Copy Link
Add to Bookmark
Report
hwa-hn22
1
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99=] Number 22 Volume 1 1999 June 26th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth
and airportman for the Cubesoft bandwidth. Also shouts out to all our
mirror sites! tnx guys.
http://www.csoft.net/~hwa
http://www.digitalgeeks.com/hwa
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://packetstorm.harvard.edu/hwahaxornews/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
Note:
* *
This issue covers events from June 6th thru June 26th so don't be too
* rough on me, I know this is a weekly production but I had to do 3 wks *
in only a few days so forgive some of the bad formatting.
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #22
=-----------------------------------------------------------------------=
We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi...
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #22
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. AntiOnline crosses the line......................................
03.1 .. More Questions Raised about John Vranesevich and AntiOnline .....
04.0 .. The Difficulties of Reporting the Underground....................
05.0 .. Mitnick Demonstrations Deemed a Huge Success ....................
06.0 .. New Trojan/Virus, PrettyPark ....................................
06.1 .. The rampage continues ...........................................
07.0 .. Eight Arrested in California (Piracy)............................
08.0 .. 278 Internet Cafes Disciplined ..................................
09.0 .. Forbidden Knowledge Issue #5 ....................................
10.0 .. f41th Issue 6 ...................................................
11.0 .. Antidote Vol2 Issue 7 ...........................................
12.0 .. Will the Allies Drop CyberBombs on Milosevic? ...................
13.0 .. Melissa Suspect Still not Charged ...............................
14.0 ..*ToorCon '99 Security Expo --------- DATE CHANGED! -----------....
15.0 .. ISS Gets Free Advertising .......................................
16.0 .. Accounting Firms also get Free Advertising ......................
17.0 .. Analyzer Starts Computer Security Business ......................
18.0 .. $2.9Bil in Piracy in The US......................................
19.0 .. Congress and NSA tangle over Echelon.............................
20.0 .. Emutronix Phone Hacking Products releases new Mach emulator......
21.0 .. Is That Spelled With a "PH" or an "F" ...........................
22.0 .. The Demonizing of the Hacker ....................................
23.0 .. More Email Worms/Trojan .........................................
24.0 .. Stanford Searches for "Hacker" ..................................
25.0 .. Mitnick Demo Pictures now Available..............................
26.0 .. Does Cracking Affect Consumer Confidence? .......................
27.0 .. Worm.ExploreZip is Causing Massive Damage .......................
28.0 .. Don't Forget About BackDoor-G, it is Still Around ...............
29.0 .. MS Antritrust Trial Looks at Security ...........................
30.0 .. Web Defacements Hindering Open Government .......................
31.0 .. Worm.ExploreZip Continues its Rampage ...........................
32.0 .. Senate web site hacked again(!)..................................
33.0 .. Mitnick Sentencing Hearing Rescheduled ..........................
34.0 .. Russia Looks to Beef Up its Version of Echelon...................
35.0 .. Company Claims CyberAttack by Competitor ........................
36.0 .. LA set to Allow Internet Voting .................................
37.0 .. CCC Camp Shapes Up ..............................................
38.0 .. Hong Kong Makes Major Piracy Bust ...............................
39.0 .. Ernst & Young Profile ...........................................
40.0 .. What is Your Privacy Worth? .....................................
41.0 .. BSA Tactics Condemned by UK .....................................
42.0 .. US Allows 128bit SSL Into Japan .................................
43.0 .. Terroist About to Cause Electronic Chaos ........................
44.0 .. Major Remote Hole Found in IIS ..................................
45.0 .. Outlook Express 4.5 Email Bug ...................................
46.0 .. Major Pirates Convicted .........................................
47.0 .. Fear of Y2K Raises Security Concerns ............................
48.0 .. Israeli Banks Thwart Attempted Cyber Break-In ...................
49.0 .. Navy Wants Tighter Network Security .............................
50.0 .. IIS Hole Continues to Make News/Fix Available ...................
51.0 .. World Braces for International Day of Action ....................
52.0 .. ECD Targets Mexican Government ..................................
53.0 .. Cyber Attacks in Australia Double ...............................
54.0 .. SmartCards Next Stop for Internet Crime .........................
55.0 .. Internet Was Designed without Security ..........................
56.0 .. Original Apple I On the Auction Block ...........................
57.0 .. Microsoft Calls eEye Irresponsible ..............................
58.0 .. Has the FBI Overreacted? .......................................
59.0 .. Printer at Spa War Compromised .................................
60.0 .. Popular Singapore Sites Defaced .................................
61.0 .. DOD Says its CRAP! (Mustn't be Scottish) ........................
62.0 .. DOE Still Unsecure .............................................
63.0 .. Terrorists Use the Net .........................................
64.0 .. Beat the CIA at their own game? - crypto sculpture cracking .....
65.0 .. Pirates of Silicon Valley .......................................
66.0 .. .mil hacker cartoon .............................................
67.0 .. If Software Breaks Who is Liable? . .............................
68.0 .. Trinux Release 0.61 ............................................
69.0 .. Australia Looks to Increase Local Police Powers ................
70.0 .. Aussie Gov Downloads Porn ......................................
71.0 .. Software Glitch or Security Breach .............................
72.0 .. Viruses Cost Companies Big Dough ...............................
73.0 .. B4B0 Issue 8 Released. .........................................
74.0 .. f41th Issue 7 ..................................................
75.0 .. DOD Considers New Network ......................................
76.0 .. NCIS Calls For National Computer Crime Squad ...................
77.0 .. !Hispahack Found Not Guilty ....................................
78.0 .. asahi.com Defaced ...............................................
79.0 .. NSTAC Releases Reports .........................................
80.0 .. FBI This Week ..................................................
81.0 .. Cartoon Hackers?? (From HNN rumours section) ....................
82.0 .. Nuke Labs Stand Down ...........................................
83.0 .. X-Force Down Under is Hiring ...................................
84.0 .. More Canadian RedBoxing from HackCanada with the RIO ............
85.0 .. SecureMac is Now Open ..........................................
86.0 .. Microsoft Demands Privacy ......................................
87.0 .. Pentium III has 46 Bugs ........................................
88.0 .. 'War' Against FBI Continues ....................................
89.0 .. Singapore Officials Arrest Two .................................
90.0 .. GSA Looking for IDS ............................................
91.0 ..+Theres Money in them thar videos! (DEFCON WEBCAST) ..............
92.0 .. Kasparov Defaced? ..............................................
93.0 .. Russ Cooper Interview ..........................................
94.0 .. Thanks-CGI Defaced With Its Own Script .........................
95.0 .. *ToorCon Date Changes --------- DATE CHANGE! ----------.........
96.0 .. Gov Vulnerable Due to Lack of Training .........................
97.0 .. Need skewled in juarez?: Teeside University Offers Degree in Warez
98.0 ..+FREE DefCon WebCasts ...........................................
99.0 .. Old Modem Flaw Still Haunts Users ...............................
(... some modem users may be disconnected at the end of this ezine ;)
100.0 .. Another government server cracked today .........................
101.0 .. MailMan.cookie attack ...........................................
102.0 .. misfrag.c nasty piece of code from P.A.T.C.H ....................
103.0 .. Double-byte code vulnerability, MS Security Bulletin ............
104.0 .. 50 Ways to defeat your IDS.......................................
105.0 .. 50 reasons IDS systems work by Ron Gula..........................
106.0 .. June 15th: Bruce Schneier's Cryptogram...........................
107.0 .. pop.c pop-2, remote exploit by smiler............................
108.0 .. afio: security hole in 'afio -P pgp' encrypted archives..........
109.0 .. C-Mail SMTP Server Remote Buffer Overflow Exploit................
110.0 .. CIAC Bulletin J-044: Tru64/Digital UNIX (dtlogin) Security Vulnerability
111.0 .. The IIS4 eEye security advisory and threads as mentioned previously
112.0 .. BO server flooder sends random spoofed udp's to the attacker......
113.0 .. frootcake.c revisited.............................................
114.0 .. gin.c spoofs packets containing + + + ATH0 which causes some modems to hang up
115.0 .. IIS Remote Exploit (injection code)...............................
116.0 .. ActiveX security revisited........................................
117.0 .. denial of service attack against NT PDC from Win95 workstation....
118.0 .. Microsoft win2k PASV vulnerability................................
119.0 .. useradd -p stores cleartext passwords / shadow-980724.............
120.0 .. UID 65536 and shadow-19990307 root compromise.....................
121.0 .. big brother in your cc(!) ........................................
122.0 .. TCP MD5 option problem (router DoS)...............................
123.0 .. tcpdump 3.4 bug? (DoS)...........................................
124.0 .. [ISN] A mouse that roars? ........................................
125.0 .. [ISN] Product Review: NOVaSTOR DataSAFE...........................
126.0 .. [ISN] Technology a threat to right of privacy Silicon Valley......
=--------------------------------------------------------------------------=
RUMOURS .Rumours from around and about, mainly HNN stuff (not hacked websites)
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
HA.HA .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. <a href="http://www.antionline.com/">http://www.antionline.com/</a>
Back Orifice/cDc..................<a href="http://www.cultdeadcow.com/">http://www.cultdeadcow.com/</a>
News site (HNN) .....,............<a href="http://www.hackernews.com/">http://www.hackernews.com/</a>
Help Net Security.................<a href="http://net-security.org/">http://net-security.org/</a>
News,Advisories,++ ...............<a href="http://www.l0pht.com/">http://www.l0pht.com/</a>
NewsTrolls .......................<a href="http://www.newstrolls.com/">http://www.newstrolls.com/</a>
News + Exploit archive ...........<a href="http://www.rootshell.com/beta/news.html">http://www.rootshell.com/beta/news.html</a>
CuD Computer Underground Digest...<a href="http://www.soci.niu.edu/~cudigest">http://www.soci.niu.edu/~cudigest</a>
News site+........................<a href="http://www.zdnet.com/">http://www.zdnet.com/</a>
News site+Security................<a href="http://www.gammaforce.org/">http://www.gammaforce.org/</a>
News site+Security................<a href="http://www.projectgamma.com/">http://www.projectgamma.com/</a>
News site+Security................<a href="http://securityhole.8m.com/">http://securityhole.8m.com/</a>
News site+Security related site...<a href="http://www.403-security.org/">http://www.403-security.org/</a>
News/Humour site+ ................<a href="http://www.innerpulse.com/>http://www.innerpulse.com</a>
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
<a href="http://www.cnn.com/SEARCH/">Link</a>
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
<a href="http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0">Link</a>
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
<a href="http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack">Link</a>
http://www.ottawacitizen.com/business/
<a href="http://www.ottawacitizen.com/business/">Link</a>
http://search.yahoo.com.sg/search/news_sg?p=hack
<a href="http://search.yahoo.com.sg/search/news_sg?p=hack">Link</a>
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
<a href="http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack">Link</a>
http://www.zdnet.com/zdtv/cybercrime/
<a href="http://www.zdnet.com/zdtv/cybercrime/">Link</a>
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
<a href="http://www.zdnet.com/zdtv/cybercrime/chaostheory/">Link</a>
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
<a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm">Link</a>
http://freespeech.org/eua/ Electronic Underground Affiliation
<a href="http://freespeech.org/eua/">Link</a>
http://ech0.cjb.net ech0 Security
<a href="http://ech0.cjb.net">Link</a>
http://axon.jccc.net/hir/ Hackers Information Report
<a href="http://axon.jccc.net/hir/">Link</a>
http://net-security.org Net Security
<a href="http://net-security.org">Link</a>
http://www.403-security.org Daily news and security related site
<a href="http://www.403-security.org">Link</a>
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
<a href="http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html">Link</a>
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
visit http://www.counterpane.com/unsubform.html. Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW. He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Poof Reader: Etaion Shrdlu, Jr.
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
Qubik ............................: United Kingdom
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
And unofficially yet contributing too much to ignore ;)
Spikeman .........................: World media
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Kevin Mitnick (watch yer back) Dicentra
vexxation sAs72 Spikeman Astral
p0lix Vexx g0at security Ken
pr0xy Astral
and the #innerpulse, crew (innerpulse is back!) and some inhabitants
of #leetchans .... although I use the term 'leet loosely these days,
<k0ff><snicker> ;)
kewl sites:
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.packetstorm.harvard.edu/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ PacketStorm Security's site has MOVED, update your links to
http://packetstorm.harvard.edu/
++ Spikeman's DoS site is no more, it has been removed from the
Genocide2600 servers, there are no immediate plans to revive the
site but Spike says he hasn't ruled out the possibility completely
and has had an offer to host the site from another provider.
Mucho thanks to Spikeman for directing his efforts to our cause of bringing
you the news we want to read about in a timely manner ... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
================================================================
Delivered-To: dok-cruciphux@dok.org
Received: (qmail 11079 invoked from network); 14 Jun 1999 03:48:22 -0000
Received: from md.egroups.com (207.138.41.139)
by physical.graffiti.datacrest.com with SMTP; 14 Jun 1999 03:48:22 -0000
Received: from [10.1.1.23] by md.egroups.com with NNFMP; 14 Jun 1999 04:48:18 -0000
Mailing-List: contact a-s_mag-owner@egroups.com
X-Mailing-List: a-s_mag@egroups.com
X-URL: http://www.egroups.com/list/a-s_mag/
Delivered-To: listsaver-egroups-a-s_mag@egroups.com
Received: (qmail 3968 invoked by uid 7770); 14 Jun 1999 03:43:43 -0000
Received: from ah-img-2.compuserve.com (HELO hpamgaab.compuserve.com) (149.174.217.153)
by vault.egroups.com with SMTP; 14 Jun 1999 03:43:43 -0000
Received: (from mailgate@localhost)
by hpamgaab.compuserve.com (8.8.8/8.8.8/HP-1.5) id XAA29122
for a-s_mag@egroups.com; Sun, 13 Jun 1999 23:43:42 -0400 (EDT)
Date: Sun, 13 Jun 1999 23:43:11 -0400
From: "Armageddon." <Khorne@compuserve.com>
Sender: "Armageddon." <Khorne@compuserve.com>
To: A-S subscribers <a-s_mag@egroups.com>
Message-ID: <199906132343_MC2-793F-3C4B@compuserve.com>
MIME-Version: 1.0
Content-Disposition: inline
Subject: [a-s_mag] Important : A-S Meet-up date.
Content-Type: text/plain; charset=ISO-8859-1
Hi,
There has been a change to the date of the A-S meet-up, as you
probablly read in A-S14 we said the date would be the 24th of July. This
has had to be changed as its be discovered that its not actually going to
clash with Compulsion as we planned. The new date is : 31st of July.
I'll be re-uploading A-S14 correcting this in the magazine to soften the
blow of readers who have the wrong date. Those who contacted us via email
will all be contacted with the new details and posts will go out on the
news groups and in as many other magazines that we know have readers who
planned to attend as we can possibly get to.
Sorry if this date change causes you problems, on the bright side however I
can confirm that after the first A-S Meet-up we plan to hold one every
month there after on the last Saturday of each month.
In A-S15 we'll publish literally ALL the details we can find that you might
need to know for the meet-up, including a selection of venues for
accommodation and all their contact details.
Cheers
-Armageddon
Editor of A-S Mag / HNC.
http://www.antisocial.cjb.net
http://www.hack-net.com
------------------------------------------------------------------------
Make the News Come to you! FREE email newsletters sent directly to
your in-box USAToday, Forbes, Wired, and more. Sign-up NOW!
http://clickhere.egroups.com/click/316
eGroups.com home: http://www.egroups.com/group/a-s_mag
http://www.egroups.com - Simplifying group communications
@HWA
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*Well several problems kept me from producing the newsletter for the last couple if
*weeks so this is a 'make-up' release covering June 6th-26th 1999. Some areas may
*have been glossed over in order to keep the issue down in size,we'll be back to
*"normal" (whatever that is) next week... meanwhile have fun.
*
*Issue #22 June6th-26th
*
*BTW The reason ZDNet articles are not reprinted here is because they are using some
*funky method to defeat cutting and pasting of their text using framesets and shit if
*anyone knows a way to grab the text (source doesn't work either for some sites) let
*me know and i'll be most thankful... Cruci.
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
@HWA
03.0 AntiOnline Crosses the Line
~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by whoever
After garnering intense media coverage (CNN, C|NET,
WIRED, etc.) over his extremely early reporting of the
MOD and gH attacks, John Vranesevich of AntiOnline
has used that spotlight to further his own agenda. Now
he has admitted to nurturing a hatred of hacking and
the underground as a whole and at the same time aiding
and abetting criminal acts, "Many times, I knew about
these instances before hand, and could have stopped
them."
AntiOnline Statement
A Change In Our Mission
An AntiOnline Editorial
Friday , June 04 1999
In the past, a hacker was an individual who literally had to spend years to learn the inner workings of computer technology, programming, and
hardware. Only then could he begin to explore possible vulnerabilities, and develop, for himself, ways to exploit those vulnerabilities, and more
importantly, ways to patch them. Through out these years of learning, the hacker would develop a certain respect for the technology that he was
studying, and a certain level of maturity would inherently develop as well. Now, in present day society, with point and click utilities abound, a younger,
less mature, less knowledgeable, and less respectful, generation of "hackers" have come to life.
That's a quote from an editorial that I wrote in September of last year. Now, only 7 months later, we've seen things get even worse.
When I started AntiOnline 5 years ago, it was a way for me to share with others the fascinating things that I myself was learning. The wonders of technology, how it
could be used as a tool, how it could be used as an incredible way to learn, meet new people, and indeed, make the world a smaller and more understanding place.
Since then, AntiOnline has grown to levels I never dreamed possible. I'm fortunate enough to be working full time on the site, I have my own office, equipment, and
T1 line. The resources I have at my disposal are still small and modest, but I've come a long way from where I was a year ago, running AntiOnline out of my parent's
living room.
Unfortunately, I've found myself looking in the mirror with disgust these past few months. Looking back, I've seen myself talking with people who have broken into
hundreds of governmental servers, stolen sensitive data from military sites, broken into atomic research centers, and yes, people who have even attempted to sell
data to individuals that presented themselves as being foreign terrorists. I've seen people change the medical records of individuals in our armed services, and delete
the work of tens of thousands of people that resided on large ISPs. Many times, I knew about these instances before hand, and could have stopped them.
I felt at the time, that I was serving a larger good by simply writing up information that I knew about these instances, and posting them on AntiOnline for the world to
read about. I felt that the incidents would be learning experiences, and that they would help technology to evolve, even if it was only in some small way. To me, the
important thing was not telling the world the "who", but the "why" and the "how". I tried to stand in an invisible realm between the hacker culture, and main stream
society. A realm which I now see does not exist.
Looking back, I see those years as being not beneficial to anyone but myself. Those years acted as an educational experience for me. A time for me to learn about
the "mechanics of the gun", but more importantly, a time for me to learn about the "people that pull the trigger".
In the past 7 months, I have seen things go from bad to worse. Incidents are becoming more frequent and more serious. To some degree, things are in a state of
anarchy. I now feel that I am in a position to help serve, even if in some very small way, the better good.
A little note to the Federal and Military Authorities that read this site:
I feel that I have been lax in my duties as a citizen to some degree. But, little known to the rest of the world, I have been working behind the scenes to change that.
For the past few months, we've been working with an Air Force contractor to help them develop the "profile of a hacker". AntiOnline, as an organization, plans on
taking that to an even higher level as the months progress.
Several of you have already signed up for access to our knowledge base, including individuals from: The US Congress, The DISA, The Air Force, The Navy, and
several police and computer forensics organizations. You will be given access information within the next week.
A note to these organizations as a whole. I know that often times my exact position and role has been confusing. Let it be confusing no more. I hope that over the
next few months, the level of trust between my organization and yours can continue to grow, and I hope that AntiOnline becomes a valuable tool in the fight against
"CyberCrime".
Now, a little note to the thousands of hackers that read this site:
You yell and scream about freedom of speech, yet you destroy sites which have information that disagree with your own opinions. You yell and scream about
privacy, yet you install trojans into other's systems, and read their personal e-mail and files. You truly are hypocrites. All of these grand manifestos that you develop
are little more than excuses that you make up to justify your actions to yourself. Actions which you know are wrong. Actions which do not serve anyones interests
but your own.
Let me just say, that you've had free reign over things this past year or so. I know that some of you are playing what you feel is a game. A game that you think you
are winning. Some of you sit back and laugh at organizations like the FBI. You make sure that you provide enough information to make it obvious who you are, yet
are careful not to provide enough information to actually have it proven.
I have been watching you these past 5 years. I know how you do the things you do, why you do the things you do, and I know who you are.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
As a side note, AntiOnline will be taking no press inquiries into this matter.
Questions regarding this change in policy will not be answered by phone.
Send all questions or comments to jp@antionline.com
-=-
A special report has now been released that details the
close ties that John Vranesevich of AntiOnline has with
the evil doers of the underground. This report claims
that John Vranesevich actually paid individuals who later
broke into web sites and then gave him 'exclusive'
reports. This report is highly suggested reading for any
journalist or reporter who has ever questioned Mr.
Vranesevich about anything. It is also suggested that
'customers' of the AntiOnline Knowledge Base read this
report and be familiar as to the type of person that is
supplying this information. And finally any law
enforcement officer who is investigating the
whitehouse.gov or any other MOD cracks should
absolutely read this report.
AntiOnline Crosses the Line
http://www.attrition.org/negation/special/ (Go here for full links and info)
AntiOnline crosses the Line
6.7.99
INTRO:
John Vranesevich is the founder of AntiOnline [www.antionline.com].
During the past five years, AO has grown from a five megabyte hobby web site, into a
multi domain business venture with hundreds of thousands of dollars in venture
capital. AntiOnline now claims to be the number one security resource on Internet.
Despite this growth and development, AntiOnline has been under continual fire from
critics and friends alike. Serious questions have been raised to the methods of reporting,
staff background, journalistic integrity and business practice.
Since AntiOnline has become a commercial entity (02-22-99), the site has released
67 pieces (some news articles, some 'specials'). Of these, 12 have been found to
contain serious errata. So of the 'reporting' that AntiOnline
has conducted, close to 20% has been inaccurate.
Recently, information has come to light that suggests a far more serious agenda
exists at AntiOnline. In the past, AntiOnline had two incidents that brought them
into the spotlight, and put them on a journalistic pedestal so to speak.
The first was centered around two teenagers in Cloverdale CA, and one adult in Israel that
was known as "Analyzer". AntiOnline got the scoop that these three (and others) were
responsible for compromising hundreds of military and government servers.
Through repeated interviews and communication, AntiOnline managed to hype up these
attacks which lead to them being described as "the most organized and systematic
attack the Pentagon has seen to date." A short while later, it was discovered that
this threat was nothing more than a group of mostly teenagers breaking into low
security machines.(1)
The second spotlight shone on AntiOnline after several exclusive stories and interviews
with a group calling themselves "The Masters of Downloading". AntiOnline reported
that the members of this group were responsible for compromising hundreds of
"high security" Department of Defense computer systems, and stealing
files they said were "obtained from the classified Defense Information System
Network." Interviews between AntiOnline and the cracker said "I think international
terrorist groups would be interested in the data we could gain access to.."
Media outlets such as ZDNet unknowingly drew comparisons in the two stories.
ZDnet said in one article(2) "The alleged hack - which follows a highly publicized
attack on Pentagon computers by an Israeli hacker known as the "Analyzer" and his
associates -- would be a major escalation of "informational warfare" on
government computers."
From all appearances, AntiOnline was single handedly responsible for a significant
amount of the media sensationalism. Not only had AntiOnline driven the media hype
behind the stories, they put various government and DOD organizations on full
alert preparing for the fallout these attacks would cause.
There is new information coming to light suggests that AntiOnline had a more integral
part in the generation of their news. That the typical journalist/contact relationship
did not exist, and in fact, AntiOnline may have been responsible for creating some
of the news to report on.
With these recent allegations coming to light, the ATTRITION staff and several
associates set out to find out the details and foundations of the assertions.
OUR GOAL:
To prove Masters of Downloading (MOD, headed by a hacker named so1o) was paid by
John Vranesevich/AntiOnline to hack www.senate.gov or another high profile site in
order for AntiOnline to break major news. To further establish that AntiOnline
employs active and potentially malicious hackers.
REQUIREMENT:
To prove this, we must first prove several points.
allegation evidence
---------- --------
so1o is on Antionline payroll proof.1 (Email)
so1o == Chris McNab proof.2 (Email)
so1o is an MOD member proof.3 (Comparison of MOD/CZ hacks)
proof.5 (IRC chat with so1o)
AO reported on it first proof.4 (AntiOnline reports)
ADDITIONAL:
On June 3rd, 1999, John Vranesevich released an editorial titled
"State of the Union". This piece calls into question the true relationship
between Mr. Vranesevich and Chris McNab (a.k.a. so1o). The relevant text
and concern it raises, coupled with the time of this editorial and subsequent
information presents a more damning argument.
On June 4th, 1999, John Vranesevich released a more dramatic and disturbing
editorial titled A Change in Our Mission. To most of his readers,
this was no doubt surprising, but expected. For a smaller group of us, the timing
of this article suggests much more. On the afternoon of June 3rd, an individual
questioned Mr. Vranesevich about his ties to so1o. When challenged,
Vranesevich begins to deny his involvement with McNab. This denial comes
after mail explicitly stating he WAS funding McNab, and after working with
McNab on an AntiOnline "exclusive" on the MOD hacks. The following
log and comments illustrate the denial and further backs our goal.
CONCLUSION:
One would hope that high ethical standards are above the law and are in effect
with ANY media outlet. It seems that isn't true. Not only has AntiOnline descended
into the realm of unethical journalism and business practice, they have done it
while thumbing their nose at the Internet. As if they can commit these practices
with impunity, John Vranesevich taunts "Well, it would take a lot more than an act
of congress to get AntiOnline shut down =) I could always ship the site off
to England ;-) That's another good thing about the Internet. The laws of one land
don't hold true in them all ;-)". This was written as a reply to one comment in
the AntiOnline mailbag on 7-13-98.
As if this is not bad enough, Vranesevich has recently gone on to admit to
some of his deeds. In a "change of mission statement" released on 6.4.99,
he goes on to say "Many times, I knew about these instances before hand, and
could have stopped them."
The information presented above is more than adequate proof that John Vranesevich
is funding an active hacker to break into high profile sites. The motivation for this
is to increase the awareness and therefore the profitability of his web site AntiOnline.
He pays people to break into sites in order to report on it as an 'exclusive'.
Folks.. 1 + 1 still = 2.
Direct comments or questions to: staff (staff@attrition.org)
* Any instance of [snip...] is strictly removing unrelated material. Anything
relevant to our argument or anything that would affect our allegations
were left. What we do is no different than what JP does to his 'mailbag'.
Except we leave in material that would possibly weaken our argument. His
mailbag gets clipped to include only the material he wants to deal with.
* Permission from Bronc and Ken was given to include the email here.
@HWA
03.1 More Questions Raised about John Vranesevich and AntiOnline
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th
from HNN http://www.hackernews.com
contributed by Bronc Buster
The rhetoric continues. Did he or didn't he? John
Vranesevich has posted a rebuttal to the original
attrition.org report that claimed he funded crack
attempts. The rebuttal is more of a personal attack
than a response to the allegations. Wired Online and
Telepolis have written articles that try to shed some
light on the situation. Bronc Buster has written an open
letter to John Vranesevich that asks some very pointed
questions. Questions that I think everyone would like an
answer to.
Attrition Report on John Vranesevich
http://www.attrition.org/negation/special/
John Vranesevich Rebuttal
http://www.antionline.com/cgi-bin/News?type=antionline&date=06-07-1999&story=brian.news
Wired Online
http://www.wired.com/news/news/culture/story/20062.html
Telepolis- German
http://www.heise.de/tp/deutsch/inhalt/te/2921/1.html
Open letter from Bronc Buster
http://www.hackernews.com/orig/broncjplet.html
The Wired article and JP and Bronc's letters follow:
Wired;
Hacker Pundits Squabble
by Polly Sprenger
12:15 p.m. 7.Jun.99.PDT
A Web site addressing computer hacking issues has accused a computer security
pundit of paying individuals to break into Web servers in exchange for exclusive
coverage of the stories that result.
John P. Vranesevich, editor of computer security magazine and resource center
AntiOnline, denies the charges.
Vranesevich is well known in the hacking and cracking community. He is often
called on by news media, including Wired News, to provide perspective on Web site
break-ins, viruses, and other security issues.
A report by the group Attrition.org, released Monday, accuses Vranesevich of
paying hackers to break into sites, thus guaranteeing him an exclusive on the
stories.
"We've never paid for a story," Vranesevich said. "We don't even pay our
reporters for stories. [The allegations] are flat-out libelous and there's no proof to
it. It's an attempt to destroy, defame, and discredit me."
Vranesevich's detractors were already inflamed over his recent apparent shift in
allegiance. On Friday, Vranesevich posted an editorial on his Web site that stated
he was working with the Air Force and other government agencies to help track
down crackers.
"A little note to the thousands of hackers that read this site," Vranesevich warned,
"I have been watching you these past five years. I know how you do the things
you do, why you do the things you do, and I know who you are."
His warnings have stirred the ire of attrition.org, led by Brian Martin (who
goes by the name Jericho). Martin said he has been following Vranesevich's case for
more than a year.
Martin based his claims on two emails that allegedly show Vranesevich had a
business relationship with "So1o," the hacker accused of breaking into
senate.gov last year. Vranesevich said the emails displayed on Martin's site
"never existed."
Another chronicler of the computer security underground said that
Vranesevich's reputation is less than pristine.
"He has made a lot of enemies over the years," said Space Rogue, editor of the
Hacker News Network. "This particular accusation has been unproven for awhile.
It's been thought that this has been going on for some time, that he was
paying people or was in league with them."
Space Rogue cited one particular revelation in Vranesevich's Friday statement.
"Many times, I knew about these instances [site hacks] beforehand, and
could have stopped them," Vranesevich wrote.
"That basically for me solidifies everything in the attrition report," Space Rogue said.
Vranesevich said that he has never been popular with the underground hacker
culture because of what he's done to expose it. "I often say that they hack a
site first and make up a manifesto second," Vranesevich said.
He points to his press citations in recent weeks, which include mentions in The
New York Times, ABC News, and CNN. He also said that government agencies such
as NASA rely on him to provide data on hacker profiles.
But while Martin accuses Vranesevich of using his fame as a platform to
prosperity, Vranesevich says he doesn't charge those agencies for access to data
and will probably keep the information free of charge forever.
"I think my track record speaks for itself," Vranesevich said. "I'm proud of how I've
accomplished and what I've accomplished."
JP's rebuttal
AntiOnline Responds To Allegations
Monday, June 7, 1999 at 11:51:56
by John Vranesevich - Founder of AntiOnline
First off, for those of you that haven't read it, Brian Martin's
Attrition website has today posted allegations that AntiOnline
funded the Whitehouse.gov and Senate.gov hack so that we
would have news to cover (However, I'm sure most of you have
read it by now, because of organizations, and I use the term
loosely, like the Hacker News Network).
Needless to say, when I went forward with the statement that
AntiOnline was going to help in the fight against malicious
hackers, I expected some backlash from the hacker community.
A few dozen extra hack attempts a day, some synfloods. Maybe
I'd find myself with a $10,000 phone bill. But, they've apparently
chosen something far more creative.
First off, let me say this. Brian Martin (aka Cult_Hero) was
raided by the FBI in connection with being a suspected member
of the HFG (The group that hacked the New York Times), and
Erik Ginorio (BroncBuster) is known, and admits, to breaking into
dozens of sites (he calls himself a hacktivist). The fact that these
two could think, or at least think up, some grandiose scheme
which involved AntiOnline bankrolling hackers, is not surprising.
They have both lived their lives trying to break, and evade, the
law.
For some reason, Brian Martin has become obsessed over
AntiOnline. His website has dozens and dozens of pages of what
he calls "errata" that he's written about it. He takes information
posted on our site out of context, then criticizes us because of it.
Many people have written in asking why we never posted any
response to all of the allegations he has on his site about us.
Personally, it's because I felt that I didn't need to justify myself,
or my actions, to someone who is currently under FBI
investigation, and who has never done anything for the security
scene other than criticize others. I actually feel bad for him. The
fact that he spends such a large portion of his life trying to "bring
down" others using lies, deceit, and twistings of the truth, is sad in
my eyes.
As for these allegations that I paid people to break into
government sites so that I could write a story. Let me just say,
that such claims are so far fetched and preposterous, I'm not
even going to respond to them on a point by point basis.
It seems that almost all of the criticisms that I receive from
people like Brian Martin revolve around money. He says in his
"allegations" about AntiOnline that "During the past five years,
AO has grown from a five megabyte hobby web site, into a multi
domain business venture with hundreds of thousands of dollars in
venture capital." Is that what he's so upset about? That I've made
a ton of money? Well, let me put his mind at ease. The point in
fact, is that I don't now, nor have I ever in my life, had a lot of
money. Our venture funding wasn't in the amount of hundreds of
thousands of dollars. I am not ashamed to say, and in fact, I'm
very proud to say, that our original funding was in the amount of
$75,000. I am very proud of the levels I have taken AntiOnline to
with very little resources, and a lot of hard work. On average, I
put in 17 hour days working on the site and related matters. At
the age of 20, I'm trying to build a life long career for myself. So,
to people like Mr. Martin, let me just say that anything my site
has accomplished has not, and truly couldn't have been, from me
throwing money at it. It came from my love for what I do, and
my willingness to put in the time it takes to accomplish my dream.
In a way, I take these allegations that have come against me as a
sign that I'm on the right track with what I'm doing. If people like
Brian Martin weren't yelling and screaming about me, I guess I'd
take that as a sign that I'm off the beaten path. If people like
Brian Martin didn't see me as a threat to them, they wouldn't be
yelling. So, I'm going to view these recent allegations as a job
well done letter from the malicious hackers of the world.
I have always lived my life in a way which I was proud of, and I
will continue to do so. I will NOT allow people like Brian Martin
and Erik Ginorio to cause me to constantly be taking some sort of
sick defensive on my site (Which is probably what their intentions
are). That's not its purpose. So, if they come out with some new
allegation, like I have secrets plans to assasinate the president
with a herf gun or something, you won't find a response to them
from me here. As a matter of fact, you won't find a response
from me at all. I will let the work that I put forth, and the actions
that I take in my daily life, be my response.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
Bronc's open letter;
An open letter to John Vransevich (aka JP)
07 Jun 1999
from: Bronc Buster bronc@2600.com
subject: in regards to the allegations at
http://www.attrition.org/negation/special
John Vransevich (aka JP),
The staff of Attrition.org, a few other individuals, and I
have been working over the last few weeks to peice
togeather a complex web of clues. These clues were
leading us to something we have suspected for a while;
something that could tarnish the entire hacker community.
What if someone, a reporter, was funding a known criminal
to commit crimes so that they might have an inside scoop
on the story? Not only would this be unethical, but illegal,
and dangerous for us all.
Several people have been asking how Antionline.com (AO)
has had such an inside scoop on breaking stories, before
anyone else regarding big hacks that you have reported
on. We have begun to make a theory, based upon facts
as to how we think this is happening.
Here are a few simple YES or NO questions regarding
these allegations and their impact..
1) Because you had reported, in the past, the exclusive
reports and interviews on how Masters of Downloading
(MoD) had hacked(?) DISA and were alledged to have
taken software off their server, it is obvious you knew
who the person was who had comitted this crime. His
handle is so1o (aka Chris McNab). You have admitted to
this openly. Knowing this, you then started funding a
company ran by Chris McNab to make some sort of
security program. This you have also openly admitted to.
Now Chris McNab, by your own admittance, comitted the
crime of breaking into several Government servers and
ultimatly defacing www.senate.gov. If you were funding
this person, and you knew he was a criminal, not only who
has comitted crimes in the past you knew about, but had
crimes, such as the senate.gov hack, planned out that
you knew about before hand, and he then gave you an
exclusive on the story because he was getting money
from you (regardless if he still is), doesn't this, in your
mind, equal a totaly unethical, not to mention illegal, way
to get a story?
2) On your site, you openly admit to prior knowledge of
crimes that were comitted that you may or may not have
reported on. This is illegal. Do you think this fact,
combined with the fact that you, in some fashion, were
supplying a known criminal (Chris McNab) with money is an
ethical way to run your site/business?
3) In your response to the revealed allegations againt
you, you posted on your site, there was no link provided
(to attrition.org) so that anyone interested, who may see
this on your site but not know about the allegations, to
see both sides of the story and come to their own
conclusions. Attirtion.org posted many links to your site,
so that people could see both sides. Sense you posted a
response, don't you think it isn't fair to your readers, to at
least let them judge for themselves this matter?
4) Do you think that by making personal attacks against
the people behind these allegations, and against the sites
that are covering it, that the serious issues raised have
been answered or at least addressed?
5) Do you in any way feel obligated to provide any
answers to:
a) The people making these allegations?
b) Your readers and supporters?
c) The hacking/security community in general?
6) Last but not least. Do you think anything positive can
be gained by the hacking community by your actions in
these matters?
I personally think that your response to the criminal
charges against you was childish and immature at best,
and this matter warrents a serious reply. Slinging mud,
and voicing your opinion about people is no way to
counter facts. These are felonies, and invlove not only
local, but federal laws. This is a serious matter, and like so
many of the poor kids you cover who get busted, it
appears you will not take it seriously until you too have
been arrested and charged.
Bronc Buster
bronc@2600.com
June 9th , a statement from OSAII
Admissions
Mike Hudack
Editor-in-Chief
The same day that a Wired News article about the Attrition
special report accusing AntiOnline of unethical and even criminal
practices came out, I spoke with John Vranesevich on the phone.
The Wired News article quoted Vrasenevich (JP) specifically
denying the existance of two e-mails which were used as evidence
in the Attrition article. JP said the e-mails "never existed,"
according to Polly Strenger, author of the Wired News article.
In my discussion with JP, however, he said "I was quoted out of
context in those e-mails." I queried him further, asking him
whether those e-mails really existed. He said "the e-mails existed
but I was quoted totally out of context -- what I said was in jest."
In a conversation hours later, however, he quickly backtracked,
saying the e-mails were "manufactured, possibly from several
e-mails." He said they were his words in the sense that "words
taken from two pages in a book and made to look like a
paragraph are the authors words. They´re still manufactured."
This obvious contradiction between what I was being told the first
time and what he had told Wired News wasn´t the end of it
however. He went on to warn me not to "write articles against
individuals or other sites. It doesn´t help your relationship with the
mainstream -- I learned that the hard way." This statement was
obviously a warning not to say anything about our conversation.
He went on in his contradictions, however.
In the Wired News article, JP is quoted as saying that the
allegations against him are "flat-out libelous." In the telephone
conversation, however, JP admitted that "the allegations weren´t
really libelous. If anything they were borderline." He did say,
however, that it was up to his "lawyer as to whether to pursue
legal action."
The clear dicotomy between his earlier statements to Wired News
and his statements to me wasn´t the most fascinating issue,
however. What was much more fascinating, as Polly Strenger said
was "why didn´t he just say he was quoted out of context? That
would have made a lot more sense."
Later, in an open letter to JP, Bronc Buster called JP´s response
to the allegations "childish" for attacking the individuals raising the
allegations and not the allegations themselves. In his reponse, JP
not once mentions that he was quoted out of context. Rather, he
accuses Jericho and Modify (two authors of the allegations) of
being subjects of an FBI investigation. He not once addresses the
allegations being levelled against AntiOnline and himself.
OSAll carefully weighed whether to come forward with JP´s
statements, and has decided that it has an ethical obligation to do
so. Any questions about this coverage, its fairness or OSAll´s
relationship with either Attrition.org or AntiOnline.com should be
directed to the editor, who can be contacted at
editor@aviary-mag.com or by phone at 203-335-7100.
@HWA
04.0 The Difficulties of Reporting the Underground
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by Space Rogue
In light of all the media attention that hackers have
gotten over the last few weeks it is apparent that most
reporters and journalists are having a difficult time in
accurately reporting the computer underground. While
no one is claiming that it is easy, HNN editor Space
Rogue takes a look at some of the more common pitfalls
in this new Buffer Overflow article.
Buffer Overflow
http://www.hackernews.com/orig/buffero.html
05.0 Mitnick Demonstrations Deemed a Huge Success
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by Freaky, phar, and Silicon Monk
Last Friday at 2pm in front of federal courthouses in
over 16 cities people who could no longer sit down while
excessive punishment was dealt by an overreaching
government, gathered together to protest the large
number of injustices perpetrated during the trial of Kevin
Mitnick. At the demonstrations in Philadelphia a large
paper mache Liberty Bell was displayed. Reba Mitnick,
Kevin's grandmother was present at her local
demonstration. In New York a skywriter wrote FREE
KEVIN over Central Park and in San Francisco low flying
airplanes carried FREE KEVIN banners.
FREE KEVIN
http://www.freekevin.com
Mitnick Demonstartions - Pictures Here
http://www.2600.net/demo/
CNN
http://cnn.com/TECH/computing/9906/04/BC-INTERNET-HACKERS.reut/index.html
Wired
http://www.wired.com/news/news/politics/story/20053.html
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2270517,00.html
Salon
http://www.salon.com/tech/log/1999/06/04/mitnick/index.html
Wired;
Pro-Mitnick Demos in US, Russia
by Polly Sprenger
3:00 a.m. 5.Jun.99.PDT
In 15 American cities and Moscow,
demonstrators staged protests Friday
against the continued imprisonment of
Kevin Mitnick, jailed after pleading guilty
to seven counts of wire and computer
fraud.
"Just don't call him a 'celebrity cracker,'"
growled Macki, the Webmaster for 2600,
the hacker group and magazine that
organized the events.
Armed with yellow "Free Kevin" stickers
and flyers describing Mitnick's case, Macki
and nearly 20 other Mitnick supporters
battled the miserable San Francisco wind
to fight for the cause.
"We're getting the word out to the
worldwide and national consciousness
about [Mitnick's] sentencing," said Marc
Powell, a pink-haired member of the local
hacker collective New Hack City.
Clad in an "I [Heart] Feds" T-shirt, Powell
said that although his own
cyber-tomfoolery has been strictly within
the law, he sympathized with Mitnick's
imprisonment.
As far as protests go, Mitnick's
demonstration was relatively low-key.
The attendees cheered as a low-flying
airplane went by trailing a banner that
said "Free Kevin Mitnick --
www.freekevin.com," but after seven or
eight more passes, the enthusiasm
waned.
Some in the group had followed Mitnick's
plight from the beginning, but others were
just there to be part of an
anti-government staging. Robin, a
self-proclaimed anarchist and network
administrator with a partially shaved head
and a plethora of piercings, said he was
in attendance because it was a strike
back at the government.
But others, like Perry McNulty, said
Mitnick was a study in civil rights. "It's
not just a hacker in jail," said McNulty,
who has followed Mitnick's case for about
a year. "A lot of civil rights have been
violated. It could happen to any one of
us."
Salon
Kevin Mitnick supporters plan rallies
- - - - - - - - - - - -
BY KAITLIN QUISTGAARD
June 4, 1999 | Since his 1995 arrest for wire and
computer fraud, famed hacker Kevin Mitnick has been
behind bars. In March a judge sentenced him to a
46-month prison term after he pleaded guilty to a
handful of the 25 charges filed against him. But on
Friday, demonstrators in 15 U.S. cities and Moscow
plan to protest what they see as the unjust treatment
of Mitnick and ask for his parole to a halfway house.
"The guy's been in there for something like four years
and four months," says Emmanuel Goldstein, editor of
"2600: the Hacker Quarterly." (Actually, 2600's Kevin
Mitnick Lockdown Clock put it at exactly 4 years, 3
months, 16 days, 11 hours, 19 minutes and 41
seconds at that moment, but who's counting?)
It's a heavy sentence for just looking at other people's
software, says Goldstein: "The federal government is
using him to send a message."
"Even if Kevin were guilty of everything he was
charged with," the 2600 site says, "the fact remains
that there was no documented damage, no evidence of
malicious activity, and nothing to suggest that Mitnick
profited in any way by reading the software he is
accused of accessing." The journal says it has
uncovered letters showing that companies like Sun
Microsystems and Nokia have claimed a combined
total of $300 million in damages resulting from
Mitnick's hacks. "This is a case of corporate
vengeance, aided and abetted by a federal government
seeking to intimidate hackers," the 2600 site argues.
"We think Kevin Mitnick's suffering has gone on way
too long."
2600 is encouraging demonstrators to meet at federal
courthouses across the country and the U.S. Embassy
in Moscow. The protest will coincide with the monthly
2600 meeting, which brings hackers together in
various cities on the first Friday of the month. ("That
way the people who spy on us have to spread
themselves thin," says Goldstein, explaining the
same-time, multiple-locations approach.)
On June 14 a judge will formally sentence Mitnick and
determine the damages he owes. The hacker group
hopes to influence the court to go lightly on Mitnick.
"The judge has the opportunity to sentence him to a
halfway house," says Goldstein, "which is a whole lot
better than a prison with murderers and rapists."
salon.com | June 4, 1999
- - - - - - - - - - - -
About the writer
Kaitlin Quistgaard is an associate editor
for Salon Technology.
@HWA
06.0 New Trojan/Virus, PrettyPark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by nvirB
A new virus/trojan, PrettyPark arrives as an email
attachment and then resends itself to users listed in the
windows address book, it may possibly repeat this as
often as every 30 seconds. It also attempts to log into
IRC channels to deposit information. Opinions vary as to
threat level of this new virus. At last report it had only
been seen in France.
MSNBC
http://www.msnbc.com/news/276805.asp
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2270411,00.html
MSNBC
PrettyPark: Part worm, part Trojan
Anti-virus companies unearth worm/Trojan that reportedly
e-mails PCs Windows Address Book every 30 seconds
By Joel Deane and Michael Fitzgerald
ZDNN
June 4 Anti-virus companies said Friday that
W32/PrettyPark, a new e-mail worm program with
Trojan horse characteristics, poses a potentially
high risk to Internet users on Windows-based
systems.
