SECUR> From Institute for Security and Technology Studies.

• From: Gleason Sackmann <gleason@xxxxxxxxxxxxxxx>
• To: NetHappenings <nethappenings@xxxxxxxxxxxxx>
• Date: Tue, 11 Feb 2003 11:16:56 -0600

**************************************************************
Net Happenings - From Educational CyberPlayGround
**************************************************************

**************************************************************************
Educational CyberPlayGround links to Technology
<http://www.edu-cyberpg.com/Technology/Home_TECHNOLOGY.html>
Find Information on Security for
Teachers, Administrators, Ed. Tech, and Classroom Resources
**************************************************************************

 From Institute for Security and Technology Studies.

DOD plans network attack task force
The Defense Department is planning to form a joint task force focused
solely on computer network attack (CNA) as part of the ongoing
reorganization of U.S. Strategic Command (Stratcom). Stratcom's Joint Task
Force-Computer Network Operations is currently charged with defending all
DOD networks from attack, as well as initiating cyberattacks when
instructed by the president or Defense secretary. The reorganization will
split the task force in two, one responsible for defense, and another for
attack. Army Maj. Gen. J. David Bryan, commander of Stratcom's JTF-CNO,
would not say whether the United States has ever launched a cyberattack
against an enemy, only that internal CNA exercises have been conducted.
Loren Thompson, a defense analyst at the Lexington Institute,
disagrees--considering the thousands of cyberattacks DOD defends itself
from daily, and larger operations like the attack on the Internet's root
servers late last year, she considers it "unbelievable if the U.S. is not
mounting similar operations in response." A DOD spokesman said that CNA is
"bound by largely the same rules that apply to any war strategy or
tactic--very clear rules of engagement will prove necessary."
http://www.fcw.com/fcw/articles/2003/0203/web-net-02-07-03.asp

Firms' hacking-related insurance costs soar
Many insurance companies, in reaction to rising claims for cracker-related
losses, will stop covering damages from cybercrimes under general
liability, and instead require companies to purchase stand alone "network
risk insurance." Losses from computer crime are expected to increase 25% to
$2.8 billion in the USA this year, says market researcher TruSecure.
Network risk insurance is expected to jump from a $100 million market today
to $900 million by 2005, market researcher Gartner says. The Bush
administration has called for greater insurance coverage of cyberthreats in
drafts of its "National Strategy to Secure Cyberspace." Network risk
insurance may also require companies to pay for an upfront security
assessment of their networks, on top of their premiums.
http://www.usatoday.com/money/industries/technology/2003-02-09-hacker_x.htm

Three suspected hackers arrested in U.K., U.S.
Two men in Durhamshire, England, a 19-year-old electrician and a
21-year-old unemployed man, as well as a 17-year-old in Champaign,
Illinois, have been arrested in connection with a little-known Internet
worm called TK that infected about 18,000 computers around the world and
caused $9 million in damages. The TK worm exploits a vulnerability that is
found on some Microsoft Corp. Internet Information Server Web servers. A
patch to fix that bug was issued in May 2001. Infected systems were under
the control of the hacking group THr34t-Krew, and could be used to stage
denial-of-service attacks. The arrests were coordinated between the U.K.'s
National Hi-Tech Crime Unit (NHTCU) and the U.S. multiagency Computer and
Technology Crime Hi-Tech Response Team (CATCH).
http://www.computerworld.com/securitytopics/security/story/0,10801,78310,00.html?SKC=security-78310

A Sordid Tale
The author chronicles an incident at his company which hackers targeted for
an extortion scam, planting pornography on employee computers, then
blackmailing the employees, threatening to inform their employers. The
security department was able to check and analyze systems logs to show that
the employees had not in fact downloaded the pornography. Over 30 employees
were targets of the scam, though only one informed management. The
employees cited fear of losing their jobs as reason for not coming forward.
Some employees had even given the extortionists their credit card numbers.
The company's Internet Security department informed the manager that about
10 such scams happen a year, and tracking them down is now a standard
operation.
http://www.idg.net/ic_1145409_9676_1-5122.html

Pair who hacked court get 9 years
William Grace and Brandon Wilson have been sentenced to nine years in
prison on 72 counts of illegally entering a computer system and editing
data and seven counts of conspiracy to commit extortion. Grace copied a
system password while working as a consultant at a police station located
at a local Indian tribe's casino operations. The pair used the password to
access Riverside County, Calif. court computers and dismiss a number of
cases, including Wilson's own drug possession case. They also extorted
customers of a web site dealing with gay issues, after Grace obtained the
customer list while acting as a consultant. Several victims came forward,
and the court noticed an unusual amount of activity on the court's system
at odd hours, leading to the pair's arrest. The penalty was stiffer than
usual, since their crimes interfered with court integrity.
http://www.msnbc.com/news/870163.asp?0si=-

