_________________________________________________________________ London, Monday, December 09, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] Homeland security budget boost not yet a reality [2] DOD still working on change [3] Exploring intuitive decision-making [4] Feds Label Wi-Fi a Terrorist Tool [5] FBI seeks to link joint terrorism task forces [6] CfP ECIW 2003 [7] Organised Net crime rising sharply - top UK cop [8] Threat grows of cyber attack by terrorists groups [9] Complex Networks Too Easy to Hack [10] Navy preps XML policy [11] Drop that E-Book or I'll Shoot! [12] DOD extends global net [13] Microsoft: IE hole worse than reported [14] Security hole exposes Tower Records [15] Israel, FBI Find Suspected Credit Hacker [16] Hacker 'DVD Jon' Goes on Trial [17] Virus Throttle a Hopeful Defense [18] Scientists seek revamped federal supercomputing effort [19] .Net.uk domain granted stay of execution [20] New cybersecurity institute to fight online crime _________________________________________________________________ CURRENT THREAT LEVELS _________________________________________________________________ Electricity Sector Physical: Elevated (Yellow) Electricity Sector Cyber: Elevated (Yellow) Homeland Security Elevated (Yellow) DOE Security Condition: 3, modified NRC Security Level: III (Yellow) (3 of 5) _________________________________________________________________ News _________________________________________________________________ [1] Homeland security budget boost not yet a reality By Shane Harris A year ago, as the federal government mounted a massive homeland security effort at the same time the commercial technology market was collapsing, Uncle Sam became the most attractive information technology customer in America. In February, President Bush requested $52 billion in new IT spending for fiscal 2003. Hungry would-be federal contractors, hoping that a hefty chunk of the money would go to purchasing leading-edge commercial products for homeland security, set up shop inside the Beltway. But aside from an initial jolt of emergency funding after the Sept. 11 attacks-about $1 billion of which was spent on IT-technology spending in 2002 didn't seem to have much to do with homeland security. By and large, agencies are only beginning to understand what they want to buy, and are focusing on basic technologies, not the new wave of products many companies had assumed they would purchase. Why? For most of 2002, agencies were preoccupied adjusting to their post-Sept. 11 missions; some were preparing for a massive reorganization under the proposed Homeland Security Department. Because they're struggling just to figure out what homeland security is, they've had less time to shop for new technologies to help them ensure it, says George Molaski, former chief information officer of the Transportation Department and now a consultant. http://www.govexec.com/dailyfed/1202/120602h2.htm ---------------------------------------------------- (Any Information Operation needs to be based on a well developed and tested doctrine to be really effective. Just have a look at the development of air warfare doctrine which took a long time to mature until it became a 'decisive weapon'. WEN) ... The notion of network-centric warfare does little to prepare soldiers and sailors for actual combat against a real enemy, Van Riper said. Instead of focusing on IT, he said, the services must develop new concepts of effective military operations. "Don't put your faith in the technology," he said after the conference, "You've got to do the thinking first." ... [2] DOD still working on change BY Nancy Ferris Dec. 9, 2002 The military is embracing the idea of network-centric warfare, but Defense Department officials need to change their mind-sets if they want to make it stick, according to the man who first championed the concept. "Much of what they focus on is becoming irrelevant," said retired Vice Adm. Arthur Cebrowski, director of the Pentagon's Force Transformation Office, at the annual conference of the non-profit CNA Corp. (formerly the Center for Naval Analysis). DOD and Congress, for example, are debating what kinds of aircraft to build, while "the real fight is over sensors" - the systems that find and identify enemy forces, then launch attacks, he said. Cebrowski called for acceleration in the transition from the Industrial Age to the Information Age, saying that "fighter vs. fighter combat is in a state of devolution" as threats increasingly come from small nations that lack major military forces or from groups not aligned with nations. With better information systems, the United States will be better prepared to combat these "asymmetric" threats, he said. http://www.fcw.com/fcw/articles/2002/1209/pol-dod-12-09-02.asp ---------------------------------------------------- [3] Exploring intuitive decision-making DOD official endorses approach, but expert warns of information overload BY Dan Caterinicchia Dec. 9, 2002 Giving military commanders timely access to information is only half the battle, a Marine Corps leader recently said. Delivering it in an intuitive fashion so that the commanders can make quick decisions is the next challenge. Military systems tend to generate data in static checklist form, said Brig. Gen. Jerry McAbee, deputy commander of the Marine Corps' Marine Forces Pacific. But "the checklist approach to decision-making is not what we need for the 21st century," he said. Military leaders need a networked knowledge system that draws information from databases worldwide. http://www.fcw.com/fcw/articles/2002/1209/mgt-dod-12-09-02.asp ---------------------------------------------------- (I have just finished a feature on wireless security for NCMS IMIA and it took me a long time to decide whether to recommend 802.11b networks or not. In the end I decided to recommend it only to companies with a good information security culture and practice as only they will be able to secure WLANs. WEN) [4] Feds Label Wi-Fi a Terrorist Tool By Paul Boutin 02:00 AM Dec. 06, 2002 PT SANTA CLARA, California -- Attention, Wi-Fi users: The Department of Homeland Security sees wireless networking technology as a terrorist threat. That was the message from experts who participated in working groups under federal cybersecurity czar Richard Clarke and shared what they learned at this week's 802.11 Planet conference. Wi-Fi manufacturers, as well as home and office users, face a clear choice, they said: Secure yourselves or be regulated. http://www.wired.com/news/wireless/0,1382,56742,00.html ---------------------------------------------------- [5] FBI seeks to link joint terrorism task forces Bureau wants to streamline info sharing BY Dan Caterinicchia Dec. 9, 2002 As part of the FBI's effort to enhance its information-sharing capabilities, the bureau is attempting to link more than 50 joint terrorism task forces (JTTF) on a network that would far surpass current communication methods. The FBI established many of the task forces following the Sept. 11, 2001, attacks as a way to streamline communications and intelligence-sharing efforts. The task forces include representatives from the Defense Department and other government agencies at each of the FBI's 56 field divisions nationwide. "One year ago, nearly half of these task forces didn't exist," FBI Director Robert Mueller said in an October address at the International Association of Chiefs of Police's annual conference. "The ones that did exist were not nearly as large as they are now. Today, information flows more freely. Tips are routed more quickly. Leads are covered more efficiently. Again, it is not perfect. But it gets better every day." http://www.fcw.com/fcw/articles/2002/1209/pol-fbi-12-09-02.asp ---------------------------------------------------- [6] CfP ECIW 2003 ECIW 2003 European Conference on Information Warfare and Security University of Reading, United Kingdom 30 June - 1 July 2003 _________ Co-Conference Chairs: Dr Steve Furnell, Network Research Group, Plymouth University, UK and Rodney Clare, Open University and EDS UK Co-Programme Chairs: Professor Bill Hutchinson, Edith Cowan University, Australia and Commodore Patrick Tyrrell, OBE, Royal Navy Retired, UK CALL FOR PAPERS, WORKSHOPS AND TUTORIALS The second European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas. The advisory group for the conference invites submissions of papers on both the theory and practice of all aspects of Information Warfare and Security. The conference in July 2003 is seeking qualitative, experience-based and quantitative papers as well as case studies and reports of work in progress from academics, information systems practitioners, consultants and government departments. Topics may include, but are not limited to, e-Intelligence/counter-intelligence, Perception management, Information warfare theory, Electro-magnetic pulse weapons, Information, computer and network security, Cryptography, Physical security, Security policy, Information warfare policy, Information warfare techniques, Hacking, Infra-structure warfare, National security policy, Corporate defence mechanisms, Security for small to medium enterprises, Cyber Terrorism, Ethical, Political and Social Issues relating to Information Warfare, Information warfare and security education, Legal issues concerned with information warfare and e-Crime. In addition to multiple streams of papers, the conference committee are inviting proposals for workshops and tutorials on topics related to Information Warfare and research methods applicable to this field. SUBMISSION DETAILS: In the first instance submit an abstract to the conference committee. Abstract details: No more than 500 words to be received by 1 April 2003. File type: Word for Windows. Submission: By e-mail attachment to: [EMAIL PROTECTED] Full paper: Only required on acceptance of abstract. The full papers (between 3000-5000 words) will be double blind reviewed before being accepted for presentation at the conference and for publication in the conference proceedings. Submission date will be no later than 23 May 2003. The best papers will be considered for publication in the Journal for Information Warfare (JIW) http://www.Jinfowar.com IMPORTANT INFORMATION: The review panel of the conference committee will consider all abstracts received by the submission deadline. Papers that are accepted will be published in the conference proceedings providing at least one author pays the registration fee and presents their work at the Conference (see the registration section for more information). Due to the large number of quality papers that are submitted to this conference the committee only allows an author to present one paper. Therefore if multiple papers are accepted for presentation different co-authors must present each paper. Exhibition opportunities are available to consultants and practitioners who present at the conference. IMPORTANT DATES: Abstract submission deadline: 1 April 2003 Notification of abstract acceptance:15 April 2003 Final copy of full paper due: 23 May 2003 Notification of paper acceptance:30 May 2003 CONFERENCE EXECUTIVE: Dr Andrew Blyth, University of Glamorgan, UK [EMAIL PROTECTED] Rodney Clare, Open University and EDS UK [EMAIL PROTECTED] John Davey, Department of Defence, Canberra ACT, Australia, [EMAIL PROTECTED] Dr Steve Furnell, Plymouth University, UK [EMAIL PROTECTED] Dr Aki Huhtinen, National Defence College, Helsinki, Finland [EMAIL PROTECTED] Professor Bill Hutchinson, Edith Cowan University, Australia [EMAIL PROTECTED] Andy Jones, QinetiQ Ltd, UK [EMAIL PROTECTED] Professor Arthur Money, Henley Management College, UK [EMAIL PROTECTED] Major Jari Rantapelkonen, Finnish Defence Forces, Helsinki, Finland [EMAIL PROTECTED] Professor Dan Remenyi, Trinity College, Dublin [EMAIL PROTECTED] Commodore Patrick Tyrrell, OBE, Royal Navy Retired, UK [EMAIL PROTECTED] Professor Les Worrall, University of Wolverhampton, UK [EMAIL PROTECTED] CONFERENCE COMMITTEE: The conference programme committee consists of key people in the information systems, information warfare and information security communities around the world. The following people have confirmed their participation: Colin Armstrong (ISA Technologies, Australia), Helen Armstrong (Curtin University Australia), Frank Bannister (Trinity College Dublin, Ireland), Andrew Blyth (University of Glamorgan, UK), Maura Conway (Trinity College Dublin, Ireland), Michael Corcoran (Defence Scientific & Technical Laboratories UK), Dorothy Denning (The Naval Postgraduate School, Dept. of Defense Analysis, USA), John Davey (Department of Defence, Canberra ACT, Australia), Susie Driscoll (UK Ministry of Defence), John Fawcett (University of Cambridge, UK), Steve Furnell (Plymouth University, UK), Kevin Gleason (Mount Ida College, USA), Aki Huhtinen (National Defence College Helsinki, Finland), Bill Hutchinson (Edith Cowan University, Australia), Andy Jones (QinetiQ Ltd), Bill Martin (RMIT, Australia), Graham Mathieson (Defence Scientific & Technical Laboratories UK), Arthur Money (Henley Management College, UK), Chris Morse (Xansa, UK), Lars Nicander (National Defence College, Sweden), Juhani Paavilainen (University of Tampere, Finland), Fred Piper (Royal Holloway University, UK), Jari Rantapelkonen (Finnish Defence Forces, Finland), Andrew Rathmell (Rand Europe), Dan Remenyi (Trinity College Dublin, Ireland), Jill Slay (University of South Australia), David Taylor (CERTUS, UK), Phil Taylor (University of Leeds, UK), Craig Valli, (Edith Cowan University, Australia), Michael Walker (Vodaphone, UK) Mat Warren (Deakin University, Australia), Elfed Weaver (DSTL, Port Talbot, UK), Peter Wild (Royal Holloway University, London), Roy Williams (Open University, UK), Les Worrall (University of Wolverhampton), Simos Xenitellis (Royal Holloway University, London). This call for papers and registration details can be found http://www.mcil.co.uk/conf-management.htm ---------------------------------------------------- (Cybercrime is a major problem. Unfortunately, most of the people seem to love to talk about non existent cyberterrorism whilst cybercrime is hardly ever discussed. WEN) [7] Organised Net crime rising sharply - top UK cop By John Leyden Posted: 09/12/2002 at 07:57 GMT The level of organised crime on the Internet is increasing sharply, the head of the UK's National Hi-Tech Crime Unit warns. In his opening address to the UK's first e-crime congress today, Detective Chief Superintendent Les Hynds is expected to highlight the significant threat posed by organised criminals. "Hi-tech crime is increasing significantly," Hynds warns. "The Internet provides organised crime groups driven by profit with lucrative opportunities in a relatively low risk theatre of operations. "We must question the mindset that recoils from the thought of breaking into a house and stealing; but condones http://www.theregister.co.uk/content/6/28469.html http://news.zdnet.co.uk/story/0,,t269-s2127203,00.html ---------------------------------------------------- (FUD see comment above. WEN) [8] Threat grows of cyber attack by terrorists groups Robin McKie, science editor Sunday December 8, 2002 The Observer Fears are mounting among computer experts that Britain may be becoming increasingly vulnerable to attack by hackers. They believe that both civil and military institutions, as well as major companies, are in danger of a devastating 'cyber attack' - possibly as a prelude to a terrorist assault on the country, or simply as a challenge for expert young computer users. http://www.observer.co.uk/uk_news/story/0,6903,856076,00.html ---------------------------------------------------- [9] Complex Networks Too Easy to Hack By Michael Grebb | 02:00 AM Dec. 09, 2002 PT WASHINGTON -- Internet and telecommunications experts, here on Friday to discuss homeland security, said increasingly complex software operating systems and networks have made it easier than ever to disrupt U.S. communications systems. At the same time, hackers don't need to be highly skilled to wreak havoc. "Over time, we're getting very sophisticated attacks from morons," said Bill Hancock, chair of the cybersecurity focus group of the Network Reliability and Interoperability Council, which coordinates voluntary "best practices" to maintain a streamlined communications infrastructure. http://www.wired.com/news/politics/0,1283,56766,00.html ---------------------------------------------------- [10] Navy preps XML policy Policy seeks to drive data interoperability BY Matthew Frenck Dec. 9, 2002 The Navy Department is finishing a policy that, for the first time, will set standards for the Navy's use of Extensible Markup Language as it attempts to put more of its applications and data online. Navy chief information officer David Wennergren said he expects to sign the final policy this week. The document, which has been widely circulated within the department, will set the standard for how XML will be used within the service so that XML-tagged data is fully interoperable servicewide. The policy will outline how the Navy will implement XML to better find, retrieve, process and exchange data. http://www.fcw.com/fcw/articles/2002/1209/news-xml-12-09-02.asp ---------------------------------------------------- [11] Drop that E-Book or I'll Shoot! With the first ever criminal DMCA trial halfway over, it's already raising novel legal, jurisdictional and ethical challenges. By Mark Rasch Dec 08, 2002 Last Thursday federal prosecutors wrapped up their direct case against Russian software company ElcomSoft for creating and distributing software that would "crack" Adobe's proprietary software designed to prevent copying of electronic books - the defense will argue their side this week. ElcomSoft is a Russian company that has specialized in "password recovery" software. At issue in the case is a software program called the Advanced eBook Processor (AEBPR), a program that exploited insecurities in Adobe's E-book reader to allow a user to essentially convert encrypted and copy-protected E-book text to "naked" or unencrypted plain text. As described by the company, AEBPR "lets users make backup copies of eBooks that are protected with passwords, security plug-ins, various DRM (Digital Rights Management) schemes like EBX and WebBuy, enabling them to be readable with any PDF viewer, without additional plug-ins. In addition, the program makes it easy to decrypt eBooks and load them onto Palm Pilots and other small, portable devices. This gives users -- especially users who read on airplanes or in hotels -- a more convenient option than using larger notebooks with limited battery power to read their eBooks. . . ." http://online.securityfocus.com/columnists/128 ---------------------------------------------------- [12] DOD extends global net BY Dan Caterinicchia Dec. 9, 2002 Two Defense commands have forged a link between their secure wide-area networks (WANs), making it easier for DOD forces and their coalition partners in different areas of the world to share information. The link connects the U.S. Pacific Command's Combined Operations WAN (COWAN), which spans the Asia-Pacific region, with the U.S. Central Command's Combined Enterprise Regional Information Exchange (CENTRIX) system. CENTRIX supports more than 30 participating nations in Europe, the Middle East and Africa. http://www.fcw.com/fcw/articles/2002/1209/tec-global-12-09-02.asp ---------------------------------------------------- [13] Microsoft: IE hole worse than reported By Joe Wilcox init December 9, 2002, 4:33 AM PT Microsoft on Friday raised its threat rating for a security flaw in its Internet Explorer browser to "critical," in response to criticism of its initial assessment of the hole's danger. A representative of Microsoft, which has come under fire for its security policies, said the company had changed its original rating of a flaw in IE versions 5.5 and 6 as a result of comments posted to the Bugtraq online bulletin board by a security consultant. As previously reported by CNET News.com, Thor Larholm, a vulnerability researcher with security consultancy Pivx Solutions questioned Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum posting. http://zdnet.com.com/2100-1105-976440.html ---------------------------------------------------- [14] Security hole exposes Tower Records By Declan McCullagh Special to ZDNet News December 6, 2002, 4:21 AM PT A security hole on Tower Records' Web site exposed data on millions of U.S. and U.K. customers until it was closed late Wednesday. The glitch allowed