_________________________________________________________________
London, Monday, December 09, 2002
_________________________________________________________________
INFOCON News
_________________________________________________________________
IWS - The Information Warfare Site
http://www.iwar.org.uk
_________________________________________________________________
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe infocon" in the body
---------------------------------------------------------------------
_________________________________________________________________
----------------------------------------------------
[News Index]
----------------------------------------------------
[1] Homeland security budget boost not yet a reality
[2] DOD still working on change
[3] Exploring intuitive decision-making
[4] Feds Label Wi-Fi a Terrorist Tool
[5] FBI seeks to link joint terrorism task forces
[6] CfP ECIW 2003
[7] Organised Net crime rising sharply - top UK cop
[8] Threat grows of cyber attack by terrorists groups
[9] Complex Networks Too Easy to Hack
[10] Navy preps XML policy
[11] Drop that E-Book or I'll Shoot!
[12] DOD extends global net
[13] Microsoft: IE hole worse than reported
[14] Security hole exposes Tower Records
[15] Israel, FBI Find Suspected Credit Hacker
[16] Hacker 'DVD Jon' Goes on Trial
[17] Virus Throttle a Hopeful Defense
[18] Scientists seek revamped federal supercomputing effort
[19] .Net.uk domain granted stay of execution
[20] New cybersecurity institute to fight online crime
_________________________________________________________________
CURRENT THREAT LEVELS
_________________________________________________________________
Electricity Sector Physical: Elevated (Yellow)
Electricity Sector Cyber: Elevated (Yellow)
Homeland Security Elevated (Yellow)
DOE Security Condition: 3, modified
NRC Security Level: III (Yellow) (3 of 5)
_________________________________________________________________
News
_________________________________________________________________
[1] Homeland security budget boost not yet a reality
By Shane Harris
A year ago, as the federal government mounted a massive homeland
security effort at the same time the commercial technology market was
collapsing, Uncle Sam became the most attractive information technology
customer in America. In February, President Bush requested $52 billion
in new IT spending for fiscal 2003. Hungry would-be federal contractors,
hoping that a hefty chunk of the money would go to purchasing
leading-edge commercial products for homeland security, set up shop
inside the Beltway.
But aside from an initial jolt of emergency funding after the Sept. 11
attacks-about $1 billion of which was spent on IT-technology spending in
2002 didn't seem to have much to do with homeland security. By and
large, agencies are only beginning to understand what they want to buy,
and are focusing on basic technologies, not the new wave of products
many companies had assumed they would purchase. Why?
For most of 2002, agencies were preoccupied adjusting to their
post-Sept. 11 missions; some were preparing for a massive reorganization
under the proposed Homeland Security Department. Because they're
struggling just to figure out what homeland security is, they've had
less time to shop for new technologies to help them ensure it, says
George Molaski, former chief information officer of the Transportation
Department and now a consultant.
http://www.govexec.com/dailyfed/1202/120602h2.htm
----------------------------------------------------
(Any Information Operation needs to be based on a well developed and
tested doctrine to be really effective. Just have a look at the
development of air warfare doctrine which took a long time to mature
until it became a 'decisive weapon'. WEN)
... The notion of network-centric warfare does little to prepare
soldiers and sailors for actual combat against a real enemy, Van Riper
said. Instead of focusing on IT, he said, the services must develop new
concepts of effective military operations. "Don't put your faith in the
technology," he said after the conference, "You've got to do the
thinking first." ...
[2] DOD still working on change
BY Nancy Ferris
Dec. 9, 2002
The military is embracing the idea of network-centric warfare, but
Defense Department officials need to change their mind-sets if they want
to make it stick, according to the man who first championed the concept.
"Much of what they focus on is becoming irrelevant," said retired Vice
Adm. Arthur Cebrowski, director of the Pentagon's Force Transformation
Office, at the annual conference of the non-profit CNA Corp. (formerly
the Center for Naval Analysis).
DOD and Congress, for example, are debating what kinds of aircraft to
build, while "the real fight is over sensors" - the systems that find
and identify enemy forces, then launch attacks, he said.
Cebrowski called for acceleration in the transition from the Industrial
Age to the Information Age, saying that "fighter vs. fighter combat is
in a state of devolution" as threats increasingly come from small
nations that lack major military forces or from groups not aligned with
nations. With better information systems, the United States will be
better prepared to combat these "asymmetric" threats, he said.
http://www.fcw.com/fcw/articles/2002/1209/pol-dod-12-09-02.asp
----------------------------------------------------
[3] Exploring intuitive decision-making
DOD official endorses approach, but expert warns of information overload
BY Dan Caterinicchia
Dec. 9, 2002
Giving military commanders timely access to information is only half the
battle, a Marine Corps leader recently said. Delivering it in an
intuitive fashion so that the commanders can make quick decisions is the
next challenge.
Military systems tend to generate data in static checklist form, said
Brig. Gen. Jerry McAbee, deputy commander of the Marine Corps' Marine
Forces Pacific. But "the checklist approach to decision-making is not
what we need for the 21st century," he said. Military leaders need a
networked knowledge system that draws information from databases
worldwide.
http://www.fcw.com/fcw/articles/2002/1209/mgt-dod-12-09-02.asp
----------------------------------------------------
(I have just finished a feature on wireless security for NCMS IMIA and
it took me a long time to decide whether to recommend 802.11b networks
or not. In the end I decided to recommend it only to companies with a
good information security culture and practice as only they will be able
to secure WLANs. WEN)
[4] Feds Label Wi-Fi a Terrorist Tool
By Paul Boutin
02:00 AM Dec. 06, 2002 PT
SANTA CLARA, California -- Attention, Wi-Fi users: The Department of
Homeland Security sees wireless networking technology as a terrorist
threat.
That was the message from experts who participated in working groups
under federal cybersecurity czar Richard Clarke and shared what they
learned at this week's 802.11 Planet conference. Wi-Fi manufacturers, as
well as home and office users, face a clear choice, they said: Secure
yourselves or be regulated.
http://www.wired.com/news/wireless/0,1382,56742,00.html
----------------------------------------------------
[5] FBI seeks to link joint terrorism task forces
Bureau wants to streamline info sharing
BY Dan Caterinicchia
Dec. 9, 2002
As part of the FBI's effort to enhance its information-sharing
capabilities, the bureau is attempting to link more than 50 joint
terrorism task forces (JTTF) on a network that would far surpass current
communication methods.
The FBI established many of the task forces following the Sept. 11,
2001, attacks as a way to streamline communications and
intelligence-sharing efforts. The task forces include representatives
from the Defense Department and other government agencies at each of the
FBI's 56 field divisions nationwide.
"One year ago, nearly half of these task forces didn't exist," FBI
Director Robert Mueller said in an October address at the International
Association of Chiefs of Police's annual conference. "The ones that did
exist were not nearly as large as they are now. Today, information flows
more freely. Tips are routed more quickly. Leads are covered more
efficiently. Again, it is not perfect. But it gets better every day."
http://www.fcw.com/fcw/articles/2002/1209/pol-fbi-12-09-02.asp
----------------------------------------------------
[6] CfP ECIW 2003
ECIW 2003
European Conference on Information Warfare and Security University of
Reading, United Kingdom 30 June - 1 July 2003 _________
Co-Conference Chairs: Dr Steve Furnell, Network Research Group, Plymouth
University, UK and Rodney Clare, Open University and EDS UK Co-Programme
Chairs: Professor Bill Hutchinson, Edith Cowan University, Australia and
Commodore Patrick Tyrrell, OBE, Royal Navy Retired, UK
CALL FOR PAPERS, WORKSHOPS AND TUTORIALS
The second European Conference on Information Warfare and Security
(ECIW) is an opportunity for academics, practitioners and consultants
from Europe and elsewhere who are involved in the study, management,
development and implementation of systems and concepts to combat
information warfare or to improve information systems security to come
together and exchange ideas. The advisory group for the conference
invites submissions of papers on both the theory and practice of all
aspects of Information Warfare and Security. The conference in July 2003
is seeking qualitative, experience-based and quantitative papers as well
as case studies and reports of work in progress from academics,
information systems practitioners, consultants and government
departments.
Topics may include, but are not limited to,
e-Intelligence/counter-intelligence, Perception management, Information
warfare theory, Electro-magnetic pulse weapons, Information, computer
and network security, Cryptography, Physical security, Security policy,
Information warfare policy, Information warfare techniques, Hacking,
Infra-structure warfare, National security policy, Corporate defence
mechanisms, Security for small to medium enterprises, Cyber Terrorism,
Ethical, Political and Social Issues relating to Information Warfare,
Information warfare and security education, Legal issues concerned with
information warfare and e-Crime.
In addition to multiple streams of papers, the conference committee are
inviting proposals for workshops and tutorials on topics related to
Information Warfare and research methods applicable to this field.
SUBMISSION DETAILS:
In the first instance submit an abstract to the conference committee.
Abstract details: No more than 500 words to be received by 1 April
2003.
File type: Word for Windows.
Submission: By e-mail attachment to: [EMAIL PROTECTED]
Full paper: Only required on acceptance of abstract. The full papers
(between 3000-5000 words) will be double blind reviewed before being
accepted for presentation at the conference and for publication in the
conference proceedings. Submission date will be no later than 23 May
2003. The best papers will be considered for publication in the Journal
for Information Warfare (JIW) http://www.Jinfowar.com
IMPORTANT INFORMATION:
The review panel of the conference committee will consider all abstracts
received by the submission deadline. Papers that are accepted will be
published in the conference proceedings providing at least one author
pays the registration fee and presents their work at the Conference (see
the registration section for more information). Due to the large number
of quality papers that are submitted to this conference the committee
only allows an author to present one paper. Therefore if multiple papers
are accepted for presentation different co-authors must present each
paper. Exhibition opportunities are available to consultants and
practitioners who present at the conference.
IMPORTANT DATES:
Abstract submission deadline: 1 April 2003
Notification of abstract acceptance:15 April 2003
Final copy of full paper due: 23 May 2003
Notification of paper acceptance:30 May 2003
CONFERENCE EXECUTIVE:
Dr Andrew Blyth, University of Glamorgan, UK [EMAIL PROTECTED] Rodney
Clare, Open University and EDS UK [EMAIL PROTECTED] John Davey,
Department of Defence, Canberra ACT, Australia, [EMAIL PROTECTED] Dr
Steve Furnell, Plymouth University, UK
[EMAIL PROTECTED]
Dr Aki Huhtinen, National Defence College, Helsinki, Finland
[EMAIL PROTECTED] Professor Bill Hutchinson, Edith Cowan
University, Australia [EMAIL PROTECTED] Andy Jones, QinetiQ Ltd,
UK [EMAIL PROTECTED] Professor Arthur Money, Henley Management
College, UK [EMAIL PROTECTED] Major Jari Rantapelkonen, Finnish
Defence Forces, Helsinki, Finland [EMAIL PROTECTED] Professor
Dan Remenyi, Trinity College, Dublin [EMAIL PROTECTED] Commodore
Patrick Tyrrell, OBE, Royal Navy Retired, UK [EMAIL PROTECTED]
Professor Les Worrall, University of Wolverhampton, UK
[EMAIL PROTECTED]
CONFERENCE COMMITTEE:
The conference programme committee consists of key people in the
information systems, information warfare and information security
communities around the world. The following people have confirmed their
participation:
Colin Armstrong (ISA Technologies, Australia), Helen Armstrong (Curtin
University Australia), Frank Bannister (Trinity College Dublin,
Ireland), Andrew Blyth (University of Glamorgan, UK), Maura Conway
(Trinity College Dublin, Ireland), Michael Corcoran (Defence Scientific
& Technical Laboratories UK), Dorothy Denning (The Naval Postgraduate
School, Dept. of Defense Analysis, USA), John Davey (Department of
Defence, Canberra ACT, Australia), Susie Driscoll (UK Ministry of
Defence), John Fawcett (University of Cambridge, UK), Steve Furnell
(Plymouth University, UK), Kevin Gleason (Mount Ida College, USA), Aki
Huhtinen (National Defence College Helsinki, Finland), Bill Hutchinson
(Edith Cowan University, Australia), Andy Jones (QinetiQ Ltd), Bill
Martin (RMIT, Australia), Graham Mathieson (Defence Scientific &
Technical Laboratories UK), Arthur Money (Henley Management College,
UK), Chris Morse (Xansa, UK), Lars Nicander (National Defence College,
Sweden), Juhani Paavilainen (University of Tampere, Finland), Fred
Piper (Royal Holloway University, UK), Jari Rantapelkonen (Finnish
Defence Forces, Finland), Andrew Rathmell (Rand Europe), Dan Remenyi
(Trinity College Dublin, Ireland), Jill Slay (University of South
Australia), David Taylor (CERTUS, UK), Phil Taylor (University of Leeds,
UK), Craig Valli, (Edith Cowan University, Australia), Michael Walker
(Vodaphone, UK) Mat Warren (Deakin University, Australia), Elfed Weaver
(DSTL, Port Talbot, UK), Peter Wild (Royal Holloway
University, London), Roy Williams (Open University, UK), Les Worrall
(University of Wolverhampton), Simos Xenitellis (Royal Holloway
University, London).
This call for papers and registration details can be found
http://www.mcil.co.uk/conf-management.htm
----------------------------------------------------
(Cybercrime is a major problem. Unfortunately, most of the people seem
to love to talk about non existent cyberterrorism whilst cybercrime is
hardly ever discussed. WEN)
[7] Organised Net crime rising sharply - top UK cop
By John Leyden
Posted: 09/12/2002 at 07:57 GMT
The level of organised crime on the Internet is increasing sharply, the
head of the UK's National Hi-Tech Crime Unit warns.
In his opening address to the UK's first e-crime congress today,
Detective Chief Superintendent Les Hynds is expected to highlight the
significant threat posed by organised criminals.
"Hi-tech crime is increasing significantly," Hynds warns. "The Internet
provides organised crime groups driven by profit with lucrative
opportunities in a relatively low risk theatre of operations.
"We must question the mindset that recoils from the thought of breaking
into a house and stealing; but condones
http://www.theregister.co.uk/content/6/28469.html
http://news.zdnet.co.uk/story/0,,t269-s2127203,00.html
----------------------------------------------------
(FUD see comment above. WEN)
[8] Threat grows of cyber attack by terrorists groups
Robin McKie, science editor
Sunday December 8, 2002
The Observer
Fears are mounting among computer experts that Britain may be becoming
increasingly vulnerable to attack by hackers.
They believe that both civil and military institutions, as well as major
companies, are in danger of a devastating 'cyber attack' - possibly as a
prelude to a terrorist assault on the country, or simply as a challenge
for expert young computer users.
http://www.observer.co.uk/uk_news/story/0,6903,856076,00.html
----------------------------------------------------
[9] Complex Networks Too Easy to Hack
By Michael Grebb | 02:00 AM Dec. 09, 2002 PT
WASHINGTON -- Internet and telecommunications experts, here on Friday to
discuss homeland security, said increasingly complex software operating
systems and networks have made it easier than ever to disrupt U.S.
communications systems.
At the same time, hackers don't need to be highly skilled to wreak
havoc.
"Over time, we're getting very sophisticated attacks from morons," said
Bill Hancock, chair of the cybersecurity focus group of the Network
Reliability and Interoperability Council, which coordinates voluntary
"best practices" to maintain a streamlined communications
infrastructure.
http://www.wired.com/news/politics/0,1283,56766,00.html
----------------------------------------------------
[10] Navy preps XML policy
Policy seeks to drive data interoperability
BY Matthew Frenck
Dec. 9, 2002
The Navy Department is finishing a policy that, for the first time, will
set standards for the Navy's use of Extensible Markup Language as it
attempts to put more of its applications and data online.
Navy chief information officer David Wennergren said he expects to sign
the final policy this week.
The document, which has been widely circulated within the department,
will set the standard for how XML will be used within the service so
that XML-tagged data is fully interoperable servicewide. The policy will
outline how the Navy will implement XML to better find, retrieve,
process and exchange data.
http://www.fcw.com/fcw/articles/2002/1209/news-xml-12-09-02.asp
----------------------------------------------------
[11] Drop that E-Book or I'll Shoot!
With the first ever criminal DMCA trial halfway over, it's already
raising novel legal, jurisdictional and ethical challenges.
By Mark Rasch Dec 08, 2002
Last Thursday federal prosecutors wrapped up their direct case against
Russian software company ElcomSoft for creating and distributing
software that would "crack" Adobe's proprietary software designed to
prevent copying of electronic books - the defense will argue their side
this week.
ElcomSoft is a Russian company that has specialized in "password
recovery" software. At issue in the case is a software program called
the Advanced eBook Processor (AEBPR), a program that exploited
insecurities in Adobe's E-book reader to allow a user to essentially
convert encrypted and copy-protected E-book text to "naked" or
unencrypted plain text. As described by the company, AEBPR "lets users
make backup copies of eBooks that are protected with passwords, security
plug-ins, various DRM (Digital Rights Management) schemes like EBX and
WebBuy, enabling them to be readable with any PDF viewer, without
additional plug-ins. In addition, the program makes it easy to decrypt
eBooks and load them onto Palm Pilots and other small, portable devices.
This gives users -- especially users who read on airplanes or in hotels
-- a more convenient option than using larger notebooks with limited
battery power to read their eBooks. . . ."
http://online.securityfocus.com/columnists/128
----------------------------------------------------
[12] DOD extends global net
BY Dan Caterinicchia
Dec. 9, 2002
Two Defense commands have forged a link between their secure wide-area
networks (WANs), making it easier for DOD forces and their coalition
partners in different areas of the world to share information.
The link connects the U.S. Pacific Command's Combined Operations WAN
(COWAN), which spans the Asia-Pacific region, with the U.S. Central
Command's Combined Enterprise Regional Information Exchange (CENTRIX)
system. CENTRIX supports more than 30 participating nations in Europe,
the Middle East and Africa.
http://www.fcw.com/fcw/articles/2002/1209/tec-global-12-09-02.asp
----------------------------------------------------
[13] Microsoft: IE hole worse than reported
By Joe Wilcox
init
December 9, 2002, 4:33 AM PT
Microsoft on Friday raised its threat rating for a security flaw in its
Internet Explorer browser to "critical," in response to criticism of its
initial assessment of the hole's danger.
A representative of Microsoft, which has come under fire for its
security policies, said the company had changed its original rating of a
flaw in IE versions 5.5 and 6 as a result of comments posted to the
Bugtraq online bulletin board by a security consultant.
As previously reported by CNET News.com, Thor Larholm, a vulnerability
researcher with security consultancy Pivx Solutions questioned
Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum
posting.
http://zdnet.com.com/2100-1105-976440.html
----------------------------------------------------
[14] Security hole exposes Tower Records
By Declan McCullagh
Special to ZDNet News
December 6, 2002, 4:21 AM PT
A security hole on Tower Records' Web site exposed data on millions of
U.S. and U.K. customers until it was closed late Wednesday.
The glitch allowed anyone to peruse Tower Records' Web site to view its
database of customer orders dating from 1996 through this week,
including home and e-mail addresses, phone numbers and what music or
video products were purchased. More than 3 million such records were
exposed.
"It was a technical error, and when we discovered it we were fairly
horrified and we fixed it in a matter of hours," a Tower representative
said on Thursday. No credit card numbers appear to have been revealed,
the
company said.
http://zdnet.com.com/2100-1105-976271.html
----------------------------------------------------
[15] Israel, FBI Find Suspected Credit Hacker
RAMIT PLUSHNICK-MASTI
Associated Press
JERUSALEM - Israeli police, aided by the FBI, arrested an Israeli
suspected of hacking into computers of a U.S.-based electronics company
and stealing personal information, including the credit card numbers of
some 80,000 customers, according to court document released Sunday.
David Sternberg, 24, of the port city of Haifa, was arrested late Friday
while driving in a stolen car, police said. The FBI notified the
Israelis he was wanted in 2000 and police began searching for him in
2001, according to the transcript of his detention hearing.
http://www.miami.com/mld/miamiherald/news/world/4697613.htm
----------------------------------------------------
[16] Hacker 'DVD Jon' Goes on Trial
By Associated Press Page 1 of 1
02:17 PM Dec. 08, 2002 PT
OSLO, Norway -- Jon Lech Johansen was only 15 when he wrote and
distributed on the Internet for free a program that unlocked
copy-protected DVDs, giving Hollywood nightmares and making him a folk
hero among hackers.
Three years later, he's going on trial in an important test case for
Norway's strict laws against computer piracy and hacking.
http://www.wired.com/news/business/0,1367,56771,00.html
http://www.siliconvalley.com/mld/siliconvalley/business/technology/perso
nal_technology/4697274.htm
----------------------------------------------------
[17] Virus Throttle a Hopeful Defense
By Michelle Delio | 02:00 AM Dec. 09, 2002 PT
Computer viruses and worms live in the fast lane, propagating themselves
through a network faster than even the most highly caffeinated techie
can purge them from a system.
But Matthew Williamson, a researcher at the Hewlett-Packard laboratories
in Bristol, England, has come up with a new way to handle the
quick-moving cybercritters: Throttle 'em.
http://www.wired.com/news/infostructure/0,1377,56753,00.html
----------------------------------------------------
[18] Scientists seek revamped federal supercomputing effort
By Bara Vaida, National Journal's Technology Daily
In April, Japan rocked the U.S. supercomputer sector, which
traditionally has led the world in producing the fastest machinery, with
the unveiling of the Earth Simulator, a $400 million product that
outpaces the speed of U.S. supercomputers.
Now U.S. scientists are hoping that their government will boost spending
in fiscal 2004 to keep pace with Japan, whose government paid the
Japanese computer firm NEC to create the supercomputer. The Earth
Simulator-so named because it aims to create a "virtual earth" that
could simulate various climate conditions-matches the raw computing
power of 20 of the fastest American computers combined.
"There is a fear that our technology leadership could go overseas"
unless the United States invests in keeping its lead in high-end
computing, said Jim Rottsolk, chairman and CEO of the Cray supercomputer
company.
http://www.govexec.com/dailyfed/1202/120602td1.htm
----------------------------------------------------
[19] .Net.uk domain granted stay of execution
By Kieren McCarthy
Posted: 09/12/2002 at 10:07 GMT
The underused .net.uk domain has been granted a stay of execution after
a meeting of Nominet's Policy Advisory Board decided that still more
consultation was needed before a decision on its future was taken.
The decision comes after a sub-committee charged with looking at the
issue recommended it be closed off to new entrants and slowly wound
down. This was thrown out by the PAB in October and reiterated a second
time in a meeting on 4 December, leading some to believe the issue is
being downplayed in an effort to avoid confrontation.
http://www.theregister.co.uk/content/6/28473.html
----------------------------------------------------
[20] New cybersecurity institute to fight online crime
By James L. Rosica
DEMOCRAT STAFF WRITER
With the strokes of their pens, officials from two agencies and a local
university created a new partnership to fight online crime.
The Florida Department of Law Enforcement, Florida State University and
the National White Collar Crime Center agreed Friday to form the Florida
Cybersecurity Institute "to provide research, analysis, training and
technical assistance relating to cybercrime," representatives said.
FDLE Commissioner Tim Moore, FSU's Raymond Bye and Gary Lusher, program
manager for the National White Collar Crime Center, signed their names
to the agreement at a Friday afternoon press conference.
http://www.tallahassee.com/mld/democrat/news/local/4685889.htm
----------------------------------------------------
_____________________________________________________________________
The source material may be copyrighted and all rights are
retained by the original author/publisher.
Copyright 2002, IWS - The Information Warfare Site
_____________________________________________________________________
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
<http://www.iwar.org.uk>
---------------------------------------------------------------------
To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body
To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body
---------------------------------------------------------------------
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
