_________________________________________________________________ London, Friday, December 06, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] An electronic Maginot Line [2] Government shows Sklyarov video in court [3] Does Cybercrime Still Pay? [4] Travel sector's poor security exposed it to hacking risks [5] I shut radio site, boasts teen hacker [6] PGP Lifts Its Hood [7] Cyber hype [8] 'Mangled mess of trees and power lines' [9] Trouble With Trojans [10] Agencies focus on better cargo security to fight terrorism [11] New technologies key to Defense transformation, says official [12] Investors suppress tech wreck memories [13] Arguments heard over file-swapping [14] Lagel worm wipes files [15] Defense to influence tech industry to develop systems useful to military [16] Bill pushes security, but no money so far [17] Final curtain for Aussie hacker site [18] Bush signs Webcast Act [19] Integrated IT network in new agency worth expense [20] UK still vulnerable to hackers [21] Al Qaeda Web site targets Israel ________________________________________________________________ CURRENT THREAT LEVELS _________________________________________________________________ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _________________________________________________________________ News _________________________________________________________________ (Partial FUD with a nice title which I think is unintentionally ironic. Someone within Rep. Sherwood Boehlert press staff should have done a bit more research before publishing the article. For example, CIAO was awarded a new name Computer Information Assurance Organization (www.ciao.gov). But back to the title, the French build the Maginot line between 1929 and 1940 to slow down & stop potential German attacks, which was a sound idea, but unfortunately they left a massive 'backdoor'. So the Nazis just bypassed the line which made entire line rather useless. Hence I would never expect too much from an 'electronic Maginot Line'. WEN) [1] An electronic Maginot Line Cyber security legislation a necessity By Sherwood Boehlert Recent reports of two individuals using a few computer keystrokes to steal the financial identities of 30,000 Americans point up a growing weakness in the U.S. - cybersecurity. And in the hands of a terrorist, the damage wrought by computers could be far worse than identity theft. Although the issue has not received much attention in the media, Congress has taken some key steps in the past year to counter the emerging cyberterrorist threat. Cyberterrorism may sound like the stuff of science fiction or like a minor inconvenience, but it is neither. In a world in which our telecommunications and financial systems, our business transactions, our electric and water utilities and our emergency response systems all rely on computer networks, a focused cyberattack could wreak havoc and threaten lives. It is not an exaggeration to say that the day-to-day functioning of our society is only as secure as the most vulnerable computer terminal with access to the Internet. And those terminals are vulnerable. In addition to the recent identify thefts, in the first half of 2002, there were 43,136 reported computer break-ins - more than double the number reported in all of the year 2000, according to the Computer Emergency Response Team, a federally funded group at Carnegie-Mellon University that acts as central repository for break-in reports. The group defines break-in conservatively, so each reported incident may affect thousands of computers. Even more troubling was the recent concerted attack on the servers that run the Internet - a sophisticated effort that originated overseas. http://www.house.gov/science/press/107/boehlert.htm http://www.house.gov/science/press/107/boehlert.htm ---------------------------------------------------- [2] Government shows Sklyarov video in court By Lisa M. Bowman Staff Writer, CNET News.com December 5, 2002, 4:00 PM PT SAN JOSE, Calif.--The government wrapped up its case in the ElcomSoft criminal trial Thursday without calling a Russian programmer initially expected to be the prosecution's star witness. Instead of calling ElcomSoft programmer Dmitry Sklyarov to the stand in the courtroom here, government prosecutors played an hour-long video of the programmer's earlier deposition. Defense lawyers, after unsuccessfully trying to quash the video, said they intend to call Sklyarov to testify in person on Monday. Russian software company ElcomSoft faces five criminal counts related to offering and marketing software that can be used to crack Adobe Systems' eBooks, or electronic copies of paper books. ElcomSoft is accused of violating the criminal provisions of the Digital Millennium Copyright Act, or DMCA, which outlaws offering software that can be use to crack copyright protections on digital content, no matter how the material is later used. http://news.com.com/2100-1023-976291.html?tag=lh ---------------------------------------------------- [3] Does Cybercrime Still Pay? By Lisa Gill www.NewsFactor.com, Part of the NewsFactor Network December 4, 2002 Jeff Moss, a.k.a. The Dark Tangent and founder of DefCon, the largest annual hacker convention in the United States, said companies no longer hire hackers who have a police record. It is the stuff of IT lore -- a hacker is caught breaking into a company's systems and is given two options: Take a job with the company or face prosecution. But are such tactics still in use, or do malicious hackers now face nothing but a career dead end? "It was a trend at one time, when there weren't a lot of security professionals who had experiences that didn't include brushes with law enforcement," IDC research manager for Internet security software Charles Kolodgy told NewsFactor. Now, though, Kolodgy explained, companies have begun to work more often with sensitive data from financial firms or the government, so their staff are forbidden to have criminal backgrounds. http://www.osopinion.com/perl/story/20146.html ---------------------------------------------------- [4] Travel sector's poor security exposed it to hacking risks The hacking attacks against three leading travel and ferry operators have highlighted just how far the travel industry needs to go to improve its computer security, experts said this week. Software suppliers to the industry routinely use X.25 networks, rarely protected by firewalls, to provide remote maintenance services to their customers 24 hours a day. "Some of the largest travel system software providers routinely go into their customer's systems every day just to check that they are functioning well," said Paul Richer, partner at travel technology consultancy Genesys. Good security practice suggests that if businesses want to allow their suppliers access into their systems through X.25 they should make sure their suppliers at least install systems that are capable of distinguishing between a genuine maintenance call and an attack from a potential hacker. http://www.cw360.com/bin/bladerunner?REQSESS=qh1S2072&2149REQEVENT=&CART I=118029&CARTT=1&CCAT=2&CCHAN=22&CFLAV=1 http://www.cw360.com/bin/bladerunner?REQUNIQ=1039175386&REQSESS=qh1S2072 &REQHOST=site1&2131REQEVENT=&CFLAV=1&CCAT=2&CCHAN=22&CARTI=118025 ---------------------------------------------------- [5] I shut radio site, boasts teen hacker 06.12.2002 By CHRIS BARTON A teenage hacker attacked an online chatroom run by The Edge radio station and then turned his attention to TV3's website. The 15-year-old, who goes by the online name of "deejay-fuzion" and attends Roturua Lakes High School, rang the Herald to brag about his exploits. Asked why he launched a "DDOS" (distributed denial of service) attack against the chatroom on Monday night, he said: "Because the administrator was ... just being a smart arse." http://www.nzherald.co.nz/storydisplay.cfm?storyID=3008007&thesection=te chnology&thesubsection=general ---------------------------------------------------- [6] PGP Lifts Its Hood By Ryan Naraine Looking to generate interest in its new PGP 8.0 privacy product line, PGP Corp. has released source code for one of the most common ways to protect messages on the Internet to the developer community, a move that reverses a policy of previous owner Network Associates (Quote, Company Info). The Palo-Alto, Calif.-based start-up officially lifted the wraps off the Pretty Good Privacy (PGP)(define) encryption software suite, which includes PGP 8.0 for enterprise, desktop and personal clients. But the big move that's making waves in the developer community was the decision to roll out a new freeware version and the PGP 8.0 source code for peer review. Chief Technical Officer Jon Callas told internetnews.com the decision to lift the hood off the latest iteration of the PGP technology was done to demonstrate that the software "is exactly what people think it is." http://siliconvalley.internet.com/news/article.php/1551961 ---------------------------------------------------- ... Nomad argues that the biggest hackers, in fact, are governments themselves. "There are at least 10 governments out there - like the US, the British, the Germans, the Chinese - with very sophisticated teams. In the name of cyberterrorism, there is more funding than ever going into the listening and data sniffing capability of governments." ... [7] Cyber hype Cyberterrorism is giving governments an opportunity to curb civil liberties, but is it really a lethal weapon? Mike Butcher reports Thursday December 5, 2002 The Guardian Just hours after a surface to air missile passed within metres of an Israeli airliner in Kenya last week, media websites began humming. Internet chatrooms set up by Islamic sympathisers had been buzzing with rumours of an attack barely a week before. It was just one in a long line of hysterical media reports alluding to the way the internet has been co-opted by "cyberterrorists" for their evil ends. Since September 11, for which much of the planning happened over email, cyber-terrorism - loosely defined as using computers to intimidate others to further political or social objectives - has become a useful buzzword. Governments have used it to justify ramping up internet monitoring and - some argue - a corresponding crackdown on civil liberties online. http://www.guardian.co.uk/online/story/0,3605,853535,00.html ---------------------------------------------------- (Not cyber terrorists caused this, but Mother Nature did. WEN) [8] 'Mangled mess of trees and power lines' Some may not get power restored until Sunday Friday, December 6, 2002 Posted: 4:54 AM EST (0954 GMT) An ice and snow storm brings its wintry ways to North Carolina. CNN's Eric Philips reports (December 4) RALEIGH, North Carolina (CNN) -- More than 1.5 million people in the Carolinas were without power Friday after a winter