Weigh in on PrettyPark
New Back Orifice-like Trojan found
CIH virus set to strike again
Melissa spawns more offspring
E-mailed wolves in sheep's clothing
ALTHOUGH ASSESSMENTS OF PRETTYPARKS
capabilities vary, and damage reports are sketchy, anti-virus
firms advised Friday that users update their anti-virus
programs to guard against the worm/Trojan, which was
discovered as early as May 12.
Anti-virus company Panda Software said PrettyPark,
which is also known as Pretty Worm, reaches users
computers as an attached file in an e-mail message, just like
the Melissa virus. Once executed, PrettyPark installs itself in
the infected system, then sends messages with an attached
copy of itself to addresses listed in the Windows Address
Book.
PrettyPark hits Windows users hard
Panda said PrettyPark attempts to connect to an
Internet relay chat server from a list of 13 possible servers,
then send a message to a chat user enabling the author of
the virus to gather data on and monitor affected workstations.
PrettyPark can then be manipulated as a Trojan horse, Panda
said, to obtain data such as the list of available disks and
confidential information such as logins and Internet
connection passwords.
Panda Software U.S. executive director Pedro
Bustamante said Friday his company had replicated the
potentially high risk worm/Trojan in its European anti-virus
lab. It could potentially be very high risk, Bustamante said.
The interesting thing about this new Trojan is that, unlike
Melissa, it doesnt send itself once; it sends itself every 30
seconds.
Trend/Micro, Symantec and Network Associates
reported Friday that they have been unable to duplicate
PrettyPark. In a virus alert, Network Associates said
PrettyPark was low risk.
Trend/Micro director of technology Dan Schrader said
the anti-virus companys customers reported PrettyParks
auto-spamming, but cant confirm the auto-spamming
function.
Weve seen 40 incidents in the last 48 hours. All the
incidents so far have been in France, said Schrader, adding
that PrettyPark was similar to the notorious Happy 99
executable that struck earlier this year.
Schrader said PrettyPark has the potential to spread
widely if it can in fact automatically send itself to
everyone in a users address book. But, because
Trend/Micro has been unable to replicate this auto-spam
capability, and because it so far seems to be centered in
France, Trend/Micro suspects that someone may have
spread it by hand.
Symantec, Trend/Micro, Panda and Network Solutions
have all posted anti-virus updates to cover PrettyPark.
Luke Reiter of CyberCrime contributed to this report.
@HWA
06.1 The rampage continues
~~~~~~~~~~~~~~~~~~~~~
June 8th 1999
From HNN http://www.hackernews.com/
PrettyPark Continues its Rampage
contributed by nvirb
PrettyPark the latest virus/trojan/worm is quickly
spreading around the world. The virus arrives as an
email attachment. Then after it is executed it hides
behind a screen saver to mail out copies of itself and to
connect to an IRC channel. In a quote given to MSNBC,
Steve Trilling of Symantec said, "This virus took months
to write, and its creator put a great deal of effort into
it."
MSNBC
PrettyPark hits Windows users hard
Victims of e-mail virus increase 2,000 percent over the
weekend, Symantec reports
By Shauna Sampson, ZDTV
ZDNN
June 7 PrettyPark, a French e-mail virus, got a
tremendous boost from home PC users this
weekend. Anti-virus software maker Symantec
said it has observed an increase of 2,000 percent
in apparent victims since Friday.
THESE VICTIMS OF THE VIRUS, which is being
described as a worm with Trojan capabilities, are likely
Microsoft Windows users who are being sent to a custom
Internet relay chat channel without their knowledge. Once
there, victims personal data ranging from e-mail address
book lists, operating system preferences and registration
numbers, passwords, and form data (including stored credit
card information) can be potentially retrieved from the
victims PC without their knowledge by the virus writer.
PrettyPark is the first known worm with Trojan
capabilities and its very own custom IRC channel.
This virus took months to write, and its creator put a
great deal of effort into it, says Steve Trilling of Symantec.
Consumers are being hit harder by the virus because
they are less likely to update their anti-virus software than
large companies or businesses and are more likely to open
and run executables sent by what appears to be family or
friends.
Malicious worm spreading in e-mail
The virus is spread when PC users open an attached
e-mail program file named PrettyPark.EXE.
When executed, it may display the Windows 3D pipe
screen saver while it creates and sends duplicate files of
itself to e-mail addresses listed in the users Internet address
book. PrettyPark will run this routine every 30 seconds,
without the users knowledge. It will also connect to the
custom IRC channel while the PC owner is on the Internet
or reading e-mail while connected to a remote server.
So far only Windows-based systems seem to be
vulnerable, the virus is definitely spreading and anti-virus
software manufacturers are expecting to see more victims in
the IRC chat rooms.
In order to protect themselves from PrettyPark and
other viruses, PC users should update their anti-virus
software and avoid opening e-mail attachments.
Researchers are trying to determine if other e-mail
programs, such as Eudora and Lotus Notes, are vulnerable,
presently the Mac and Linux operating systems do not seem
to be affected.
In a related story C|Net takes a look at the technology
behind the Anti-Virus products available today.
C|Net
http://www.news.com/News/Item/0,4,37458,00.html
Battling the unknown virus
By Tim Clark
Staff Writer, CNET News.com
June 7, 1999, 1:35 p.m. PT
Antivirus software makers are recycling some old tricks to combat computer viruses proliferating over the Internet.
The technique, called "heuristics," checks for suspicious commands within software code to detect potential viruses.
Heuristic techniques can detect new viruses never seen before, so they can keep malicious code from spreading. An older
method, called signature-scanning, uses specific pieces of code to identify viruses.
Both methods have down sides. Heuristic techniques can trigger false alarms that flag virus-free code as suspicious.
Signature-scanning requires that a user be infected by a virus before an antivirus researcher can create a patch--and the virus can
spread in the meantime. Most antivirus vendors use both techniques.
"It's time for the industry as a whole to look at different approaches," said Roger Thompson, technical director of malicious code
research at ICSA, a for-profit trade group for computer security vendors. "The time-honored method of signature scanning is a little
worn and weary given new viruses coming out."
Aladdin Knowledge Systems, which just added heuristics-based technology to its line of antivirus technology, claims it can snare
85 percent of the new viruses without many false alarms.
The recent Melissa virus showed that heuristics are not foolproof, as some viruses slip through the antivirus screen and must be
fought with the traditional methods.
Melissa was a macro virus that spread quickly because it self-replicated, sending email from the infected machine to recipients in
that user's address book. Melissa illustrates why macro viruses worry antivirus researchers.
"Melissa was trivial technically and important strategically," said ICSA's Thompson, mainly because it demonstrated the kinds of
disruptions a computer virus can cause, he said.
"Macro viruses are easy to create and easy to modify," said Carey Nachenberg, chief researcher at Symantec's antivirus research
center. To combat viruses like Melissa, heuristics are a must, he said.
Macros are a simple programming language used to build templates in Lotus Notes or Microsoft
Excel. Because of their simplicity, they can be used to create macro viruses, said Chris
Christiansen, security analyst at International Data Corporation.
"There are rumored to be numerous automated applications that automatically generate macro
viruses," said Christiansen, saying they are available on Web sites used by malicious hackers. "An
unsophisticated user could write a macro virus or take a corporate macro and corrupt it, then
replace a legitimate macro."
Today antivirus researchers are closely watching another virus -- the Pretty Park virus, which is
currently circulating in France -- that posts passwords and other identifying data to Internet chat
sites. So far, it's a low level alert because its self-replicating function apparently doesn't work.
Overall, a higher percentage of macro viruses could be caught, said Alladin chief technology officer
Shimon Gruper, at the cost of more false alarms.
"Not everything gets caught, so you still need a rule to catch it," said Susan Orbuch, spokeswoman
for Trend Micro. "When there was a lot of fear about Melissa variants, we quickly put together some
heuristics to combat it."
@HWA
07.0 Eight Arrested in California
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by st1p3r
15,000 mass produced pirated copies of Microsoft
applications where confiscated and eight people where
arrested during a raid in Southern California last
Thursday. They have been indicted on 45 counts of
counterfeiting, conspiracy and money laundering.
Nando Times
http://www.techserver.com/story/body/0,1634,56660-90472-643309-0,00.html
Microsoft program counterfeiters arrested
Copyright © 1999 Nando Media
Copyright © 1999 Associated Press
LOS ANGELES (June 5, 1999 5:12 p.m. EDT http://www.nandotimes.com) -
Eight people have been arrested in a counterfeiting scheme that police said churned out
15,000 phony copies of Microsoft computer programs every month. The Southern California
residents were arrested Thursday, a day after being indicted on 45 counts of counterfeiting,
conspiracy and money laundering.
All are expected to enter pleas Monday.
Five other people also were named in the federal grand jury indictment, including three who
were arrested in February and freed on bond, the U.S. attorney's office said Friday.
The ring pressed counterfeit CD-ROM disks of Windows 98 and other popular programs, printed
bogus "certificates of authenticity" and then packaged and sold the disks overseas, authorities
contend.
Authorities in February raided several warehouses and seized a room-sized CD-ROM replicator. Also
seized were color printing presses, packaging machines and other counterfeit items that Microsoft
officials estimated were worth about $56 million on the retail market.
@HWA
08.0 278 Internet Cafes Disciplined
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by Anonymous
Public Action Number One, has been launched jointly by
the city of Shanghai China's police force along with
commercial, telecommunications and education
authorities to standardize the city's public Internet
cafes. Only 350 of the cities estimated 2000 internet
cafes are authorized to do business. The crackdown has
resulted in fines and warnings for many establishments
that do not control users forays into cyberspace
Nando Times
http://www.techserver.com/noframes/story/0,2294,56247-89863-639407-0,00.html
Shanghai tightens hold on Internet cafes
Copyright © 1999 Nando Media
Copyright © 1999 Reuters News Service
SHANGHAI (June 4, 1999 12:11 p.m. EDT http://www.nandotimes.com) - Chinese boomtown Shanghai has
disciplined 278 unregistered Internet cafes in a crackdown on uncontrolled forays into cyberspace, the
official Liberation Daily reported on Friday.
The move was aimed at "standardizing the city's public Internet cafes" where customers can sip coffee
and surf "the Net," the newspaper said.
A city government official said some of the unregistered cafes would be fined while others would be given
a warning.
The crackdown, described as "Public Action Number One," was launched jointly by the city's police and
commercial, telecommunications and education authorities.
Shanghai now has more than 2,000 Internet cafes but only 1,500 of them have applied to register and only
350 are authorized, the newspaper said.
Local authorities have tightened control of information vendors around the 10th anniversary of the Beijing
crackdown on dissent on June 3-4, 1989, when the army shot its way into Tiananmen Square to end seven weeks
of pro-democracy protests.
Late last month, Shanghai ordered local paging stations and computer information vendors to stop disseminating
political news temporarily, including news downloaded from the Internet.
China has seen explosive growth in the use of the Internet in recent years but the government has also viewed
it as a potential threat to its authority.
There are now an estimated two million Internet users in China and some experts predict the number of Web
surfers could top 10 million by next year.
@HWA
09.0 Forbidden Knowledge Issue #5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by Anonymous
Issue Five of the increasingly improving Forbidden
Knowledge e-zine has been released. It features articles
on Memory and Addressing Protection in Multiuser
Operating Systems and some other very interesting
topics. Check it out at the main site or at Packetstorm.
Forbidden Knowledge
http://www.posthuman.za.net
@HWA
10.0 f41th Issue 6
~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by D4RKCYDE
d4rkcyde has kept its work up and released issue 6 of
the H/P ezine f4ith. The zine contains good h/p
technical information and is available almost twice a
month. Back issues are available.
Issue 6
http://darkcyde.system7.org/files/faith/faith6.txt f41th
11.0 Antidote Vol2 Issue 7
~~~~~~~~~~~~~~~~~~~~~
June 7th 1999
From HNN http://www.hackernews.com/
contributed by lordoak
The newest issue of Antidote has been released with
articles on PC Anywhere, Netscape, and much much
more. Check it out.
Antidote Vol2 Issue 7
http://www.thepoison.org/antidote/issues/vol2/7.txt
12.0 Will the Allies Drop CyberBombs on Milosevic?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 8th 1999
From HNN http://www.hackernews.com/
contributed by erewhon
A well researched, no FUD, article that goes against the
normal hype and sensationalism. William Larkin backs up
HNNs earlier assessment of last weeks Newsweek
reports of cyber attack against the bank accounts of
Milosevich. A previous unseen transcript of a conference
from the Air Force Association has allowed the
Washington Post to conclude that Yugoslavia's bank
accounts are probably pretty safe. (It is a welcome
change to see good journalism now and again.)
Washington Post
http://www.washingtonpost.com/wp-srv/national/dotmil/arkin.htm
The Good News on Forgery
By William M. Arkin
Special to washingtonpost.com
Monday, June 21, 1999
"The decade begun in Kuwait ends in the skies
over Serbia. No American government will, in
the near future at least, simply assume that it
has the military power needed to impose its will...."
Thus retired Gen. John M. Shalikashvili grumbles about the "difference
between being the greatest ... power in the world and omnipotence" and
warns of the emergence of a "passive" and "isolationist" America as a
result of the war in Yugoslavia.
"The United States will be withdrawing from its aggressive leadership
position not solely because it wishes to," says the former Chairman of the
Joint Chiefs of Staff. "It will be withdrawing because it has seriously lost
the trust of many of its NATO allies."
Why? Besides committing insufficient military power in Yugoslavia, the air
war, he says, is "not going to force a Serbian capitulation."
The Shalikashvili essay, "The World After Kosovo," began circulating via
e-mail about three weeks before Belgrade's withdrawal from Kosovo.
It is a forgery.
"Someone has stolen my name," Shalikashvili told the Seattle
Post-Intelligencer, which revealed the fabrication on the final day of
Operation Allied Force.
Stolen, and Forwarded
"This has been a major embarrassment to me," says a West Point
graduate, after he circulated the Shalikashvili essay to his classmates. Like
many other military observers, he received the commentary via e-mail. "I
innocently passed along the article that had been forwarded to me clearly
marked as being written by Gen. Shali from a network of senior retired
military officers a normally credible source!"
As compliments and complaints alike poured in from friends and former
aides, General Shalikashvili, who retired in October 1997, discussed with
Defense Department spokesman Ken Bacon whether the electronic
screed should be denounced from the Pentagon podium. They decided
not to bring attention to the fake.
Then Shalikashvili got a call from Deputy
Secretary of State Strobe Talbott, who was
asked by Finnish President Marti Ahtisaari
whether the article might not complicate
negotiations with President Slobodan
Milosevic.
Shalikashvili decided to go public: "I was hoping that it would go away,
but this thing doesn't seem to be dying," he says.
Floss, Dance, Don't be Fooled
I know what you're thinking: The Internet has struck again. Faster than a
speeding bullet an individual's identity has been stolen. An irresponsible
and unregulated medium has perpetrated fraud and deceit.
We've seen this time and again with the Web: Disgraces like Pierre
Salinger's flogging of "intelligence" documents dealing with the TWA Flight
800 accident that turn out to be nothing more than conspiratorial drivel
plucked from the Web. The "Floss, Dance, Don't Be Fooled" MIT
commencement address that wasn't delivered by Kurt Vonnegut. The
Internet does indeed have the capacity to amplify and duplicate what is
real, as well as what is not.
Yet for all the copying and forwarding and
quoting of Shalikashvili's impostor discourse
amongst a cyber-savvy network of retired
generals and veterans who increasingly use
e-mail as a lifeline, what is interesting is that
the comments never really circulated outside
of closed community. A check of Web-wide
discussion group search engines (Deja.com,
AltaVista, Forum One, Remarq) found that
the essay was never sent to a single
newsgroup.
On the Web, there is only a single posting: on
the FreeRepublic site ("The Web's premier conservative news discussion
forum!"). Even here, where the retired military officer who distributed the
essay described it as "the story of the current JCS members who have
been silenced by the White House intimidation machine," the piece was
quickly rejected. The same day it was posted, May 28, three participants
identified the work as fraudulent.
The system works!
A Good Day for Bombing
"The World After Kosovo" is a very good forgery. There is no obvious
inflammatory language; it is a plausible viewpoint that someone could
associate with a retired high-ranking officer.
The news media, like the Web, proved less promiscuous than its popular
reputation in running with the supposed dissent. When Pulitzer
Prize-winning reporter Seymour Hersh received the e-mail from a recently
retired two-star general, he was also warned that it may or may not be
authentic. Hersh read the words with interest, but he says he would never
have done anything with the file, including forwarding it, without contacting
Shalikashvili first.
Tom Ricks, the Pentagon correspondent for the Wall Street Journal, also
received the Shalikashvili piece, in spades. "About 50 military officers
credulously forwarded the 'Shali piece' to me," Ricks says.
Ricks's newspaper made itself famous in January when it quoted from the
e-mail of an Air Force general bragging about the bombing of Iraq. "It's a
good day for bombing," the officer wrote. But after his utterances proved
fair game for the mainstream media, the general, tail fin between his legs,
told the Journal that he probably should have chosen his words better.
E-mail has since proven a nettlesome medium for the closed world of
retired and active duty officers. But before the Internet gets the blame, it
should be made clear that the Shalikashvili episode is an embarrassment
for a network of otherwise worldly military specialists who were fooled by
the prose and perhaps even blinded by their own anti-Clinton animus.
Though many questioned the authenticity of the retired general's words,
they copied and forwarded the essay, Drudge-style. It was hardly a
precision military formation.
William M. Arkin can be reached for comment at
william_arkin@washingtonpost.com
© Copyright 1999 The Washington Post Company
@HWA
13.0 Melissa Suspect Still not Charged
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 8th 1999
From HNN http://www.hackernews.com/
contributed by Scores
Still free on $100,000 bail, David L. Smith has still not
been officially charged with a crime. He has been
accused of spreading the Melissa virus which rampaged
through the countries computer networks within days of
its release. A spokesperson for the defense claimed that
they are just waiting on the DA.
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2271206,00.html
@HWA
14.0 ToorCon '99 Security Expo
~~~~~~~~~~~~~~~~~~~~~~~~~
DATE HAS CHANGED FOR THIS EVENT SEE SECTION 95.0
June 8th 1999
From HNN http://www.hackernews.com/
contributed by h1kari
ToorCon will be held on August 7-8 in San Diego,
California. It is being billed as a computer security
convention hosted by the San Diego 2600 Meeting to
help educate and inform the public on computer security
related matters. ToorCon will feature: Speakers,
Lectures, Hands-on Demonstrations, InstallFests, Root
Contests, and raffles.
HNN Cons Page
http://www.hackernews.com/cons/cons.html
@HWA
15.0 ISS Gets Free Advertising
~~~~~~~~~~~~~~~~~~~~~~~~~
June 8th 1999
From HNN http://www.hackernews.com/
contributed by lamer
Here's a nice 'adverticle' for ISS. ISS must be really
wonderful because they have "tangled" with cDc, that
horrible hacker group that makes Microsoft's life
"miserable". I don't suppose it's possible that MS makes
its own life miserable by putting out 3rd rate software?
Nah. And I don't suppose it is possible that the author
of this article did any research other than contacting
ISS? Nah.
US News
http://www.usnews.com/usnews/issue/990614/14hack.htm
@HWA
16.0 Accounting Firms also get Free Advertising
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 8th 1999
From HNN http://www.hackernews.com/
contributed by Even lamer
Not to be out done by ISS and the X-Force, Deloitte &
Touche and PriceWaterhouse Coopers get there own
adverticle detailing their joint venture the new
cyber-"fraud squads".
C|Net ISS Gets Free Advertising
http://www.news.com/News/Item/Textonly/0,25,37419,00.html
Accounting firms fight cybercrime
By Dan Goodin
Staff Writer, CNET News.com
June 7, 1999, 4 a.m. PT
URL: http://www.news.com/News/Item/0,4,37419,00.html
The dramatic growth in computer-perpetrated crime has not been lost on big accounting firms, which smell a growing profit center in helping clients protect
themselves against online trespassers.
In the past six months, both Deloitte & Touche and PriceWaterhouse Coopers have formed new cyber-"fraud squads" to investigate crimes and evaluate security
systems. The other big accounting firms, as well as IBM and smaller private investigation outfits, are also jumping into the game.
"We think there are significant unmet needs," said Bill Boni, director of Price Waterhouse's cybercrime investigations group, which was created earlier this year. "It's
certainly going to be an area of interest for all the large accounting firms."
The reason for the interest is simple: Incidents of fraud and other crime perpetrated online are on the rise. Putting a number on the increase is difficult, since many
incidents go unreported. One of the most useful measuring sticks, however, comes from annual reports released by the Computer Security Institute, which surveys
521 security practitioners from corporations, banks, government agencies, and universities.
Last year, 32 percent said they reported serious incidents to law enforcement agencies, nearly twice the number as three years ago. Meanwhile, 55 percent said that
company insiders gained unauthorized access to computer networks, and 30 percent reported intrusions by outsiders. The San Francisco-based group estimates that
computer security breaches cost the respondents more than $123 million last year, and worldwide may cost businesses tens of billions of dollars, according to
Richard Power, the organization's editorial director.
"With the rise of the Internet and the transaction of e-commerce, corporations and government agencies are far more open to attack then ever before," Power told
CNET News.com in an interview. "There are all kinds of new ways to make money through computer crime."
That's where accounting firms come in. For a host of reasons, companies whose online security has been breached frequently prefer to take their problems to private
investigators rather than law enforcement agencies.
"Some [law enforcement agencies] have taken aggressive stances, but even in Silicon Valley you will find that most of the senior officials in police departments are
not that sensitive to high-tech matters," said John O'Laughlin, director of worldwide security at Sun Microsystems. "Most of them are not up to speed in dealing with
high-tech issues."
Companies are also hesitant to go to authorities out of fear the matter will generate negative press. "Some of these companies don't want to admit that they've been
compromised," said assistant U.S. attorney Chris Painter, who investigates high-tech crime. A benefit of taking a crime to private investigators is that companies can
learn all the facts before deciding whether to take the matter to court.
"They keep control of their information," said George Vinson, former head of the FBI's computer intrusion team in San Francisco and now practice leader for
Deloitte & Touche's fraud and forensics team. "So many times [companies] are interested in settling something civilly rather than seeing it splashed on the A-1 page"
of the local newspaper.
The bulk of Vinson's work so far has been investigating claims of copyright infringement. Typically, that means comparing the source code of a client's software
against that of a suspected infringing copy. Vinson also investigates people suspected of using the Internet to manipulate a company's stock price and tracks
employees who misappropriate a company's trade secrets. The accounting firms also assess clients' security systems to make sure they are not vulnerable to attacks.
The work is similar to what Vinson did while at the FBI. In 1996 his group brought down more than 20 Internet users in 10 states who used chat groups to trade
software titles made by companies such as Adobe and Microsoft. And with more and more companies transacting business online, the demand for computer
forensics services is only expected to continue, said Sun's O'Laughlin.
