_________________________________________________________________
London, Tuesday, December 17, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Another Jab from the General
[2] Gilmore Commission raps cybersecurity policy
[3] Government sees intelligence gains from growth in private satellites
[4] Feds invoked national security to speed key Internet change
[5] Persian Gulf War 10 years later: Winning the war by convincing the
enemy to go home
[6] Apple sues PowerMac Web leaker
[7] (China) Up Against the Firewall
[8] India's Short Message: We C U
[9] ICANN to Add Three New Domains
[10] Student turns detective to net web auction fraudster
[11] Nigerian Net Scam, Version 3.0
[12] Can new technology protect our privacy?
[13] High school student earns A in hacking
[14] Advisory panel offers homeland defense guidelines
[15] Homeland e-mail links ready
[16] DEA Data Thief Sentenced to 27 Months
[17] Rotterdam spammer guilty of theft of e-mail addresses
[18] 'DVD Jon' DeCSS hacking trial ends
[19] OpenAV: Developing Open Source AntiVirus Engines
_________________________________________________________________
CURRENT THREAT LEVELS
_________________________________________________________________
Electricity Sector Physical: Elevated (Yellow)
Electricity Sector Cyber: Elevated (Yellow)
Homeland Security Elevated (Yellow)
DOE Security Condition: 3, modified
NRC Security Level: III (Yellow) (3 of 5)
_________________________________________________________________
News
_________________________________________________________________
... "For years, we had a poorly organized intelligence system," he said,
"but it didn't matter because all the threats were overseas ... So now
we have a huge problem." ...
[1] Another Jab from the General
Scowcroft speaks out about reorganizing the intelligence system
By MICHAEL DUFFY
Sunday, Dec. 15, 2002
Retired Air Force General Brent Scowcroft, the Republican foreign-policy
Yoda who has worked for five of the past seven Presidents, rarely raises
his voice in public. But just a few months after he broke with George W.
Bush on Iraq, urging him to stay focused on the war against terrorism
before going after Saddam Hussein, Scowcroft is speaking out again.
This time he's tangling with an old colleague from the Nixon and Ford
years, Defense Secretary Donald Rumsfeld.
http://www.time.com/time/magazine/article/0,9171,1101021223-399924,00.ht
ml
----------------------------------------------------
[2] Gilmore Commission raps cybersecurity policy
By Wilson P. Dizard III
GCN Staff
The Gilmore Commission has strongly criticized the administration's
cybersecurity policy and called for a merger of cyber- and physical
security policy work in the White House.
The commission's fourth report, released in full today, repeated the
recommendation of its third report a year ago: to establish an
independent commission on cybersecurity. "We have concluded that the
physical and cyber elements of [critical infrastructure protection] are
so intertwined that it makes no sense to address them separately,"
according to the fourth report.
"National coordination of cybersecurity policy has not improved," the
report said. "The President's Critical Infrastructure Protection Board
has not had a large effect on policy-making, apparently relying,
instead, on the White House Office of Cyberspace Security"
[gcn.com/21_31/tech-report/20263-1.html].
http://www.gcn.com/vol1_no1/daily-updates/20702-1.html
----------------------------------------------------
[3] Government sees intelligence gains from growth in private satellites
By Vernon Loeb
Washington Post
WASHINGTON - On the south end of the tarmac at a British air base on the
Indian Ocean island of Diego Garcia, two portable maintenance shelters
for B-2 stealth bombers sit like high-tech cocoons, erected by the U.S.
Air Force in anticipation of the possibility of war with Iraq.
Although no U.S. reporters have been allowed on the base for more than a
year, a think tank in Alexandria, Va., posted a commercial satellite
photograph of the shelters on its Web site last week, confirming that
they were in place and raising a host of national security issues about
the privatization of spy satellite images.
The think tank, GlobalSecurity.org, bought the satellite photo from an
Israeli company, ImageSat International, for $200. It also has posted
satellite photos with even higher resolution from two U.S. companies,
Space Imaging and Digital Globe, of the Air Force's growing Al-Udeid
base in Qatar, which would be a major staging area for warplanes in any
military campaign against Iraq.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4749718.ht
m
----------------------------------------------------
[4] Feds invoked national security to speed key Internet change
WASHINGTON (AP) - The Bush administration sped approval for moving one
of the Internet's 13 traffic-management computers after a prominent
technology company urged the government to ``declare some kind of
national security threat and blow past the process,'' according to
federal officials' e-mails.
