs arising from delaying or missing out on
deals during times of attack, he said.
The most serious Internet threat for financial firms was the recent
Nimda Virus, launched a week after Sept. 11. Nimda raised the bar for
security experts because it was a multivector (or
multiple-vulnerability) attack, the first of its kind, Jarocki said.
The virus attacked four separate but known computer systems flaws or
weaknesses. This posed no problems as long as the systems under attack
were fitted with the latest patches to correct the defects. The Defense
Department, for example, put out an announcement that its systems
experienced one or two hits, "but no big deal, because they were up to
patch-level spec," Jarocki said.
Problems occurred with what Jarocki and Axelrod refer to as "rogue
machines," which are systems with proprietary enhancements that are
under development or in production that lack security. "Those are
attackable entities; those machines show up quite readily during
assaults," Jarocki said. "These are developers within your own company
that put up machines that may or may not be standard-builds according to
production. Somebody said, Geez, I need to develop software internally
in the company -do I need to put up all of the security software? Well,
maybe not.' Of course, the answer to that is yes."
Such a scenario might describe any system in any industry, including
trading systems, which many firms are currently revamping to prepare for
a shortened settlement cycle. "Things are typically fine as long as you
keep up to the latest patch level," Jarocki stressed. Individual
employees can unwittingly taint security when transferring files or
programs between work and home, he added.
Investigators have not linked Nimda and Sept. 11, nor have they found
the virus' perpetrator(s); however, experts say the virus was likely
launched with the knowledge that it would exacerbate both the emotional
and technical vulnerabilities resulting from the terrorist attacks.
The New York City office of the Secret Service, which investigates
cybercrime, is supplying securities and other firms with a Homeland
Defense CD, which includes "start-to-finish" crisis management and best
practice essentials for guarding against cyberterror.
"If you want to self-heal-meaning, do everything internally-these CDs
will help you," said Bob Weaver, assistant special agent in charge of
the New York City Secret Service Electronic Crimes Task Force, speaking
at the SIA conference. "Everybody knows we protect and serve; not many
people know we protect servers," Weaver quipped.
Comparing the task of keeping systems secure in a world of nonstop
innovation to "changing tires on a car while it's still moving," Weaver
cited a specific section of the Patriot Act that expanded the e-crimes
task force into a nationwide network, based on the successful model of
the New York group. The commendation was helped in no small way by the
"branding" that the exchanges and financial prowess of New York City
allowed the group, which showed an ability to protect against cyber
crime under extreme stress and crisis post-Sept. 11, Weaver said.
------------------------ Yahoo! Groups Sponsor ---------------------~-->
HOW to SEE & RECORD EVERYTHING!
TINY Camera for Under $80 BUCKS! PRICE BREAKTHROUGH --> CLICK!
http://us.click.yahoo.com/w7toOC/.o6DAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:31 PDT