Return-Path: <sentto-279987-4605-1017848231-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 03 Apr 2002 07:51:08 -0800 (PST) Received: (qmail 12467 invoked by uid 510); 3 Apr 2002 15:46:59 -0000 Received: from n18.grp.scd.yahoo.com (66.218.66.73) by all.net with SMTP; 3 Apr 2002 15:46:59 -0000 X-eGroups-Return: sentto-279987-4605-1017848231-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.201] by n18.grp.scd.yahoo.com with NNFMP; 03 Apr 2002 15:37:12 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_1); 3 Apr 2002 15:37:11 -0000 Received: (qmail 87084 invoked from network); 3 Apr 2002 15:36:41 -0000 Received: from unknown (66.218.66.216) by m9.grp.scd.yahoo.com with QMQP; 3 Apr 2002 15:36:41 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 3 Apr 2002 15:36:39 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g33Fbq932740 for iwar@onelist.com; Wed, 3 Apr 2002 07:37:52 -0800 Message-Id: <200204031537.g33Fbq932740@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 3 Apr 2002 07:37:52 -0800 (PST) Subject: [iwar] News article of possible interest Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit http://www.techtv.com/news/security/story/0,24195,3376038,00.html Secret Service Combats Cybercrime See how a new task force is fighting illegal online activities, Wednesday 3/13 at 9 p.m. Eastern on 'Tech Live.' By Gary Nurenberg, Tech Live March 13, 2002 The Secret Service was mandated by the USA Patriot Act to establish a nationwide network of Electronic Crimes Task Forces, modeled after the Secret Service's New York electronic crimes office. So far, eight have been implemented. The task forces mark a new direction for the Secret Service. That direction involves a more inclusive approach to crime fighting that invites industry and academia to join law enforcement in attacking cybercrime. The experts on these task forces have already worked on some high-profile cases. "Virtually every criminal investigation that we get involved in involves the use of some kind of computer," said John Novak of the Secret Service. So when Washington, DC, police searched for missing federal government intern Chandra Levy, they employed one of the task forces to examine her computer. "The totality of looking at one's computer really gives you the ability to get a psychological profile of what [a person] may have been engaged in," said Bryan Palma of the Secret Service. And almost no one has more experience at looking at someone's computer than agent Geoffrey Weidner. He says he always starts by looking at the hard drive. "What I've done is removed the suspect hard drive, and what I'll do is set it aside [and] continue to process the evidence," Weidner said. "When I'm ready I'll take the hard drive again and hook it up to my forensics computer. My forensics computer is set up so when I boot with this hard drive attached, it will write-lock the hard drive so I can't alter the hard drive." To preserve the original evidence, he works from the copy. The task forces actively seek the involvement of business as well, and the Secret Service won some points by cracking a fraud case involving the airlines' online ticketing. "Not only did we bring down a criminal organization that exploited this technology that was affecting the travel industry at the rate of millions of dollars, but we were able also to illustrate to this same business sector that this kind of activity can occur, and there's things that you can do as preventative measures," said Secret Service special agent John Frazzini. This form of reaching out is a different approach for the Secret Service, but it is key when dealing with cybercrimes. "Law enforcement is at a significant disadvantage when it comes to technology," Palma said. "You know everyone knows they're behind the curve. They don't have the budget typically associated with the private sector, so what we've done is reached out to local, state, and federal law enforcement agencies and said, 'Look, come to our office, and we'll work together.'" That office is loaded with forensics computers that can trace in detail the online or off-line activities of any suspect unlucky enough to be ordered to surrender their computer. The Secret Service's fight against electronic crime is a work in progress, and task force directors say they're looking for whatever help they can get. The task forces are located in Boston, Chicago, Las Vegas, Miami, New York, San Francisco, Washington, DC, and Charlotte, North Carolina. The Secret Service wants to hear from businesses with cybercrime problems or solutions. To contact the Electronic Crimes Task Force, send an email to hightechcrime@usss.treas.gov. ... AND ============================================================================ Securities Industry News April 01, 2002 LENGTH: 2026 words HEADLINE: Experts: Industry Must Confront Growing Cyberthreat BYLINE: Shane Kite BODY: Senior Staff Reporter The average number of formidable Internet-based attacks currently are twice as likely to affect power utilities in the United States than financial firms. The bad news, however-according to Warren Axelrod, director of global IT security at the Pershing division of Donaldson Lufkin & Jenrette Securities-is the overall number of these attacks is growing "very rapidly." Speaking at a workshop sponsored by the Securities Industry Association that included a former agent from the National Security Agency (NSA), a Defense Department official, and a member of the New York City branch of the Secret Service, Axelrod cautioned securities firms to prepare for the worst in cyber-assaults. "The potential damage in economic terms could be far greater than what we experienced on September 11," Axelrod warned. "Cyberterror is much more directed than typical hacking." Axelrod cited data pointing to an increase in attacks collected by officials at Riptech, the Alexandria, Va.-based firm that supports the Financial Services/Information Sharing and Analysis Center (FS/ISAC)-a private data-sharing network that guards financial firms against cyberterror. The information was extrapolated from Riptech's groundbreaking Internet Security Threat Report, the first study to present cyber-attack trends based on empirical analysis of actual attacks detected against a global sample of security devices and firewalls. The data shows a steady increase in such assaults, particularly those targeted against the financial services, electric power, energy, high-tech and media and entertainment industries. Not only are these attacks on the rise, they're becoming more sophisticated, experts say. Of course, that the power utilities are facing the most threats should not be reassuring to anyone, Axelrod said, due to the interdependency of the services and the operations of the securities markets and the nation's other critical infrastructures. Some experts have suggested that the financial community create a distinct network like FinNet -a reference to national cyberterror czar Richard Clarke's call for a totally separate and secure Internet for the government, called GovNet-to protect Wall Street from such assaults. While most serious cyberthreats still emanate from inside a firm, such as with a disgruntled employee seeking to destroy or steal important documents, and outside threats remain dominated by the "blackhat" hacker, often profiled as antisocial and bent on "gaming" or getting back at the world, new data supports evidence that highly directed attacks, possibly sponsored by governments or other groups, are on the rise. Geographically, according to the Riptech study, more cyber-attacks originate in the United States than in any other country (30 percent), followed by South Korea (9 percent) and China (8 percent). However, based on the number of Internet users, the percentage of attacks coming from Israel is almost double that of any other nation, the report said. Possible government-sponsored assaults were mentioned by Tim Belcher, CTO and founder of Riptech, speaking recently about Riptech's findings. Axelrod quoted Belcher as saying that "for the first time, empirical evidence has led to profiles of attacks that appear to be sponsored by governments or other organizations." FS/ISAC's chairman, Stanley "Stash" Jarocki, also a panelist at the SIA show, cautioned against drawing conclusions about government-sponsored hacking based on geographical evidence. For example, countries known to show up on cyber "bad-guy lists" such as Russia, North Korea and the Czech Republic, often have attacks "bounced" off their servers or relay systems, Jarocki told Securities Industry News. Attacks can multiply rapidly in one geographic area due in part to insecure local technology, and then spread to other nations, perhaps creating the appearance of state-sponsored assaults. Security precautions of some Internet Service Providers (ISPs), for example, can be rather lax. "I'm not going to say anything bad about governments. All I'm going to say is their infrastructure is guilty of the last hop," Jarocki said. "I get a lot of spam right now that's coming out of .net, so when I go and find out who netcom is, it ends up being a North Korea server-I don't know who it is, I just know they're using this server. So I file an abuse report with them saying Look, your network system is being abused and it's abusing me: go find the perp and take care of him.'" Most networks provide assistance when asked, Jarocki said, and some ISPs offer firms free firewall protection to retain business. Nonetheless, cooperation can vary. Jarocki cited a recent instance when a firm refused a request for assistance about spam from a particular Web site. "In this instance, there was no way of opting out, which was rather nasty. Even when you called them up and said, Look, please take care of this problem-I don't want any of your junk mail or spam'-they said they had no obligation to remove you." Regarding attacks, Jarocki said ISPs should post bulletins for users to lessen replication. "That's all I'm asking: I want to reduce the participating entities that may not even know that they're participants," he said. No matter how the data is interpreted, cyberterror "is very real," Jarocki warned, "especially for those in the financial services sector." He does not dispute Riptech's findings, agreeing that profiles are emerging that point to organized hacking groups rather than individual "gamers" looking for kicks or profit, due to the sophistication of the assaults. Most telecommunications companies outside the United States are still owned by the country in which they operate, he noted. "Riptech is asking, Could these be done by an individual? We seriously doubt it. Does it have to be that of a government? Probably so. Do all governments do it? Well, yeah,'" Jarocki said. Like any research, hacking knowledge doesn't stay corked in a bottle, he added, implying that everybody-good guys and bad-research systems' vulnerabilities. Jarocki's experience in the field dates back 35 years, when he helped MIT computer whiz Dan Edwards develop the Trojan Horse-malicious coding that appears harmless but can take over computer systems or destroy files. Edwards and Jarocki perfected the code and applied their hacking skills as agents for the NSA. The work on the Trojan Horse was one of many initiatives sponsored by the Advanced Research Projects Agency (ARPA), an organization funded by the Defense Department, now known as DARPA, that led to the creation of the Stealth Bomber and the Internet, among other things. Most of the security included in today's operating systems-particularly authentication and authorization systems-was developed under DARPA efforts, Jarocki said. A project called Worldwide Command and Control Systems (WWCCS), which originally emerged out of MIT, was one such initiative. The "security game" really got hot in 1967 and 1968, around the same time the NSA, anxious to develop such technology, pitched in its support, Jarocki said. Firms at the time such as Burroughs (now Unisys), General Electric and IBM began researching secure operating systems as well. Hackers in those days were mostly "white-hat" good guys with a talent for tinkering, Jarocki said. Even today, "there are no bad computer hackers" per se, Jarocki stressed, only criminals, known as "crackers," and cyberterrorists. In his chairman's role at FS/ISAC, of which he was one of the original founders, Jarocki now facilitates communications between the government and the financial markets to guard systems. The Treasury Department is the government agency sponsor of FS/ISAC, which was mandated by a 1998 presidential decision directive (PDD 63) to protect the nation's critical infrastructures. ISAC sector heads meet to discuss issues in a group known as the Partnership for Critical Infrastructure Security (PCIS), Jarocki said. The effort is coordinated through the National Infrastructure Protection Center (NIPC) and includes finance, telecommunications, energy, water systems, food, government operations and emergency services. ISACs covering four other industries are currently under development, including one for gas and oil. Core operations of FS/ISAC, including firewall detection, were outsourced to Riptech in a December alliance by Global Integrity, a division of New York City-based Predictive Systems. Predictive's Global Integrity unit continues to maintain information-sharing and other aspects of the FS/ISAC Web site. As to what securities firms do when they or FS/ISAC isolate a serious attack to a specific region, Jarocki said all cyber-communications are cut off from the country of origin if it poses a serious enough threat. Taking such precautions is necessary even in a global business environment, because potential costs from security breeches often outweigh any opportunity costs arising from delaying or missing out on deals during times of attack, he said. The most serious Internet threat for financial firms was the recent Nimda Virus, launched a week after Sept. 11. Nimda raised the bar for security experts because it was a multivector (or multiple-vulnerability) attack, the first of its kind, Jarocki said. The virus attacked four separate but known computer systems flaws or weaknesses. This posed no problems as long as the systems under attack were fitted with the latest patches to correct the defects. The Defense Department, for example, put out an announcement that its systems experienced one or two hits, "but no big deal, because they were up to patch-level spec," Jarocki said. Problems occurred with what Jarocki and Axelrod refer to as "rogue machines," which are systems with proprietary enhancements that are under development or in production that lack security. "Those are attackable entities; those machines show up quite readily during assaults," Jarocki said. "These are developers within your own company that put up machines that may or may not be standard-builds according to production. Somebody said, Geez, I need to develop software internally in the company -do I need to put up all of the security software? Well, maybe not.' Of course, the answer to that is yes." Such a scenario might describe any system in any industry, including trading systems, which many firms are currently revamping to prepare for a shortened settlement cycle. "Things are typically fine as long as you keep up to the latest patch level," Jarocki stressed. Individual employees can unwittingly taint security when transferring files or programs between work and home, he added. Investigators have not linked Nimda and Sept. 11, nor have they found the virus' perpetrator(s); however, experts say the virus was likely launched with the knowledge that it would exacerbate both the emotional and technical vulnerabilities resulting from the terrorist attacks. The New York City office of the Secret Service, which investigates cybercrime, is supplying securities and other firms with a Homeland Defense CD, which includes "start-to-finish" crisis management and best practice essentials for guarding against cyberterror. "If you want to self-heal-meaning, do everything internally-these CDs will help you," said Bob Weaver, assistant special agent in charge of the New York City Secret Service Electronic Crimes Task Force, speaking at the SIA conference. "Everybody knows we protect and serve; not many people know we protect servers," Weaver quipped. Comparing the task of keeping systems secure in a world of nonstop innovation to "changing tires on a car while it's still moving," Weaver cited a specific section of the Patriot Act that expanded the e-crimes task force into a nationwide network, based on the successful model of the New York group. The commendation was helped in no small way by the "branding" that the exchanges and financial prowess of New York City allowed the group, which showed an ability to protect against cyber crime under extreme stress and crisis post-Sept. 11, Weaver said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> HOW to SEE & RECORD EVERYTHING! TINY Camera for Under $80 BUCKS! PRICE BREAKTHROUGH --> CLICK! http://us.click.yahoo.com/w7toOC/.o6DAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:31 PDT