storm swept through the region, leaving behind a sheen of ice and a "mangled mess of trees and power lines." North Carolina Gov. Mike Easley declared a state of emergency, and authorities said the outages would likely continue through the weekend as thousands of utility crews work to restore power. The outages were comparable to those caused by the most notorious hurricanes in the state's history: Hurricane Hugo in 1989 and Hurricane Fran in 1996. One emergency official called the winter storm "Fran with ice." http://www.cnn.com/2002/WEATHER/12/06/wintry.storm/index.html ---------------------------------------------------- [9] Trouble With Trojans By IT Analysis Posted: 06/12/2002 at 11:26 GMT A security crisis is starting to emerge in the world of computing, writes Robin Bloor. The year 2002 will prove to be the worst year yet for hacking. The following year will probably be worse. The number of breaches of computer security and the money lost has been escalating rapidly ever since the Internet was born. If you characterise computer security as a battle between the forces of good and the forces of evil, then at the moment you have to conclude that the bad guys are winning. Here's why: It all has to do with Trojans. A Trojan is a program that is put onto a computer by a hacker to allow him to do various nefarious things, like record all your keyboard activity so he can know all your passwords or take a screen shot of what is showing on your screen. http://www.theregister.co.uk/content/56/28459.html ---------------------------------------------------- [10] Agencies focus on better cargo security to fight terrorism By Maureen Sirhal, National Journal's Technology Daily Federal agencies charged with ensuring the security of cargo shipped throughout the nation say they are making progress in implementing new systems to aid in their work. Officials from the Transportation Security Administration (TSA) and Customs Service told an audience at a cargo security conference on Thursday that they are working to ensure that the millions of containers imported into the United States every year are not storing materials for potential terrorist attacks. The officials acknowledged that they are striving to reach a balance between facilitating trade by expediting the transport of goods and scouring the packages for nefarious products. http://www.govexec.com/dailyfed/1202/120502td2.htm ---------------------------------------------------- [11] New technologies key to Defense transformation, says official >From National Journal's Technology Daily The Pentagon sees great value in developing operational prototypes of technologies to determine whether they can assist in the Defense Department's efforts to transform the military into a high-tech force, according to the director of the Defense transformation office. Retired Adm. Arthur Cebrowski said in a press briefing last week that a robust prototyping program causes a ripple-down effect on defense acquisition. Cebrowski also cited the importance of working with foreign partners to develop new concepts and technologies. New technology is key to transformation, as it gives an advantage for the period of time before adversaries obtain it, he said. He emphasized the importance of looking for new technologies beyond the traditional defense industry. http://www.govexec.com/dailyfed/1202/120402td2.htm ---------------------------------------------------- [12] Investors suppress tech wreck memories By Matt Krantz, USA TODAY Investors seem to have a case of amnesia. Less than three years after an Internet crash of epic proportions, they're pushing the same stocks up to valuations reminiscent of the bubble. http://www.usatoday.com/money/markets/us/2002-12-03-amnesia_x.htm ---------------------------------------------------- [13] Arguments heard over file-swapping Kazaa is one of the sites facing the copyright suit A judge in Los Angeles will hear arguments in the copyright infringement case against music file-swapping services that include Kazaa and Grokster on Monday. The hearing comes after lawyers for a range of movie and music companies met on Sunday to discuss the case. The infringement case is being brought against file-swapping services Kazaa, Grokster and Morpheus Music City, which is now called Steamcast. http://news.bbc.co.uk/1/hi/entertainment/music/2534969.stm ---------------------------------------------------- [14] Lagel worm wipes files 07:47 Thursday 5th December 2002 James Pearce, ZDNet Australia All data on drives labelled D, E, F and G is at risk from a new worm doing the rounds in Australia Antivirus companies are warning of a damaging new e-mail worm, which, when activated, deletes all files on drives labelled D, E, F and G. The new worm is not widespread yet, with email screening firm MessageLabs, who call the worm W32/SfxDeth.A-MM, reporting four copies intercepted. Two of those copies originated in Australia from OptusNet addresses. http://news.zdnet.co.uk/story/0,,t278-s2127044,00.html ---------------------------------------------------- [15] Defense to influence tech industry to develop systems useful to military By William New, National Journal's Technology Daily Retired Vice Adm. Arthur Cebrowski, head of the Defense Department's office for modernizing the military, said on Thursday that he will seek to influence commercial technology development at the earliest stages to encourage more appropriate military technologies. "We need to broaden the technology base and marketplace and influence it so we're better positioned to take advantage of what's there," Cebrowski said. The military also should promote entrepreneurial activity, he said, adding that the way to accomplish those goals is by working with venture-capital firms. He made the comments at the "Commercial Information Technology for Defense Transformation" conference sponsored by National Defense University, the Information Technology Association of America and the Computer Coalition for Responsible Exports. Cebrowski is the director of force transformation at Defense, with the mandate of transforming military capabilities "from the industrial age to the information age," he said. http://www.govexec.com/dailyfed/1202/120502td1.htm ---------------------------------------------------- [16] Bill pushes security, but no money so far BY DIANE FRANK Dec. 2, 2002 A new bill awaiting President Bush's approval heralds the importance of cybersecurity, but the funds to bolster security education and research are yet to come. The Cyber Security Research and Development Act (H.R. 3394) of 2002 is expected to kick-start the education and research support structure that has long been lacking in the security world. The act would provide $903 million for grants and scholarships through the National Science Foundation and the National Institute of Standards and Technology, among other things. While the bill is expected to become law, there will still be a battle for the money that it authorizes. http://www.fcw.com/fcw/articles/2002/1202/pol-bill-12-02-02.asp ---------------------------------------------------- [17] Final curtain for Aussie hacker site By Patrick Gray December 3 2002 Perhaps the most recognised hacking group in the country, 2600 Australia, has wound up. For three-and-a-half years, 2600 Australia brought together people interested in electronics, hacking and privacy issues. The group shares its name with the US-based 2600, which publishes a quarterly hacker magazine. Last month, Grant Bayley, the group's front-man, sent an e-mail to the 2600 mailing lists announcing the decision. "It's taken almost 12 months to get to this point, but the day has come," Bayley said in the message. "I changed the front page of www.2600.org.au to indicate that 2600 Australia is now in maintenance mode. In other words, we're putting it to sleep." http://www.smh.com.au/articles/2002/12/03/1038712919674.html ---------------------------------------------------- [18] Bush signs Webcast Act By Andrew Orlowski in San Francisco Posted: 06/12/2002 at 09:09 GMT The third version of the notorious HR.5469 bill, the "Small Webcasters Settlement Act" has passed into law: after President Bush last night crayoned his distinctive 'X' onto the legislation. The first version was intended to be a two-paragraph delay to the crippling CARP publishing royalties set by the Library of Congress. The second version was the result of a small group of commercial webcasters cutting a closed-door deal with the RIAA, and set various rates into law. At the urging of religious broadcasters, a third version was created by Senator Jesse Helms' office. This doesn't specify specific rates, but gives the parties until December 15 to come up with an alternative to those CARP royalties. http://www.theregister.co.uk/content/6/28447.html ---------------------------------------------------- [19] Integrated IT network in new agency worth expense By Amelia Gruber The benefits of creating an integrated homeland security network will far outweigh the costs, technology industry representatives said on Thursday. Getting an integrated IT network up and running will be expensive, according to Christopher Baum, vice president and research area director for Gartner Research, an information technology consulting company. But once an integrated system is developed and implemented, it will actually help reduce IT costs, he said at a forum on technology's role in homeland security. For instance, an integrated network would allow the department's 120,000 employees to communicate over long distances without having to set up face-to-face meetings. This would reduce travel expenses, save employees time and allow workers to escape the risks inherent in travel. http://www.govexec.com/dailyfed/1202/120502a1.htm ---------------------------------------------------- (Lies, damned lies and hacking statistics. WEN) [20] UK still vulnerable to hackers By Rachel Fielding [05-12-2002] Dramatic fall in recorded attacks played down by experts Security experts have rejected claims of a dramatic reduction in hack attacks on the UK last month, maintaining that UK websites are no more secure than others. Security analyst Mi2G claimed that recorded digital attacks on the UK fell by 70 per cent during November, compared with an eight per cent decline worldwide. http://www.vnunet.com/News/1137366 ---------------------------------------------------- [21] Al Qaeda Web site targets Israel Goal is destruction of Jewish state, it says By John Mintz THE WASHINGTON POST Dec. 6 - An Internet site claiming to represent al Qaeda says the terrorist network has decided to launch suicide attacks against a new target, Israel, and says its goal is the destruction of the Jewish state. http://www.msnbc.com/news/843925.asp?0si=- ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk