NIPC Daily Report 08/02/02 When Dreamcasts attack. White hat hackers demonstrated at the Las Vegas Black Hat Briefings how to turn the defunct Sega Dreamcast into a disposable attack box designed to be dropped like a bug on corporate networks during covert black bag jobs. The "phone home" technique presented at the Black Hat Briefings takes advantage of the fact that firewalls effective in blocking entry into a private network are generally permissive in allowing connections the other way around. The Dreamcast was chosen for its small size, availability of an Ethernet adapter, and affordability -- the console was discontinued last year, and now sells used for under $100 on eBay. Loaded with custom Linux-based software and covertly plugged into a spare network port under a desk or above a ceiling, the harmless-looking toy becomes the enemy within, probing the company firewall for a way out to the Internet. The box cycles through the ports used for common services like SSH, Web surfing, and e-mail, which tend to be permitted by firewall configurations. Failing that, it tries getting "ping" packets out to the Internet, and finally looks for proxy servers bridging the network to the outside world. Whatever it finds, it uses to establish a tunnel through the firewall to the intruder's home machine. (Security Focus, 31 Jul)
Fourteen Italian hackers arrested in police raids. The Italian police have arrested fourteen Italian hackers, of whom four are underage. They have been charged with hacking the networks of NASA, the US Army and Navy, and hitting various universities around the world. Hiding behind names like "Mentor" and "Reservoir Dogs", the fourteen hackers used their skills to clone credit cards in order to make purchases online and to decode the new system of satellite television transmissions "Seca 2". After a year of sophisticated surveillance, the Financial Police of Milan have charged them with computer crimes that could bring them eight years in jail. Surveillance began in October of 2001, and officers of the Department of Finance executed a score of searches in Italy. The hackers reportedly include a security manager of an important provider, the network security manager of a famous computer science company, and other respected security advisers. (Republicca.it, 1 Aug) Bush adviser promotes responsible hacking. Computer security advisor Richard Clarke has told experts attending the Black Hat conference in Las Vegas they have an obligation to help to do more to help uncover software glitches. He says their help is needed because the software makers do not find the majority of bugs themselves. But Mr. Clarke insisted hackers must report their findings through the proper channels and condemned those who act maliciously. He said the US government is considering changing the law to protect those who hack for the right reasons. Mr. Clarke emphasized hackers should always immediately contact the software-maker on finding a vulnerability. They should then go to the government if that approach does not receive a positive response. He said he recognized that companies differ in their attitude to hackers, while some encourage or reward bug-hunters, others can respond by filing for civil or criminal charges. (Ananova, 1 Aug) Denial of service onslaught cripples music industry site. In an apparently deliberate denial-of-service attack, an onslaught of traffic crippled the Web site for the Recording Industry Association of America last weekend. The disruptions began on 26 July, a day after Rep. Howard L. Berman, D-Calif., formally proposed giving the entertainment industry broad new powers, including deliberately interfering with file-sharing programs to try to stop people from downloading pirated music and movies. A denial of service attack directs so much traffic to the Web site as to effectively render it unusable for legitimate visitors. The RIAA said the attack continued through 27 July and did not involve breaking into internal systems. (Associated Press, 30 Jul) Germany signs declaration to Join U.S. Customs Container Security Initiative, strengthening Anti-Terror Coalition. US Customs Commissioner Robert C. Bonner and Wolfgang Ischinger, Germany's Ambassador to the United States, today announced that the government of Germany has agreed to participate in the US Customs Container Security Initiative (CSI). CSI is a US Customs initiative designed to prevent the smuggling of terrorists or terrorist weapons in ocean-going cargo containers. Under terms of the declaration, US Customs officers will be stationed at the German ports of Hamburg and Bremerhaven. Commissioner Bonner stated that "This joint declaration with Germany will provide a significant measure of security for Europe, the United States, and the global trading system as a whole." (US Customs Service, 1Aug) Fire damages Queens, NY power plant for second time this week. Fires broke out at a power plant in Queens, NY early on 31 July for the second day this week, temporarily disrupting some power supplies in New York City. The fire damaged a transformer at the Astoria power plant and kept approximately 140 MW of generating capacity from getting to the city's power grid. NRG, a subsidiary of Minneapolis-based energy giant Xcel Energy Inc., is now looking for a replacement transformer to make the plant fully operational again, a process that could take many months. Late 29 July, there was another fire at the Astoria plant in a transformer owned by Reliant Resources Inc., which is majority owned by Houston-based energy giant Reliant Energy Inc. Officials said the fires were not related. The fire on 29 July caused the 1,254 MW Astoria plant to shut down, knocking out power for nearly 9,000 customers in Consolidated Edison Inc.'s distribution system for a few hours. There are three parts to the Astoria plant, the biggest power station in New York City. (Reuters, 31 Jul) Klez worm most common virus on Internet during July. Yet again, variants of the Klez worm were by far the most common viruses circulating on the Internet in July. That's according to MessageLabs which stopped more than 475,000 copies of the virus in July, down from in excess of 788,000 infected emails it blocked in June. It's the fourth month in succession that Klez has topped monthly virus charts. MessageLabs reports that virus infection rates are currently running at around one per 256 emails, which compares to one in 30 infected emails at the heights of the Goner and Love Bug epidemics. (The Register, 31 Jul) Summer surprises with virus relief. Antivirus firm Central Command has reported that the number of virus attacks it tracks around the Internet fell in July compared with June--the first time this year that reported virus infections dropped month-on-month. "In July, we finally saw a slight decrease in the number of tracked (virus attacks) from a prior month," Steven Sundermeier, a product manager at Central Command, said in a statement. Observers hope that this decline suggests that consumers and corporations are taking a more responsible attitude to the security of their computers and IT systems, but Central Command expressed doubt. "Whether this is due to an increasing awareness of malicious code or simply because more users are on vacation and away from their computers, it's a trend we hope will continue," Sundermeier said. While the number of attacks may have decreased, the number of viruses on the prowl continues to proliferate, with Klez still at the top of the ranks in infection rates. (CNET News, 1 Aug) IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
