(Newsbytes, 13 April) Newsbytes reports that the government's ability to differentiate between cyber attacks waged by hostile foreign nations and those perpetrated by teenage hackers has been severely restricted by the emergence of identity-concealing technologies and a raft of legal and constitutional issues, the director of the National Infrastructure Protection Center (NIPC) said Wednesday. At an American Bar Association meeting in Washington, NIPC Director Michael Vatis told corporate lawyers that in response to such obstacles, the NIPC has heard a growing call for the revision of laws that prohibit agencies from conducting their own investigations into computer crimes. "One alternative is to change the law to allow non-law enforcement agencies to investigate without complying with the Fourth Amendment and numerous other constitutional principles such as due process, and allow those agencies to take the necessary steps to protect their own systems and to protection national security," Vatis said. (Associated Press, 12 April) The Associated Press reports that a Houston teen-ager whose computer gang is accused of vandalizing White House, Army and Senate computers pleaded guilty Wednesday to charges of conspiracy to commit telecommunications fraud and computer hacking. Patrick W. Gregory, who gave himself the digital persona ``MostHateD,'' faces up to five years in prison and a $250,000 fine. Appearing before U.S. District Judge Jorge Solis, the 19-year-old high school dropout and member of the computer hacking organization ``total-kaOs'' admitted he used stolen personal identification numbers and credit card numbers to illegally access teleconferencing systems of companies including AT&T, MCI and Sprint. Gregory and others then used the systems in a computer gang dubbed ``globalHell,'' which he founded, to coordinate with other hackers attacks on unprotected computers around the world. The group is suspected of causing between $1.5 million and $2.5 million in damage. (Newsbytes, 12 April) In the wake of recent Energy Department scandals surrounding easy access to classified data - most notably involving the Wen Ho Lee case - a House Commerce subcommittee on Wednesday approved a pair of bills aimed at increasing oversight and security at Department of Energy installations around the country. The Commerce Committee's Subcommittee on Energy and Power approved H.R. 3383 as a substitute amendment offered by Rep. Joe Barton, R-Texas, that would repeal the Price-Anderson Act, a 1954 \law that exempts nonprofit DOE contractors from security and safety violations. Barton's amendment, passed without objection, would limit the scope of penalties assessed in any one year so that they do not exceed the total worth of the company's contract. The subcommittee also unanimously passed H.R. 3906, legislation that would create an independent Office of Oversight for safeguards and security at the DOE. Under the terms of the bill, the director of the oversight office would report directly to the DOE secretary on the status of safety and security measures. The Secretary would then be required to present a full, unaltered report to Congress. (InfoSec News, 12 April) The American Civil Liberties Union (ACLU) told a House panel today that Congress must act to protect the privacy of email and other Internet communications. "Legally, it is easier for the government to snoop through a couple's private email to one another than it is for the government to listen in on the very same conversations if they take place on the phone," said Gregory T. Nojeim, a legislative counsel for the ACLU. The courts have not extended adequate protections to Internet communications and as a result Congress needs to step in with additional protections, Nojeim said in his testimony. (FBIS, 11 April) Fifty companies, including NTT Data Corp, and Hitachi LTD, will team up in operations to make the Internet safer, including measures to guard against intrusions by hackers. First, by May, the group will develop a safety system for government and public offices, which have suffered a number of hacker attacks. Each of the participants will contribute its technological specialty such as encryption or virus detection. Major non-life insures will also participate, looking into possible contributions such as the development of insurance products to protect against damages incurred in connection with electronic commerce. The group will commercialize products, tailoring the jointly developed safety system to create products for use by government and public offices, small and medium-size companies, and sole-proprietor operations. (FBIS, 12 April) On 12 April, the Internet site of the Kosovo press news agency, the press agency founded by Kosovo Liberation Army (UCK), at www.kosovapress.com, was "hacked" by a group calling themselves the "Shumadinci." The latest Kosova press reports posted on Internet are dated 10 April. No reports were posted on 11 April. On 12 April, you following message appears: "WWW.KOSOVAPRESS.COM [in bold purple capital letters] is .....is crashed down by Shumadinci. There is no more lies at this page, it's only true about Kosovo and Serbian brave people." This is followed by the Albanian flag, red with a black eagle in the middle. The flag is crossed out with two blue lines. Below the Albanian flag, it is written "Vostani Serbije! [Serbia Arise!]" followed by the Serbian flag. On the left side of the flag, it is written: "Hacked by Greb-a-Thor," and on the right side "Hacked by ScsiMaster." (FBIS, 12 April) The Chinese authorities have hacked into Falungong websites causing them to crash as part of a new crackdown on the banned movement, US-based group members told AFP on Thursday. Starting on Tuesday at least five Falungong web sites, three in the United States and two in Canada, were attacked simultaneously with an overload of carefully-prepared information, said group spokeswoman Gail Rachlin. Falungong practioner Yuan Li, a computer expert, said the group's main website www.Falundafa.org. received an anonymous tip off on April 12 warning of an imminent attack. "We received an anonymous e-mail from a Chinese computer employee on April 12 warning us that the police software security bureau had offered to pay the computer company money to hack into our sites," said Yuan. He said the messages were sent to the Falungong's websites from China using US-based e-mail site Yahoo.com. "They used a method called ICMT Packet flooding which is a way of overloading websites with too much information," said Yuan. "This type of computer hacking requires a lot of effort and preparation. They must have been studying our sites for a long time." He said the sites were previously attacked by the Chinese authorities on August 5, and that it took 24 hours to get them back up and running. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