"I don't think there's any question the e-commerce is here to stay," he said. "You're going to see that it's pretty vulnerable to fraud and abuse and [compan
ies] want
to get ahead of the curve."
@HWA
17.0 Analyzer Starts Computer Security Business
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 9th 1999
From HNN http://www.hackernews.com/
Analyzer Starts Computer Security Business
contributed by Code Kid
Analyzer (Eric Tenenbaum) is still awaiting the final
outcome in his trial in Israel after he was accused of
breaking into the Pentagon computer systems. While
waiting he has teamed up with three college students
and hopes to raise 4.5 to 5 million dollars to create a
security software package.
Israel Business Globe
http://www.globes.co.il/cgi-bin/Serve_Archive_Arena/pages/English/1.2.1.2/19990607/1
Tuesday , Jun 8, 1999 Sun-Thu at 18:00 (GMT+2)
Headlines
Exclusive: Analyzer Founds
Computer Security Start-Up
By Ronny Lifschitz
Ehud Tenenbaum, known as the "Analyzer", still
awaiting the commencement of hearings in his
trial, following the exposure of his penetration of
the Pentagons computers, is forming a
computer security company. Tenenbaums
partners are three students currently completing
their studies in electronic engineering. The new
company is negotiating with potential investors,
and plans to raise $4.5-5 million for the purpose
of developing a security software package, that
will be able to monitor hackers activities.
The other partners are Sharon Shani, Gil
Bar-Noy, who was chairman of the students
negotiating team in the tuition fee battle with the
government, and another student, who prefers to
remain anonymous. At the beginning of 1998,
the three set up Webber Communications, a
company which engaged primarily in the
construction of Internet sites and consultation to
Internet companies.
"Our idea is very innovative, and is based on the
hackers point of view", Tenenbaum explains to
"Globes". "Our product will be able to adapt
itself to the hackers evolving methods, and
upgrade itself". Tenenbaum refused to give
details of the type of security software the
company is to develop, but said that he and his
partners, who served with the IDF Intelligence
Corps, will set up an intelligence system to
monitor the modus operandi of hackers the
world over, and thus close the gap existing
between security companies and hackers.
The young entrepreneurs believe that many
organisations will purchase their future product,
including NASA and the Pentagon.
See accompanying feature: Analyzer II.
Published by Israel's Business Arena June 7,
1999
@HWA
18.0 $2.9Bil in Piracy in The US
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 9th 1999
From HNN http://www.hackernews.com/
$2.9Bil in Piracy in The US
contributed by Sinbad
The Software Information & Industry Association has
released a report that claims that the US is responsible
for $2.9Bil worth of software piracy. The top ten cities
alone represented $1Bil of that money. New York City
was named the worst offending city with a piracy
amount estimated at $259 million. It is kind of
interesting how they come up with these numbers.
Wired
http://www.wired.com/news/news/business/story/20091.html
Software Information & Industry Association
http://www.siia.net/news/releases/piracy/6.8.99-Piracy-Release.htm
Wired;
~~~~~~
Cities Singled Out for Piracy
Wired News Report
4:15 p.m. 8.Jun.99.PDT
Ten major metropolitan areas in the
United States were responsible for more
than US$1 billion in losses to software
piracy in 1998, according to a study
released today by the Software and
Information Industry Association. New
York, Los Angeles, and Chicago topped
the list.
Peter Beruk, vice president of the
association's antipiracy program, said the
cities were singled out because they
feature the highest concentration of
white-collar workers.
The study estimated the losses for the
New York metropolitan area to be $259
million, followed by that of Los Angeles
with $159 million. Chicago was close
behind with more than $112 million in
losses.
Beruk estimates that one in every four
business software applications in use
across the United States is an illegal
copy.
According to the SIIA report, the total
loss throughout the US to software piracy
in 1998 was $2.9 billion, a sizeable chunk
of the $11 billion loss worldwide in 1998.
- - -
Brokers, beware: Online trades grew a
record 47 percent to 500,000 a day in
the first quarter, boosted by a strong
stock market and the increasing appeal of
Internet brokerages, an influential
industry analyst said on Tuesday.
"Online trading firms now appear to be
penetrating the mass markets, not just
the techno-philic early adopters," said
analyst Bill Burnham, of securities firm
Credit Suisse First Boston, in a research
report. Almost 16 percent of all stock
trades now take place in cyberspace, he
added.
"If the fourth quarter of 1998 was a
record quarter for the industry, then the
first quarter of 1999 was quite simply a
complete blowout," Burnham said. Online
trading grew at 34 percent to 340,000 a
day between the third and fourth 1998
quarters.
Online brokers, who two years ago
handled, on average, just 95,500 trades a
day, have been growing at a rapid pace,
thanks in part to heavy advertising.
Investors also keep flocking to Internet
brokers because of low commissions -- an
average $15.75 a trade -- and ease of
use.
The top five US Internet brokers --
Charles Schwab, ETrade Group,
Waterhouse Securities, Datek Online, and
Fidelity Investments -- had a 71.3
percent market share, up from 67.5
percent a year ago, Burnham said.
ETrade and Ameritrade Holding, the No. 6
Internet broker, grew fastest in the first
quarter, each processing at least 60
percent more trades than in the fourth
quarter.
- - -
News Corp. invests in PlanetRx:
PlanetRx.com, an online pharmacy, said
Tuesday that it had raised an additional
$50 million from private investors,
including media company News Corp.
News Corp. -- which owns companies
such as 20th Century Fox, the Fox
television network, and several
newspapers around the world -- said
PlanetRx.com's offerings would fit in with
its plan to combine Fit TV, America's
Health Network, and AHN.com into a new
online health service.
Other investors in this round of financing
included ETrade, Tenet Healthcare,
HealthSouth, and LVMH Group. The sizes
of the individual investments weren't
disclosed.
PlanetRx.com plans to use the funding to
advertise heavily, the company said.
Reuters contributed to this report.
Software Information & Industry Association;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For Immediate Release
Contact:
Peter Beruk, VP, Anti-Piracy Programs, 202-452-1600, ext. 314, or pberuk@siia.net
Keith Kupferschmid, Intellectual Property Counsel, 202-452-1600, ext. 327, or
kkupfer@siia.net
Software & Information Industry Association
Unveils Top Ten Most Wanted Metro Areas
For Software Piracy In United States
Cities Responsible For More Than $1 Billion Of Software Piracy Losses In 1998
(June 8, 1999 - Washington, D.C.) - Ten major metropolitan areas in the
United States were responsible for more than $1 billion of losses to software
piracy in 1998, it was revealed today. The announcement was made by SPA,
the anti-piracy division of the Software & Information Industry Association
(SIIA), the largest trade association for the software code and information
content industry. SPA unveiled its list of Americas most wanted metropolitan
areas during the release of its 1999 Annual Global Piracy Report. The report
estimates that a total of $2.9 billion was lost to software piracy throughout the
United States during 1998, and that 85 countries were responsible for losses
totaling $11 billion worldwide.
Heading the SPA list was the New York metropolitan area, with an estimated
$259 million of piracy losses in 1998. The Los Angeles metropolitan area was
next with $159 million followed by Chicago with more than $112 million in
losses. Other metropolitan areas on the list (in descending order of losses) were
Washington-Baltimore, Boston-Nashua, San Francisco-Oakland,
Philadelphia-Wilmington, Dallas-Fort Worth, Detroit-Ann Arbor, and Atlanta.
A spokesperson for SPA said that the Top Ten Most Wanted Metropolitan
Areas list would be released annually to highlight the seriousness of software
piracy throughout the United States.
Software piracy is a crime. Our report, issued today, estimates that one in
every four business software applications in use across the United States is an
illegal copy. Knowingly or unknowingly, hundreds of companies are engaged in
criminal activity every day, the moment their employees boot up their
computers. This is unacceptable, said Ken Wasch, president of SIIA.
For more than 10 years, SPA has led the fight against software piracy at home
and abroad. By combining enforcement and education, we have been successful
in reducing the rate of piracy in the United States from 48% when we began our
anti-piracy program to an estimated 25% in 1998. But we do not intend to
declare victory until software piracy is eliminated completely.
Over the coming weeks, we plan to raise public awareness about the crime -
and consequences - of software piracy. We want all Americans to understand
that, regardless of whether the piracy is committed between friends and
co-workers or by businesses or whether it is committed through illegal rental,
counterfeiting or increasingly via the Internet, it affects more than just the largest
software publishers. Of SIIAs 1,400 member companies, 60% have annual
revenues of less than $2 million. Software piracy can put those companies - and
their employees - out of business and out of work within a matter of weeks.
Through heightened enforcement and education efforts, we will drive this
message home, Wasch said.
Additionally, we will continue to work closely with the Department of Justice
and the FBI in their continuing efforts to eliminate software piracy around the
world. We applaud the recent statement by the Department of Justice that the
FBI is working closely with law enforcement officials in other countries to
combat computer crimes and enhance coordination and improve their combined
capabilities.
The Software & Information Industry Association (SIIA) is the principal trade
association of the software code and information content industry. SIIA
represents more than 1,400 leading high-tech companies that develop and
market software and electronic content for business, education, consumers and
the Internet. Hundreds of these companies look to SIIA to protect their
intellectual property around the world. Additional information on its anti-piracy
program can be found at www.spa.org/piracy. To report software piracy, call
(800) 388-7478.
SIIA was formed on Jan. 1, 1999, as a result of the merger between the
Software Publishers Association (SPA) and the Information Industry
Association (IIA). Information on SIIA and its wide-range of activities can be
found at www.siia.net.
Copies of the 1999 Global Piracy Report can be found at
www.siia.net/news/releases/piracy/98globalpiracy.htm or by
contacting David Phelps at 202-452-1600, ext. 320
The 1999 SPA Ten Most Wanted Metropolitan Areas List
(based on revenue losses due to software piracy in 1998)
1. New York-Northern NJ-Long Island - - $259,804,592
2. Los Angeles-Anaheim-Riverside - - $159,572,768
3. Chicago-Gary-Kenosha - - $112,201,219
4. Washington-Baltimore - - $86,752,957
5. Boston-Nashua - - $80,740,945
6. San Francisco-Oakland - - $79,993,397
7. Philadelphia-Wilmington - - $59,829,725
8. Dallas-Fort Worth - - $62,080,995
9. Detroit-Ann Arbor-Flint - - $61,379,449
10. Atlanta - - $50,479,623
@HWA
19.0 Congress and NSA tangle over Echelon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 9th 1999
From HNN http://www.hackernews.com/
Congress and NSA tangle over Echelon
contributed by oolong
The US Congress and the NSA seem to be butting heads
over ECHELON. While all this sounds altruistic, you can
bet that it's the beginning of a high level power struggle
over who controls the information.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0531/web-nsa-6-3-99.html
JUNE 3, 1999 . . . 18:34 EDT
Congress, NSA butt heads over Echelon
BY DANIEL VERTON (dan_verton@fcw.com)
Congress has squared off with the National Security Agency over a
top-secret U.S. global electronic surveillance program, requesting top
intelligence officials to report on the legal standards used to prevent privacy
abuses against U.S. citizens.
According to an amendment to the fiscal 2000 Intelligence Authorization Act
proposed last month by Rep. Bob Barr (R-Ga.), the director of Central
Intelligence, the director of NSA and the attorney general must submit a
report within 60 days of the bill becoming law that outlines the legal standards
being employed to safeguard the privacy of American citizens against Project
Echelon.
Echelon is NSA's Cold War-vintage global spying system, which consists of a
worldwide network of clandestine listening posts capable of intercepting
electronic communications such as e-mail, telephone conversations, faxes,
satellite transmissions, microwave links and fiber-optic communications traffic.
However, the European Union last year raised concerns that the system may
be regularly violating the privacy of law-abiding citizens [FCW, Nov. 17,
1998].
However, NSA, the supersecret spy agency known best for its worldwide
eavesdropping capabilities, for the first time in the history of the House
Permanent Select Committee on Intelligence refused to hand over documents
on the Echelon program, claiming attorney/client privilege.
Congress is "concerned about the privacy rights of American citizens and
whether or not there are constitutional safeguards being circumvented by the
manner in which the intelligence agencies are intercepting and/or receiving
international communications...from foreign nations that would otherwise be
prohibited by...the limitations on the collection of domestic intelligence," Barr
said. "This very straightforward amendment...will help guarantee the privacy
rights of American citizens [and] will protect the oversight responsibilities of
the Congress which are now under assault" by the intelligence community.
Calling NSA's argument of attorney/client privilege "unpersuasive and
dubious," committee chairman Rep. Peter J. Goss (R-Fla.) said the ability of
the intelligence community to deny access to documents on intelligence
programs could "seriously hobble the legislative oversight process" provided
for by the Constitution and would "result in the envelopment of the executive
branch in a cloak of secrecy."
@HWA
20.0 Emutronix Phone Hacking Products releases new Mach emulator
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 9th 1999
From HNN http://www.hackernews.com/
Emutronix Revs Mach
contributed by Fr3akm4n
Emutronix Phonecard Hacking Products have released
their latest version of the Mach Emulation Software.
Version 2.1 incorporates an easier working panel and is
much more user friendly.
Emutronix
http://fly.to/mach3
(I'd check this site out b4 it gets closed down cards start at $350 with a
one year guarentee for any country except France... - Ed )
21.0 Is That Spelled With a "PH" or an "F"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 10th 1999
From HNN http://www.hackernews.com/
contributed by smith
The Concise Oxford Dictionary has added some new
words to its vernacular. One notable inclusion is the
word "Phreaking" with a definition of hacking into the
telephone network. Other new words include firewall and
portal among others.
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2272766,00.html
The Concise Oxford Dictionary
http://www.oed.com
@HWA
22.0 The Demonizing of the Hacker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 10th 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
Are years in jail the correct answer for teenage script
kiddies who deface web pages? Are dangerous
precedents being created today that will limit personal
freedom tomorrow? Are we running the risk of turning
criminals into cultural icons? Peter Wayner takes a look
at these complex questions.
Salon
http://www.salonmagazine.com/tech/feature/1999/06/09/hacker_penalties/index.html
Should hackers spend years in prison?
Stiff penalties for computer trespassing could create a broad new
class of criminal -- including you and me.
- - - - - - - - - - - -
BY PETER WAYNER
June 9, 1999 | The FBI recently declared war on those
pesky hackers -- again. The news is filled with the
story of some group known as Global Hell that is
breaking into Web sites and causing mayhem. The
FBI is cracking down, confiscating computers and
taking names; and some hackers are actually fighting
back and shutting down some government Web sites.
The press loves hackers because computer crime is
something new. (I'm using "hackers" the way the
media does, to describe those who get their kicks
breaking into computer systems, rather than the older
usage describing those who delight in difficult software
coding work.) Murder, rape, drug dealing, theft and
fraud continue as always, with ups and downs in their
rates -- but teenagers breaking into Web sites is
something no one has seen before.
The problem with the war against hackers is that most
of what the hackers are supposedly doing would be
trivial if it weren't happening on the Internet. The
typical hacker attack on a Web site isn't much
different from scrawling graffitti on the outside of a
building. Many attackers are just poking around -- like
suburban teenagers who hop a fence to jump into a
pool.
All of this would be great theater and a nice distraction
from the war in Kosovo if it weren't inspiring some
serious reprisals in the courts -- and some ominous
inflation in sentencing that could wind up affecting
everyone who uses computers in his or her daily life.
Wars on hackers are usually followed by calls for
legislators to "do something!" and campaigns for new
laws to crack down on the bad guys. The problem is
that "doing something" often produces laws that treat
the same action much more harshly in cyberspace than
in "meatspace."
The archetype of the demon hacker is
Kevin Mitnick, a young man who has
spent more than four years in jail
waiting for his trial. When he was
arrested, Monica Lewinsky was in her
last year of college. During this time,
Mitnick and his attorneys have jousted
with government lawyers in endless
pre-trial maneuvers that seem to have
ended recently when Mitnick decided to plead guilty,
probably hoping to receive a sentence that would be
limited to time served. But even that deal is uncertain
and taking forever to evolve; meanwhile, for Mitnick
it's just prison without a trial and with no bail.
Many, no doubt, see the crackdown on folks like
Kevin Mitnick as a great deal for society: Information
can be stolen just like anything else; surely the thieves
who traffic in such goods should be locked up, just
like car-jackers and muggers.
But there's also a hidden danger. The precedents that
the courts set now for dealing with demons like
Mitnick will also apply equally to everyone who
follows. And it's not clear that the world is ready for
Mitnick-like sentences for the crimes he might have
committed, which remain murkily defined.
Think about it: Someone who reads another person's
Rolodex is just a snoop, but someone who clicks
through somebody else's Palm Pilot is hacking a
computer database.
It's easy to see just how slippery the calculus of evil
gets on the cutting edge of technology. 2600
Magazine, The Hacker Quarterly, recently posted
letters from computer manufacturers like Sun and
Motorola estimating their losses to Mitnick's alleged
theft of computer source code. After Mitnick's arrest,
he was said to have stolen billions of dollars of
information. Some companies calculated their loss by
simply listing the hundreds of millions of dollars in
development cost of the software affected -- that is,
the cost of all the programmers, their computers and
other overhead. Other companies were a bit more
careful and noted that the value was difficult to judge,
but that recalls of products like cell phones could be
costly.
The problem is, the price tag of information is almost
impossible to determine. If Mitnick did take a copy of
these companies' source code, the companies weren't
denied the use of it, as when a mugger steals cash.
Mitnick's lawyers seem ready to point out that the
companies involved didn't bother to announce an
official price on what they lost to Mitnick -- something
that the Securities and Exchange Commission requires
public companies to do if the losses are significant
enough. That would have required strict accounting
measures.
To make matters even cloudier, in the meantime, Sun
Microsystems began giving away the source code to its
operating system to students around the world. In
other words, if Mitnick had only waited a few years,
enrolled in a university and asked nicely, he might
have been a poster boy for Sun's charity instead of a
prisoner. Today, Sun is even circulating the source
code to products like Java in hope of recruiting
customers and snagging bug fixes. The company is
practically begging people around the world to come
take a look at its code.
This big change in the customs and attitudes of the
software industry strains the arguments against
hackers. If giving away the source code is now a
"good thing" for corporations, did Mitnick and the
other hackers do a smaller good thing by grabbing it
ahead of time? Is Mitnick now a bit closer to being a
Robin Hood instead of a demon? If Linux triumphs,
will children be told tales of the dark days when the
Sheriff of Notingham sat on the boards of all of the
corporations and forced them to keep their source
code proprietary so only the nobles could enjoy its
bounty? Is it true that begging forgiveness is always
easier than asking permission?
Such questions may be impossible to answer, but they
illustrate just how confusing it can be in the
nether-netherworld of information's hall of mirrors. As
a commodity, information is fundamentally different
from objects, and society has always graced it with
special respect. The journalists who printed the stories
about the allegedly racist words that appeared on a
secret audio tape of Texaco employees looked like
crusaders. But if it had been a digital tape, the
reporters could be painted as hacking data compiled by
a Texaco employee on Texaco time.
In the long run, society is going to have to think
differently about hackers and the crimes with which
they are charged. Taking information when it's printed
on paper is not always bad, and there's no reason we
should change this rule just because the information is
stored on a computer disk. The intent of the criminal
and the extent of the malice has always played a
crucial role in our system of criminal justice. Many
owners of things will forgive a theft if the "borrower"
merely returns it unharmed. Crimes like trespassing
are rarely prosecuted if someone just hops a fence and
does no damage.
Computers and the Internet continue to frighten
people, but prosecuting hackers runs the danger of
setting nasty precedents that will begin to snare regular
people, not programmers. Many convicted hackers are
released from prison only to be denied the ability to
use a computer or the Internet. In the past, this made
it impossible for a person to get work as a
programmer; today, they can't even push the order
screen at McDonald's. After all, it's hooked up to a
central database -- who knows what havoc a hacker
could wreak while punching up an order of fries?
One of the best ways to put this all in context is to
take yourself back in time 100 years to the turn of the
last century, when auto racing was just beginning to
roar across the scene. The machines were grand in
size and sound if not in speed -- Emile Levassor won
the 1895 Paris-Bordeaux race with his
four-horsepower jack rabbit that covered the distance
at an average speed of 14.9 mph. Feats of technical
prowess like that frightened the world, and by 1903
the French government was shutting down auto races
-- or restricting the death-defying machines to a
bearable 20 mph.
A few decades later, James Dean became a rebel
automobile hacker who scared parents around the
globe. Today, he's just another cutie pie competing
with Hanson for poster space on dorm room walls.
One era's demon is another's icon. Is teen idol the next
stop for Kevin Mitnick?
salon.com | June 9, 1999
- - - - - - - - - - - -
About the writer
Peter Wayner is the author of
"Disappearing Cryptography," "Digital
Cash" and "Digital Copyright Protection."
@HWA
23.0 More Email Worms/Trojan
~~~~~~~~~~~~~~~~~~~~~~~~
June 10th 1999
From HNN http://www.hackernews.com/
More Email Worms/Trojan
contributed by zuc
Symantec has discovered a new malicious piece of
software that travels as an email attachment named
"zipped_files.exe". Similar to Melissa this worm/trojan
uses the MAPI commands and Microsoft Outlook on
Windows systems to replicate. This code was originally
discovered in Israel.
Symantec
http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html
Worm.ExploreZip
Virus Name: Worm.ExploreZip
Aliases: W32.ExploreZip Worm
Infection Length: 210,432 bytes
Area of Infection: Windows System directory, Email Attachments
Likelihood: Common, Worldwide
Detected as of: June 6, 1999
Characteristics: Worm, Trojan Horse
Overview:
Worm.ExploreZip is a worm that contains a malicious payload. The worm
utilizes Microsoft Outlook, Outlook Express, Exchange to mail itself out by
replying to unread messages in your Inbox. The worm will also search the
mapped drives and networked machines for Windows installations and copy
itself to the Windows directory of the remote machine and modify the
WIN.INI accordingly.
The payload of the worm will destroy any file with the extension .h, .c, .cpp,
.asm, .doc, .ppt, or .xls on your hard drives, any mapped drives, and any
network machines that are accessible each time it is executed. This continues
to occur until the worm is removed.
You may receive the worm as an attachment called zipped_files.exe. When
run, this executable will copy itself to your Windows System directory with the
filename Explore.exe or to your Windows directory with the filename
_setup.exe. The worm modifies your WIN.INI or registry such that the file
Explore.exe is executed each time you start Windows
The worm was first discovered in Israel and submitted to the Symantec
AntiVirus Research Center on June 6, 1999.
Technical Description:
Worm.ExploreZip utilizes MAPI commands and Microsoft
Outlook/Microsoft Exchange on Windows 9x and NT systems to propagate
itself.
The worm e-mails itself out as an attachment with the filename
zipped_files.exe in reply to unread messages it finds in your Inbox. Once it
responds to a message in your Inbox, it will mark it so it will not respond to
the message again. The e-mail message sent may appear to come from a
known e-mail correspondent in response to a previously sent e-mail with the
appropriate subject line and contains the following text:
Hi Recipient Name!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye or sincerely Recipient Name
The worm will continue to monitor the Inbox for new messages and respond
accordingly.
