NIPC Daily Report 30 May 2002
The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Yucca mountain: transport safety tests promised. On 23 May, Richard Meserve, Chairman of the Nuclear Regulatory Committee (NRC), told congress the agency would look at transportation safety as part of the process to determine whether or not to license Yucca Mountain, a proposed nuclear waste repository in Nevada. Further, he noted the NRC would need to be satisfied that the proposed truck and rail containers to be used are reliable. To that end, the agency plans new testing on full-size steel casks to verify safety standards. Senators will vote this summer whether to allow the repository to be built 100 miles northwest of Las Vegas. (Las Vegas Review, 27 May) Intrusion detection net revived. The General Services Administration (GSA) and Carnegie Mellon University this fall will begin testing a new technology to analyze and report on patterns in cyber intrusion information gathered across government. The Data Analysis Capability (DAC) being developed by the CERT Coordination Center for GSA's Federal Computer Incident Response Center (FedCIRC) will analyze data already being collected by intrusion detection systems at many agencies. The DAC will gather data for identification of potential vulnerabilities and attacks. That analysis will then be shared with participating agencies, along with steps to protect, react, or recover from many incidents. This type of centralized analysis capability is a necessary tool for raising the entire government's information security posture, according to Amit Yoran, a former director of the Department of Defense's CERT Vulnerability Assessment and Assistance Program and co-founder of Riptech, a managed security services company. Further, he mentioned it is technically feasible to analyze the vast amount of information that the DAC will have to handle from all of the civilian agencies. (Federal Computer Week, 27 May) Worms crawl toward instant messaging (IM). Security experts warn users of the rising threat of worms infecting IM. The highly utilized program estimated at 200 million users globally and rising is adding more functionality such as voice and video chat and may allow for greater exposure to bugs and vulnerabilities. With the added capability of exchanging attachments, and due to the constant server connections required, a properly crafted worm could literately hit tens of millions of IM clients very quickly. (PCWorld.com, 28 May) Director Mueller announces a new focus for FBI. The FBI will shift 480 agents from drug and other criminal investigations to counterterrorism posts and plans to more than double the Bureau's anti-terror forces under a major reorganization announced by the Director. The Director's plan would permanently devote 2,600 agents--nearly a quarter of the bureau's 11,500-agent workforce--to counterterrorism units, which were staffed by 1,000 agents before the Sept. 11 attacks. The Bureau is also engaged in what it calls a "massive" effort to hire 900 agents specializing in linguistics, computer issues, engineering and science over the next few months to improve intelligence-gathering and analysis. (Washington Post, 29 May) Microsoft SQL worm crawls to top of attack charts. An Internet worm that targets insecure Microsoft databases has quickly displaced forerunners Code Red and Nimda as the top source of computer attacks. Since May 20, the SQLsnake worm, also known as Spida and Digispid, has been probing port 1433 on thousands of Internet-connected systems in an attempt to locate machines running Microsoft SQL without proper password protection on the system administrator account. The Computer Emergency Response Team (CERT) has warned that the worm is designed to capture password databases from vulnerable systems and forward them by e-mail presumably to the worm's authors. While SQLsnake may be the biggest worm threat currently on the Net, experts say the malicious code's moment in the sun may be brief. (Newsbytes.com 28 May) IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