anyone to peruse Tower Records' Web site to view its database of customer orders dating from 1996 through this week, including home and e-mail addresses, phone numbers and what music or video products were purchased. More than 3 million such records were exposed. "It was a technical error, and when we discovered it we were fairly horrified and we fixed it in a matter of hours," a Tower representative said on Thursday. No credit card numbers appear to have been revealed, the company said. http://zdnet.com.com/2100-1105-976271.html ---------------------------------------------------- [15] Israel, FBI Find Suspected Credit Hacker RAMIT PLUSHNICK-MASTI Associated Press JERUSALEM - Israeli police, aided by the FBI, arrested an Israeli suspected of hacking into computers of a U.S.-based electronics company and stealing personal information, including the credit card numbers of some 80,000 customers, according to court document released Sunday. David Sternberg, 24, of the port city of Haifa, was arrested late Friday while driving in a stolen car, police said. The FBI notified the Israelis he was wanted in 2000 and police began searching for him in 2001, according to the transcript of his detention hearing. http://www.miami.com/mld/miamiherald/news/world/4697613.htm ---------------------------------------------------- [16] Hacker 'DVD Jon' Goes on Trial By Associated Press Page 1 of 1 02:17 PM Dec. 08, 2002 PT OSLO, Norway -- Jon Lech Johansen was only 15 when he wrote and distributed on the Internet for free a program that unlocked copy-protected DVDs, giving Hollywood nightmares and making him a folk hero among hackers. Three years later, he's going on trial in an important test case for Norway's strict laws against computer piracy and hacking. http://www.wired.com/news/business/0,1367,56771,00.html http://www.siliconvalley.com/mld/siliconvalley/business/technology/perso nal_technology/4697274.htm ---------------------------------------------------- [17] Virus Throttle a Hopeful Defense By Michelle Delio | 02:00 AM Dec. 09, 2002 PT Computer viruses and worms live in the fast lane, propagating themselves through a network faster than even the most highly caffeinated techie can purge them from a system. But Matthew Williamson, a researcher at the Hewlett-Packard laboratories in Bristol, England, has come up with a new way to handle the quick-moving cybercritters: Throttle 'em. http://www.wired.com/news/infostructure/0,1377,56753,00.html ---------------------------------------------------- [18] Scientists seek revamped federal supercomputing effort By Bara Vaida, National Journal's Technology Daily In April, Japan rocked the U.S. supercomputer sector, which traditionally has led the world in producing the fastest machinery, with the unveiling of the Earth Simulator, a $400 million product that outpaces the speed of U.S. supercomputers. Now U.S. scientists are hoping that their government will boost spending in fiscal 2004 to keep pace with Japan, whose government paid the Japanese computer firm NEC to create the supercomputer. The Earth Simulator-so named because it aims to create a "virtual earth" that could simulate various climate conditions-matches the raw computing power of 20 of the fastest American computers combined. "There is a fear that our technology leadership could go overseas" unless the United States invests in keeping its lead in high-end computing, said Jim Rottsolk, chairman and CEO of the Cray supercomputer company. http://www.govexec.com/dailyfed/1202/120602td1.htm ---------------------------------------------------- [19] .Net.uk domain granted stay of execution By Kieren McCarthy Posted: 09/12/2002 at 10:07 GMT The underused .net.uk domain has been granted a stay of execution after a meeting of Nominet's Policy Advisory Board decided that still more consultation was needed before a decision on its future was taken. The decision comes after a sub-committee charged with looking at the issue recommended it be closed off to new entrants and slowly wound down. This was thrown out by the PAB in October and reiterated a second time in a meeting on 4 December, leading some to believe the issue is being downplayed in an effort to avoid confrontation. http://www.theregister.co.uk/content/6/28473.html ---------------------------------------------------- [20] New cybersecurity institute to fight online crime By James L. Rosica DEMOCRAT STAFF WRITER With the strokes of their pens, officials from two agencies and a local university created a new partnership to fight online crime. The Florida Department of Law Enforcement, Florida State University and the National White Collar Crime Center agreed Friday to form the Florida Cybersecurity Institute "to provide research, analysis, training and technical assistance relating to cybercrime," representatives said. FDLE Commissioner Tim Moore, FSU's Raymond Bye and Gary Lusher, program manager for the National White Collar Crime Center, signed their names to the agreement at a Friday afternoon press conference. http://www.tallahassee.com/mld/democrat/news/local/4685889.htm ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk