_________________________________________________________________ London, Tuesday, November 26, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Bush signs homeland bill; fills top jobs in department [2] Counterterrorism project assailed by lawmakers, privacy advocates [3] DDOS attack 'really, really tested' UltraDNS [4] (UK) Cabinet Office beats off 1,000 cyber attacks in October [5] Privacy czar plays homeland role [6] Merde! Alcatel LAN switch ships with backdoor access [7] Homeland Security Bill Heralds IT Changes [8] Experts advocate standard public warning system [9] Three charged in huge identity scam bust [10] 'Safe for kids' Internet bill goes to president [11] Homeland Security Plan Leaves Some Experts Skeptical [12] Contractors act quickly to try to shape security agenda [13] (AU) Cybercrime Bill a clumsy step in right direction [14] Court blocks DVD-cracking suit [15] Computer viruses face slow down [16] 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off [17] eBay scam site nipped in the bud [18] DOD extends net reach [19] Former Education Department official, e-gov pioneer dies _________________________________________________________________ CURRENT THREAT LEVELS _________________________________________________________________ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _________________________________________________________________ News _________________________________________________________________ [1] Bush signs homeland bill; fills top jobs in department By Keith Koffler, CongressDaily President Bush Monday signed legislation establishing a Homeland Security Department and announced he will nominate White House homeland security adviser Tom Ridge to be its first secretary. Bush also announced that Navy Secretary Gordon England will be nominated for the post of deputy secretary and that Drug Enforcement Administration Administrator Asa Hutchinson, a former House member, will be nominated to serve as undersecretary for border and transportation security. White House Press Secretary Ari Fleischer pledged the Bush administration would work cooperatively with Congress next year as it considers whether to strip out last-minute provisions added to the bill that would protect vaccine makers and offer other benefits to businesses. http://www.govexec.com/dailyfed/1102/112502cd1.htm ---------------------------------------------------- [2] Counterterrorism project assailed by lawmakers, privacy advocates By Shane Harris Lawmakers, privacy advocates and civil libertarians are criticizing a controversial Defense Department research project as an invasion of personal privacy, and are questioning whether it should be scrapped. In January, the Defense Advanced Research Projects Agency (DARPA) began a multi-year effort to look for ways that technology could be used to pre-empt terrorist attacks. Known as the Total Information Awareness (TIA) system, much of the work centers on theoretical ways to use information technology and human analysis to analyze transactions, such as credit card purchases or phone calls, to find patterns that might indicate a terrorist attack is being plotted. The project has outraged groups that support restrictions on the use of personal data. At a press conference Monday in Washington, Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the TIA system was the “hub” of a far-reaching effort by the government to “extend surveillance of the American public.” http://www.govexec.com/dailyfed/1102/112502h1.htm ---------------------------------------------------- [3] DDOS attack 'really, really tested' UltraDNS By ComputerWire Posted: 26/11/2002 at 09:23 GMT A major provider of domain name system infrastructure services was hit by a distributed denial of service attack last Thursday morning described as bigger and more sophisticated than anything else it has previously seen, writes Kevin Murphy. UltraDNS Corp, which provides DNS services for the likes of oracle.com and top-level domains including .info and, from January 1 2003 .org, was hit by a DDoS attack unprecedented in its scale. While no services were actually denied, the attack has got the company concerned enough to boost its bandwidth and infrastructure to prevent further attacks. UltraDNS CEO Ben Petro compared this kind of attack to "terrorism". http://www.theregister.co.uk/content/55/28291.html ---------------------------------------------------- [4] Cabinet Office beats off 1,000 cyber attacks in October The Cabinet Office has suffered almost 6,000 cyber attacks this year with more than 1,000 incidents occurring in October alone. Cabinet Office minister Douglas Alexander revealed the scale of the attacks in a parliamentary written answer. With the government stepping up preparations for a war with Iraq, Brian White, MP for Milton Keynes and a former IT professional, asked a series of parliamentary questions to ascertain government department's response to the threat of cyber terrorism. While the Cabinet Office fought off 5,857 cyber attacks this year, the Foreign Office told White it had not been subject to a single attack. http://www.cw360.com/bin/bladerunner?REQSESS=gg15412S&REQAUTH=0&2149REQE VENT=&CARTI=117777&CARTT=1&CCAT=2&CCHAN=22&CFLAV=1 ---------------------------------------------------- [5] Privacy czar plays homeland role BY William Matthews Nov. 21, 2002 After a two-year absence, a privacy czar of sorts is returning to the federal government. The Homeland Security Department will have a privacy officer whose job will be to ensure that activities of the new department do not erode the privacy of ordinary Americans. But in light of recent legal, technological and political developments, the new privacy chief will have a tough job, privacy advocates predict. "Many of the missions of the Homeland Security agency are so inherently invasive of privacy that it will be difficult for the privacy officer to offset the risk to personal privacy," said Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center http://www.fcw.com/fcw/articles/2002/1118/web-private-11-21-02.asp ---------------------------------------------------- [6] Merde! Alcatel LAN switch ships with backdoor access By John Leyden Posted: 25/11/2002 at 13:30 GMT Some versions of Alcatel's LAN switch software can yield backdoor access to crackers, the company warns. The vulnerability could give crackers full administrative control over Alcatel OmniSwitch 7700/7800 switches running Alcatel Operating System (AOS) version 5.1.1. http://www.theregister.co.uk/content/55/28275.html ---------------------------------------------------- [7] Homeland Security Bill Heralds IT Changes By Brian Krebs washingtonpost.com Staff Writer Monday, November 25, 2002; 1:38 PM President Bush today signed a homeland security bill that could have far-reaching implications for computer security and Internet privacy. The homeland security bill includes a provision that shields Internet service providers (ISPs) from customer lawsuits if providers share private subscriber information with law enforcement authorities. http://www.washingtonpost.com/wp-dyn/articles/A54872-2002Nov14.html ---------------------------------------------------- [8] Experts advocate standard public warning system By Wilson P. Dizard III GCN Staff The nation needs a sophisticated national warning system that relies on IT to spread warning messages far and wide, government and industry public-safety experts said today. The Partnership for Public Warning—which includes representatives of IT companies and agencies such as the Federal Emergency Management Agency, FBI and Nuclear Regulatory Commission—conducted a workshop to generate its report, Developing a Unified All-Hazard Public Warning System. http://www.gcn.com/vol1_no1/daily-updates/20569-1.html ---------------------------------------------------- [9] Three charged in huge identity scam bust 09:34 Tuesday 26th November 2002 Paul Festa, CNET News.com US federal authorities say they have broken an identity theft ring that siphoned funds from bank accounts and made fraudulent purchases over three years Calling it the largest such bust ever, the US Attorney in Manhattan and the FBI apprehended an alleged ring of identity thieves, accusing three men of stealing tens of thousands of credit reports. The ring is alleged to have operated over a period of three years, suspected of pilfering credit reports from the three major commercial credit reporting agencies and using that information to siphon funds from bank accounts and make fraudulent purchases. Authorities have accounted for $2.7m (£1.7m) in losses so far. http://news.zdnet.co.uk/story/0,,t269-s2126519,00.html http://www.usatoday.com/money/perfi/columnist/block/2002-11-25-id-theft_ x.htm http://news.findlaw.com/usatoday/docs/crim/usmohammed1002ind.pdf http://news.findlaw.com/usatoday/docs/crim/usbaptiste1002cmp.pdf http://news.findlaw.com/usatoday/docs/crim/uscummings112202cmp.pdf ---------------------------------------------------- [10] 'Safe for kids' Internet bill goes to president By The Associated Press 11.25.02 WASHINGTON — Congress is sending President Bush legislation to create a haven on the Internet for children, where parents can be assured Web sites are free of pornography and other material not suitable for youngsters. The measure would make a ".kids.us" Internet domain that would be available within a year and monitored by a government contractor to ensure the material was appropriate for children under 13. The bill won unanimous approval from the Senate on Nov. 13 and the House on Nov. 15. It now goes to Bush, who is expected to sign it. Child advocates backed the Internet domain measure. http://www.freedomforum.org/templates/document.asp?documentID=17300 ---------------------------------------------------- '... But some experts warn that rather than creating a new agency to protect against terrorism, fundamental changes are needed at existing agencies, like the CIA. ...' '... "The CIA has now become part of the problem," says Kenneth Allard, a former U.S. army intelligence officer. "And part of the reason why they are is the fact that you have too many white Anglo-Saxon Protestants with masters degrees in Soviet studies who are still there who have absolutely no clue about Iraq, about al-Qaida or about what we are facing with religious based fanaticism." ...' [11] Homeland Security Plan Leaves Some Experts Skeptical Nick Simeone Washington 26 Nov 2002, 05:35 UTC Listen to Nick Simeone's report from Washington (RealAudio) Simeone report - Download 308k (RealAudio) Some national security experts doubt the creation a new U.S. government Department of Homeland Security means the nation is now better protected against terrorism. It could be years before the 22 agencies brought together under one department are working together effectively. When President Bush signed the Homeland Security Act into law Monday, he launched the biggest government re-organization since the creation of the Defense Department after World War II. But in doing so, he acknowledged changing the ingrained ways of Washington's multiple and at times competing bureaucracies will not be easy. "To succeed in their mission, leaders of the new department must change the culture of many diverse agencies," says Mr. Bush. http://www.voanews.com/article.cfm?objectID=E35F25D0-9ECD-4BF2-B60FEE2DC AFD7752&title=Homeland%20Security%20Plan%20Leaves%20Some%20Experts%20Ske ptical&catOID=45C9C78F-88AD-11D4-A57200A0CC5EE46C&categoryname=USA ---------------------------------------------------- [12] Contractors act quickly to try to shape security agenda By Maureen Sirhal, National Journal's Technology Daily A group of security and defense contractors on Monday offered their recommendations for shaping policies to defend the nation from terrorist threats. The Homeland Security Industries Association unveiled eight papers focused on improving security in such places as critical infrastructure, airports, seaports and the food supply—and recommended ways that the government can begin tackling the issues. With more than 75 member companies across several industries, that association has been working since its launch in September to "identify gaps in security and possible [technology] solutions," President Bruce Aitken said on the day that President Bush signed a bill creating the Homeland Security Department. http://www.govexec.com/dailyfed/1102/112502td1.htm ---------------------------------------------------- [13] Cybercrime Bill a clumsy step in right direction By Senator Brian Greig November 25 2002 Next According to the Computer Emergency Response Team (CERT) coordination centre, the number of reported incidents of computer-related security breaches in the first three quarters of 2000 rose by 54 per cent over the total number of reported incidents in the previous year. CERT logged some 9000 security breaches in Australia in 1999 and that number leapt to an extraordinary 22,000 incidents in the year 2000. In addition to this, it would appear that countless instances of illegal access, damage, fraud and illegal pornography around the world remain unreported, because victims fear the exposure of vulnerabilities, the potential for copycat crimes and the loss of public confidence. http://www.smh.com.au/articles/2002/11/25/1038173686523.html ---------------------------------------------------- [14] Court blocks DVD-cracking suit 09:19 Tuesday 26th November 2002 John Borland, CNET News.com A ruling in California deals with just one part of Hollywood's multifaceted attack on DeCSS, a controversial bit of computer code that can assist in the copying of DVDs The California Supreme Court handed Hollywood's antipiracy efforts a setback on Monday, ruling that a Texas resident who posted controversial DVD-cracking code online can't be sued in the California. The ruling, released by the court on Monday, deals with just one part of Hollywood's multifaceted attack on DeCSS, a controversial bit of computer code that can assist in the copying of DVDs. The justices didn't address the legality of posting the software program online, saying only that Texas resident Matthew Pavlovich couldn't be sued in California for doing so. http://news.zdnet.co.uk/story/0,,t269-s2126517,00.html ---------------------------------------------------- [15] Computer viruses face slow down The ILOVEYOU bug spread via e-mail quickly Computer viruses could, in the future, find it much harder to spread themselves over the internet. Matthew Williamson, a researcher at the Hewlett-Packard laboratories in Bristol, UK, has come up with a way to slow down the rate of infection. http://news.bbc.co.uk/1/hi/technology/2511961.stm ---------------------------------------------------- [16] 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off Eighteen months after Argus Systems challenged the hacker world to crack its PitBull security product in a much-ballyhooed global contest, the winners say they're still waiting for their prize money. By Kevin Poulsen, SecurityFocus Nov 26 2002 12:05AM It must have seemed a masterstroke of marketing genius at the time. A formerly-obscure security software company organizes a series of high-profile contests aimed at showing that even with a sizable cash prize dangling as a reward, the world's best hackers can't crack a Web server protected by the company's flagship product. The only problem: the world's best hackers did just that. And now more than eighteen months after the Polish white hat hacker group Last Stage of Delirium (LSD) conquered the Argus Systems Group's fifth, and apparently last, "Hacking Challenge," the winners say the company still hasn't paid most of the $48,000 prize, raising the ugly specter of fraud in a contest that some security experts already criticized as a corporate publicity stunt. http://online.securityfocus.com/news/1717 ---------------------------------------------------- [17] eBay scam site nipped in the bud By John Leyden Posted: 25/11/2002 at 15:56 GMT A spate of emails inviting eBay customers to divulge usernames and passwords to a scam site reached epidemic proportions last week. The emails invited the foolhardy to hand over confidential details to a site called change-eBay.com, Needless to say, this has no affiliation with the online auction site. change-eBay.com was acquired using a stolen credit card and has since been closed CNET reports. http://www.theregister.co.uk/content/55/28279.html ---------------------------------------------------- [18] DOD extends net reach BY Dan Caterinicchia Nov. 25, 2002 The U.S. Pacific Command (Pacom) and U.S. Central Command (Centcom) each use their own secure wide-area networks to communicate with coalition partners in their areas of the world, and now the two systems have been linked to create even greater global information-sharing possibilities. Navy Capt. James Fordice, the U.S. Pacific Fleet's director for command, control, communications, computers and intelligence, said Pacom's Combined Operations, or Coalition, WAN (COWAN) has a number of secure enclaves with various Asian-Pacific partners, including COWAN-K with Korea, COWAN-J with Japan, and COWAN-A, which supports Canada, Australia, New Zealand, the United Kingdom and the United States. http://www.fcw.com/fcw/articles/2002/1125/web-cowan-11-25-02.asp ---------------------------------------------------- [19] Former Education Department official, e-gov pioneer dies By Amelia Gruber Greg Woods, a former Education Department official who helped lead efforts to make the federal government more citizen-friendly, died of pancreatic cancer last Thursday. Woods, 59, was the former chief operating officer of the Education Department’s Federal Student Aid (FSA) office and pioneered the e-government concept. “If there’s a school in heaven, and if a student needs financial aid, there’s a new administrator there today who probably can’t wait to get down to business,” said G. Kay Jacks, general manager of FSA’s Web site about financial aid, referring to Woods. http://www.govexec.com/dailyfed/1102/112502a1.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk