-Caveat Lector- Jan 27, 2003
Internet Attack's Disruptions More Serious Than Many Thought Possible By Ted Bridis Associated Press Writer WASHINGTON (AP) - The weekend attack on the Internet crippled some sensitive corporate and government systems, including banking operations and 911 centers, far more seriously than many experts believed possible. The nation's largest residential mortgage firm, Countrywide Financial Corp., told customers who called Monday it was still suffering from the attack. Its Web site, where customers usually can make payments and check their loans, was closed with a note about "emergency maintenance." Police and fire dispatchers outside Seattle resorted to paper and pencil for hours Saturday after the virus-like attack disrupted operations for the 911 center that serves two suburban police departments and at least 14 fire departments. American Express Co. confirmed that customers couldn't reach its Web site to check credit statements and account balances during parts of the weekend. Perhaps most surprising, the attack prevented many customers of Bank of America Corp., one of the largest U.S. banks, and some large Canadian banks from withdrawing money from automatic teller machines Saturday. President Bush's No. 2 cyber-security adviser, Howard Schmidt, acknowledged Monday that what he called "collateral damage" stunned even experts who have warned about uncertain effects on the nation's most important electronic systems from mass-scale Internet disruptions. "One would not have expected a request for bandwidth would have affected the ATM network," Schmidt said. "This is one of the things we've been talking about for a long time, getting a handle on interdependencies and cascading effects." The White House and Canadian defense officials confirmed they were investigating how the attack, which started about 12:30 a.m. EST Saturday, could have affected ATM banking and other important networks that should remain immune from traditional Internet outages. Schmidt said early reports suggested private ATM networks overlapped with parts of the public Internet. Such design decisions were criticized as "totally brain-dead" by Alex Yuriev of AOY LLC, a Philadelphia-based consulting firm for banks and telecommunications companies. Officials were most concerned about risks that citizens might lose confidence in financial networks. "Their bread and butter is the public being able to get access to their accounts when and where they want them," said Ron Dick of Computer Sciences Corp., former head of the FBI's National Infrastructure Protection Center. "Even during nominal disruptions, the key is having a plan so you can provide assurances to your customers." The virus-like attack, alternately dubbed "slammer" or "sapphire," sought out vulnerable computers to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000." The attacking software scanned for victim computers so randomly and so aggressively that it saturated many of the Internet largest data pipelines, slowing e- mail and Web surfing globally. "One thing people have always feared was that the mesh among certain critical infrastructure sectors would be affected, and there was some of that," said Eddie Schwartz, a vice president at Predictive Systems Inc., which runs Internet warning centers for the banking and energy industries. Congestion from the Internet attack eased over the weekend and was almost completely normal by Monday. That left investigators poring over the blueprints for the Internet worm for clues about its origin and the identity of its author. Complicating the investigation was how quickly the attack spread across the globe, making it nearly impossible for researchers to find the electronic equivalent of "patient zero," the earliest infected computers. "Basically within one minute, the game was over," said Johannes Ullrich of Boston, who runs the D-Shield network of computer monitors. He watched the attack spread with alarming speed worldwide. Asia, especially Korea, was among the areas hardest-hit. Experts said blueprints of the attack software were similar to a program published on the Web months ago by David Litchfield of NGS Software Inc., a respected British security expert who discovered the flaw in Microsoft's database software last year. The attack software also was similar to computer code published weeks ago on a Chinese hacking Web site by a virus author known as "Lion," who publicly credited Litchfield for the idea. Litchfield said he deliberately published his blueprints for computer administrators to understand how hackers might use the program to attack their systems. "Anybody capable of writing such a worm would have found out this information without my sample code," Litchfield said. "Just because someone publishes a proof-of-concept code doesn't necessarily help the people we should be worried about." Still, Litchfield's disclosure was likely to reignite a simmering dispute among security researchers and technology companies about how much information to disclose when they discover serious vulnerabilities in popular software. "I personally would rather people not publish exploit code," said Steve Lipner, a top security official at Microsoft Corp. Litchfield responded that his warnings about the threat - plus his detailed example - might have frightened many professionals into installing software repairs. Microsoft said the number of users downloading its repairing patch reached 6,800 per hour Monday. AP-ES-01-27-03 1845EST This story can be found at: http://ap.tbo.com/ap/breaking/MGAPX0P2HBD.html Go Back To The Story Forwarded for your information. The text and intent of the article have to stand on their own merits. ~~~~~~~~~~~~~~~~~~~~ In accordance with Title 17 U.S.C. section 107, this material is distributed without charge or profit to those who have expressed a prior interest in receiving this type of information for non-profit research and educational purposes only. ~~~~~~~~~~~~~~~~~~~~ "Do not believe in anything simply because you have heard it. Do not believe simply because it has been handed down for many genera- tions. Do not believe in anything simply because it is spoken and rumoured by many. Do not believe in anything simply because it is written in Holy Scriptures. Do not believe in anything merely on the authority of teachers, elders or wise men. Believe only after careful observation and analysis, when you find that it agrees with reason and is conducive to the good and benefit of one and all. Then accept it and live up to it." The Buddha on Belief, from the Kalama Sut <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om