_________________________________________________________________
London, Friday, December 06, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] An electronic Maginot Line
[2] Government shows Sklyarov video in court
[3] Does Cybercrime Still Pay?
[4] Travel sector's poor security exposed it to hacking risks
[5] I shut radio site, boasts teen hacker
[6] PGP Lifts Its Hood
[7] Cyber hype
[8] 'Mangled mess of trees and power lines'
[9] Trouble With Trojans
[10] Agencies focus on better cargo security to fight terrorism
[11] New technologies key to Defense transformation, says official
[12] Investors suppress tech wreck memories
[13] Arguments heard over file-swapping
[14] Lagel worm wipes files
[15] Defense to influence tech industry to develop systems useful to
military
[16] Bill pushes security, but no money so far
[17] Final curtain for Aussie hacker site
[18] Bush signs Webcast Act
[19] Integrated IT network in new agency worth expense
[20] UK still vulnerable to hackers
[21] Al Qaeda Web site targets Israel
________________________________________________________________
CURRENT THREAT LEVELS
_________________________________________________________________
Electricity Sector Physical: Elevated (Yellow)
Electricity Sector Cyber: Elevated (Yellow)
Homeland Security Elevated (Yellow)
DOE Security Condition: 3, modified
NRC Security Level: III (Yellow) (3 of 5)
_________________________________________________________________
News
_________________________________________________________________
(Partial FUD with a nice title which I think is unintentionally ironic.
Someone within Rep. Sherwood Boehlert press staff should have done a bit
more research before publishing the article. For example, CIAO was
awarded a new name Computer Information Assurance Organization
(www.ciao.gov). But back to the title, the French build the Maginot line
between 1929 and 1940 to slow down & stop potential German attacks,
which was a sound idea, but unfortunately they left a massive
'backdoor'. So the Nazis just bypassed the line which made entire line
rather useless. Hence I would never expect too much from an 'electronic
Maginot Line'. WEN)
[1] An electronic Maginot Line
Cyber security legislation a necessity
By Sherwood Boehlert
Recent reports of two individuals using a few computer keystrokes to
steal the financial identities of 30,000 Americans point up a growing
weakness in the U.S. - cybersecurity. And in the hands of a terrorist,
the damage wrought by computers could be far worse than identity theft.
Although the issue has not received much attention in the media,
Congress has taken some key steps in the past year to counter the
emerging cyberterrorist threat.
Cyberterrorism may sound like the stuff of science fiction or like a
minor inconvenience, but it is neither. In a world in which our
telecommunications and financial systems, our business transactions, our
electric and water utilities and our emergency response systems all rely
on computer networks, a focused cyberattack could wreak havoc and
threaten lives. It is not an exaggeration to say that the day-to-day
functioning of our society is only as secure as the most vulnerable
computer terminal with access to the Internet.
And those terminals are vulnerable. In addition to the recent identify
thefts, in the first half of 2002, there were 43,136 reported computer
break-ins - more than double the number reported in all of the year
2000, according to the Computer Emergency Response Team, a federally
funded group at Carnegie-Mellon University that acts as central
repository for break-in reports. The group defines break-in
conservatively, so each reported incident may affect thousands of
computers. Even more troubling was the recent concerted attack on the
servers that run the Internet - a sophisticated effort that originated
overseas.
http://www.house.gov/science/press/107/boehlert.htm
http://www.house.gov/science/press/107/boehlert.htm
----------------------------------------------------
[2] Government shows Sklyarov video in court
By Lisa M. Bowman
Staff Writer, CNET News.com
December 5, 2002, 4:00 PM PT
SAN JOSE, Calif.--The government wrapped up its case in the ElcomSoft
criminal trial Thursday without calling a Russian programmer initially
expected to be the prosecution's star witness.
Instead of calling ElcomSoft programmer Dmitry Sklyarov to the stand in
the courtroom here, government prosecutors played an hour-long video of
the programmer's earlier deposition. Defense lawyers, after
unsuccessfully trying to quash the video, said they intend to call
Sklyarov to testify in person on Monday.
Russian software company ElcomSoft faces five criminal counts related to
offering and marketing software that can be used to crack Adobe Systems'
eBooks, or electronic copies of paper books. ElcomSoft is accused of
violating the criminal provisions of the Digital Millennium Copyright
Act, or DMCA, which outlaws offering software that can be use to crack
copyright protections on digital content, no matter how the material is
later used.
http://news.com.com/2100-1023-976291.html?tag=lh
----------------------------------------------------
[3] Does Cybercrime Still Pay?
By Lisa Gill
www.NewsFactor.com,
Part of the NewsFactor Network
December 4, 2002
Jeff Moss, a.k.a. The Dark Tangent and founder of DefCon, the largest
annual hacker convention in the United States, said companies no longer
hire hackers who have a police record.
