[iwar] Interesting story

From: Fred Cohen (fc@all.net)
Date: 2002-06-28 22:29:19


Return-Path: <sentto-279987-4925-1025328477-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 28 Jun 2002 22:40:08 -0700 (PDT)
Received: (qmail 6200 invoked by uid 510); 29 Jun 2002 05:36:26 -0000
Received: from n18.grp.scd.yahoo.com (66.218.66.73) by all.net with SMTP; 29 Jun 2002 05:36:26 -0000
X-eGroups-Return: sentto-279987-4925-1025328477-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.197] by n18.grp.scd.yahoo.com with NNFMP; 29 Jun 2002 05:27:57 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 29 Jun 2002 05:27:56 -0000
Received: (qmail 15777 invoked from network); 29 Jun 2002 05:27:56 -0000
Received: from unknown (66.218.66.217) by m4.grp.scd.yahoo.com with QMQP; 29 Jun 2002 05:27:56 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 29 Jun 2002 05:27:56 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5T5TJv22229; Fri, 28 Jun 2002 22:29:19 -0700
Message-Id: <200206290529.g5T5TJv22229@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 28 Jun 2002 22:29:19 -0700 (PDT)
Subject: [iwar] Interesting story
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: ***

http://www.siliconvalley.com/mld/siliconvalley/3554398.htm

By Sean Webby Mercury News June 27, 2002

Laura Wigod, Mountain View's Web site coordinator, was thrilled when she
first noticed the Middle Easterners visiting the city's site.

``Oh, wow! That is so neat that we have visitors from Saudi Arabia,''
Wigod recalled thinking to herself as she looked over Web transaction
report one Monday in August. Wigod was studying Farsi, the main language
spoken in Iran, and was fascinated by the Mideast.

It wasn't until October, after Sept. 11 and with the faraway hits on the
site continuing -- from Saudi Arabia, Pakistan and the United Arab
Emirates -- that she got a chilling thought: Why would someone in the
Middle East be so intently researching how the Silicon Valley city's
water system, utilities and police department worked?

Her observations, which were soon shared with the FBI, were apparently
the catalyst for an investigation that documented a much larger pattern
throughout the country, now of great concern to the U.S.  government.

A disturbing pattern

``We did get the impression from the FBI that no one else had yet
identified this pattern,'' City Manager Kevin Duggan said. ``We are very
happy we played a part in helping identify this issue for a broader
array of public agencies that could in theory be potential targets.''

Duggan reported that the FBI had identified at least 30 other
municipalities with similar patterns.

The FBI did not return phone calls late Wednesday. Mountain View police
confirmed that their department referred the pattern to federal
investigators and helped them investigate it.

Wigod's reports showed that at least 50 times since August 2001, people
in certain Middle Eastern countries had used the Google or Yahoo search
engines to bring up the city's official Web site.

Specifically, they had spent time looking at the site's links to
Mountain View's engineering standards, its police and fire operations
and its utilities.

``It was a little chilling,'' Wigod said. ``What made me nervous was
what they were looking at. Why were they downloading the water report?''

Wigod then brought the information to her supervisor and the Mountain
View Police Department.

``It seemed curious,'' Duggan said. ``We didn't want to leap to any
conclusions about it. But when you see a pattern like that you can't be
complacent.''

Police take over

Detective Chris Hsiung -- at the time the department's high-tech
investigator -- took over the case, said police news officer Jim
Bennett. After examining the traffic, Hsiung called the FBI's high-tech
squad in the Bay Area and began working with them on the investigation.
Hsiung, who is now a patrol supervisor, would not comment for this
story.

Meanwhile, the city continued to quietly watch the Web site. The hits
kept coming.

On Oct. 18, the city decided -- on the advice of the FBI -- to shut down
the Web site. By the next Monday, after having stripped off a variety of
information relating to the city's water supply and some public-safety
operations, they put the site back up.

Duggan cautioned that he had no reason to believe that Mountain View is,
or was, a terror target.

After she discovered the pattern, Wigod kept her secret to herself.
But she said she was quietly thrilled whenever she saw the president
warning about cyberterror or an FBI warning about threats to the water
system.

``I go, `Wooo, I'm thwarting terrorists!' ''

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Free $5 Love Reading
Risk Free!
http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:33 PDT