************************************************************** Net Happenings - From Educational CyberPlayGround ************************************************************** ************************************************************************** Educational CyberPlayGround links to Technology <http://www.edu-cyberpg.com/Technology/Home_TECHNOLOGY.html> Find Information on Security for Teachers, Administrators, Ed. Tech, and Classroom Resources ************************************************************************** From Institute for Security and Technology Studies. DOD plans network attack task force The Defense Department is planning to form a joint task force focused solely on computer network attack (CNA) as part of the ongoing reorganization of U.S. Strategic Command (Stratcom). Stratcom's Joint Task Force-Computer Network Operations is currently charged with defending all DOD networks from attack, as well as initiating cyberattacks when instructed by the president or Defense secretary. The reorganization will split the task force in two, one responsible for defense, and another for attack. Army Maj. Gen. J. David Bryan, commander of Stratcom's JTF-CNO, would not say whether the United States has ever launched a cyberattack against an enemy, only that internal CNA exercises have been conducted. Loren Thompson, a defense analyst at the Lexington Institute, disagrees--considering the thousands of cyberattacks DOD defends itself from daily, and larger operations like the attack on the Internet's root servers late last year, she considers it "unbelievable if the U.S. is not mounting similar operations in response." A DOD spokesman said that CNA is "bound by largely the same rules that apply to any war strategy or tactic--very clear rules of engagement will prove necessary." http://www.fcw.com/fcw/articles/2003/0203/web-net-02-07-03.asp Firms' hacking-related insurance costs soar Many insurance companies, in reaction to rising claims for cracker-related losses, will stop covering damages from cybercrimes under general liability, and instead require companies to purchase stand alone "network risk insurance." Losses from computer crime are expected to increase 25% to $2.8 billion in the USA this year, says market researcher TruSecure. Network risk insurance is expected to jump from a $100 million market today to $900 million by 2005, market researcher Gartner says. The Bush administration has called for greater insurance coverage of cyberthreats in drafts of its "National Strategy to Secure Cyberspace." Network risk insurance may also require companies to pay for an upfront security assessment of their networks, on top of their premiums. http://www.usatoday.com/money/industries/technology/2003-02-09-hacker_x.htm Three suspected hackers arrested in U.K., U.S. Two men in Durhamshire, England, a 19-year-old electrician and a 21-year-old unemployed man, as well as a 17-year-old in Champaign, Illinois, have been arrested in connection with a little-known Internet worm called TK that infected about 18,000 computers around the world and caused $9 million in damages. The TK worm exploits a vulnerability that is found on some Microsoft Corp. Internet Information Server Web servers. A patch to fix that bug was issued in May 2001. Infected systems were under the control of the hacking group THr34t-Krew, and could be used to stage denial-of-service attacks. The arrests were coordinated between the U.K.'s National Hi-Tech Crime Unit (NHTCU) and the U.S. multiagency Computer and Technology Crime Hi-Tech Response Team (CATCH). http://www.computerworld.com/securitytopics/security/story/0,10801,78310,00.html?SKC=security-78310 A Sordid Tale The author chronicles an incident at his company which hackers targeted for an extortion scam, planting pornography on employee computers, then blackmailing the employees, threatening to inform their employers. The security department was able to check and analyze systems logs to show that the employees had not in fact downloaded the pornography. Over 30 employees were targets of the scam, though only one informed management. The employees cited fear of losing their jobs as reason for not coming forward. Some employees had even given the extortionists their credit card numbers. The company's Internet Security department informed the manager that about 10 such scams happen a year, and tracking them down is now a standard operation. http://www.idg.net/ic_1145409_9676_1-5122.html Pair who hacked court get 9 years William Grace and Brandon Wilson have been sentenced to nine years in prison on 72 counts of illegally entering a computer system and editing data and seven counts of conspiracy to commit extortion. Grace copied a system password while working as a consultant at a police station located at a local Indian tribe's casino operations. The pair used the password to access Riverside County, Calif. court computers and dismiss a number of cases, including Wilson's own drug possession case. They also extorted customers of a web site dealing with gay issues, after Grace obtained the customer list while acting as a consultant. Several victims came forward, and the court noticed an unusual amount of activity on the court's system at odd hours, leading to the pair's arrest. The penalty was stiffer than usual, since their crimes interfered with court integrity. http://www.msnbc.com/news/870163.asp?0si=- Labels battle to hold onto DMCA win The Recording Industry Association of America (RIAA) is fighting to preserve an initial courtroom victory over Verizon. In a strongly worded brief, RIAA argued that Verizon was merely attempting to "evade its responsibility under the law." Verizon has asked the court to stay an order to comply with a RIAA subpoena forcing to Verizon to reveal the identity of a Verizon user that RIAA claims is violating copyrights by sharing music files through the Kazaa peer to peer software program. Verizon claims that the subpoena threatens to force revealing the identity of "hundreds or thousands of suspected peer to peer pirates at a time." Civil liberties groups have come to the support Verizon. Verizon has appealed last month's order to comply with the DMCA subpoena, but the US Court of Appeals for the District of Columbia will not hear the case until US district judge John Bates decides, possibly in the next few weeks, to grant a stay or not. Meanwhile, RIAA, if it prevails, seems intent on pursuing other Internet Service Providers as well. Last week RIAA sent EarthLink a DMCA subpoena for the identification of a single peer-to-peer user. http://news.zdnet.co.uk/story/0,,t269-s2130153,00.html Europe threatens to invade ICANN The executive chairman of the U.K. registry Nominet, Dr. Willie Black, has questioned the U.S. Department of Commerce's likely decision to extend ICANN's responsibility for arranging and maintaining worldwide Internet registries. In a letter sent to the Assistant Secretary for Communications and Information, Nancy Victory, Dr. Black raises questions about ICANN's ability to provide both its concensus-making role and its operational role. He also lambasts ICANN for failing to listen to any criticism, for abusing its position in an attempt to force its control over all Internet domains worldwide and for confusing its political policy-making role with the technical side of maintaining Internet registries. The U.S. Department of Commerce appeared to have concealed an attempt to give ICANN an automatic extension, by placing an obscure notice on the through its National Oceanic and Atmospheric Administration division asking for feedback on its intention to give ICANN the role of managing all domain names, IP addresses and provide effective control over worldwide registries. The notice was only discovered on 3 February by ICANN watchdog site ICANNwatch. http://www.theregister.co.uk/content/6/29259.html Week in review: Assessing damages The Slammer worm infected 90 percent of its victims within the first 10 minutes. It also appears to have doubled in size every 8.5 seconds, reaching a rate of more than 55 million scans per second after three minutes. This makes Slammer qualify as a "Warhol" worm, because it could infect the entire Internet within 15 minutes. Slammer caused an estimated $1 billion worth of lost productivity, making it the 9th most malicious worm in history. Microsoft has released Slammer identification and eradication tools. Though it might not have merit, a South Korean rights group claims that it is considering a class-action suit against Microsoft for not doing its utmost to prevent the widespread proliferation of the bug. http://zdnet.com.com/2100-1105-983720.html On the trail of a stolen Tablet PC Tracking information from security software has allowed Devon Police (England) to recover a stolen Tablet PC and make an arrest. The Acer Tablet was stolen from Newbury, Berkshire-based IT reseller Eurotechnix December 2002. The PC was loaded with security tracking software, called Computrace, which allowed its location to be determined once the PC was plugged onto the Net. Computrace is offered as an option on laptops Eurotechnix sells or those from other supplies. The technology involves a tamper resistant agent that resides on the hard disk of PCs. Formatting a drive will not erase this agent. When a computer is reported as stolen to Eurotechnix, a tracking system is initiated, and the next time the computer is connected to the internet, it reports the IP address it is using, and the phone number of the line it is connected to, which Eurotechnix then passes on to police. Since the service went live in September 2001, around 40 to 50 stolen PCs have been traced in Europe u! sing Computrace. http://www.theregister.co.uk/content/55/29242.html ************************************************************** The Net Happenings mailing list is a service of Educational CyberPlayGround - http://www.edu-cyberpg.com/ ************************************************************** Linking and Announcements For Net Happenings are provided by http://www.EricWard.com and http://www.URLwire.com ************************************************************** If you have any questions, concerns, suggestions, or would like to sponsor the Net Happenings service - <http://www.edu-cyberpg.com/Community/Subguidelines.html> Subscribe | Unsubscribe | Change Email Preferences - <http://www.edu-cyberpg.com/Community/NetHappenings.html> **************************************************************