(MSNBC, 13 April) The web site for the Motion Pictures Association of America (MPAA), <www.mpaa.org> , is currently suffering intermittent outages, and the organization suspects computer vandals are to blame. A spokesperson for the MPAA said that the organization is currently ?experiencing problems with our public web site and we suspect a denial of service attack.? Earlier today, the MPAA's e-mail service was also reportedly interrupted. The attack was first rumored yesterday afternoon on the web site HackerNews.com. (NIPC COMMENT: Earlier this year, the MPAA was the target of protest (both physical demonstration and threatened cyber action) as a result of its legal action against hackers who reportedly cracked/decoded the encryption used for DVD copyright protection. The Hacker News report indicated that other sites such as Tristar Pictures might be targeted today. The site for Sony Pictures Entertainment, parent company of Columbia Tristar appears to be unaffected at this time). (Newsbytes, 13 April) Confessed hacker Kevin Mitnick, who was recently released from jail, will reportedly give his first public presentation in Salt Lake City next week. Billed as one of the most visible hackers in the world, Mitnick will be leading a three-person panel discussion on cyber security issues at the Utah Information Technologies Association two-day event on 19 April. The event is known as "NetTrends 2000: The Digital Revolution," and aims to cover a variety of IT and security issues. He will join Rob Clyde, vice president of security management at Axent Technologies, and Kelly White, senior consultant with Context Integration. (AP, 13 April) MostHateD has now pleaded guilty to hacking federal Web sites. Patrick W. Gregory pleaded guilty Wednesday to charges of conspiracy to commit telecommunications fraud and computer hacking. The teenager?s computer gang is accused of vandalizing White House, Army and Senate computers. Gregory faces up to five years in prison and a $250,000 fine. The 19-year-old is a high school dropout and member of the computer hacking organization ?total-kaOs? (total chaos). Appearing before U.S. District Judge Jorge Solis, Gregory also admitted he used stolen personal identification numbers and credit card numbers to illegally access commercial teleconferencing systems. (Reuters, 13 April) The Japanese accused of a fatal 1995 sarin gas attack on the Tokyo subway system may have known of top defense secrets as members were involved in developing key software for the navy, according to local media. Reports said a member of Aum Shinrikyo took part in developing software which keeps track of all of the forces of the Maritime Self Defense Force, Japan's navy, including the whereabouts of submarines. An official at the defense ministry said it could not confirm the reports and was investigating the issue. (NIPC Comment: During a criminal investigation of cult members, business activities, and assets, revelations began to emerge earlier this year that an Aum-supported computer software company had created specialized computer programs for numerous government and major commercial customers. Investigations reportedly continue to determine the scope of this potential problem, and a decision was being weighed to ban the use of the company's software on government systems.) (Korea Herald, 13 April) One of the most destructive computer viruses may again hit business and home PCs on 26 April, computer security firms warned yesterday. CIH virus, developed by a Taiwanese man, affected more than 300,000 computers in Korea last year, causing an estimated 30 billion won damage, according to Dr. Ahn's Anti-virus Laboratories. Two versions of virus are programmed to strike on April 26 every year and a third is activated on the 26th of every month. The virus infects computers running on Windows operating systems and stays dormant in a PC until the set date. As soon as the PC's clock displays the date, the virus will set about attacking the hard disk and basic input and output system. (NSOC, 12 April) Britain's defense minister has opened an investigation into how a detailed NATO plan for the rules of engagement in Kosovo turned up on the Internet. The nine page document began flashing up on screens at a London publishing company. "It's not really what you expect to find on your computer -- something telling you in a fairly neutral language the circumstances under which you can kill someone in Kosovo, said an employee of the publishing company. NATO spokesman Jamie Shea said the documents were sensitive and should not be in the public domain. A defense ministry official said the breach had nothing to do with the British military and the ministry was only looking into the matter because the breach had occurred in Britain. The latest security lapse comes after news last month that agents of Britain's domestic security service and overseas security service had lost laptop computers containing secret information. (Toronto Star, 11 April) According to the Toronto Star, more than 1,000 confidential records, including credit card numbers, were accessible on the Internet for at least five days because of a security breach at one of Canada's largest service providers. A man surfing the Internet stumbled on the file and notified Look Communications, formerly Internet Direct, of their problem on 5 April. The file disappeared briefly, returned, and then was gone again nearly three hours later. Company officials had no idea how the security breach occurred or why the company hadn't managed to deal with it when first notified. The list contained names of people who subscribed to Ipass, a global roaming service for the Internet that allows users to pay local rates instead of long distance charges. (National Journal News Service, 14 April) The House Commerce Subcommittee on Energy and Power voted Wednesday to add congressional backing to a number of new security initiatives Energy Secretary Bill Richardson has already instituted. Richardson has created an Office of Independent Security Oversight at the Department of Energy, which will be responsible for inspecting security arrangements at all DOE facilities, and have special responsibility for protecting the agency from the emerging threat posed by computer hackers. Subcommittee Chairman Joe Barton, R-Texas, introduced the bill (H.R. 3906) to make these changes permanent. He also offered an amendment making it clear that the director of the Office of Independent Security Oversight reports to the energy secretary and not directly to Congress. (Newsbytes, 13 April) Technological changes, especially the advent of the mass-market Internet, have made it necessary for Congress to come up with a new set of surveillance and intelligence laws suitable to the 21st century. "When these laws were written, Jimmy Carter was president of the United States, Leonid Brezhnev was president of the Soviet Union and John Paul II was just named Pope," Barr said in his remarks. "In the late 1970s, the Dow Jones Average had yet to break 2000, and the Internet was little more than a gleam in the eyes of researchers at the Defense Advanced Research Projects Agency. "In light of the tremendous technological advances that have occurred since then, it is long past time to examine these statutes," Barr added. He also said that new technologies like telecom satellites and the Internet "are rapidly blurring the borders that traditionally delineated the gathering of foreign intelligence from domestic law enforcement evidence-gathering tools." (Computerworld, 13 April) The federal government is transforming itself into an online player and will quadruple its web-related investments over the next five years to become an "e-government," according to analysts at Gartner Group Inc. Gartner forecasts that federal, state and local governments will more than quadruple their spending on information technology products and related services over the next five years, to about $6.2 billion by 2005. French Caldwell, research director at Gartner, cautioned that the government's transition to the web may cause a high rate of "unavoidable" projects failures. In particular, he cited a "very serious" problem among various government agencies to recruit and retain IT personnel. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
