October 7, 1999 Russia linked to data raid FBI: Troves of sensitive U.S. government files compromised. In what appears to be the most extensive cyber-attack ever aimed at the U.S. government, hackers apparently working from Russia have systematically broken into Defense Department computers for more than a year and plundered vast amounts of sensitive information, U.S. officials said Wednesday. http://www.mercurycenter.com/premium/front/docs/cyber07.htm Russia says spies not linked to U.S. computer raids Reports that someone in Russia stole information from U.S. military computers do not prove a Kremlin cyber-spy ring has been uncovered, Russia's Foreign Intelligence Service said Thursday. Michael Vatis of the U.S. Federal Bureau of Investigation told a Senate sub-committee Wednesday the FBI thought computer hackers located in Russia had filched sensitive information from U.S. military networks. http://www.sjmercury.com/svtech/news/breaking/reuters/docs/934185l.htm - - - - - - - - - - - - - - - - - - - - - - - - FBI Lagging Behind on Cyber Crime More than a year after President Clinton warned that criminals, terrorists and foreign foes could paralyze the nation's computer systems, federal officials acknowledged yesterday that hackers have broken into Defense Department networks from overseas while the FBI office in charge of America's cyber security is still more virtual than real. http://www.washingtonpost.com/wp-srv/national/daily/oct99/cyber7.htm Federal security plan will seek corporate buy-in Federal officials say they need private-sector "buy-in" to protect critical public and private information systems. But these officials also acknowledged at a congressional hearing today that they must first take care of their own security problems, including an ongoing cyberattack that is originating out of Russia. http://www.computerworld.com/home/news.nsf/all/9910063usasecure G-Man Warns of Industrial Espionage but Says There's No Evidence of It Yet It may be possible for foreign governments to sneak trap doors into computers under the guise of fixing Y2K problems, but a federal official says he has no evidence it's happening. http://www.apbnews.com/newscenter/internetcrime/1999/10/06/y2k1006_01.html?s=emil - - - - - - - - - - - - - - - - - - - - - - - - Net Sabotage a Hot Topic on Capitol Hill If you believe your technical support team when it tells you that the corporate Internet firewall will withstand any assault, there's a bridge in Brooklyn you might be interested in buying. That's the word from administration officials who testified today before the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information. http://www.thestandard.net/articles/display/0,1449,6817,00.html?rm.tnf Government and business may be frantically preparing to fight off the Y2K computer bug, but a new congressional study says dealing with that problem is only the start of the threats facing the nation's computer network. http://www.apbnews.com/newscenter/internetcrime/1999/10/06/computers1006_01.html?s=emil - - - - - - - - - - - - - - - - - - - - - - - - Federal Anti-Cyberterrorism Plan Expected Soon The first draft of a plan to protect the nation's physical and cyber- based systems essential to the minimum operations of the economy and government will see the light of day either in the later part of October or the first part of November, a top administration official told a Senate subcommittee today. http://www.newsbytes.com/pubNews/99/137382.html Lack of systems security skills reaching critical mass for feds A leading national security expert on Wednesday told Congress that the shortage of skilled information systems security personnel throughout the government has reached crisis proportions and has contributed to the recent spate of intrusions into federal networks. http://www.fcw.com/pubs/fcw/1999/1004/web-infosec-10-07-99.html - - - - - - - - - - - - - - - - - - - - - - - - Security weaknesses prevalent at Treasury's FMS Systematic security weaknesses at the Treasury Department's Financial Management Service could leave the billions of dollars collected and paid out by the organization open to fraud, according to the General Accounting Office. The weaknesses stem from the lack of a centralized enterprise security management plan, despite a 1998 GAO report that pointed out the need for one. In this year's audit, GAO found that FMS had taken action to improve security. But three of the seven FMS centers have made little or no progress, and the most recent audit found new weaknesses, the report stated. http://www.fcw.com/pubs/fcw/1999/1004/web-fms-10-06-99.html - - - - - - - - - - - - - - - - - - - - - - - - Bill enhances DOE security President Clinton on Tuesday signed into law a bill that calls for sweeping changes to the security posture of the Energy Department, including a provision to create a new cybersecurity "red team" to conduct real-time evaluations of DOE computer networks. The changes at DOE were approved as part of the $289 billion Defense authorization bill, which sets spending limits for the Defense Department and national security-related activities of DOE. http://www.fcw.com/pubs/fcw/1999/1004/web-doe-10-06-99.html - - - - - - - - - - - - - - - - - - - - - - - - Space Command to oversee computer defense In a sign that the Pentagon sees a growing threat from cyber-warfare, it is assigning to U.S. Space Command the responsibility for defending the military's computer networks, officials said today. Space Command, headed by Air Force Gen. Richard Myers and headquartered in Colorado Springs, Colo., also will develop cyber-attack capabilities starting in October 2000, a senior U.S. military officer said. http://www.sjmercury.com/svtech/news/breaking/merc/docs/019679.htm - - - - - - - - - - - - - - - - - - - - - - - - Redstone team keeps hackers at bay Security specialists monitor arsenals computer network, respond to signs of intrusion The state of Tennessee and Redstone Arsenals computer security team in Huntsville both noticed something suspicious going on over the Internet about two months ago. A Tennessee high school student was carrying out a common computer hacker technique called scanning. He had found a server used by the U.S. Army Aviation and Missile Command on Redstone Arsenal and was searching through all the possible ports of entry for a way to break in. http://www.al.com/news/huntsville/Oct1999/6-e13124.html - - - - - - - - - - - - - - - - - - - - - - - - Cracker Ring Busted As reported in the Wall Street Journal, a large cracker ring was busted by the FBI. The eleven member ring known as the "Phonemasters" was busted by Michael Morris of the Dallas FBI office. Mr. Calvin Cantrell of the Phonemasters pleaded guilty and was sentenced to 41 months in prison two weeks ago. This may be the biggest bust of a cracker ring in the history of network computing. The Phonemasters are accused of breaking into AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp. They also broke into credit-reporting databases belonging to Equifax Inc. and TRW Inc., as well as the databases of Nexis/Lexis and Dun & Bradstreet. http://netsecurity.about.com/internet/security/netsecurity/library/weekly/aa 100599.htm - - - - - - - - - - - - - - - - - - - - - - - - Taking hacker to court not so easy Lawyers say that computer laws here might not be enough if hacker, mistuh clean, is a foreigner and lives abroad A POLICE report may have already been filed, but legal and territorial issues could get in the way of finding and punishing the hacker who recently defaced several local websites. http://straitstimes.asia1.com/cyb/cyb1_1007.html - - - - - - - - - - - - - - - - - - - - - - - - Watch where you surf: Xerox, cracking down on porn surfing at work, has fired 40 employees for checking out Net porn from the office. http://www.theregister.co.uk/991007-000006.html - - - - - - - - - - - - - - - - - - - - - - - - Early Release A PR site accidentally showed company news too soon, possibly giving day traders a head start. A security glitch in the PR Newswire site last week enabled anyone with a Web browser to view company press releases at least 10 minutes before they were made available on the site. http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2348305,00.html - - - - - - - - - - - - - - - - - - - - - - - - Spam watchdog floats new service ideas A year-old organization devoted to controlling spam is preparing new proposals designed to give ISPs more options in fighting a problem that for many people is the biggest downside to having e-mail. The Mail Abuse Prevention System (MAPS) already offers subscribers free access to its Realtime Blackhole List (RBL) of IP addresses of spammers and IP networks that accommodate spammers, even those that do so inadvertently. http://www.networkworld.com/news/1999/1007rbl.html