The correspondence provides a window into how U.S. corporations invoke
national security to expedite business requests.
In this case, the Commerce Department approved in just two days Verisign
Inc.'s request at the end of October to move one of the 13 computer
servers that manage global Internet traffic. Verisign operates two of
the world's ``root servers,'' which contain lists of directories that
control e-mail delivery and Web surfing.
The company's lobbyists had argued that waiting additional days or weeks
for approval ``is a problem and could impact national security,''
according to e-mails among U.S. officials obtained by The Associated
Press under the Freedom of Information Act.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/4750152.ht
m
----------------------------------------------------
[5] Persian Gulf War 10 years later
Winning the war by convincing the enemy to go home
A Minnesota battalion played a key role in convincing thousands of
Iraqis to surrender or desert. Col. Jim Noll of Wabasha and Forest Lake
was the commander of that battalion.
By Al Zdon
The Persian Gulf War was as nearly as much a war of words as it was a
war of missiles, tanks, jet fighters and M-16s.
A unit from Minnesota, the 13th Psychological Operations Battalion,
played a crucial role in that war, a role that with a perspective of 10
years looks even larger.
While Saddam Hussein was preparing for the "mother of all battles," the
Minnesotans were going quietly about their business of getting Saddam's
troops to desert or surrender.
By the time the U.S. and its allies took control of Kuwait, there were
only about 85,000 troops remaining to fight - instead of the 400,000
Saddam had sent to control his captured nation. What happened to the
rest? Some had been captured, some had been killed, but most of them had
just gone home.
http://www.iwar.org.uk/psyops/resources/gulf-war/13th_psyops.htm
----------------------------------------------------
[6] Apple sues PowerMac Web leaker
By IT Analysis
Posted: 16/12/2002 at 13:01 GMT
Apple can't take its own medicine
Monday 16th December 2002
by Two
It seems that a commercially challenged individual got caught posting
some of Apple's secrets on the web and now the company is suing.
Surely there's no surprise in that and we wouldn't really care if it
wasn't for the fact that Apple does have a history of accidentally
leaking its own information.
The story started back in the Summer as Apple set about its preparations
to release the newly designed PowerMac. It is alleged that Jose Lopez,
who was working as a contractor within Apple at the time, took schematic
drawings, images and engineering details of the product and posted them
onto the Internet. If the allegations are true then this must go down as
an act of outstanding stupidity - unless Lopez made a decent wedge of
cash somewhere along the line.
http://www.theregister.co.uk/content/6/28584.html
----------------------------------------------------
[7] Up Against the Firewall
U.S. technology companies are helping China build its Big Brother
Internet--the political fallout has already begun.
By Ethan Gutmann
November 8, 2002
January 2001: Network Associates Technology, Symantec, and Trend Micro
gain entry to the Chinese market by donating 300 live computer viruses
to the Public Security Bureau--China's state police--raising Pentagon
concerns about China's information warfare capabilities.
December 2001: A human rights activist accuses Nortel Networks of
co?perating with China's police by enhancing digital surveillance
networks and transferring to the Chinese Ministry of State Security
technology developed for the FBI.
http://www.herring.com/mag/issue119/5047.html
----------------------------------------------------
[8] India's Short Message: We C U
By Ashutosh Sinha |
02:00 AM Dec. 17, 2002 PT
NEW DELHI, India -- The government here already tracks e-mail and
wireless phone calls. Now it wants to tap the text messages that get
zapped back and forth on the country's cellular network.
The Ministry of Home Affairs, which frames policies regarding security
issues, wants wireless service providers to install equipment that makes
it possible to tap text messages sent via short message service, or SMS.
The Ministry of Communications is pressuring companies to comply.
http://www.wired.com/news/privacy/0,1848,56666,00.html
----------------------------------------------------
[9] ICANN to Add Three New Domains
By Joanna Glasner
02:00 AM Dec. 17, 2002 PT
The announcement from the Internet Corporation for Assigned Names and
Numbers that it will add three new top-level domains to the Net's root
servers leaves technology policy watchers with a lingering question:
After more than two years without new TLDs, which suffixes will the
Internet's chief policy-making body choose this time?
http://www.wired.com/news/business/0,1367,56879,00.html
----------------------------------------------------
[10] Student turns detective to net web auction fraudster
An American student turned detective to help police make a web fraud
arrest.
New Orleans University undergraduate Eric Smith was compelled to act
after he fell foul of a bogus cheque.
He had sold an Apple laptop via eBay, but the cheque bounced and
shipping address turned out to be a mail drop.
http://www.ananova.com/news/story/sm_728785.html?menu=news.technology
----------------------------------------------------
[11] Nigerian Net Scam, Version 3.0
By Michelle Delio | Also by this reporter Page 1 of 1
02:00 AM Dec. 16, 2002 PT
All those beleaguered widows, complaining chief's sons and yowling
high-ranking government officials don't want your assistance in getting
a large sum of money out of Nigeria anymore.
The buyer explains that a business associate in the United States will
mail the seller a cashier's check for the amount of the item plus the
cost to transport it overseas. The seller is asked to wire the
transportation fees to the buyer once the check has cleared so the buyer
can arrange for shipment.
http://www.wired.com/news/culture/0,1284,56829,00.html
----------------------------------------------------
[12] Can new technology protect our privacy?
By Declan McCullagh
Special to ZDNet
December 16, 2002, 5:39 AM PT
COMMENTARY--Why is everyone so surprised that the U.S. government wants
to create a Total Information Awareness database with details about
everything you do?
This is an unsurprising result of having so much information about our
lives archived on the computers of our credit card companies, our banks,
our health insurance companies and government agencies.
Now a Defense Department agency is devising a way to link these
different systems together to create a kind of digital alter ego of each
of us. After the Sept. 11 terrorist attacks, this proposed
centralization was inevitable--and it's only going to get worse.
http://zdnet.com.com/2100-1107-977946.html
----------------------------------------------------
[13] High school student earns A in hacking
By Larry Slonaker
Mercury News
Reid Ellison, an 11th-grader at Anzar High School in San Juan Bautista,
recently decided a cool student project would be to hack into the
school's computer grading system. So he presented the idea to school
administrators, and they gave him the go-ahead.
He hacked his way in without difficulty. Once there, he wanted to leave
a footprint to prove he had been successful. But he couldn't
artificially bump up his grades -- he already had a straight-A average.
http://www.siliconvalley.com/mld/siliconvalley/living/4754902.htm
----------------------------------------------------
[14] Advisory panel offers homeland defense guidelines
By Maureen Sirhal, National Journal's Technology Daily
A congressional advisory panel on Tuesday urged the federal government
to adopt 59 recommendations the panel made to boost homeland defenses in
areas such as defining the role of the Defense Department in domestic
emergencies and improving the public health system's response to
potential biological attacks.
Former Virginia Gov. James Gilmore, chairman of the Advisory Panel to
Assess Domestic Response Capabilities for Terrorism Involving Weapons of
Mass Destruction (commonly known as the Gilmore Commission), reiterated
the need for a new, stand-alone center responsible for combining and
analyzing data on domestic and foreign terrorism.
As he previewed last month during congressional hearings, Gilmore said
the center would aggregate and analyze terrorist threats by mining
intelligence from government bodies including Defense, the CIA, FBI and
National Security Agency, as well as state and local governments.
http://www.govexec.com/dailyfed/1202/121602td2.htm
----------------------------------------------------
[15] Homeland e-mail links ready
BY Diane Frank
Dec. 16, 2002
When the Homeland Security Department officially comes into being Jan.
24, 2003, the basic technologies to connect all its workers will be in
place, said Steve Cooper, chief information officer at the Office of
Homeland Security.
A group of designers from the agencies and organizations that will be
moving into the department have created a single virtual e-mail
directory that will direct all incoming messages to the appropriate
existing agency e-mail systems and send out all e-mails with a
"[EMAIL PROTECTED]" address, Cooper said in an interview Dec. 13.