Labels battle to hold onto DMCA win
The Recording Industry Association of America (RIAA) is fighting to
preserve an initial courtroom victory over Verizon.  In a strongly worded
brief, RIAA argued that Verizon was merely attempting to "evade its
responsibility under the law."  Verizon has asked the court to stay an
order to comply with a RIAA subpoena forcing to Verizon to reveal the
identity of a Verizon user that RIAA claims is violating copyrights by
sharing music files through the Kazaa peer to peer software
program.  Verizon claims that the subpoena threatens to force revealing the
identity of "hundreds or thousands of suspected peer to peer pirates at a
time."  Civil liberties groups have come to the support Verizon.  Verizon
has appealed last month's order to comply with the DMCA subpoena, but the
US Court of Appeals for the District of Columbia will not hear the case
until US district judge John Bates decides, possibly in the next few weeks,
to grant a stay or not.  Meanwhile, RIAA, if it prevails, seems intent on
pursuing other Internet Service Providers as well.  Last week RIAA sent
EarthLink a DMCA subpoena for the identification of a single peer-to-peer user.
http://news.zdnet.co.uk/story/0,,t269-s2130153,00.html


Europe threatens to invade ICANN
The executive chairman of the U.K. registry Nominet, Dr. Willie Black, has
questioned the U.S. Department of Commerce's likely decision to extend
ICANN's responsibility for arranging and maintaining worldwide Internet
registries.  In a letter sent to the Assistant Secretary for Communications
and Information, Nancy Victory, Dr. Black raises questions about ICANN's
ability to provide both its concensus-making role and its operational
role.  He also lambasts ICANN for failing to listen to any criticism, for
abusing its position in an attempt to force its control over all Internet
domains worldwide and for confusing its political policy-making role with
the technical side of maintaining Internet registries.  The U.S. Department
of Commerce appeared to have concealed an attempt to give ICANN an
automatic extension, by placing an obscure notice on the through its
National Oceanic and Atmospheric Administration division asking for
feedback on its intention to give ICANN the role of managing all domain
names, IP addresses and provide effective control over worldwide
registries. The notice was only discovered on 3 February by ICANN watchdog
site ICANNwatch.
http://www.theregister.co.uk/content/6/29259.html

Week in review: Assessing damages
The Slammer worm infected 90 percent of its victims within the first 10
minutes.  It also appears to have doubled in size every 8.5 seconds,
reaching a rate of more than 55 million scans per second after three
minutes.  This makes Slammer qualify as a "Warhol" worm, because it could
infect the entire Internet within 15 minutes.  Slammer caused an estimated
$1 billion worth of lost productivity, making it the 9th most malicious
worm in history.  Microsoft has released Slammer identification and
eradication tools.  Though it might not have merit, a South Korean rights
group claims that it is considering a class-action suit against Microsoft
for not doing its utmost to prevent the widespread proliferation of the bug.
http://zdnet.com.com/2100-1105-983720.html

On the trail of a stolen Tablet PC
Tracking information from security software has allowed Devon Police
(England) to recover a stolen Tablet PC and make an arrest. The Acer Tablet
was stolen from Newbury, Berkshire-based IT reseller Eurotechnix December
2002. The PC was loaded with security tracking software, called Computrace,
which allowed its location to be determined once the PC was plugged onto
the Net. Computrace is offered as an option on laptops Eurotechnix sells or
those from other supplies. The technology involves a tamper resistant agent
that resides on the hard disk of PCs. Formatting a drive will not erase
this agent. When a computer is reported as stolen to Eurotechnix, a
tracking system is initiated, and the next time the computer is connected
to the internet, it reports the IP address it is using, and the phone
number of the line it is connected to, which Eurotechnix then passes on to
police. Since the service went live in September 2001, around 40 to 50
stolen PCs have been traced in Europe u!
sing Computrace.

http://www.theregister.co.uk/content/55/29242.html

**************************************************************
The Net Happenings mailing list is a service of
Educational CyberPlayGround - http://www.edu-cyberpg.com/
**************************************************************
Linking and Announcements For Net Happenings are provided
by http://www.EricWard.com and http://www.URLwire.com
**************************************************************
If you have any questions, concerns, suggestions, or
would like to sponsor the Net Happenings service -
<http://www.edu-cyberpg.com/Community/Subguidelines.html>

Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/NetHappenings.html>
**************************************************************

Other related posts:

• » SECUR> From Institute for Security and Technology Studies.

1. Home
2. nethappenings
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---