Loading ...
Sorry, an error occurred while loading the content.


Expand Messages
  • Fred Cohen
    Review shows hackers accessed 155 federal computer systems At least 155 federal computers systems -- some with sensitive research information or personal data
    Message 1 of 253 , Apr 5, 2001
      Review shows hackers accessed 155 federal computer systems At least 155
      federal computers systems -- some with sensitive research information or
      personal data on Americans -- were temporarily taken over by hackers
      last year, according to a review that found widespread lax computer
      security. The government's lack of safeguards against domestic and
      foreign attackers who struck 32 federal agencies last year is
      ``chilling,'' one congresswoman said. ``I think it would come as quite
      a surprise for most Americans to learn the extent to which these federal
      civilian agencies are the target of attacks by foreign and domestic
      sources bent on espionage or other malicious actions,'' Rep. Billy
      Tauzin, R-La., said at a House Oversight and Investigations hearing


      Pentagon networks attacked 715 times in 2000 The US Army, Navy and Air
      Force combined suffered 715 cyber attacks last year, according to a
      report from the General Accounting Office (GAO) released last week. The
      Navy reported the most attacks, 387, with the Army slightly behind at
      299. The Air Force suffered only 29 attacks in 2000, according to the
      report, 'Information Security -- Challenges to Improving DOD's Incident
      Response Capabilities.' The report says the three services suffered only
      600 cyber attacks in 1999 -- significantly less than the 22,144
      electronic assaults reported by the Defense Information Systems Agency
      (DISA), the Pentagon's IT arm, for that year.


      Pentagon cyber defense impaired -- report The US military's ability to
      defend against cyber attacks is hampered by a dearth of coordination
      among the armed services, and a poorly implemented alert system,
      according to a new report by government investigators. The report,
      "Information Security -- Challenges to Improving DOD's Incident Response
      Capabilities," was issued last week by the General Accounting Office
      (GAO), Congress' investigative arm. It found the Defense Department
      lacks a coordinated approach to ensuring that its systems are patched
      against the latest software vulnerabilities, and to conducting security
      assessments. According to the report, the armed services performed over
      150 computer security assessments last year, including some simulated
      hack attacks by a National Security Agency (NSA) red team, and
      identified hundreds of vulnerabilities in defense systems. But those
      audits were not coordination and prioritized.


      General says the "cyber" threat is real. "My view is that as we look at
      our computer systems, we'd be kidding ourselves if we thought they
      weren't vulnerable," said Air Force Gen. Ralph E. Eberhart, U.S.
      Space Command commander in chief, during a March 28 interview with the
      American Forces Information Service. Eberhart's command assumed
      responsibility for computer network defense in 1999, he said. The
      following year, it picked up the mission of computer network attack.
      Today's threats against DoD -- and private sector -- computer systems
      run the spectrum from the curious, bored high school or college student
      to state-sponsored 'cyber' war or computer network attack, he said.


      House members watch DOE official hack into federal computers Members of
      Congress watched Thursday as an Energy Department cybersecurity expert
      hacked into a computer hooked to the Internet, underscoring the federal
      government's vulnerability to international information warfare.
      Members of the House Energy and Commerce Committee's Subcommittee on
      Oversight and Investigations looked on as Jason Bellone, a member of
      Energy's Office of Cybersecurity and Special Reviews, broke passwords
      again and again with tools available for free download over the
      Internet. The federal government stores vast amounts of sensitive data,
      said full committee chairman Billy Tauzin, R-La. And when it comes to
      computer security we are barely treading water. In this increasingly
      interconnected world, we're either going to prioritize our resources
      better to meet this challenges ... or we're going to find ourselves in
      deep, deep trouble, Tauzin said.


      FBI struggles to retain cybercrime experts The FBI suffers from a high
      turnover of experts in cybercrime but continues to get quality people,
      FBI Director Louis Freeh said Wednesday. "There's a bull market" for
      skilled FBI cyber-crime workers, Freeh told a World Economic Forum event
      held at the U.S. Chamber of Commerce. In order to keep workers in the
      agency, he said, "we basically rely on people's patriotism." That can be
      difficult when agency employees earning $50,000 to $55,000 interact
      every day with former FBI workers now making six figures in the private
      sector, he said. Fortunately for the agency, the number of qualified
      applicants continues to far outnumber the job vacancies. The number of
      criminal cases involving computer technology is growing exponentially,
      Freeh said, and the top challenge facing the FBI in working against
      cybercrime is maintaining the balance between protecting personal
      privacy and enforcing laws. He said the same constitutional balance
      between privacy and the necessity of a government to stop crimes should
      apply to the electronic age.


      Companies taking over cyberalerts Federal agencies soon will have a
      commercial resource at their beck and call when dealing with security
      vulnerabilities and cyberattacks. The Federal Computer Incident
      Response Capability, the central civilian organization for security
      alerts and recovery, last week signed a contract with Science
      Applications International Corp. and its partner Global Integrity
      Information Security to provide the day-to-day operations for the
      center. Responsibilities include issuing vulnerability alerts and
      helping agencies respond and recover when actually hit with a
      cyberattack, said Dave Jarrell, director of FedCIRC, which is based at
      the General Services Administration.


      Bush, citing privacy, swears off E-Mailing family President Bush has
      sworn off e-mail as a form of communication, citing privacy concerns.
      Bush used to have a wide circle of family and friends to whom he
      exchanged e-mails as a way to stay in touch, particularly during his
      presidential campaign when he traveled frequently. But that has come to
      a screeching halt now that Bush is in the White House. ``I used to be
      an avid e-mailer, and I e-mailed to my daughters or e-mailed to my
      father, for example, and I don't want those e-mails to be in the public
      domain,'' Bush said on Thursday to the American Society of Newspaper
      Editors. He said he does not e-mail out of concern his private
      communications could be subject to freedom of information laws and could
      be made public. Bush said, however, that his administration will
      cooperate fully with freedom of information requests if they do not
      jeopardize national security.

    • Glenn Williamson
      Fred and all, I understand the need for information as it relates to IWAR, but I do not see how a story that pertains to billions of burgers served at
      Message 253 of 253 , Sep 7, 2001
        Fred and all,

        I understand the need for information as it relates to IWAR, but I do not
        see how a story that pertains to billions of burgers served at
        establishments throughout the world involves IWAR. I may be wrong, but what
        one perceives as IWAR now encompasses burger joints and how they get their
        product to market. I am not in agreement with certain companies and the way
        they conduct business, but does it relate to IWAR, unless by generating this
        information across communication channels, one considers it Information
        Warfare and gaining support for Anti-McDonald's Day.

        Ok, that was my 2 cents, I will not say they are right, no offence to
        Mcd's but there will always be people who protest. Does it = IWAR or
        Information Propaganda.

        Glenn Williamson

        -----Original Message-----
        From: Fred Cohen [mailto:fc@...]
        Sent: Thursday, September 06, 2001 11:24 PM
        To: Information Warfare Mailing List
        Subject: [iwar] news

        September 2001

      Your message has been successfully submitted and would be delivered to recipients shortly.