Testing of the task group's common Lightweight Directory Access Protocol
directory will begin soon after Jan. 1 so that it can go live Jan. 24,
Cooper said.
http://www.fcw.com/fcw/articles/2002/1216/web-dhs-12-16-02.asp
----------------------------------------------------
[16] DEA Data Thief Sentenced to 27 Months
By Kevin Poulsen, SecurityFocus Dec 16 2002 6:23PM
A 14-year veteran of the U.S. Drug Enforcement Administration (DEA) who
fled to Mexico to avoid federal computer crime charges was sentenced in
a federal court in Los Angeles on Monday to 27 months in prison for
selling information on private citizens he plundered from sensitive law
enforcement databases.
Emilio Calatayud, 36, admitted in a plea agreement last August to
raiding a variety of systems to investigate claimants in over 100
workers compensation cases being handled by Triple Check Investigative
Services for unnamed insurance carriers. Triple Check paid the former
agent at least $22,500 for the data over a six year period ending in
1999, according to court records.
http://online.securityfocus.com/news/1847
----------------------------------------------------
[17] Rotterdam spammer guilty of theft of e-mail addresses
17/12/2002 Editor: Joe Figueiredo
A Rotterdam-based company that distributes unsolicited advertisements by
e-mail, has been given a week by a Dutch court to destroy a large number
of its illegally obtained e-mail addresses, or face a fine of E2500 per
day.
According to Netwise Publications (which runs e-mailgids.com, an
internet-based e-mail directory listing more than 100,000 addresses in
the Netherlands), NTS had violated Netwise's general terms and
conditions when it downloaded the addresses from the website.
http://www.europemedia.net/shownews.asp?ArticleID=14251
----------------------------------------------------
[18] 'DVD Jon' DeCSS hacking trial ends
09:42 Tuesday 17th December 2002
Reuters
The trial in Norway of Jon Johansen, co-creator of the DeCSS
copy-protection cracking program, has drawn to a close with the teenager
facing a maximum sentence of two years
The landmark trial of a Norwegian teenager over Hollywood charges of DVD
piracy ended Monday with prosecutors urging a suspended 90-day jail
term.
Jon Johansen, known in Norway as "DVD Jon," is charged with having
unlocked a copyright-protection code and distributed a computer program
enabling unauthorised copying of DVD movies, angering US movie studios
who fear mass piracy and loss of revenue.
http://news.zdnet.co.uk/story/0,,t269-s2127640,00.html
----------------------------------------------------
[19] OpenAV: Developing Open Source AntiVirus Engines
by Costin G. Raiu
last updated December 16, 2002
"What we currently have is a set of toys to play with - nothing we would
consider using in a production environment (or at least not without
prior extensive testing). All these toys are in a very early, mostly
pre-alpha state. No one serious about the security of their systems will
honestly use OAV as the only means to protect them. It's just made
public for testing and further development." - extract from the Open
AntiVirus Project Web site
According to its Web site, the OpenAntivirus Project is "a platform for
people seriously interested in antivirus research, network security and
computer security to communicate with each other, to develop solutions
for various security problems, and to develop new security
technologies." Among these technologies are ScannerDaemon, VirusHammer
and PatternFinder, which are "a first implementation of a GPLed virus
scanner written in Java."
This article will take a look at the OpenAntivirus AV engine, assess its
progress so far, and offer some suggestions of how the developers can
continue to develop it. While some of the commentary in the following
sections may be fairly critical, the purpose of this paper is not to
flame the OpenAV project or its developers but, on the contrary, to
salute their efforts. Hopefully, this article and the comments herein
will make a significant contribution to the development of a viable,
working open source antivirus product.
http://online.securityfocus.com/infocus/1650
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
------------------------------------------------------------------------
'Information is the currency of victory on the battlefield.'
GEN Gordon Sullivan, CSA (1993)
------------------------------------------------------------------------
Wanja Eric Naef
Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk
------------------------------------------------------------------------
Join the IWS Infocon Mailing List @
http://www.iwar.org.uk/general/mailinglist.htm
------------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