It is the stuff of IT lore -- a hacker is caught breaking into a
company's systems and is given two options: Take a job with the company
or face prosecution. But are such tactics still in use, or do malicious
hackers now face nothing but a career dead end?
"It was a trend at one time, when there weren't a lot of security
professionals who had experiences that didn't include brushes with law
enforcement," IDC research manager for Internet security software
Charles Kolodgy told NewsFactor.
Now, though, Kolodgy explained, companies have begun to work more often
with sensitive data from financial firms or the government, so their
staff are forbidden to have criminal backgrounds.
http://www.osopinion.com/perl/story/20146.html
----------------------------------------------------
[4] Travel sector's poor security exposed it to hacking risks
The hacking attacks against three leading travel and ferry operators
have highlighted just how far the travel industry needs to go to improve
its computer security, experts said this week.
Software suppliers to the industry routinely use X.25 networks, rarely
protected by firewalls, to provide remote maintenance services to their
customers 24 hours a day. "Some of the largest travel system software
providers routinely go into their customer's systems every day just to
check that they are functioning well," said Paul Richer, partner at
travel technology consultancy Genesys.
Good security practice suggests that if businesses want to allow their
suppliers access into their systems through X.25 they should make sure
their suppliers at least install systems that are capable of
distinguishing between a genuine maintenance call and an attack from a
potential hacker.
http://www.cw360.com/bin/bladerunner?REQSESS=qh1S2072&2149REQEVENT=&CART
I=118029&CARTT=1&CCAT=2&CCHAN=22&CFLAV=1
http://www.cw360.com/bin/bladerunner?REQUNIQ=1039175386&REQSESS=qh1S2072
&REQHOST=site1&2131REQEVENT=&CFLAV=1&CCAT=2&CCHAN=22&CARTI=118025
----------------------------------------------------
[5] I shut radio site, boasts teen hacker
06.12.2002
By CHRIS BARTON
A teenage hacker attacked an online chatroom run by The Edge radio
station and then turned his attention to TV3's website.
The 15-year-old, who goes by the online name of "deejay-fuzion" and
attends Roturua Lakes High School, rang the Herald to brag about his
exploits.
Asked why he launched a "DDOS" (distributed denial of service) attack
against the chatroom on Monday night, he said: "Because the
administrator was ... just being a smart arse."
http://www.nzherald.co.nz/storydisplay.cfm?storyID=3008007&thesection=te
chnology&thesubsection=general
----------------------------------------------------
[6] PGP Lifts Its Hood
By Ryan Naraine
Looking to generate interest in its new PGP 8.0 privacy product line,
PGP Corp. has released source code for one of the most common ways to
protect messages on the Internet to the developer community, a move that
reverses a policy of previous owner Network Associates (Quote, Company
Info).
The Palo-Alto, Calif.-based start-up officially lifted the wraps off the
Pretty Good Privacy (PGP)(define) encryption software suite, which
includes PGP 8.0 for enterprise, desktop and personal clients. But the
big move that's making waves in the developer community was the decision
to roll out a new freeware version and the PGP 8.0 source code for peer
review.
Chief Technical Officer Jon Callas told internetnews.com the decision to
lift the hood off the latest iteration of the PGP technology was done to
demonstrate that the software "is exactly what people think it is."
http://siliconvalley.internet.com/news/article.php/1551961
----------------------------------------------------
... Nomad argues that the biggest hackers, in fact, are governments
themselves. "There are at least 10 governments out there - like the US,
the British, the Germans, the Chinese - with very sophisticated teams.
In the name of cyberterrorism, there is more funding than ever going
into the listening and data sniffing capability of governments." ...
[7] Cyber hype
Cyberterrorism is giving governments an opportunity to curb civil
liberties, but is it really a lethal weapon? Mike Butcher reports
Thursday December 5, 2002
The Guardian
Just hours after a surface to air missile passed within metres of an
Israeli airliner in Kenya last week, media websites began humming.
Internet chatrooms set up by Islamic sympathisers had been buzzing with
rumours of an attack barely a week before. It was just one in a long
line of hysterical media reports alluding to the way the internet has
been co-opted by "cyberterrorists" for their evil ends.
Since September 11, for which much of the planning happened over email,
cyber-terrorism - loosely defined as using computers to intimidate
others to further political or social objectives - has become a useful
buzzword. Governments have used it to justify ramping up internet
monitoring and - some argue - a corresponding crackdown on civil
liberties online.
http://www.guardian.co.uk/online/story/0,3605,853535,00.html
----------------------------------------------------
(Not cyber terrorists caused this, but Mother Nature did. WEN)
[8] 'Mangled mess of trees and power lines'
Some may not get power restored until Sunday
Friday, December 6, 2002 Posted: 4:54 AM EST (0954 GMT)
An ice and snow storm brings its wintry ways to North Carolina. CNN's
Eric Philips reports (December 4)
RALEIGH, North Carolina (CNN) -- More than 1.5 million people in the
Carolinas were without power Friday after a winter storm swept through
the region, leaving behind a sheen of ice and a "mangled mess of trees
and power lines."
North Carolina Gov. Mike Easley declared a state of emergency, and
authorities said the outages would likely continue through the weekend
as thousands of utility crews work to restore power.
The outages were comparable to those caused by the most notorious
hurricanes in the state's history: Hurricane Hugo in 1989 and Hurricane
Fran in 1996. One emergency official called the winter storm "Fran with
ice."
http://www.cnn.com/2002/WEATHER/12/06/wintry.storm/index.html
----------------------------------------------------
[9] Trouble With Trojans
By IT Analysis
Posted: 06/12/2002 at 11:26 GMT
A security crisis is starting to emerge in the world of computing,
writes Robin Bloor. The year 2002 will prove to be the worst year yet
for hacking. The following year will probably be worse. The number of
breaches of computer security and the money lost has been escalating
rapidly ever since the Internet was born. If you characterise computer
security as a battle between the forces of good and the forces of evil,
then at the moment you have to conclude that the bad guys are winning.
Here's why:
It all has to do with Trojans. A Trojan is a program that is put onto a
computer by a hacker to allow him to do various nefarious things, like
record all your keyboard activity so he can know all your passwords or
take a screen shot of what is showing on your screen.
http://www.theregister.co.uk/content/56/28459.html
----------------------------------------------------
[10] Agencies focus on better cargo security to fight terrorism
By Maureen Sirhal, National Journal's Technology Daily
Federal agencies charged with ensuring the security of cargo shipped
throughout the nation say they are making progress in implementing new
systems to aid in their work.
Officials from the Transportation Security Administration (TSA) and
Customs Service told an audience at a cargo security conference on
Thursday that they are working to ensure that the millions of containers
imported into the United States every year are not storing materials for
potential terrorist attacks.
The officials acknowledged that they are striving to reach a balance
between facilitating trade by expediting the transport of goods and
scouring the packages for nefarious products.
http://www.govexec.com/dailyfed/1202/120502td2.htm
----------------------------------------------------
[11] New technologies key to Defense transformation, says official
>From National Journal's Technology Daily
The Pentagon sees great value in developing operational prototypes of
technologies to determine whether they can assist in the Defense
Department's efforts to transform the military into a high-tech force,
according to the director of the Defense transformation office.
Retired Adm. Arthur Cebrowski said in a press briefing last week that a
robust prototyping program causes a ripple-down effect on defense
acquisition.
Cebrowski also cited the importance of working with foreign partners to
develop new concepts and technologies. New technology is key to
transformation, as it gives an advantage for the period of time before
adversaries obtain it, he said. He emphasized the importance of looking
for new technologies beyond the traditional defense industry.
http://www.govexec.com/dailyfed/1202/120402td2.htm
----------------------------------------------------
[12] Investors suppress tech wreck memories
By Matt Krantz, USA TODAY
Investors seem to have a case of amnesia.
Less than three years after an Internet crash of epic proportions,
they're pushing the same stocks up to valuations reminiscent of the
bubble.
http://www.usatoday.com/money/markets/us/2002-12-03-amnesia_x.htm
----------------------------------------------------
[13] Arguments heard over file-swapping
Kazaa is one of the sites facing the copyright suit
A judge in Los Angeles will hear arguments in the copyright infringement
case against music file-swapping services that include Kazaa and
Grokster on Monday.
The hearing comes after lawyers for a range of movie and music companies
met on Sunday to discuss the case.
The infringement case is being brought against file-swapping services
Kazaa, Grokster and Morpheus Music City, which is now called Steamcast.
http://news.bbc.co.uk/1/hi/entertainment/music/2534969.stm
----------------------------------------------------
[14] Lagel worm wipes files
07:47 Thursday 5th December 2002
James Pearce, ZDNet Australia
All data on drives labelled D, E, F and G is at risk from a new worm
doing the rounds in Australia
Antivirus companies are warning of a damaging new e-mail worm, which,
when activated, deletes all files on drives labelled D, E, F and G.
The new worm is not widespread yet, with email screening firm
MessageLabs, who call the worm W32/SfxDeth.A-MM, reporting four copies
intercepted. Two of those copies originated in Australia from OptusNet
addresses.
http://news.zdnet.co.uk/story/0,,t278-s2127044,00.html
----------------------------------------------------
[15] Defense to influence tech industry to develop systems useful to
military
By William New, National Journal's Technology Daily
Retired Vice Adm. Arthur Cebrowski, head of the Defense Department's
office for modernizing the military, said on Thursday that he will seek
to influence commercial technology development at the earliest stages to
encourage more appropriate military technologies.
"We need to broaden the technology base and marketplace and influence it
so we're better positioned to take advantage of what's there," Cebrowski
said. The military also should promote entrepreneurial activity, he
said, adding that the way to accomplish those goals is by working with
venture-capital firms.
He made the comments at the "Commercial Information Technology for
Defense Transformation" conference sponsored by National Defense
University, the Information Technology Association of America and the
Computer Coalition for Responsible Exports. Cebrowski is the director of
force transformation at Defense, with the mandate of transforming
military capabilities "from the industrial age to the information age,"
he said.
http://www.govexec.com/dailyfed/1202/120502td1.htm
----------------------------------------------------
[16] Bill pushes security, but no money so far
BY DIANE FRANK
Dec. 2, 2002
A new bill awaiting President Bush's approval heralds the importance of
cybersecurity, but the funds to bolster security education and research
are yet to come.
The Cyber Security Research and Development Act (H.R. 3394) of 2002 is
expected to kick-start the education and research support structure that
has long been lacking in the security world.
The act would provide $903 million for grants and scholarships through
the National Science Foundation and the National Institute of Standards
and Technology, among other things. While the bill is expected to become
law, there will still be a battle for the money that it authorizes.
http://www.fcw.com/fcw/articles/2002/1202/pol-bill-12-02-02.asp
----------------------------------------------------
[17] Final curtain for Aussie hacker site
By Patrick Gray
December 3 2002
Perhaps the most recognised hacking group in the country, 2600
Australia, has wound up.
For three-and-a-half years, 2600 Australia brought together people
interested in electronics, hacking and privacy issues.
The group shares its name with the US-based 2600, which publishes a
quarterly hacker magazine.
Last month, Grant Bayley, the group's front-man, sent an e-mail to the
2600 mailing lists announcing the decision.
"It's taken almost 12 months to get to this point, but the day has
come," Bayley said in the message. "I changed the front page of
www.2600.org.au to indicate that 2600 Australia is now in maintenance
mode. In other words, we're putting it to sleep."
http://www.smh.com.au/articles/2002/12/03/1038712919674.html
----------------------------------------------------
[18] Bush signs Webcast Act
By Andrew Orlowski in San Francisco
Posted: 06/12/2002 at 09:09 GMT
The third version of the notorious HR.5469 bill, the "Small Webcasters
Settlement Act" has passed into law: after President Bush last night
crayoned his distinctive 'X' onto the legislation.
The first version was intended to be a two-paragraph delay to the
crippling CARP publishing royalties set by the Library of Congress. The
second version was the result of a small group of commercial webcasters
cutting a closed-door deal with the RIAA, and set various rates into
law. At the urging of religious broadcasters, a third version was
created by Senator Jesse Helms' office. This doesn't specify specific
rates, but gives the parties until December 15 to come up with an
alternative to those CARP royalties.
http://www.theregister.co.uk/content/6/28447.html
----------------------------------------------------
[19] Integrated IT network in new agency worth expense
By Amelia Gruber
The benefits of creating an integrated homeland security network will
far outweigh the costs, technology industry representatives said on
Thursday.
Getting an integrated IT network up and running will be expensive,
according to Christopher Baum, vice president and research area director
for Gartner Research, an information technology consulting company. But
once an integrated system is developed and implemented, it will actually
help reduce IT costs, he said at a forum on technology's role in
homeland security.
For instance, an integrated network would allow the department's 120,000
employees to communicate over long distances without having to set up
face-to-face meetings. This would reduce travel expenses, save employees
time and allow workers to escape the risks inherent in travel.
http://www.govexec.com/dailyfed/1202/120502a1.htm
----------------------------------------------------
(Lies, damned lies and hacking statistics. WEN)
[20] UK still vulnerable to hackers
By Rachel Fielding [05-12-2002]
Dramatic fall in recorded attacks played down by experts
Security experts have rejected claims of a dramatic reduction in hack
attacks on the UK last month, maintaining that UK websites are no more
secure than others.
Security analyst Mi2G claimed that recorded digital attacks on the UK
fell by 70 per cent during November, compared with an eight per cent
decline worldwide.
http://www.vnunet.com/News/1137366
----------------------------------------------------
[21] Al Qaeda Web site targets Israel
Goal is destruction of Jewish state, it says
By John Mintz
THE WASHINGTON POST
Dec. 6 - An Internet site claiming to represent al Qaeda says the
terrorist network has decided to launch suicide attacks against a new
target, Israel, and says its goal is the destruction of the Jewish
state.
http://www.msnbc.com/news/843925.asp?0si=-
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
