Return-Path: <sentto-279987-4933-1025394446-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 29 Jun 2002 16:48:10 -0700 (PDT) Received: (qmail 10138 invoked by uid 510); 29 Jun 2002 23:47:12 -0000 Received: from n2.grp.scd.yahoo.com (66.218.66.75) by all.net with SMTP; 29 Jun 2002 23:47:12 -0000 X-eGroups-Return: sentto-279987-4933-1025394446-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.199] by n2.grp.scd.yahoo.com with NNFMP; 29 Jun 2002 23:47:26 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-8_0_7_4); 29 Jun 2002 23:47:25 -0000 Received: (qmail 93465 invoked from network); 29 Jun 2002 23:47:25 -0000 Received: from unknown (66.218.66.216) by m6.grp.scd.yahoo.com with QMQP; 29 Jun 2002 23:47:25 -0000 Received: from unknown (HELO web14510.mail.yahoo.com) (216.136.224.169) by mta1.grp.scd.yahoo.com with SMTP; 29 Jun 2002 23:47:25 -0000 Message-ID: <20020629234725.62492.qmail@web14510.mail.yahoo.com> Received: from [68.100.117.184] by web14510.mail.yahoo.com via HTTP; Sat, 29 Jun 2002 16:47:25 PDT To: iwar@yahoogroups.com In-Reply-To: <200206291748.g5THmAi26627@red.all.net> From: "e.r." <fastflyer28@yahoo.com> X-Yahoo-Profile: fastflyer28 Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 29 Jun 2002 16:47:25 -0700 (PDT) Subject: Re: [iwar] [fc:Four.Bay.Area.cities.reported.suspicious.traffic.on.Web.sites] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-0.2 required=5.0 tests=IN_REP_TO,FROM_ENDS_IN_NUMS,RISK_FREE,FREE_MONEY version=2.20 X-Spam-Level: The real question to ask is to who did the sites belong to? The Al-Queda were not waisting their time defacing the SF City Paper. Fred Cohen <fc@all.net> wrote: Four Bay Area cities reported suspicious traffic on Web sites Posted on Thu, Jun. 27, 2002 <a href="http://www.siliconvalley.com/mld/siliconvalley/business/special_packages/3560320.htm">http://www.siliconvalley.com/mld/siliconvalley/business/special_packages/3560320.htm> Four Bay Area cities reported suspicious traffic on Web sites By Sean Webby Mercury News Four Bay Area cities received enough hits on their Web sites from Middle East countries last fall that some were shut down and cleansed of potentially sensitive information, the Mercury News has learned. The discoveries took on new urgency in January when computers linked to Al-Qaida hide-outs in Kabul, Afghanistan, were discovered to have been used to visit Web sites with information on digital switches controlling key elements of U.S. infrastructure, such as electrical grids, water systems and communication networks. And a computer seized in an Al-Qaida office in Afghanistan contained electronic models of a dam with software that could simulate a catastrophic failure. The unusual traffic on city Web sites -- logged before and after Sept. 11 -- also had focused on infrastructure, such as local utilities and water supplies, and emergency operations. Redwood City and San Mateo noticed them after being contacted last fall by a high-tech specialist in the Mountain View Police Department. He had been alerted by Mountain View's Web coordinator, who sought his advice after noticing computer users in Saudi Arabia, United Arab Emirates and Pakistan were surfing official city links, paying particular attention to the city's emergency operations, engineering standards, utilities and water supply information. Santa Clara had enough questionable downloads during that same period from Asian, European and Middle East countries that it took down some city Web pages, said Deputy City Manager Carol McCarthy, who maintains the city's main Web site. She noticed the traffic during routine maintenance. Some details restored Users, she said, were looking at pages related to ``water quality issues.'' The pages were put back up after it was decided they contained nothing that could be used to cause harm, she said. Mountain View took down its Web site and removed some information, city officials said but would not be specific. Neither San Mateo nor Redwood City officials would say specifically what sites had been visited. The Mercury News checked with city officials and police departments from San Francisco to San Jose, but those four cities were the only ones who reported unusual Web activity. The FBI would not comment on the issue, and Mountain View detective Chris Hsiung, who had first contacted the FBI, said at a news conference Thursday that the agency had asked him not to comment further. He did say he contacted the other cities under his own initiative to be of assistance to the FBI, which he said was in full-crisis mode at the time. Working with Lawrence Livermore National Laboratory, the FBI found ``multiple casings of sites'' nationwide, according to a Defense Department report. The lab's first anti-hacking team, formed in 1989 in response to a worm that stalled the Internet by overloading machines with invisible tasks , has since grown into a national center for analyzing hacker tools and offering advice to system administrators. Special software monitors break-in attempts. ``There are probes and scans coming from countries I've never even heard of,'' said Sandy Sparks, the leader of the anti-hacking team. ``We see activity from all over the place.'' Idea called far-fetched But the director of a Walnut Creek-based integration firm that for the past decade has been setting up the custom-built systems used by most cities, called SCADA systems, said the idea that terrorists could take over the systems and use them to wreak havoc was far-fetched. Unlike Windows or Microsoft Explorer, SCADA systems aren't off-the-shelf products that can be reverse engineered by malicious hackers, Cheryl Burkhalter of ESII said. While information about the electronic components that make up a system is available on the Internet, a digital terrorist would still have to figure out how the system was configured. John Nelson, a spokesman for Pacific Gas & Electric Co., said: ``We are constantly monitoring new threats and new technologies to both break into systems and to protect them.'' Local city officials were skeptical of just how much someone intent on doing harm would have found useful on city Web sites anyway. ``I don't know how big a player we were,'' Mountain View police Capt. Scott Warner said Thursday. ``There is not a whole lot on our Web site anyway.'' San Mateo police Lt. Kevin Raffaelli, who confirmed the same strange pattern cropped up there last year, said what is on the city's Web site is generic information. Yahoo! Groups SponsorADVERTISEMENT ------------------ http://all.net/ Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. --------------------------------- Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT