High Tech "NewsBits" for 10/11/99

October 11, 1999 Email Virus Reported Melissa-like worm promises a shortcut to porn links. Antivirus experts have issued an advisory about an email worm that spreads itself in a manner similar to Melissa. The virus, named VBS.Freelink, arrives as an email with the subject line "Check this." The message body reads "Have fun with these links. Bye." The email contains an attachment file called "link.vbs," which infects a system upon execution. http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2350616,00.html - - - - - - - - - - - - - - - - - - - - Experts uncover PC-prying program Russian Web site snared Internet data Computer security experts have discovered an insidious new program that conducts "electronic reconnaissance" of the Internet -- and has been transmitting captured data to a Russian Web site. The stealthy program, which was deciphered this week during a conference in New Orleans, was designed to infect Windows-based PCs without the users' knowledge. http://www.uniontribune.com/news/uniontrib/sat/news/news_1n9cyber.html - - - - - - - - - - - - - - - - - - - - New Zealand Computer Crimes Bill Goes To Committee Amendments to New Zealand law that bring new protections for computer systems have been referred to a select committee after their second reading in parliament. The Crimes Amendment Bill (No.6) will, if passed, create three new computer offenses: the dishonest use of a computer, attempting to dishonestly use a computer, and intentional or reckless serious damage to a computer. Maximum penalties of seven years imprisonment can be applied by the courts. http://www.newsbytes.com/pubNews/99/137481.html - - - - - - - - - - - - - - - - - - - - In Response To: Unplugged! The biggest hack in history The Phonemasters and I In 1994 I was learning as much about computers and telephony as I could possibly take in. Had an extra 500-page manual? I'd digest it in days. Anything related to phones was of particular interest to me. For some reason, the computers that ran the phone systems were interesting and I found myself with an insatiable curiosity for them. http://www.aviary-mag.com/Martin/The_Phonemasters_And_I/the_phonemasters_and _i.html - - - - - - - - - - - - - - - - - - - - Computers keeping track of government money said at risk Lax security and other weaknesses endanger the computer systems handling the government's financial transactions, congressional auditors say. ``Billions of dollars of payments and collections are at significant risk of loss or fraud, vast amounts of sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions,'' the General Accounting Office, the investigative and auditing arm of Congress, said in an Oct. 4 report. http://www.sjmercury.com/svtech/news/breaking/merc/docs/062126.htm - - - - - - - - - - - - - - - - - - - - - Porn on the Web -- 'good thing' or danger to kids? A U.S. panel clashed Friday over whether pornography on the World Wide Web is a ``good thing'' that contributes to the economy, or a danger that sacrifices children on the altar of the First Amendment. The National Press Club forum included representatives from anti-pornography groups, a lawyer who defends people in the pornography industry, a think tank lawyer who favors a broad interpretation of the First Amendment and a former porn film actress. http://www.sjmercury.com/svtech/news/breaking/internet/docs/942561l.htm - - - - - - - - - - - - - - - - - - - - - E-Clubhouse to Give Kids Safe Net Access Two companies are aiming to create a children's alternative to the wide-open Internet, a kind of electronic clubhouse they can access through their television sets. SharkWire Online is intended for children ages 7 to 14. It's a closed electronic community in which they can exchange e-mail, play games and find out about their favorite stuff, from skateboarding to bands. It's a risky idea, with so many young people already comfortable using the Web or America Online from their PCs. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/10/11 /BU67201.DTL - - - - - - - - - - - - - - - - - - - - - - Workers Lament Loss of E-Mail Privacy on Job An AT&T employee is upbraided for exchanging affectionate e-mail notes with his wife, who also works for the company. A PacBell manager is fired for viewing pornographic Web sites at work. And an analyst for the Federal Communications Commission is warned that all Web browsing at work is being monitored. http://www.latimes.com/business/updates/lat_y2k991011.htm - - - - - - - - - - - - - - - - - - - - - - In Theory, Reality, U.S. Open to Cyber-Attack Security: An NSA test exposed vulnerability of critical computer systems to hackers. Outside assault proved it. The ground rules were simple: Use laptop computers purchased at local stores and software downloaded from the Internet. Target only unclassified government computer systems. And see how far you can get. The "Red Team" hackers hit the jackpot. In less than three months, they secretly penetrated computers that control electrical grids in Los Angeles, Washington and other major cities. They broke into networks that direct 911 emergency response systems. They even got access to the Pentagon's National Military Command Center, the heart of America's war fighting operation. http://www.latimes.com/news/nation/19991009/t000091171.html http://straitstimes.asia1.com/cyb/cyb3_1011.html - - - - - - - - - - - - - - - - - - - - - - - Hill axes DOE security funds: $35 billion was sought for IT protections The fiscal 2000 budget could force the Energy Department to scale back cybersecurity plans that chief information officer John Gilligan announced last month. Congress late last month passed a fiscal 2000 appropriations bill for the department that eliminates the $35 million Energy requested to implement the reforms, Energy Secretary Bill Richardson said. The bill has been sent to the White House for the president’s signature. http://www.gcn.com/vol18_no34/news/819-1.html - - - - - - - - - - - - - - - - - - - - - - - Army uses proxy cache engines to foil hackers The Army is using proxy cache engines to protect the nearly 1,000 Web sites the service maintains at offices and on bases within the continental United States. Using the cache engines, the service will mirror each of its sites. The proxy engines will replenish the sites with data from original production sites continually, said Phillip J. Loranger, operations officer for information assurance in the Directorate of Information Systems for Command, Control, Communications and computers (DISC4). http://www.gcn.com/vol18_no34/news/799-1.html - - - - - - - - - - - - - - - - - - - - - - - Bureau performs balancing act to guard against information overload The FBI strives to balance information dominance with information assurance, a senior bureau systems official said last week. “But information dominance and assurance are in direct conflict,” Mark Tanner, the FBI’s information resources manager, said at a GCN Forum luncheon in Washington. In an electronic environment, the bureau must protect national and economic security and fight crimes against individuals, Tanner said. http://www.gcn.com/vol18_no34/news/811-1.html - - - - - - - - - - - - - - - - - - - - - - - Electromagnetic pulse attacks: The wave of the future, panel says The detonation of a small nuclear weapon in the upper atmosphere could lead to widespread paralysis of the nation's critical electronic infrastructure and cripple the Defense Department's ability to wage war, experts warn. http://www.fcw.com/pubs/fcw/1999/1011/web-emp-10-11-99.html - - - - - - - - - - - - - - - - - - - - - - - Complex insecurity: UC Davis helps lead fight to thwart computer hackers In today's world so dependent on computers, the weapons of sabotage are bits, not bombs. Witness last week's news that Russian hackers appear to have invaded Defense Department computers, gaining access to vast amounts of sensitive data. Only slightly less troubling is news of critical computer security lapses at Lawrence Livermore National Laboratories, where some of the nation's most sensitive nuclear research takes place. http://www.sacbee.com/ib/news/ib_news01_19991010.html - - - - - - - - - - - - - - - - - - - - - - - Kashmir-minded Pakistani 'hacktivists' blitz Web sites Since October 1, the two students who make up the Pakistan Hackerz Club have defaced over 40 Web sites, according to a hacking mirror site. From the Mildew Removal Specialists site to several government sites within China, the PHC hasn't shown one overarching pattern in their choice of targets. Not so for the results; almost every site's main page has been replaced with the PHC logo and a treatise in defense of the disputed region of Kashmir as well as graphic photographs depicting charred bodies and wounded Kashmiri children. http://www.cnn.com/TECH/computing/9910/08/pakistani.hack/index.html - - - - - - - - - - - - - - - - - - - - - - - The hacker in all of us In which our intrepid reporter learns how easy it is to suck the guts out of a victim's server -- and how much sheer, unrelenting fun "How do you spell pillage?" asks Fred Norwood, manager of information infrastructure technology at El Paso Energy Corp. in Houston. Twelve of us had just hacked Microsoft Corp.'s crown jewel -- a Windows NT box -- and were copying passwords to our hard drives. http://www.computerworld.com/home/print.nsf/all/991011c592 - - - - - - - - - - - - - - - - - - - - - - - Telephone hacker in court A TEENAGER who discovered how to use a laptop computer to avoid telephone charges illegally made Ł106,000 worth of calls around the world. Paul Spiby, now aged 20, of Cosby, Leicester, used computer-generated tones transmitted down an 0800 line to Nicaragua to fool the overseas exchange into believing he had finished the call. Instead, he was able to keep the line open and dial any number he wanted, Southwark Crown Court was told. For technical reasons he could be charged only with extracting electricity worth a few pence. He was sentenced to 100 hours of community service combined with two years' probation. His equipment was confiscated. http://www.telegraph.co.uk - - - - - - - - - - - - - - - - - - - - - - - Hackers sabotage ministers' website MINISTERS had to shut down their website yesterday after it was sabotaged by computer hackers. The move came a week after security was upgraded because computer experts said it was poor. The hackers caused chaos on the site's home page, altering the text and superimposing the head of Alex Salmond, the Scottish National Party leader, on the picture of Donald Dewar, the First Minister. http://www.telegraph.co.uk:80/et?ac=001897244212554&rtmo=r3Fbtr2X&atmo=rrrrr rrq&pg=/et/99/9/9/nweb09.html - - - - - - - - - - - - - - - - - - - - - - - The Drive for Privacy New legislation would stop DMV from selling drivers' info without consent. The Department of Motor Vehicles knows quite a bit about you before you get behind the wheel. It knows your name, address, height, weight, sex, and what you look like based on your photo. The DMV also knows your range of vision, your Social Security number, and the make and year of your car. In some states it is perfectly legal to sell that information-- without your consent-- to direct marketers, who see the information provided in automotive records as extremely valuable. http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2350934,00.html - - - - - - - - - - - - - - - - - - - - - - - Easy Listening Last month the Justice Department triumphantly announced that telephone companies can now obtain a free software patch designed, in the words of Attorney General Janet Reno, to "correct technological impediments" in the phone system. No, we're not talking about a Y2K fix. In compliance with the Communications Assistance for Law Enforcement Act (CALEA), the engineers at the Canadian company NorTel have added an extra feature to their ubiquitous DMS line of switching systems. In addition to familiar conveniences such as three-way calling and call-waiting, the switches now include a feature that allows law enforcement agencies to listen to your telephone calls with unprecedented ease. http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2348427,00.html - - - - - - - - - - - - - - - - - - - - - - - Hunt for the log files On October 19 and 20 the Ministers of Interior and Justice of the G-8 states will meet in Moscow. A goal is to act together more powerfully in the future against cyber criminality. An appropriate convention is already in preparation in the Council of Europe. http://cryptome.org/g8-hunt.htm (English Translation) http://www.spiegel.de/netzwelt/politik/0,1518,45748,00.html (in German)