[INFOCON] - News 11/04/02

[Wanja Eric Naef [IWS]]

_

  London, Monday, November 04, 2002
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe
infocon" in the body

To unsubscribe - send an email to "[EMAIL PROTECTED]" with
"unsubscribe
infocon" in the body

-

_


  
  [News Index]
  

[1] FBI director says industry must do more to prevent cyberattacks
[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
[3] Root-Server Attack Traced to South Korea, U.S.
[4] Personal data travels far
[5] Microsoft dodges bullet  

[6] But some shut their Windows  
[7] Open source courses through DOD
[8] European police say they can't keep up with cyber criminals
[9] Feds pursue secrecy for corporate victims of hacking
[10] SPAMMER HAMMERED BY VERIZON BAN

[11] Scary Movie
[12] IG: State Department flunks systems security
[13] U.S. fears terrorists will imitate snipers
[14] State CIOs see accord with feds
[15] 'Sensitive' label strikes nerve

[16] How to get certified security for Win2k, by Microsoft
[17] Proof Win2K is still insecure by design
[18] Pentagon completes 'playbooks' for terrorism scenarios
[19] A New Cryptography Uses the Quirks of Photon Streams

[20] U.S. should fund R&D for secure Internet protocols, Clarke says
[21] New worm aims to infest Australian systems
[22] New Wi-Fi security would do little for public 'hot spots'
[23] Popular Linksys Router Vulnerable to Attack

_

News
_


[1] FBI director says industry must do more to prevent cyberattacks
By Shane Harris

FBI Director Robert Mueller Thursday implored industry technology
executives to do a better job securing the Internet and other data
networks by reporting incidences of online crime to the bureau. 

"You're not enabling us to do [our] job" by withholding reports about
criminals who successfully penetrate companies' data networks or attack
their systems, Mueller told those attending a Falls Church, Va. forum on
combating online crime and cyberterrorism. Corporations are reluctant to
report such attacks to law enforcement agencies for fear of revealing
their systems' vulnerabilities. They worry the information could give
competitors an edge, or invite more attacks by criminals once they
discover the weaknesses. 

http://www.govexec.com/dailyfed/1002/103102h1.htm 

FBI seeks help vs. Cybercrime 
http://www.fcw.com/fcw/articles/2002/1028/web-fbi-11-01-02.asp 

 

[2] Agencies, companies urged to set guidelines for fighting
cyberterrorism
By Molly M. Peterson, National Journal's Technology Daily

The war on cyberterrorism requires law enforcement agencies and the
private sector to develop guidelines and protocols for sharing
information about network vulnerabilities and cyber attacks, government
and industry leaders said Thursday.

"Face-to-face relationships are great, but we need to go beyond that,"
Chris Painter, deputy chief of the Justice Department's Computer Crime
and Intellectual Property Section (CCIPS), said during a cyber-security
forum at Computer Sciences Corp. headquarters in Falls Church, Va. 

Painter led one of several workshops in which law enforcement and
private-sector officials discussed obstacles to information sharing.
Conference organizers said they closed those workshops to the media in
order to encourage participants to discuss problems and ideas with as
much candor as possible.

http://www.govexec.com/dailyfed/1102/110102td1.htm 

 

[3] Root-Server Attack Traced to South Korea, U.S. 
  
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, October 31, 2002; 3:30 PM 

Last week's attacks on the Internet's backbone likely emanated from
computers in the United States and South Korea, FBI Director Robert
Mueller today said. 

"The investigation is ongoing," Mueller said at an Internet security
conference in Falls Church, Va. He did not offer more details on the
investigation, nor did he outline the evidence investigators have
gathered so far

[INFOCON] - FBI Director Outlines Public-Private Plan to ImproveCybersecurity

[Wanja Eric Naef [IWS]]

01 November 2002 

FBI Director Outlines Public-Private Plan to Improve Cybersecurity

(Cites cybercrime as agency's first priority) (2820)

Federal Bureau of Investigation (FBI) Director Robert S. Mueller III
outlined a plan to strengthen private and government cooperation to
improve security of the nation's information infrastructure in a
speech to the Informational Technology Association of America (ITAA)
October 31.

Mueller said the FBI has made cybercrime its number one criminal
priority in anticipation of dramatic increases in what he described as
"Internet-enabled crimes," that is, traditional crimes such as fraud,
identity theft, copyright infringement and child pornography that have
migrated online.

A second class of crimes, born with the Internet age, is also a
serious concern for national law enforcement. Those are computer
intrusions, denial of service attacks and cyber terrorism - all crimes
with "the potential to ruin businesses, cause staggering financial
losses, threaten our national security and even cost lives," Mueller
said.

The FBI is reorganizing itself to better respond and investigate
online criminal activity, Mueller said, with a particular emphasis on
tapping private sector expertise to help respond to crime.

"We are forming high tech task forces that include private sector
players, law enforcement and in some cases experts from academic
disciplines," Mueller explained to the ITAA audience in suburban
Washington. "So when there is a local cyber crime problem, the
worldwide network of the FBI and the resources of the other task force
participants can work together to assist."

The FBI director implored the private sector members of his audience
to provide more information to authorities about unauthorized
intrusions into their computer networks. He estimated that the FBI is
receiving reports on only one third of such incidents. Mueller
acknowledged business leaders' concerns that reporting these cases to
authorities might make them subject to investigation, expose protected
corporate information or attract unwelcome media attention that could
adversely affect stock prices. Mueller offered assurances that the FBI
would take care to minimize such consequences.

"We will try to find the origin of the attacker, help you preserve
evidence and avoid counter-surveillance. We will help protect you
legally," Mueller said. "And we will do what no one else can -- hunt
down the perpetrator and shut him or her down."

Following is the text of the Mueller speech as prepared for delivery:

(begin text)

Remarks by
Robert S. Mueller III
Director, Federal Bureau of Investigation
at the
Information Technology Association of America National Summit
Falls Church, Virginia

October 31, 2402

Thank you. Good morning. I am genuinely pleased to be here. I have
tremendous respect for you and your companies, which I especially
developed when I had the privilege to serve as U.S. Attorney for
Northern California. We were, as you might imagine, busy there with
emerging issues in the cyber area. In February 2000, we set up the
first unit in a U.S. Attorney's office dedicated to prosecuting
computer crimes and intellectual property cases -- the CHIP Unit. It
was at that point I saw clearly how important government-private
sector partnerships were going to be in this dynamic area.

We have a quote by J. Edgar Hoover on a courtyard wall at FBI
Headquarters. It says, "The most effective weapon against crime is
cooperation ...the efforts of all law enforcement agencies with the
support and understanding of the American people." In Hoover's day,
"support and understanding" may have been enough; he did not have a
complex, interconnected, information infrastructure to worry about. We
do. And our efforts to secure that infrastructure and to fight cyber
crime require a new level of engagement -- an active partnership
between the private sector and law enforcement, and an unprecedented
level of cooperation.

Conferences like this one, and the working groups that will come out
of it, are going to help us build that active partnership. I know that
each of you is already heavily engaged in fighting cyber crime and
that your private sector initiatives have led to some significant
victories. This morning, I want to talk about cyber threats from the
FBI's vantage, and about our role in fighting those threats. Above all
I want to talk about the partnership that is needed to get the job
done, and how we can build trust, share information, and ultimately
benefit from each others' strengths.

In broad terms, the FBI sees threats to cyber security as two separate
but related problems. The first is the explosive growth of traditional
crimes that have migrated on-line: the frauds, identity theft,
copyright infringement, child pornography and exploitation. The
powerful, interconnected systems that have done so much to improve our
lives, also nurture the worst elements of society. Small time
criminals can develop into international