The worm will also search the mapped drives and networked machines for
Windows installations and copy itself to the Windows directory of the remote
machine and modify the WIN.INI accordingly.
Once the attachment is executed, it may display the following window:
<snipped, go to the symantec url>
The button displayed is the "OK" button and is dependent on the language of
the infected operating system. The example above was taken from a Hebrew
Windows system.
The worm also copies itself to the Windows System (System32 on Windows
NT) directory with the filename Explore.exe or _setup.exe and also modifies
the WIN.INI file (Windows 9x) or the registry (on Windows NT) so, the
program is executed each time Windows is started. You may find this file
under your Windows Temporary directory or your attachments directory as
well depending on the e-mail client you are using. E-mail clients will often
temporarily store e-mail attachments in these directories under different
temporary names.
Payload:
In addition, when Worm.ExploreZip is executed, it also searches through the
C through Z drives of your computer system and accessible network machines
for particular files. The worm selects a series of files to destroy of multiple file
extensions (including .h, .c, .cpp, .asm, .doc, .xls, .ppt) by calling CreateFile()
and making them 0 bytes long. One may notice extended hard drive activity
when this occurs. This can result in non-recoverable data.
This payload routine continues to happen while the worm is active on the
system. Thus, any newly created files matching the extensions list will be
destroyed as well.
Repair Notes:
Symantec AntiVirus Research Center has also provided a small utility called
KILL_EZ to remove the virus from memory to avoid rebooting from a clean
system disk. For more information on KILL_EZ utility, refer to the following
URL:
http://www.sarc.com/avcenter/kill_ez.html
To remove this worm manually, one should perform the following steps:
1.Remove the line
run=<Windows System Path>\Explore.exe
or
run=<Windows System Path>\_setup.exe
from the WIN.INI file for Windows 9x systems.
For Windows NT, remove the registry entry
HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows\Run
which will refer to Explore.exe or _setup.exe
2.Delete the file Explore.exe or _setup.exe. One may need to reboot first
or kill the process using Task Manager or Process View (if the file is
currently in use).
Norton AntiVirus users can protect themselves from this worm by
downloading the current virus definitions either through LiveUpdate or from
the following webpage:
http://www.symantec.com/avcenter/download.html
Write-up by: Eric Chien
Written: June 6, 1999
Update: June 11, 1999
@HWA
24.0 Stanford Searches for "Hacker"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 10th 1999
From HNN http://www.hackernews.com/
Stanford Searches for "Hacker"
contributed by Dead.Under.Water
Stanford University was a victim of a spammer recently.
A message, sent to some 25,000 Stanford email
accounts, accused the school of giving housing
preferences to minorities. Prosecutor Julius Finkelstein,
head of Santa Clara County's high-tech crimes unit, said
the "hacker" could be charged with such offenses as
unauthorized use of a computer account and
harassment via e-mail. Evidently sending hate filled
emails grants you the hacker moniker?
Yahoo News
http://dailynews.yahoo.com/headlines/ap/technology/story.html?s=v/ap/19990603/tc/racist_mail_1.html
( this link didn't work as of June 24th -Ed )
@HWA
25.0 Mitnick Demo Pictures now Available
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 10th 1999
From HNN http://www.hackernews.com/
Mitnick Demo Pictures now Available
contributed by Macki
Pictures of the FREE KEVIN Demonstrations held last
week in front of federal courthouses across the country
have been posted. Pictures from the demonstrations in
Cleveland, New York, and Moscow have been made
available at the FREE KEVIN Demos website. Kevin
Mitnick's sentencing hearing is scheduled for Monday,
June 14th.
FREE KEVIN Demonstrations
http://www.2600.com/demo/index.html
26.0 Does Cracking Affect Consumer Confidence?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 10th 1999
From HNN http://www.hackernews.com/
Does Cracking Affect Consumer Confidence?
contributed by evenprime
Eric Lundquist thinks that it is wrong to crack servers
because doing so undermines consumers' confidence in
e-commerce. (In my opinion consumers would be wise
not to trust e-commerace.) Interesting how the author
never gets around to blaming vendors who tell people to
place their trust in the rubbish that is being sold.
ZD Net
http://www.zdnet.com/zdnn/stories/comment/0,5859,406094,00.html
27.0 Worm.ExploreZip is Causing Massive Damage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 11th 1999
From HNN http://www.hackernews.com/
contributed by Merlock
Worm.ExploreZip is quickly spreading across the world.
First discovered last Sunday in Israel it has propagated
into some of the largest companies in the US. The
transmission method of this program is similar to Melissa
which uses the email addresses in Microsoft Outlook
address book, Worm.ExploreZip however, automatically
replies to the incoming email of MS Exchange or MS
Outlook users. Unlike Melissa Worm.ExploreZip carries a
very malicious payload that will actually delete certain
files and modify others. Companies such as Boeing, Price
Waterhouse Coopers, GTE, and General Electric have
lost entire hard drives to this virus. Many companies are
attempting to be proactive by disconnecting themselves
from the internet. Only users of Microsoft products are
effected by this latest threat.
ABC News
http://www.abcnews.go.com/sections/tech/DailyNews/worm990610.html
C|Net
http://www.news.com/News/Item/0,4,37658,00.html?st.ne.fd.gif.d
MSNBC
http://www.msnbc.com/news/278660.asp
ZD Net
http://www.zdnet.com/pcweek/stories/news/0,4153,2273659,00.html
Nando Times
http://www.techserver.com/story/body/0,1634,58370-93054-664175-0,00.html
PC World
http://www.pcworld.com/pcwtoday/article/0,1510,11334,00.html
ZD Net
http://www.zdnet.com/zdnn/special/doublevirus.html
C|Net;
Data virus forces email shutdowns
By Kim Girard
Staff Writer, CNET News.com
June 10, 1999, 7:10 p.m. PT
update Corporations are scrambling to cope with a new data-destroying virus that is forcing the shutdown of email
systems nationwide.
The virus, first reported to the Symantec Antivirus Research Center on Sunday by five companies in Israel, is called
Worm.ExploreZip or Troj_Explore.Zip. The worm uses Mail Application Programming Interface (MAPI) commands and Microsoft
Outlook on Windows systems to propagate itself, Symantec said.
In some ways, the virus is the sequel to the Melissa virus, which spread with unprecedented speed in March. Worm.ExploreZip
spreads from computer to computer by taking advantage of automation features available to people using Microsoft email software
on Windows machines.
Although the new virus doesn't spread as fast as Melissa, it causes more damage, according to antivirus experts, deleting
Microsoft Word, Excel, and Powerpoint document files, among others. (See CNET Topic Center on antivirus software.)
Several firms have shut down their email systems entirely while IS staff root out the virus,
according to Symantec.
Boeing was hit particularly hard. The Seattle-based aerospace giant shut down its email system,
which is used by at least 150,000 employees, at 2:30 p.m. today, a company spokesman said.
The company was still assessing the damage caused by the virus, but the spokesman, who
asked not to be named, said he knew of at least one employee whose entire hard drive was wiped
out.
"As soon as we became aware of it, we told everyone, and we put a message up on our internal
Web site," he said. Late in the day the email still had not been restored. The company hopes to
have it back up by tomorrow.
PricewaterhouseCoopers took down its entire email system, used by 45,000 U.S. employees,
also at 2:30 p.m. in response to the virus. The company was just bringing up parts of the system
at 7 p.m., a company spokesman said, but he didn't know how much damage had been done or
how many workers had been affected.
Some companies said they disarmed the virus--actually a software "worm"--before it could cause
many problems. Microsoft, for example, disconnected its email servers from the Internet at about 9
a.m. so that programmers could work on an antidote, company spokesman Dan Leach said. The
servers were up and running two hours later, he added.
Employees of antivirus software maker Symantec report that they have received email that
includes the worm, which arrives as an attachment to the missives. Companies such as General
Electric and Southern Company have had files deleted by the virus, according to Bloomberg.
Virus protection firm Trend Micro spokeswoman Susan Orbuch said earlier today that the company had received 107 calls from
customers concerning the virus. Thirteen of those calls came from those already infected, she said.
Orbuch said that Trend Micro knew of five large companies that had been infected, as well as several public relations firms and a
magazine. She declined to name the companies.
Nate Meyer, spokesman for Credit Suisse First Boston, said the virus had struck the company's
offices in New York, San Francisco, and Palo Alto, California, and that other offices worldwide may
have been affected. He said he did not know how many of the company's computers were infected.
Meyer said the Credit Suisse's technology department had been working on the problem for much of
the day and had sent out a warning about it this morning. But he said the virus did not seem to have
slowed the company's operations, adding that it had not disrupted the investment company's stock
trading. Meyer noted that his own email had been working throughout the day.
Quick repairs
Representatives at AT&T and Intel reported that they were able to quickly repair their systems after
being hit by the virus.
"These are things that we have to do because of the communications reality that we live in today,"
an AT&T spokeswoman said.
The virus disrupted work at Cambridge, Massachusetts-based industry analyst firm Forrester
Research, where Internet access, including email, was cut off. Another analyst firm, Current
Analysis, sent email to customers warning them not open any email attachments coming from the
firm with the .exe extension because an employee's PC had been infected.
The infected email may contain the message: "Hi [recipient name]! I received your email and I shall send you a reply ASAP. Till
then, take a look at the attached zipped docs. bye."
Unlike the Melissa virus, which harvested from a user's address book, the new virus raids an email in-box when executed through
Microsoft Exchange or Outlook. The worm attaches itself as a file called zip_files.exe and is sent off with a return email. Although
the virus isn't expected to spread as quickly and to as many computers as Melissa did, it does destroy files.
"It's an .exe file posing as a Zip file," said Eric Chien, senior researcher at the Symantec Antivirus Research Center. The worm is
particularly insidious because it searches through hard drives and destroys files with extensions of .doc, .xls, .ppt, .c, .cpp, .h, or
.asm, he said.
Chien said that means whoever wrote the virus was targeting corporations--seeking to destroy developers' source code, as
well as documents created using Microsoft Office applications, such as Word and Excel.
"It singles out those files and destroys them," he said. "This hits the local drive and the file server."
Extent of damage not known
Chien said it is unclear how much damage the virus has done. "We've received multiple reports from major corporations in
the U.S.," he said. "What we're hoping is that the initial jump on this Sunday night will prevent it from spreading."
Panda Software said it has added free downloads for the detection and disinfection of the virus--which it called "extremely
dangerous"--on its Web site. The company also urged people to update antivirus software.
Esther Shin, a public relations specialist at Aventail, a Seattle-based business-to-business e-commerce firm, said two of
her colleagues encountered the virus this morning. One of them lost all the files on his hard drive after he opened the
attachment, she added.
The email was worded to make the recipient believe that the message came from a Microsoft employee, she said. Shin
said she got a similar email but didn't open the attachment.
"When I got hit I called all my contacts," she said.
Bloomberg and News.com's Troy Wolverton, Dan Goodin, and Tim Clark contributed to this report.
@HWA
28.0 Don't Forget About BackDoor-G, it is Still Around
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 11th 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
Don't forget about BackDoor-G. It also arrives as an
email attachment but instead of deleting files this one
could allow someone else to control your computer
behind the veil of a screensaver.
The Irish Times
http://www.ireland.com/newspaper/finance/1999/0604/fin320.htm
Bug hits big screen by the backdoor
Backdoor-G virus arrives by e-mail and sets up a
screensaver which lets hacker control computer
remotely
As if you didn't already have enough worries. The wary
computer user already feels bunkered in and hunkered down,
in between hiding behind firewalls, running anti-virus programs
and keeping a watchful eye on suspiciouslooking e-mails.
You have to look out for infected files on floppy disks, panic
over the latest holes in e-mail programs, and be cautious with
how you set up company and personal websites. It's almost
enough to send you back to a manual typewriter.
Now comes an insidious screensaver virus - a new computer
devastator that sneaks into your system via an e-mail and sets
up a screensaver which lets some badguy hacker control your
computer remotely, download files, and all that other stuff that
appears in Tom Cruise films but which we would all rather
believe couldn't happen in real life.
According to security software company Network Associates,
Backdoor-G is a so-called "trojan horse" program, which
arrives into your computer hidden inside an attack program
which potential victims receive as an unsolicited e-mail. The
program has reportedly taken the form of both a screensaver
and an update to a computer game.
Open the e-mail and the program installs itself, allowing
Backdoor-G to turn the victim's computer into a client system.
In other words, it allows a hacker to operate the victim's
computer remotely over the Internet. The hacker can thus gain
access to just about anything on the victim's computer.
Unfortunately, it's also almost impossible to detect once it
executes because it is capable of changing its file name. And
according to Network Associates, it spreads everywhere in
your computer's system.
Admittedly, the screensaver aspect of this virus has its
amusement potential - hmmm, can't we all imagine a bitter and
twisted screensaver we'd like to design to announce our
conquest of the computer belonging to some particularly
detested person in our lives? But the arrival of Backdoor-G is
probably more apt to make you sigh in exasperation.
Computers were supposed to make life easier, more
manageable, more controllable. Okay, you can stop laughing,
but you know what I mean. Instead, they just seem to bring
more stress, hair loss, heartburn and overly-chewed fingernails.
But it's perhaps wise to remind computer users that many, if
not most, aggravations come not from the machines or even,
sometimes, the software. They come from humans who still
make far too many assumptions about what computers,
software, and the Internet can or cannot do.
Partly, that's our fault, because we accept products from
hardware and software vendors which in any other industry
would be considered too unreliable, unstable and under-tested
to be released onto the market.
We believe the vendors when they excuse themselves by telling
us it's all too complicated to explain, it's the nature of the
medium and so forth. That's appalling, but as long as we lack
the collective spine to demand better, we're stuck with what
we get.
But it's hard to see how we can obliterate the virus problem,
since a computer is a sitting duck for viruses because of the
way in which we use them - sharing disks, transferring files,
going on and off the Net and downloading things from places
we don't know. Few people take even basic precautions
against viruses and so, these things spread. In addition, many
people never bother to make backups of their work, and thus
are twicedevastated if struck by a virus or another form of
computer attack.
And even if the anti-virus software makers come up with a fix
to one virus, some hacker is always brewing another that we
cannot yet imagine. In the days that it takes to create an
antidote, thousands or millions can be hit.
In the case of particularly nasty viruses, entire companies can
be brought down at the cost to the global economy of billions
of pounds.
So what's a poor computer user to do? There's not much else
to recommend but to proceed with caution, which means
educating yourself on how to keep your own machine as clean
as possible by being vigilant against viruses and other forms of
computer attack.
Buy a good virus-scanning software package and use it. Be
wary about what you download off the Net and scan it first.
Don't open e-mail with attachments unless you know the
sender (and even then, be cautious about all attachments).
And create backups. Anyone who has ever lost irreplaceable,
important files off a floppy disk or hard-drive knows the
excruciating pain of that particular experience.
You may still have to clean up a computer if a virus brings it
down - and that's not a pleasant task - but having your files
intact somewhere else at least keeps the misery from reaching
bottomless depths. [SBX]
A detector for the Backdoor-G virus is online at www.nai.com
@HWA
29.0 MS Antritrust Trial Looks at Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 11th 1999
From HNN http://www.hackernews.com/
contributed by m4in
District Court Judge Thomas Jackson has asked a
government expert witness whether removing the
browser from Windows will increase or diminish its
security. Analysts think that the judge is wondering
what the repercussions are of including the browser
with the operating system.
C|Net
http://www.news.com/News/Item/0,4,37649,00.htm
Wired
http://www.wired.com/news/news/politics/story/20139.html
C|Net's link seems to have died heres the wired story;
Will Curiosity Kill the Browser?
by Declan McCullagh
12:15 p.m. 10.Jun.99.PDT
WASHINGTON -- On the last day of the
government's case, the federal judge
overseeing the Microsoft antitrust trial
asked Thursday if including a browser
with Windows could weaken a computer's
security.
"Are there any security issues involved in
the choice of a browser [that may
increase] the risk of penetration by a
virus or something like that?" US District
Judge Thomas Penfield Jackson asked a
witness testifying for the government.
Read ongoing US v. Microsoft coverage
Edward Felten, a Princeton University
scientist, said that some
security-conscious network
administrators may prefer to have no
browsers on computers. Felten was the
last witness called by the government,
and Microsoft will call its rebuttal
witnesses starting Monday.
"Is there any way of absolutely assuring
security?" Jackson asked. He also
wondered which browsers are safer than
others.
Reading the portents in a judge's
questions is, of course, a perilous task.
Some wags in the press gallery suggested
that His Honor must be shopping for a
computer. Or was the
technology-impaired Jackson simply
confused?
But the theory, if true, that would be
most damaging to Microsoft goes like
this: Jackson is wondering what the
downsides are to Microsoft's decision to
include Internet Explorer with Windows.
This became an important question since
a decision last summer by an appeals
court, which unceremoniously overturned
Jackson's December 1997 decision on a
related Justice v. Microsoft case. In a
2-1 decision, the panel said judges should
be "deferential to entrepreneurs' product
design choices" and companies should be
free to integrate products as they see fit
-- so long as the improvements benefit
customers.
Jackson's comments could mean that he
plans to weigh whether or not Microsoft's
decision to integrate Internet Explorer
with Windows was, on the whole, a good
thing for the general public. Other
government witnesses earlier in the trial
have offered additional reasons why
welding IE into the operating system
reduces consumer choice.
Microsoft has claimed that including IE
produces a more useful product with
Internet functionality that third-party
software developers can rely on.
Jim Allchin, a Microsoft vice president,
testified that these features "simply
cannot be achieved through the use of
add-on products from third parties."
But Felten said there was no reason
Internet Explorer had to be shipped with
the operating system.
"Microsoft can deliver a version of
Windows 98 from which the Internet
Explorer browser has been removed and
deliver it in such a way that does not
affect the non-Web browsing functions of
Windows 98," he said.
The Justice Department pointed to a
January 1997 email message from Allchin
to Bill Gates that said another executive
wanted Win98 "minus IE 4.0 in June.... IE
4.0 can be added next year."
Felten claimed he had designed a program
that removes browsing capability from
Windows 98. But Microsoft had Felten
demonstrate it and showed him he had
not actually removed Web browsing
features.
The trial will continue on Monday when
Microsoft calls AOL's David Colburn as a
hostile witness. Microsoft said it will
challenge the credibility of Colburn, an
AOL executive who was a government
witness earlier.
@HWA
30.0 Web Defacements Hindering Open Government
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 11th 1999
From HNN http://www.hackernews.com/
contributed by Code Kid
Eric Lundquist claims that web page defacements hold
back the development of a web accessible government
and that penalties for such actions should be
proportional to the damage caused. Getting people to
vote or file taxes online is difficult if government web
sites can't keep the intruders out.
MSNBC
http://www.msnbc.com/news/278369.asp
Hacking is no longer merely a prank
COMMENTARY: Hacking retards the growth of a
Web-accessible government and should hold penalties
proportional to the crime
By Eric Lundquist, PC Week
ZDNN
June 9 Getting your site hacked used to be
simply an embarrassment. Your carefully
designed home page suddenly became a
billboard for lewdness, racism or whatever the
hacker desired to create. However, now and
more so in the future a hacked site is a public
indication that you are not ready to play in the
digital age. Companies and government
organizations are now realizing this, and hackers
who protest that a hack is a prank are finding
that a prank can result in a bunch of FBI agents
coming through the front door.
IN THIS DIGITAL AGE, your company whether it
be an Amazon, E-Trade or some idea still forming is
built on a brand, a process and an information infrastructure.
The way your site appears on the Web; the process by
which a Web visitor can maneuver and buy products; and
the ability of your site to scale, connect to suppliers and
customers, and securely maintain a digital relation will
determine your success.
Sites that scale and allow you to shop comfortably in a
digital store can quickly extend their brands from books to
auctions to pet foods and beyond.
Sites that crumble while you and the rest of the
panicked investment community try to bail out on a stock
will find themselves abandoned and facing a new realm of
legal liabilities. Hacked sites visibly and fundamentally shake
the faith in the brand and the products being offered at the
digital storefront.
This loss of faith in the brand carries over to and is
magnified in the government realm. Internet access is on the
verge of becoming sufficiently ubiquitous to allow
organizational functions to move to the Web.
If the first big thing the Web allowed was personal
access and community building from the ground up, the next
big thing is allowing existing organizations to use the Web to
assume previously cumbersome functions. Vote on the
Web? Sure. Register your car via the Web. File your taxes.
Get your refund. All these functions are certainly possible.
What is missing is trust. Trust is a difficult dimension to
describe, but it most clearly is apparent in its absence.
Dont ask a citizenry to register to vote via the Web if the
governments top legal agencies cant keep their home
pages free from graffiti.
And it is the trust that is shaken when the White House
site is hacked. Or the FBI site. Or the Senate site. Hacking
is more than breaking a few minor laws. Hacking is certainly
not just being a good digital citizen by showing the security
gaps that now exist to prevent more serious transgressions
in the future.
Hacking is neither clever nor funny, nor something to
be tossed off as adolescent humor from sci-fi-addled minds.
Hacking retards the growth of a Web-accessible
government and should hold penalties proportional to the
crime.
31.0 Worm.ExploreZip Continues its Rampage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by nvirB
After forcing some companies to completely shut down
thier networks and keeping some administrators at work
all weekend people are bracing for Worm.ExploreZip to
re
surface with a vengeance today as employees return
to work. While Worm.ExploreZip has the fast spreading
capabilities of Melissa it also contains a very destructive
payload that can delete files. IT administrators are
bracing for the expected onslaught of inevitable
mutations.
MSNBC
http://www.msnbc.com/news/278660.asp
Nando Times
http://www.techserver.com/story/body/0,1634,59360-94597-674149-0,00.html
C|Net
http://www.news.com/News/Item/0,4,37697,00.html?st.ne.fd.tohhed.ni
FBI and NIPC On the Hunt
The FBI is hot on the trail looking for the creator of
Worm.ExplorerZip. This is probably more of a PR stunt
than anything. The odds of them actually finding
whoever created this are slim to none.
ZD Net
HTTP://www.zdnet.com/zdtv/cybercrime/viruswatch/story/0,3700,2274493,00.html
Wired
http://www.wired.com/news/news/technology/story/20168.html
Mac Vulnerable Too
Symantec Utilities is claiming that if a Mac user runs
Windows emulation software, names files with .doc,
.ppt, .xls, etc..., and either checks his mail under
emulation or is on a mixed environment network it is
possible to contract this worm. (Ed Note: Any Mac user
who is running this brain dead setup deserves to be
infected.)
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2274574,00.html
C|Net;
How the email worm works
By Stephen Shankland
Staff Writer, CNET News.com
June 10, 1999, 6:15 p.m. PT
The Worm.ExploreZip virus, while different in some functional details from the Melissa virus that hit in March, takes
advantage of a similar vulnerability: The fact that so many people now routinely use email.
The new virus emerged this week, spreading from user to user by taking advantage of automation features available to users of
Microsoft email software on Windows machines.
Like Melissa, it requires some active participation of the victim: opening the malicious file, or
"payload," attached to the email message. And again like Melissa, the malicious program then
modifies the victim's computer system to send more copies of itself automatically by email. (See
CNET Topic Center on antivirus software.)
To encourage a person to open the attachment, both malicious programs use the similar ploy:
Trick the victim into thinking he or she has just received a useful document from a trusted source.
Both programs can get away with this, because the infected email comes from a person likely to
be known by the recipient.
But there the differences end. Where Melissa was relatively benign to users, Worm.ExploreZip
deletes Microsoft Word, Excel, and Powerpoint document files, said Wes Wasson, head of
security products marketing at Network Associates.
Where Melissa tapped into address books set up in Microsoft Outlook, Worm.ExploreZip's modus
operandi is just to bounce back incoming email automatically with a response including the
malicious program, Wasson said.
That means Worm.ExploreZip will spread more slowly, he said. "How fast it spreads correlates to
how many emails you get," he said.
Melissa, on the other hand, sent itself to 50 entries in the address book, and those entries
themselves could each be mailing lists.
Regardless of their propagation rate, both viruses depend on automated email features.
Worm.ExploreZip basically uses a modified version of the same feature that allows a person on vacation to set up email software
to automatically reply with an "try back later" message, Wasson said.
The advent of email as a distribution mechanism has allowed a new class of viruses, Wasson said. In the old days, viruses had to
be smaller, but Worm.ExploreZip is comparatively huge at more than 200 kilobytes, he said.
"Now with email, I don't have to be slim like I was before," Wasson said. "Viruses and worms can be
written in [the programming language] C. This is really cutting-edge science."
The increasing power of email viruses means that sophisticated hackers who once looked down on
viruses now see them as powerful tools to obtain information stored on target computers, particularly
because using email makes it easier to obscure the origin of the attack, he said.
"The hacker believes the virus is going to be more of a stealth approach," he said.
Selling security
Antivirus software sellers profit from virus scares. Sales of antivirus software jumped 67 percent in
the week the Melissa virus hit, according to market research firm PC Data.
Network Associates' Wasson acknowledges the sales boost, but insists his company is out there
to help people, pointing as evidence to the company's free, virus clinic detection services available
over the Internet.
"Rather than hold [people] hostage and take advantage of an incident, we'll give it to them for free," he said.
Network Associates' competitor TrendMicro offers a similar service.
As more companies begin to become more wary of the risks posed by the Internet, Network Associates is offering more security
consulting services. For example, the company hires itself out to find vulnerabilities in computer systems, Wasson said.
"Customers come to us all the time, saying check my security out, bang on my firewall," he said, referring to the protective
software designed to keep computer networks safe from unauthorized access.
In addition, the company is offering new software next month called CyberCop Sting that not only sets off alarms when there's a
burglar, but also lets companies set up decoy systems to lure intruders and record information about them, Wasson said. The
strategy is similar to the technique described by author Clifford Stoll in his book, The Cuckoo's Egg: Tracking a Spy Through the
Maze of Computer Espionage.
-=-
FBI investigating email worm
By Tim Clark
Staff Writer, CNET News.com
June 11, 1999, 3:00 p.m. PT
update In the wake of yesterday's attack by the virulent Worm.ExploreZip virus, the FBI said it is investigating the case
as a possible crime.
"As was the case with Melissa, the transmission of a virus can be a criminal matter, and the FBI is investigating," said Michael
Vatis, director of the National Infrastructure Protection Center (NPIC).
Vatis said the worm has the potential of doing significant damage to private sector and government computer systems. (See
CNET Topic Center on antivirus software.)
"It is critical for computer users to be aware of and take the well-publicized steps to protect against and mitigate potential damage
caused by malicious code," he said in a statement released this afternoon.
He added that transmission of malicious code can be a federal criminal offense and that the FBI is "aggressively investigating" the
matter.
The National Infrastructure Protection Center is monitoring developments and coordinating field office investigations, he said,
urging victims of the virus to contact the FBI field office nearest them, or the NIPC Watch and Warning Unit, which can be
reached by email at nipc.watch@fbi.gov.
"Because of the destructive payload delivered by this virus, its potential impact is significant," Vatis said. "All email users should
exercise caution when reading their email for the next few days and bring unusual messages to the attention of their system
administrator."
After the Melissa virus outbreak that began March 26, the FBI joined other agencies to identify and track down whoever had
created, then spread the virus. On April 1, a 30-year-old New Jersey man, David L. Smith, was arrested by federal and state
officials and charged in the case. He has pleaded not guilty and his case is still pending.
-=-
Data virus forces email shutdowns
By Kim Girard
Staff Writer, CNET News.com
June 10, 1999, 7:10 p.m. PT
update Corporations are scrambling to cope with a new data-destroying virus that is forcing the shutdown of email
systems nationwide.
The virus, first reported to the Symantec Antivirus Research Center on Sunday by five companies in Israel, is called
Worm.ExploreZip or Troj_Explore.Zip. The worm uses Mail Application Programming Interface (MAPI) commands and Microsoft
Outlook on Windows systems to propagate itself, Symantec said.
In some ways, the virus is the sequel to the Melissa virus, which spread with unprecedented speed in March. Worm.ExploreZip
spreads from computer to computer by taking advantage of automation features available to people using Microsoft email software
on Windows machines.
Although the new virus doesn't spread as fast as Melissa, it causes more damage, according to antivirus experts, deleting
Microsoft Word, Excel, and Powerpoint document files, among others. (See CNET Topic Center on antivirus software.)
Several firms have shut down their email systems entirely while IS staff root out the virus,
according to Symantec.
Boeing was hit particularly hard. The Seattle-based aerospace giant shut down its email system,
which is used by at least 150,000 employees, at 2:30 p.m. today, a company spokesman said.
The company was still assessing the damage caused by the virus, but the spokesman, who
asked not to be named, said he knew of at least one employee whose entire hard drive was wiped
out.
"As soon as we became aware of it, we told everyone, and we put a message up on our internal
Web site," he said. Late in the day the email still had not been restored. The company hopes to
have it back up by tomorrow.
PricewaterhouseCoopers took down its entire email system, used by 45,000 U.S. employees,
also at 2:30 p.m. in response to the virus. The company was just bringing up parts of the system
at 7 p.m., a company spokesman said, but he didn't know how much damage had been done or
how many workers had been affected.
Some companies said they disarmed the virus--actually a software "worm"--before it could cause
many problems. Microsoft, for example, disconnected its email servers from the Internet at about 9
a.m. so that programmers could work on an antidote, company spokesman Dan Leach said. The
servers were up and running two hours later, he added.
Employees of antivirus software maker Symantec report that they have received email that
includes the worm, which arrives as an attachment to the missives. Companies such as General
Electric and Southern Company have had files deleted by the virus, according to Bloomberg.
Virus protection firm Trend Micro spokeswoman Susan Orbuch said earlier today that the company had received 107 calls from
customers concerning the virus. Thirteen of those calls came from those already infected, she said.
Orbuch said that Trend Micro knew of five large companies that had been infected, as well as several public relations firms and a
magazine. She declined to name the companies.
Nate Meyer, spokesman for Credit Suisse First Boston, said the virus had struck the company's
offices in New York, San Francisco, and Palo Alto, California, and that other offices worldwide may
have been affected. He said he did not know how many of the company's computers were infected.
Meyer said the Credit Suisse's technology department had been working on the problem for much of
the day and had sent out a warning about it this morning. But he said the virus did not seem to have
slowed the company's operations, adding that it had not disrupted the investment company's stock
trading. Meyer noted that his own email had been working throughout the day.
Quick repairs
Representatives at AT&T and Intel reported that they were able to quickly repair their systems after
being hit by the virus.
"These are things that we have to do because of the communications reality that we live in today,"
an AT&T spokeswoman said.
The virus disrupted work at Cambridge, Massachusetts-based industry analyst firm Forrester
Research, where Internet access, including email, was cut off. Another analyst firm, Current
Analysis, sent email to customers warning them not open any email attachments coming from the
firm with the .exe extension because an employee's PC had been infected.
The infected email may contain the message: "Hi [recipient name]! I received your email and I shall send you a reply ASAP. Till
then, take a look at the attached zipped docs. bye."
Unlike the Melissa virus, which harvested from a user's address book, the new virus raids an email in-box when executed through
Microsoft Exchange or Outlook. The worm attaches itself as a file called zip_files.exe and is sent off with a return email. Although
the virus isn't expected to spread as quickly and to as many computers as Melissa did, it does destroy files.
"It's an .exe file posing as a Zip file," said Eric Chien, senior researcher at the Symantec Antivirus Research Center. The worm is
particularly insidious because it searches through hard drives and destroys files with extensions of .doc, .xls, .ppt, .c, .cpp, .h, or
.asm, he said.
Chien said that means whoever wrote the virus was targeting corporations--seeking to destroy developers' source code, as
well as documents created using Microsoft Office applications, such as Word and Excel.
"It singles out those files and destroys them," he said. "This hits the local drive and the file server."
Extent of damage not known
Chien said it is unclear how much damage the virus has done. "We've received multiple reports from major corporations in
the U.S.," he said. "What we're hoping is that the initial jump on this Sunday night will prevent it from spreading."
Panda Software said it has added free downloads for the detection and disinfection of the virus--which it called "extremely
dangerous"--on its Web site. The company also urged people to update antivirus software.
Esther Shin, a public relations specialist at Aventail, a Seattle-based business-to-business e-commerce firm, said two of
her colleagues encountered the virus this morning. One of them lost all the files on his hard drive after he opened the
attachment, she added.
The email was worded to make the recipient believe that the message came from a Microsoft employee, she said. Shin
said she got a similar email but didn't open the attachment.
"When I got hit I called all my contacts," she said.
Bloomberg and News.com's Troy Wolverton, Dan Goodin, and Tim Clark contributed to this report.
-=-
31.1 Removal of the Worm.ExploreZip virus (from MSNBC insert)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HOW TO GET RID OF IT
If your computer is infected, security software company
Network Associates recommends these steps to remove it:
- If youre running Windows 95 or 98:
Restart your computer in MS-DOS mode, edit the
WIN.INI file and remove the line
run=c:\windows\system\explore.exe.
Then delete the file c:\windows\system\explore.exe and
restart Windows.
- If youre running Windows NT:
Run REGEDIT (not REGEDT32) and locate the hive
[HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows] and remove the following key:
run=C:\\WINNT\\System32\\Explore.exe
Restart Windows NT, then remove the file
c:\winnt\system32\Explore.exe
- If youre unsure whether youve been infected, Network
Associates recommends that you look in your My Documents
folder to see whether youre missing any familiar files, or look
in the Sent Messages folder in your e-mail client to see if you
are sending replies with attachments that you do not remember
sending.
Network Associates Gullotto warned that if this worm
follows the pattern of recent malicious attachments, network
administrators and users should be alert to e-mails that are
suspicious but do not match exactly the characteristics of
Worm.ExploreZip. Variants and copycats of malicious
software often appear soon after the original.
@HWA
32.0 Senate web site hacked again(!)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
Senate Web Site Attacked, Again!
contributed by FedWatcher
For the second time in almost as many weeks the
official web site of the US Senate has been defaced. A
group known The Varna Hacking Group from Bulgaria
claimed responsibility. (Mirror provided by attrition.org)
Wired
http://www.wired.com/news/news/politics/story/20180.html
MSNBC
http://www.msnbc.com/news/279233.asp
AP via Yahoo
http://dailynews.yahoo.com/headlines/ap/technology/story.html?s=v/ap/19990611/tc/senate_hackers_1.html
HNN Cracked Pages Archive
http://www.hackernews.com/archive/crackarch.html
Wired;
US Senate Cracked Again
by Polly Sprenger
4:30 p.m. 11.Jun.99.PDT
For the second time in two weeks,
crackers on Friday defaced the Web page
of the US Senate.
The official Senate Web site was down as
of Friday afternoon while administrators
repaired and restored the network. A
cracker replaced the official page with
one that said "free Kevin Mitnick, free
Zyklon."
An employee of US Senate Technical
Operations said the site went down
around 4 p.m. EST, but couldn't say when
the site might come back up.
"Those of us who haven't been hacked
yet are just trying to lay low and beef up
security as we can," said Sean Donelan, a
network engineer for Data Research
Associates, a nationwide Internet service
provider that works with state
governments, libraries, and schools.
Donelan said that each government
agency is having to reinforce security
independently and that outside vendors
working with the government
departments consider their security
solutions proprietary.
"[We] are also trying not attract
attention and not waving a red flag
challenging anyone to 'test' our security,"
Donelan said.
The Senate home page was previously
cracked on 27 May. In that incident,
crackers filled the page with comments
critical of the FBI. That hack was claimed
by the group Masters of Downloading,
who broadcast the message "MAST3RZ
0F D0WNL0ADING, GL0B4L D0MIN8T10N
'99!" on the Senate's site.
The Varna Hacking Group claimed
responsibility for the latest Web
vandalism. The organization claims it is a
"noncommercial hacking group." Varna is
based in Bulgaria, according to reports of
a 1998 attack that members claimed to
have launched against the Cartoon
Network.
Zyklon, mentioned in Friday's incident, is
alleged to be a 19-year-old hacker from
Shoreline, Washington. He was indicted in
early May for his alleged involvement in
other government site hacks.
Many of the recent hacks demanded
justice for imprisoned cracker Kevin
Mitnick, who has been in jail for more
than four years awaiting trial on a broad
swath of criminal charges.
@HWA
33.0 Mitnick Sentencing Hearing Rescheduled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by Macki
This weekend Judge Pfaelzer granted Kevin Mitnick's
defense a continuance, postponing tomorrow's
previously scheduled sentencing hearing until July 12th.
This will give the defense time to verify the damage
claims which may be upwards of $80 million. Although it
is not known for sure some people have speculated that
the recent demonstrations (including a recent LA Times
article on them) may have influenced Judge Pfaelzer to
grant this request. She refused to hear a similar motion
just days before the demonstrations. It is interesting to
note that July 12th is the Monday after Defcon.
FREE KEVIN
http://www.kevinmitnick.com/home.html
Letters Claiming Damage Amounts
http://www.hackernews.com/orig/letters.html
34.0 Russia Looks to Beef Up its Version of Echelon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by Merlock
Russia has recently leaked a story concerning its version
of Echelon (the North American spy network system)
called SORM (System for Operational-Investigative
Activities). This group has been around for over a year
now, but a new development has civil rights leaders in
Russia scared. "SORM-2" will require all Russian ISP's to
install black-box recording devices at their POPs at the
ISP's expense!!! Russian web users have exclaimed that
they have been spied on for years, only now they are
going to have to pay for it.
ABC News
http://www.abcnews.go.com/sections/tech/DailyNews/russiansonline990612.html
Russians Fight for Net Privacy
Christopher Hamilton
Special to ABCNEWS.com
S T . P E T E R S B U R G , June 11 In Russia, the
Internet and free are words not necessarily
found in the same sentence.
Russian Internet users continue to struggle against a
state security system mired in Soviet-era attitudes toward
the free flow of information. The latest outrage: a
ministerial act put forward by the Federal Security Service
(FSB in its Russian acronym), the successor to the KGB.
The act would boost the ability of law enforcement to
monitor citizens Internet activities.
The new act represents an addendum to an existing
regulation called SORM the Russian acronym for
System for Operational-Investigative Activities. Currently
awaiting approval from the Russian Ministry of Justice,
SORM-2 would require Internet service providers to
install at their own expense FSB-provided black boxes
plus a hotline to the FSB. The devices would enable the
FSB to monitor and record all electronic communications.
Because SORM-2 is a regulation, it requires only
approval from the Ministry of Justice, not review by
Parliament or President Yeltsin. Existing law already
affords the state security apparatus plentiful
eavesdropping possibilities once a warrant is issued.
SORM-2 would expand those capabilities, making full
electronic surveillance as easy as a mouse click for the
FSB.
Steps Toward Totalitarianism
News of SORM-2 was leaked
late last year on the Moscow
Libertarium, a digital-freedom
Web site sponsored by the
Institute for Commercial
Engineering in Moscow.
SORM-2 is a step toward
removing the checks and
balances between public and
the state, says Anatoly
Levenchuk, who operates the
Libertarium site. First they will
start investigations without warrants. Then they will decide
who is guilty without a trial
These are steps toward
totalitarianism.
The FSB is used to collecting dossiers on citizens just
in case, said Yuri Vdovin of Citizens Watch, a St.
Petersburg-based human rights organization. They have
been spying on us for years, but now I am going to have
to pay for it.
Russian ISPs have already begun to feel the chill.
Bayard-Slavia Communications, a Volgograd-based ISP
that has repeatedly refused to provide information to the
FSB without a warrant, was disconnected from its
network provider in mid-May. The state communications
agency, Goskomsvyaz, cited improper formulation of
the companys contract with the provider,
Moscow-Teleport. Company director Nail Murzhanov
has assembled a team of prominent activists and lawyers
in St. Petersburg and vows to take the matter to court.
Eugene Prygoff of Kuban Net, based in Krasnodar,
also reports FSB pressure. Things here in the provinces
arent like in Moscow and Petersburg. They come and
ask for full access to our clients e-mail. Sure, we ask for
a court order and an explanation, but they have power in
the structures that own the ISDN line, so we have to
comply.
Turning to Encryption
Hoping to prevent invasions of their privacy, many
Russian Internet users are turning to encryption.
According to Maksim Otstavnov, who maintains the
Russian Web site for the encryption program PGP, or
Pretty Good Privacy, hits increased about 10-fold after
news of SORM-2 was leaked to the public last year. But
the official status of cryptography in Russia remains
unclear. In 1995, Yeltsin banned the use of PGP and
other forms of encryption unless it is licensed and
registered with FAPSI, the Russian equivalent of the U.S.
National Security Agency. Whether his decree legally
applies to private citizens is a matter of debate.
The murky state of the law and the lack of public
disclosure leaves citizens uninformed about laws that
affect them. Citizens Watch has held numerous seminars
on issues surrounding SORM and computer privacy.
We need to educate people and get them involved,
said Vdovin.
Vdovin and Citizens Watch are drafting proposals for
the State Duma, Russias lower house of Parliament, to
create a system of checks and balances to rein in the
FSBs domestic spying activities. Meanwhile the shadowy
struggle between the security agency and Internet service
providers continues. According to Anatoly Levenchuk,
The FSB is already trying to establish volunteer
agreements similar to SORM-2 with providers. ISPs
failing to comply face pressure tactics ranging from
repeated visits from tax police to building inspectors
threatening to shut them down.
In Russia, the state has always fought for access to its
citizens private communications, while citizens have
fought back as best they could. The battle over Internet
privacy could determine whos winning this ongoing
struggle.
35.0 Company Claims CyberAttack by Competitor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by Seraphic Artifex
Lenox Healthcare Inc. is claiming that its competitor
Vencor Inc. engaged in "dead of night computer
hacking" according to a lawsuit filed in Los Angeles
County Superior Court in California. These actions are
allegedly in retaliation for Lenox's cooperation with a
government investigation of Vencor. The lawsuit claims,
among other things that Vencor broke into Lenox
Healthcare's computer system to prevent Lenox from
processing medical bills. (It will be interesting to see if
these claims can proven in court.)
The Berkshire Eagle
http://search.newschoice.com/nebe/eagleheadlines/99-06-08_clarkesues08a1.asp
Lenox Healthcare suing major nursing home firm
Tuesday June 08, 1999
By Ellen G. Lahr
Berkshire Eagle Staff
PITTSFIELD -- Lenox Healthcare Inc. is suing one of the biggest U.S. nursing home companies, Vencor Inc., for engaging in extortion, death threats
and "dead of night" computer hacking, allegedly in retaliation for Lenox's cooperation with a government investigation of Vencor.
Vencor Inc., a publicly traded company with more than 300 nursing homes and 60 hospitals around the country, carried out "oppressive, unlawful
and often maniacal actions" against Lenox Healthcare, according to a lawsuit filed in Los Angeles County Superior Court in California.
The lawsuit also accuses a Vencor company lawyer of "threatening to appear at [Lenox Healthcare's] office with a gun and 'blow away' " Lenox
Healthcare President Thomas M. Clarke if Clarke didn't make certain payments to Vencor.
Efforts to gain comment from Vencor and its California attorney were unsuccessful yesterday.
Both Clarke and his lawyer also declined to comment.
$28 million deal
Vencor and Lenox Healthcare have been locked in a web of contracts since Lenox Healthcare purchased or leased 30 of Vencor's facilities in 1996 in
a $28 million business deal. About half of the facilities purchased or leased are concentrated in California.
The lawsuit states that Vencor reneged on millions of dollars allegedly owed to Lenox Healthcare, and fraudulently compelled Clarke to pay $8.7
million for a California nursing facility that was worth far less.
Vencor is teetering on the edge of bankruptcy because of an array of regulatory and financial problems, according to financial reports and the
company's own annual report.
The case also claims that:
w After the 1996 business deal was completed, Vencor received millions of dollars in Medicare and Medicaid payments that should have gone to
Lenox Healthcare. Vencor eventually turned over some $4 million to Lenox, but has retained nearly $1 million more.
w Vencor allegedly broke into Lenox Healthcare's computer system to prevent Lenox Healthcare from processing medical bills, "thereby allowing
Vencor to capitalize on the resulting interim financial crisis by extorting" money from Lenox Healthcare.
w Vencor allegedly tried to cut off Lenox Healthcare's receipt of pharmaceutical supplies and therapy services "as a means of extorting further
monies" from Lenox Healthcare.
w The lawsuit also states that Vencor officials spread rumors that Lenox Healthcare was on the verge of bankruptcy, threatened to take over the
business and placed Clarke under "extreme duress."
w Vencor also is accused of undermining Lenox's efforts to obtain bank financing to offset losses created by Vencor's actions.
Lenox claims that the crux of the case involves its cooperation with federal investigators who were probing Vencor's alleged Medicare fraud
schemes.
After the 1996 deal, Vencor retained contracts with Lenox Healthcare to provide certain rehabilitation services to the nursing home patients. Under
the deal, Vencor would provide services such as physical and occupational therapies and then bill the nursing home for the services. The nursing
home would bill Medicare and reimburse Vencor when payments were received.
According to the suit, Lenox Healthcare discovered that Vencor was "padding its bills" for rehabilitation services. Vencor, the lawsuit says, billed the
nursing home for therapeutic services when staff member were actually engaged in marketing and administrative tasks.
Other billing fraud was common as well, said the lawsuit.
Vencor claims Lenox Healthcare owes $9 million for "therapy services," but Lenox Healthcare believes it owes Vencor nothing, the lawsuit says.
The lawsuit claims that Vencor's actions against Lenox Healthcare were motivated "in part by [its] plummeting stock price, a federal investigation of
Vencor's discrimination against and eviction of Medicaid patients, and securities fraud allegations."
The lawsuit accuses Vencor of carrying out a "vendetta" to seriously injure or financially ruin Lenox Healthcare.
According to financial reports, Vencor has been ordered by the federal government to repay $90 million in excessive Medicare reimbursements. The
company also was exposed for trying to evict Medicaid patients from its nursing homes to replace them with more lucrative private-paying patients.
The lawsuit accuses Vencor of earning "a national reputation for erratic, abusive and vindictive conduct in the operation of its business activities."
Lenox Healthcare, a privately owned long-term care company, owns or operates some 100 nursing homes, hospitals and assisted-living facilities
around the country.
@HWA
36.0 LA set to Allow Internet Voting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by Anonymous
The Louisiana Republican Party may allow people to vote
via computer in the Jan. 29, 2000, presidential caucus.
The company VoteHere.Net says its system is one of
the toughest to defeat. One has to wonder just how
tough it would it be to compromise the client side of the
equation with programs like NetBus and Back Orifice
floating around?
US News and World Report
http://www.usnews.com/usnews/issue/990621/internet.htm
@HWA
37.0 CCC Camp Shapes Up
~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by tim
The Chaos Communication Camp, scheduled to take
place later this summer in Germany is shaping up nicely.
There is now a FAQ, registration information and even
some weird video stuff.
Chaos Communication Camp
http://www.ccc.de/camp/
Camp Trailer
ftp://ftp.cs.tu-berlin.de/pub/NeXT/video/movies/quicktime/rendezvous_qt2.mov
HNN Cons Page
http://www.hackernews.com/cons/cons.html
@HWA
38.0 Hong Kong Makes Major Piracy Bust
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by Sinbad
Customs officials in Hong Kong have seized $2 million
worth of of pirated software, production equipment, and
vehicles in what is being called the largest bust of its
kind. Officials confiscated 180,000 thousand pirated
CDROM titles and arrested seven people.
Nando Times
http://www.techserver.com/story/body/0,1634,59240-94420-672929-0,00.html
Hong Kong Customs seize record number of pirated CD-ROMs
Copyright © 1999 Nando Media
Copyright © 1999 Associated Press
HONG KONG (June 13, 1999 9:53 a.m. EDT http://www.nandotimes.com) - Customs officials seized 180,000
illegal CD-ROMs along with production equipment in the latest raid to stop rampant copyright piracy,
the government reported Sunday.
Officials seized the record number of computer CD-ROMS, a large quantity of equipment and four vehicles,
worth a total of $2 million, during the raid Saturday, a statement from Customs said.
Seven people were arrested, but no charges had been filed, it said.
Despite frequent raids, Hong Kong remains a center for copyright pirating. Pirated CDs, video CDs and
computer software are widely available at shopping arcades and street vendors at a fraction of the cost
of a genuine copy.
@HWA
39.0 Ernst & Young Profile
~~~~~~~~~~~~~~~~~~~~~
June 14th 1999
From HNN http://www.hackernews.com/
contributed by afghan
A nice adverticle for Ernst & Young's Global Securities
Solutions Center and its quick response team. Not much
'news' here but a real strong pitch for the 'eXtreme
hacking' course offered by the company. It also
mentions how great the Palm Pilot is.
Kansas City Star
http://www.kcstar.com/item/pages/business.pat,business/30db0e56.611,.html
Here is a link to PalmVNC that allows you to control an
Xserver with a little ol' Palm Pilot as mentioned in the
above article. (Not everything is proprietary.)
PalmVNC
http://www.icsi.berkeley.edu/~minenko/PalmVNC
KC Star;
Hacker U: Company offers security service, training against
computer invaders
By DAVID HAYES - The Kansas City Star
Date: 06/11/99 22:15
These aren't your father's accountants.
There isn't a button-down shirt among these Ernst & Young staffers.
Not one of them is toting a calculator or adding machine. And that
"generally accepted procedures" thing accounting firms like to talk
about? Forget it.
In fact, these employees of the Big Five accounting firm get a little
testy if you even ask whether they have an accounting background.
This is the Ernst & Young nerd squad. They aren't financial
accountants looking for weaknesses in their clients'
accounts-payable procedures. They're computer analysts looking
for holes in their clients' computer security systems and ways to
hack into their payroll.
It's big business.
Ernst & Young has 30 employees in its Global Securities Solutions
Center in Kansas City, new headquarters for a national and
international computer security operation that has 700 employees
worldwide. The operation expects to grow both here and
worldwide and take in about $60 million in 1999 -- up from $12
million three years ago.
"We see this as being the wave of the future," said Lisa Schlosser,
operations leader of eSecurity Solutions for Ernst & Young.
The program addresses computer security issues on several fronts
-- training information technology employees for clients; examining
corporate computer systems for potential holes; and moving in a
"quick response team" if a hacker breaks into a client's computer
system.
The service can be expensive -- $250,000 to more than $1 million,
depending on the size of the client and the company's computer
system, Schlosser said.
Even large corporations with well-protected computer systems are
ripe for a digital break-in, said Eric Schultze, a member of the
quick-response team and anti-hacking trainer for Ernst & Young.
One of the most critical computer break-ins Schultze said he had
worked on involved a company that took security very seriously.
"They had all types of physical security to get into the building,"
Schultze said. "But somebody got in and controlled their computer
systems. It had been going on for four to five days before they
discovered it."
When that happens, Ernst & Young sends in its quick-response unit
-- a team of three or more hacking experts, including some with law
enforcement experience. The team has been called out three times in
the last month.
As computers have become more prevalent in the workplace, the
problem has grown.
"With any large corporation you can almost guarantee they've had a
security breech somewhere," said George Kurtz, another member of
the Ernst & Young team.
To reduce the chance of such attacks, Ernst & Young has set up a
training program for its employees and for clients.
This week, 30 Ernst & Young employees from around the country
and from Canada, Great Britain and Denmark attended the
computer hacking boot camp at the Kansas City center.
The weeklong program, called "eXtreme hacking -- Defending your
site," is a $4,000 training course teaching "the greatest hacks out
there today," Schultze said. And, of course, those who take the
class are taught how to protect security systems from those
computer break-ins.
"We show them things they never thought were possible," Schultze
said.
Students in the class learn things like "account cracking," "exploiting
reciprocal trust," "hijacking the GUI," and various ways to break
into a computer system and find user passwords. On Thursday,
Ernst & Young trainers showed fellow employees how a hacker
could hijack a client's computer -- even rebooting it remotely --
using a Palm Pilot personal organizer.
Ernst & Young has held about 10 classes around the country in the
last year, mostly for the company's own employees. Similar classes
now are planned at the Kansas City center about once a month, and
the program is being opened to clients.
Instructors arrive packing a storeroom's worth of boxes with
notebook computers, routers, networking equipment, servers and
other computer gear. The classroom is set up to simulate various
types of corporate computer systems.
Schultz said the classes grew out of a computer break-in at a big
software company. "We showed the company stuff that amazed
them," he said. "They said, `You guys can do that? Can you teach
us?' "
That's grown into a security practice that includes 23 laboratories
across the country, all connected to a lab in Kansas City. The
Kansas City lab includes every computer environment the company
can think of, so that the latest hacking -- or anti-hacking -- tools can
be tested before being deployed to other offices, Schlosser said.
The initial two-day course has become a weeklong anti-hacking
event with a combination of classroom lectures and hands-on
simulations that end with a hacker's version of a capture-the-flag
contest.
Not just anyone with $4,000 will be able to take the class.
"Obviously, we do some screening," Schultze said. The class is for
"white hat" hackers -- those who hack to find vulnerabilities in
systems, not their "black hat" counterparts who hack to do damage.
The Ernst & Young computer security team uses both easily
accessible hacking software tools and special programs developed
by the company.
The team showed students how to hack into a corporate computer
using a Palm Pilot and a program called PALM VNC. Using the
Palm Pilot's small screen, a hacker could see the hacked computer's
desktop, and even when the cursor moved on the screen.
"That was a pretty cool hack," said Royce Willis, from Ernst &
Young's Chicago office.
Kurtz showed the group another hijacking software program, called
NetBus, that takes hacking a step further. Once a hacker breaks
into a computer and installs NetBus, the program lets the hacker
play sounds on the hacked computer, open the computer's
CD-ROM drive or turn on a microphone attached to the computer
to listen to what's being said in the room, he said.
Schultze said VNC, NetBus and dozens of similar programs were
created as administrative tools for computer systems administrators.
"Any legitimate tool can be used for illegitimate purposes," Schultze
said.
After taking more than three days of anti-hacking classes and
learning that the instructors had secretly put a program on her laptop
that logged every letter or number she'd typed, Jenny Dho, from
Ernst & Young's Montreal office, said she'd learned a lot.
"It worries me for my clients' sake," Dho said.
Dave Morgan, who traveled from Ernst & Young's office in Vienna,
Va., to take the class, said: "Keeping up with this stuff is a full-time
job.
"Every day, something new is released into the wild. Hackers are
always one step ahead of us."
To reach David Hayes, technology writer, call (816) 234-4904 or
send e-mail to dhayes@kcstar.com
All content © 1999 The Kansas City Star
@HWA
40.0 What is Your Privacy Worth?
~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 15th 1999
From HNN http://www.hackernews.com/
contributed by Anonymous
Do you know what value your privacy holds? The $2.3
billion marketing information industry sure does but how
do you convince a court how much your privacy is
worth if you need or want to sue a company for
damages? The Electronic Frontier Foundation intends to
find out. They have started research into the problem of
online identity value to make it easier for people to sue
for damages. One factor in the equation will be how
much companies charge for information, traditional use
of a name for a direct mailing costs around seven cents,
but on the Internet, each customer name is worth 15
cents.
CAL LAW
http://www.callaw.com/stories/edt0614f.html
The Electronic Frontier Foundation
http://www.eff.org/
CAL LAW;
Putting a Price on Our Internet Identities
By Renee Deger
In more moribund moments, many life insurance
policyholders have been known to joke bitterly about how
much they'd be worth dead.
Unfortunately, they have less of a clue of what they're
worth alive, says one longtime plaintiffs lawyer.
That's too bad, because marketing and retail companies are
making a killing at dealing in the habits and preferences of
living people -- information people often simply give away,
knowingly or not.
That cloud of ignorance is about to clear, and the average
person may soon have a better idea of what they're worth
as individuals.
The San Francisco-based Internet think tank Electronic
Frontier Foundation is embarking on an effort to put a price
on the average person's identity so that people can sue for
damages if their privacy is invaded -- especially their
privacy as Web surfers.
"An important part for an individual to negotiate with a
Web site is the total cost of ownership [of themselves],"
says Tara Lemmey, head of EFF.
Still in its infancy, the effort to value individualism will be
based in large part on how much money companies pay for
customer information, and how much companies score for
selling it.
"How many times is [an individual profile of a] person
selling, what's the value each time it's used, at what point
does it decay -- that translates to what it's worth to a
consumer," Lemmey says.
The Internet has already turned the $2.3 billion marketing
information industry on its ear. Traditional use of a name for
a direct mailing is seven cents, but on the Internet, each
customer name is worth 15 cents. Multiply that by millions
of names being swapped millions of times.
"Traditional list brokers jumped right in," says William
Dean, president of San Francisco market researcher W.A.
Dean & Associates.
"Information on the Internet is worth more because people
usually opt in" if they want to get more information or
e-mails, Dean adds.
Online information is so valuable that one start-up company
earlier this year went so far as to offer free Compaq
personal computers to anyone willing to be tracked. The
computers doled out by FreePC, at www.freepc.com, are
worth about $1,000 each, but the company is expected to
recoup the money by selling the information it gleans from
its "customers."
Arnold Laub, a San Francisco plaintiffs attorney, is enticed
by the prospects. "It's something that hasn't really been
analyzed. If it's done right and the economists get involved,
you can make a determination of interest and value," Laub
says.
"The problem is -- most people don't know the value of
their identity," he says.
Other factors of a human life have already been probed in
detail, however. In personal injury and wrongful death
claims, lawyers already can refer to actuarial tables and
economic formulas to value lost livelihood. And in claims
involving famous people who have already sold their
likeness or their creations, lawyers can refer to prior
contract terms.
Whether the EFF's effort produces the same kinds of
wallet-card-type dollar values on death and lost wages that
plaintiffs lawyers utilize is still up in the air, however.
Lemmey says the foundation's in-house lawyers have just
begun to kick around the idea and are hoping to come up
with a model to support broader debates. She says they
want people to become more conscious of the value they
add to commercial enterprises, and how much they can
demand from a company that doesn't keep its promises.
"If a company claims it's for one-time use or internal
purposes only or sells it, what are the damages?" asks
Lemmey. "No one knows."
@HWA
41.0 BSA Tactics Condemned by UK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 15th 1999
From HNN http://www.hackernews.com/
contributed by Warez Dude
The Birmingham Chamber of Commerce and Industry,
and the Advertising Standards Authority in England have
condemned the practices of the Business Software
Alliance. The two groups claim that recent tactics used
by the BSA in its 'Crackdown 99' campaign are
misleading and overly threatening.
Wired
http://www.wired.com/news/news/politics/story/20217.htm
(url unavailable June 24th - Ed)
@HWA
42.0 US Allows 128bit SSL Into Japan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 15th 1999
From HNN http://www.hackernews.com/
contributed by secret
Recent changes in the crypto export law have left open
a small loophole that allows 128 SSL encryption out of
the country. The recent export deregulation covered
"online merchants," or electronic shops, if a user goes
directly to VeriSign in the United States, it is possible to
obtain a digital ID for 128-bit encryption at electronic
shops in Japan.
Asia Biz Tech
http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/moren/73414
U.S. Export Loophole Allows 128-bit SSL Encryption to Be Used by Japanese Electronics Shops
June 10, 1999 (TOKYO) -- A loophole in U.S. export restrictions of 128-bit Secure Socket Layer
encryption is allowing Japanese electronics shops to adopt the stringent security method.
It was found that the digital ID for the server that enables 128-bit encryption can be easily
obtained at electronic shops.<BR><BR>SSL is a mechanism of encrypted communications between Web
browsers and servers. In Japan, 40-bit SSL encryption is normally used. The 128-bit SSL encryption
is far more secure at 10 to the 26th power.<BR><BR>Due to export restrictions imposed by the United
States, the use of 128-bit encryption in Japan was not permitted until December 1998, when the
United States partially deregulated 128-bit encryption exports and allowed their use in financial
institutions and the health care industry. <BR><BR>Responding to this export deregulation of the
U.S. government, VeriSign Inc. of the United States began to offer the service to provide Digital
Authentication IDs for 128-bit SSL encryption for overseas countries, including Japan. This service
is called www.verisign.com and it began in April 1999 in Japan. The recent export deregulation
covered "online merchants," or electronic shops, but VeriSign Japan KK did not intend to provide
such general shops with digital IDs for 128-bit encryption because of safety considerations.
Its was found, however, that if a user goes directly to VeriSign in the United States, it is possible
to obtain a digital ID for 128-bit encryption at electronic shops in Japan. Therefore, a highly secure
SSL can be used in Japan as well as in the United States, unless these electronic shops sell drugs and
materials considered to be used as weapons.
(Nikkei Multimedia)
@HWA
43.0 Terroist About to Cause Electronic Chaos
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 15th 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
Massive FUD (Fear, Uncertainty, and Doubt) in this
article. We might as well just give up because the world
will end tomorrow. Terrorists roaming the internet about
to cause massive chaos around the globe. The threat of
electronic terrorism is looming larger and larger each
day.
The Jerusalem Post
Monday, June 14, 1999 30 Sivan 5759 Updated Mon., Jun. 14 08:52
Computer terror can't be ignored
By YONAH ALEXANDER
(June 14) - The latest "Melissa" virus, which spreads via infected e-mail, and
the upsurge of computer intrusion by hackers into the Web sites of the White
House, Senate, and the FBI, have once again focused attention on
cyber-crime and its ominous international security implications.
It should be recalled that in February 1998, Ehud Tenenbaum, an Israeli
hacker also known as "The Analyzer," worked with two young collaborators
from California to mount cyber-attacks against the Pentagon's systems, a
nuclear weapons research lab and other significant targets.
The prevailing assessment of intelligence agencies, strategic thinkers, and
scientists is that not only hackers and "crackers" (criminal hackers) but also
terrorists - individuals, groups, and state sponsors - are likely to exploit the
vulnerability of the world's computer systems to conduct electronic warfare.
It is estimated, for instance, that hostile perpetrators, with a budget of
around $10 million and a team of some 30 computer experts strategically
placed around the globe, could bring the US to its knees.
The threat of electronic terrorist assaults grows with each passing day. There
are three reasons for this:
* The globalization of the Internet. Internet users currently number over 120
million; an estimated 1 billion people will be using it by the year 2005. This
makes efforts to control Internet attacks a daunting challenge to intelligence
services and law-enforcement agencies.
* There are now some 30,000 hacker-oriented sites on the Internet, making
the tools of disruption and destruction available to almost anyone. The easily
available recipes for these new weapons - worms, Trojan horses, and logic
bombs, among others - are making this form of warfare a permanent fixture
of international life.
* With the Cold War now behind us, terrorist organizations have cast off the
limitations and ideologies of the formerly bipolar world and have become
multidirectional. These new political realities, coupled with easily accessible
cyber-weapons, have enhanced the threats posed by terror groups to the
degree that they could alter life on our planet forever.
The Internet already serves as an arena for propaganda and psychological
warfare. Ideological extremists such as neo-Nazi groups have called for
ethnic, racial, and religious violence. Traditional terrorist organizations, like
Hizbullah, which is supported by Iran and Syria, maintains on its Web site a
daily record of "heroic" battles of its fighters in southern Lebanon. And
Afghanistan, the newest state sponsor of terrorism, pushes its radical brand
of Islam on-line.
Terrorists have also used their laptops to store operation plans. Ramzi
Ahmed Yusuf, who is serving a life sentence the 1993 World Trade Center
bombing in New York and other terrorist crimes, used his computer to
develop a plot to blow up some dozen American airliners over the Pacific.
And terror networks, such as the underground infrastructure of Osama bin
Laden, who has been implicated in the US embassy bombings in Kenya and
Tanzania last summer, are sustained via personal computers with satellite
uplinks and encrypted messages.
Is the worst yet to come?
Consider waking one morning to the news that a group of terrorists
employing electronic "sniffers" have sabotaged the global financial system by
disrupting international fund-transfer networks, causing an unprecedented
stocks plunge on the New York, London, and Tokyo exchanges.
Clearly, there are numerous other devastating scenarios, including altering
formulas for medication at pharmaceutical plants; "crashing" telephone
systems; misrouting passenger trains; changing pressure in gas pipelines to
cause valve failure; disrupting operations of air-traffic control towers;
triggering oil refinery explosions and fires; scrambling the software used by
emergency services; turning off power grids; and simultaneously detonating
hundreds of computerized bombs around the world.
In sum, this new medium of communication, command and control,
supplemented by the repeated destructive keyboard attacks on civilian and
military nerve centers that we have already seen, forces us to think the
unthinkable - and take action to prevent it.
If the expanding electronic perils are ignored by the international community,
it is likely that the 21st century could produce a global Waterloo for
civilization.
(The writer is a professor and the director of the Inter-University Center for
Terrorism Studies - Israel and the United States.)
@HWA
44.0 Major Remote Hole Found in IIS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 16th 1999
From HNN http://www.hackernews.com/
contributed by Marc
eEye Digital Security Team has found a major remotely
exploitable hole in Microsoft's Internet Information
Server. The buffer overflow of ISM.
dll leaves
approximately 90% of 1.3 million Microsoft web servers
vulnerable to internet attack. The folks at eEye have
graciously developed an exploit script to demonstrate
this hole. Microsoft has provided a work around and is
working on a patch.
eEye Digital Security Team
http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
Wired
http://www.wired.com/news/news/technology/story/20231.html
Microsoft
http://www.microsoft.com/security/bulletins/ms99-019.asp
eEye;
Retina vs. IIS4, Round 2
Systems Affected:
Internet Information Server 4.0 (IIS4)
Microsoft Windows NT 4.0 SP3 Option Pack 4
Microsoft Windows NT 4.0 SP4 Option Pack 4
Microsoft Windows NT 4.0 SP5 Option Pack 4
Release Date:
June 8, 1999
Advisory Code:
AD06081999
Description:
We have been debating how to start out this advisory. How do
you explain that 90% or so of the Windows NT web servers on the
Internet are open to a hole that lets an attacker execute arbitrary
code on the remote web server? So the story starts...
The Goal:
Find a buffer overflow that will affect 90% of the Windows NT web
servers on the Internet. Exploit this buffer overflow.
The Theory:
There will be overflows in at least one of the default IIS filtered
extensions (i.e. .ASP, .IDC, .HTR). The way we think the exploit
will take place is that IIS will pass the full URL to the DLL that
handles the extension. Therefore if the ISAPI DLL does not do
proper bounds checking it will overflow a buffer taking IIS
(inetinfo.exe) with it and allow us to execute arbitrary code on the
remote server.
Entrance Retina:
At the same time of working on this advisory we have been
working on the AI mining logic for Retina's HTTP module. What
better test scenario than this? We gave Retina a list of 10 or so
extensions common to IIS and instructed it to find any possible
holes relating to these extensions.
The Grind:
After about an hour Retina found what appeared to be a hole. It
displayed that after sending "GET /[overflow].htr HTTP/1.0" it had
crashed the server. We all crossed our fingers, started up the
good ol' debugger and had Retina hit the server again.
Note: [overflow] is 3k or so characters... but we will not get into
the string lengths and such here. View the debug info and have a
look for yourself.
The Registers:
EAX = 00F7FCC8 EBX = 00F41130
ECX = 41414141 EDX = 77F9485A
ESI = 00F7FCC0 EDI = 00F7FCC0
EIP = 41414141 ESP = 00F4106C
EBP = 00F4108C EFL = 00000246
Note: Retina was using "A" (0x41 in hex) for the character to
overflow with. If you're not familiar with buffer overflows a quick
note would be that getting our bytes into any of the registers
is a good sign, and directly into EIP makes it even easier :)
Explain This:
The overflow is in relation to the .HTR extensions. IIS includes the
capability to allow Windows NT users to change their password
via the web directory /iisadmpwd/. This feature is implemented as
a set of .HTR files and the ISAPI extension file ISM.DLL. So
somewhere along the line when the URL is passed through to
ISM.DLL, proper bounds checking is not done and our
overflow takes place. The .HTR/ISM.DLL ISAPI filter is installed
by default on IIS4 servers. Looks like we got our 90% of the
Windows NT web servers part down. However can we exploit this?
The Exploit:
Yes. We can definitely exploit this and we have. We will not go
into much detail here about how the buffer is exploited and such.
However, one nice thing to note is that the exploit has been
crafted in such a way to work on SP4 and SP5 machines,
therefore there is no guessing of offsets and possible accidental
crashing of the remote server.
Click here for more details about the exploit and the code.
The Fallout:
Almost 90% of the Windows NT web servers on the Internet are
affected by this hole. Even a server that's locked in a guarded
room behind a Cisco Pix can be broken into with this hole. This is
a reminder to all software vendors that testing for common
security holes in your software is a must. Demand more from
your software vendors.
The Request. (Well one anyway.)
Dear Microsoft,
One of the things that we found out is that IIS did not log any
trace of our attempted hack. We recommend that you pass all
server requests to the logging service before passing it to any
ISAPI filters etc...The logging service should be, as named, an
actual service running in a separate memory space so that when
inetinfo goes down intrusion signatures are still logged.
Retina vs. IIS4, Round 2. KO.
Fixes:
1.Remove the extension .HTR from the ISAPI DLL list.
Microsoft has just updated their checklist to include this
interim fix.
2.Apply the patch supplied by Microsoft when available.
Vendor Status:
We contacted Microsoft on June 8th 1999, eEye Digital Security
Team provided all information needed to reproduce the exploit.
and how to fix it. Microsoft security team did confirm the exploit
and are releasing a patch for IIS.
Related Links
Retina - The Network Security Scanner
http://www.eEye.com/retina/
Retina - Brain File used to uncover the hole
http://www.eEye.com/database/advisories/ad06081999/ad06081999-brain.html
Exploit - How we did it and the code.
http://www.eEye.com/database/advisories/ad06081999/ad06081999-exploit.html
NetCat - TCP/IP "Swiss Army knife"
http://www.l0pht.com/~weld/netcat/
Greetings go out to:
The former Secure Networks Inc., L0pht, Phrack, ADM, Rhino9,
Attrition, HNN and any other security company or organization
that believes in full disclosure.
Copyright (c) 1999 eEye Digital Security Team
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express
consent of eEye. If you wish to reprint the whole or any part of
this alert in any other medium excluding electronic medium,
please e-mail alert@eEye.com for permission.
Disclaimer:
The information within this paper may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any damages whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information is at the user's own risk.
Please send suggestions, updates, and comments to:
eEye Digital Security Team
info@eEye.com
www.eEye.com
-=-
Wired;
E-Commerce Sites: Open Sesame?
by Niall McKay
11:40 a.m. 15.Jun.99.PDT
A major security flaw in a Microsoft Web
server could allow crackers to take
complete control of e-commerce Web
sites, security experts warned Tuesday.
The flaw in Microsoft's Internet
Information Server 4.0 allows
unauthorized remote users to gain
system-level access to the server,
according to Firas Bushnaq, CEO of eEye,
the Internet security firm that discovered
it.
"This hole is so serious it's scary," said
Jim Blake, a network administrator for
Irvine, a city in southern California.
"With other [Windows NT] security holes,
crackers have needed to gain some level
of user access before executing code on
the server. This is different.... Anybody
off the Web can crack IIS," he said.
More than 1.3 million Microsoft IIS servers
are up and running on the Web. Nasdaq,
Walt Disney, and Compaq are among the
larger e-commerce operations run off the
server, according to NetCraft Internet
surveys.
Microsoft confirmed that the problem
exists and said that it is working on a fix.
Customers, however, have not been
notified.
"Normally we will post the problem and
the bug fix at the same time," said
Microsoft spokeswoman Jennifer Todd.
"We take these security issues very
seriously, and the patch will be available
[soon]."
The fix will be posted to Microsoft's
security Web site, "probably in the next
couple of days," Todd said.
The exploit is just one of a long list of
security flaws affecting IIS 4.0. In May,
security experts found an exploit that
enabled crackers to gain read access to
files held on IIS when they requested
certain text files.
Last summer, an exploit known as the
$DATA Bug granted any non-technical
Web users access to sensitive information
within the source code used in Microsoft's
Active Server Page, which is used on IIS.
And in January, a similar IIS security hole
was discovered, one that exposed the
source code and certain system settings
of files on Windows NT-based Web
servers.
But the latest problem appears to be the
most serious because of the level of
access it reportedly allows.
"The exploit gives crackers access to any
database or software residing on the Web
server machine," said Bushnaq. "So they
could steal credit-card information or
even post counterfeit Web pages."
For instance, crackers could exploit the
bug to modify stock prices at one of the
many news and stock information sites
running IIS.
The hole allows remote users to gain
control of an IIS 4.0 server by creating
what is known as a "buffer overflow" on
.htr Web pages -- an IIS feature
designed to enable users to remotely
change their passwords.
A buffer overflow can occur when a
system is fed a value much larger than
expected. In the case of the bug, the
Dynamic Link Library (DLL) governing the
.htr file extension, called ISM.DLL, can be
overloaded by running a utility that loads
too many characters into the library.
Once overloaded, the DLL is disabled and
the content of the overflow "bleeds" into
the system.
"Normally, this would just crash the
system," said Space Rogue, a member of
L0pht Heavy Industries, an independent
security consulting firm that last year
testified before the United States Senate
on government information security.
"But a good cracker can write an exploit
where the data that overflows will
actually be a executable program that will
run as machine code," said Space Rogue.
Such a move could give a cracker
complete control of the target system.
The overflow executable program can be
used to run a system-level program that
will deliver the equivalent of a DOS
command window to an attacker's PC.
To demonstrate the hole, eEye wrote a
program called IIS Hack that will enable
users to crack and execute code on any
IIS 4.0 Web Server.
However, disabling or removing the .htr
password utility will not fix the problem,
according to Bushnaq. "You have got to
go through a series of steps to remove
the faulty [code]."
Eeye discovered the problem while beta
testing a network security auditing tool.
"Remote exploits are about the most
serious problems you can have with a
Web server," said Space Rogue. "It gives
the attacker root privileges, so the
cracker not only has access to the IIS
server but [to] software running on that
machine."
"In many corporate sites today, this will
give the cracker access to the entire
network."
Eeye is a software development firm
specializing in security audit tools. Chief
executive Bushnaq previously founded the
electronic commerce site ECompany.com.
-=-
@HWA
45.0 Outlook Express 4.5 Email Bug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 16th 1999
From HNN http://www.hackernews.com/
contributed by deepquest
Maccentral.com is reporting on a bug in Outlook Express
4.5. Basically what it comes down to is if your machine
has more than one email account, and you know the
password for one account then you can gain access to
all the accounts. Pretty damaging hole for multi users
machines.
MacCentral Online
http://www.maccentral.com/news/9906/15.sonata.shtml
Email encryption problems should be solved in Sonata
by Dennis Sellers, dsellers@maccentral.com
June 15, 1999, 9:45 am ET
If you're using a free Mac email application, you inherently have a lack of secure
encryption as Andrew Jung, a computer science student at Camosun College
(Victoria BC, Canada), recently discovered. Jung was using Outlook Express 4.5
on the family iMac when he came upon what he described a "disturbing bug."
Jung attempted to use the "Change Current User" menu item of Outlook Express
to access his personal email account (three separate email accounts were on the
family Mac) when he realized he'd forgotten his password. He clicked "Cancel"
was returned to the account selection dialog.
"I selected my step father's account, typed in his password, and got a message
saying that his password was incorrect," Jung says. "I try again and again. No go.
Then for the heck of it I looked up my password for my account, tried it, and got
it. I did the procedure again over and over, and I can reproduce it every time.
Whatever account I click and then cancel, that is the password for all the
accounts."
The situation can be reproduced this way:
- Open Outlook Express and at the user account dialog select "New User."
In the settings type in any password you want.
- Select change user from File.
- Select the newly created account, then click "OK."
- Click cancel at the password prompt.
- Select the user's account you would like to break into, and click "OK."
- Type in YOUR password for the new account and you're in.
DON'T try this at work or to access anyone's email account without permission.
This was for "demonstration purposes" only.
MacCentral contacted the Microsoft Macintosh Business Unit at Microsoft, and
Product Manager Irving Kwong confirmed the problem. He says Outlook Express
doesn't encrypt mail data stored in the application - but that the problem isn't
unique to Microsoft's free email application.
"Encryption functionality of mail data does not exist in any free Macintosh email
application, as this level of security is best executed at the operating system level,"
Kwong says. "Outlook Express' password protection between multiple users on
the same computer is not secure. The password merely acts as a padlock on
users' personal preferences."
So what is a secure solution? Kwong says it's coming with the next ramp of the
Mac OS, codenamed Sonata.
"You may remember Sonata's new multiple user environment being demonstrated
at the WWDC," Kwong says (check out our story at
http://www.maccentral.com/news/9905/10.sherlock.shtml). "We have been
working on support for Sonata's multi-user functionality for Outlook Express and
demonstrated this technology at the WWDC. This is the first offering of
system-level security for multiple users sharing a Macintosh and is the best solution
for true support, as it ensures password and data security. For Outlook Express
customers and Macintosh users looking for a password secure solution for multiple
users sharing a computer, we suggest using the upcoming version of Outlook
Express with Sonata. The combination of Outlook Express and Sonata is a secure
solution for Macintosh users doing email from the same computer. "
Sonata is due in the second half of the year.
@HWA
46.0 Major Pirates Convicted
~~~~~~~~~~~~~~~~~~~~~~~
June 16th 1999
From HNN http://www.hackernews.com/
contributed by Warez Dude
Texan Convicted of Pirating $63mil, in Germany.
A German State court has sentenced a Texas man to
four years in prison for three counts of counterfeiting
Microsoft programs. Microsoft said that this case was
the "biggest in terms of the operation's sophistication
and the magnitude of damage."
Nando Times
http://www.techserver.com/story/body/0,1634,60053-95659-682086-0,00.html
Wired
http://www.wired.com/news/news/politics/story/20239.html
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2276234,00.html
Father and Son, Busted.
Father and son where convicted in Massachusetts of
conspiring to sell $20 million in stolen Microsoft
Software. The father was fined over $1 Million and
sentenced to almost six years in jail, the son was fined
$100,000 and got ten months in jail.
Nando Times
http://www.techserver.com/story/body/0,1634,60069-95685-682199-0,00.html
Nando Times;
Texan convicted of software piracy in Germany
Copyright © 1999 Nando Media
Copyright © 1999 Associated Press
AACHEN, Germany (June 15, 1999 3:33 p.m. EDT http://www.nandotimes.com) - A German state court convicted John-Joseph Staud, a
Texas man, on Tuesday of counterfeiting more than $63 million worth of Microsoft computer programs.
Staud, 39, was sentenced to four years in prison for three counts of counterfeiting patented programs and smuggling them into
Germany for commercial purposes.
Microsoft Corp. greeted the court's decision as "a meaningful signal" toward thwarting computer piracy. The software giant, based in
Washington state, said the counterfeit case was its biggest in terms of the operation's sophistication and the magnitude of damage.
The court denied Microsoft's request for damages, saying that should be handled by a court in England, where Staud allegedly ran a counterfeit
compact disc production plant and printing operation. He also faces charges in England.
Charges against Staud stemmed from a German customs office investigation last August that uncovered 300,000 counterfeited CD-ROMs with
programs such as MS Office, Windows 95, and Windows NT, along with 400,000 installation handbooks.
The materials, which had been smuggled into Germany, were found in a rented container and a warehouse in the town of Kreuzau, about 20
miles east of Aachen, which is located on the border with Belgium.
-=-
Wired;
Germany Jails Software Pirate
Reuters
4:30 p.m. 15.Jun.99.PDT
A German court sentenced an American
man to four years in prison without
probation Tuesday for importing illegally
copied Microsoft computer software.
It was the first time Germany has issued
a prison sentence in a crime involving
software piracy, Microsoft (MSFT) said.
"The 39-year-old Texan was sentenced
today for four years without probation," a
spokesman for the German regional court
of Aachen said.
The sentencing of the man, identified
only as John S., follows the seizure by
German customs officials of thousands of
illegal copies of Microsoft software
programs and manuals last August.
Microsoft said fraud was proved in several
instances in the case, with total damages
amounting to about 120 million marks
(US$64 million).
"This sentence is a breakthrough in
Germany and shows that counterfeiting
software is really a serious crime," Rudolf
Gallist, general manager of Microsoft
GmbH, said in a statement.
- - -
More MS Software Pirates Jailed: Three
more defendants in the "Crazy Bob's"
stolen software ring were sentenced this
week, federal prosecutors said Thursday.
The three are the latest to be sentenced
for their part in a conspiracy to sell
US$20 million in Microsoft Corp. software
stolen from a Massachusetts disc
manufacturer.
Marc Rosengard, an employee of Crazy
Bob's discount computer shop in
Wakefield, Mass., was sentenced on
Thursday to 33 months in prison and
three years supervised release, and must
pay $20,000 in restitution to Microsoft,
prosecutors said. Another defendant,
Maxine Simons, 59, was sentenced on
Wednesday by US District Court Judge
George O'Toole to two years and nine
months in prison and ordered to pay
restitution of $908,000, prosecutors said.
Her husband Robert Simons, who ran
Crazy Bob's, was given a 70-month prison
sentence on Tuesday. Their son, William
Simons, was sentenced to one year and
10 months on Tuesday. Also sentenced
on Wednesday was Gerald Coviello, 62, to
two years and six months in prison.
Maxine Simons and Coviello were
convicted of conspiracy to transport
stolen property following a three-week
jury trial in March. Among other misdeeds,
Crazy Bob's was accused of buying and
reselling 32,000 stolen copies of Microsoft
Office 97 Professional Edition. Worth $599
apiece, they were acquired from rogue
former employees of KAO Infosystems of
Plymouth, Massachusetts, which
manufactured the discs.
Copyright© 1999 Reuters Limited.
-=-
Nando Times #2
Sellers of $20 million of stolen software sentenced to prison
Copyright © 1999 Nando Media
Copyright © 1999 Reuters News Service
BOSTON (June 15, 1999 4:04 p.m. EDT http://www.nandotimes.com) - A father and son pair accused of conspiring to sell more than $20
million in Microsoft Corp. software stolen from a Massachusetts manufacturer were sentenced to prison, prosecutors said
Tuesday.
Robert Simons, 62, who ran Crazy Bob's discount software store in Wakefield, Massachusetts, was sentenced to five years and 10 months
imprisonment by U.S. District Judge George O'Toole Monday. Simons was also ordered to pay $908,000 in restitution to Microsoft and to forfeit
$440,000 to the federal government.
His son, William Simons, 35, a Crazy Bob's salesman, was sentenced to one year and 10 months in prison, and must pay $100,000 to
Microsoft, prosecutors said.
Crazy Bob's was accused of buying millions of dollars worth of computer discs stolen from KAO Infosystems, a disc manufacturer in Plymouth,
Massachusetts, by two ex-KAO workers.
The two former KAO employees pleaded guilty to related charges and were awaiting sentencing, prosecutors said.
Among other misdeeds, the Simons were accused of buying 32,000 stolen copies of Microsoft Office 97 Professional Edition, worth $599
apiece, and reselling them to CD-ROM outlets in California and Great Britain, prosecutors said.
@HWA
47.0 Fear of Y2K Raises Security Concerns
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 16th 1999
From HNN http://www.hackernews.com/
contributed by roach
Australia Concerned Over Y2K and Security
Fear that the Y2K bug will cause weaknesses in
computer security are being raised. Some companies are
spending money on Y2K issues and are ignoring
important security issues. The fear is that cyber attacks
may be misinterpreted as run of the mill Y2K problems.
Australia News
http://technology.news.com.au/techno/4297150.htm
Australian Financial Review
http://www.afr.com.au/content/990615/update/update38.html
DOD Plans for Possible Y2K Attack
The US DOD has started evaluating possible scenarios
for cyber attacks that may be masquerading as Y2K
computer glitches. While not saying how possible such
an attack may be DOD said it is just being prepared for
any contingency.
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0614/web-cybery2k-6-15-99.html
Australian News;
Bug scare aids cyber terror
By STEFANIE BALOGH
16jun99
THE Y2K bug has left computer systems around the world vulnerable to
cyber terrorist attacks when the new millennium dawns, an international
computing expert warned yesterday.
Constance Fortune, vice-president of Canada's Science Applications
International Corporation, said because companies had focused
resources on Y2K compliance, they had left their operations open to
other security risks.
Speaking at the 11th FIRST (Forum for Incident Response Security
Team) computer security conference in Brisbane, Ms Fortune said
amateur hackers and cyber criminals were poised to wreak havoc on
New Year's Day and beyond. She predicted the problems could be more
disastrous than any virus because multinational and government
computer systems would be at their weakest.
"Those who create viruses, worms and other destructive computer
phenomena have found ways to take advantage of the Y2K problem,"
she warned.
Ms Fortune said it was crucial for computer emergency response teams
to be able to determine whether system failure was the result of Y2K
problems or camouflaged security attacks.
Ms Fortune also said northern hemisphere firms would closely watch as
Australia embraced the millennium, hours before the US, Europe and
Britain.
"What happens in Australia as 2000 rolls in will provide us with a
much-appreciated early warning of what we can expect only hours
later," she said.
Her warnings were echoed by information technology security expert Bill
Caelli, who predicted the security problems caused by companies
focusing on Y2K compliance could continue for 12-18 months.
Professor Caelli, from the Queensland University of Technology, also
said business and government had "lost 20 years" of work on computer
security because they were more interested in cost-cutting.
He also called for the Australian Government to introduce tougher
legislation to force companies to upgrade information security and for
the Government to end the practice of outsourcing its IT capabilities.
-=-
Federal Computer Week;
JUNE 15, 1999 . . . 16:33 EDT
DOD preps for possible cyberattacks brought on
by Y2K
BY BOB BREWIN (antenna@fcw.com)
The Pentagon has started to develop plans that would shut back doors that
hook its global networks to the Internet in case cyberfoes try to use any Year
2000 computer date code snafus to mount a cyberattack.
Marvin Langston, deputy assistant secretary of Defense for command, control
communications and intelligence, declined to estimate the possibility of such a
cyberassault. He said the Pentagon has started to develop contingency plans
to protect its networks at the end of the year in case "cyberattackers try to
mask themselves in the confusion."
"We want to be able to close down our back doors," said Langston, speaking
at GovTechNet, a Washington, D.C., conference sponsored by FCW and the
Armed Forces Communications and Electronics Association.
Langston said hacker Web sites and discussion groups have mentioned seizing
the opportunity to launch cyberattacks against DOD by using any computer or
network that may be malfunctioning because of Year 2000 problems.
DOD "has to be prepared to deal with it," Langston said.
-=-
@HWA
48.0 Israeli Banks Thwart Attempted Cyber Break-In
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 16th 1999
From HNN http://www.hackernews.com/
contributed by LirA
Buried down in the fifth paragraph is a statement by
Bank of Israel Supervisor of Banks Dr. Yitzhak Tal, who
claims that the Israeli banking system has been the
target of "primitive and insignificant" cyber attacks.
Israel's Business Arena
http://www.globes.co.il/cgi-bin/Serve_Archive_Arena/pages/English/1.2.1.20/19990614/1
Tuesday , Jun 15, 1999 Sun-Thu at 18:00 (GMT+2)
Headlines
Tal: Hackers Tried to Break Into
Internet Banking Services
By Zeev Klein
Bank of Israel Supervisor of Banks Dr. Yitzhak
Tal is opposed to mergers between large banks,
because the Israeli banking system is still too
centralist. Briefing economic correspondents
yesterday upon the publication of the annual
banking system report for 1998, Tal said, "Its
impossible to draw comparisons between Israel
and the US or Europe. There, too, its still not
clear whats the cause for bank mergers. Were
different from them, and we must be more
careful."
According to Tal, mergers between small banks
are not really beneficial. "Im in favor of mergers
between small banks, and against mergers
between big banks. But a small bank plus a
small bank gives yet another small bank," Tal
said.
As for mergers between medium-size banks, Tal
said that the issue is under examination by the
Bank of Israel. He stressed, however, that "at
the moment were not faced with any specific
request on which we must take a decision. We
are rather seeking to work out our position in
principle on the issue. There are arguments both
ways. On the one hand, mergers between
medium-size banks will increase the centralism
of the system, which is very considerable as it
is. On the other hand, it may well be that a new
banking player that would compete with the
large banks will enhance competitiveness. Our
key consideration is improving competition,
rather than stability," Tal said.
Referring to the expansion of Internet banking
services, Tal said, "We dont have to be the trail
blazers on Internet worldwide. We must be
cautious, and see how this area develops
throughout the world."
Tal disclosed that hackers had recently
attempted to break into the Internet banking
system, but added that the efforts were primitive
and insignificant, and did not result in any real
damage to customers or to the banks.
Tal did not expect any Y2K-related massive
malfunction that might wipe out public deposits.
According to him, "Public deposits arent going
to be virtually wiped out.." Tal added that the
banks are taking the proper measures to cope
with Y2K.
Published by Israel's Business Arena June 14,
1999
@HWA
49.0 Navy Wants Tighter Network Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 16th 1999
From HNN http://www.hackernews.com/
contributed by Lif3r
The US Navy is looking into adding real-time intrusion
detection capabilities into its network defenses.
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0614/web-navy-6-15-99.html
JUNE 15, 1999 . . . 12:55 EDT
Navy looks to upgrade network security
BY DIANE FRANK (diane_frank@fcw.com)
As part of its overall security strategy, the Navy is looking at several new
auditing products that can offer real-time intrusion detection.
The Navy is using the auditing and other security features that are part of
Microsoft Corp.'s Windows NT and variations of the Unix operating system.
But the Navy can only use that technology to find out about intrusions into a
network after the fact, Cmdr. Larry Downs, director of operations for the
Navy Fleet Information Warfare Center, said today at the GovTechNet
conference in Washington, D.C.
Companies recently have released several products that will enable Navy
network administrators to learn about intrusions and attacks as the attacks
occur. The Navy is interested in incorporating the products into its network
security, Downs said.
"The Navy is looking closely at this and will probably look to buy in the very
near future," he said.
@HWA
50.0 IIS Hole Continues to Make News/Fix Available
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 17th 1999
From HNN http://www.hackernews.com/
contributed by Marc
The major hole publicly announced yesterday by eEye
Digital Security Team in Microsofts Internet Information
Server is continuing to make news.
Internet News
http://www.internetnews.com/prod-news/article/0,1087,9_139231,00.html
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2277295,00.html
eEye Releases Fix
Microsoft has issued a workaround for this bug however
it does break functionality such as /iisadmpwd/. eEye
Digital Security Team has released their own fix that
resolves the problem and preserves functionality. It
limits .htr requests to 200 characters, and logs the IP
address of the person trying the overflow. This is a
great deal better then the current recommendation from
Microsoft which is to just remove the .htr ISAPI filter.
eEye Digital Security Team
http://www.eeye.com/database/advisories/ad06081999/ad06081999-ogle.html
Microsft
http://www.microsoft.com/security/bulletins/ms99-019.asp
CERT Advisory Released
A day late and a dollar short CERT (Computer
Emergancy Responce Team) has released an advisory
concerning this major problem. Unfortunatly they forgot
to credit who found the problem.
CERT
http://www.cert.org/advisories/CA-99-07-IIS-Buffer-Overflow.html
Irresponsible Security Companies
This article on C|Net questions whether eEye did the
right thing by releasing their advisory before Microsoft
was ready with their patch. A quote in the article from a
Microsoft representative called this "contrary to all of
the normal rules of responsible security professionals."
[rant on] Bullshit. The company that has shown the
public how irresponsible they are is Microsoft. Microsoft
knew about this problem for a week but did nothing until
it was released to the public. It is extremely likely that
someone else found this hole and did not tell anyone.
They could have used this problem to install back doors
on most of the servers in the world without anyone
knowing. Microsoft could have stopped this action a
week earlier and didn't. Microsoft is the one who is not
acting like a 'responsible security professional'.[/rant
off]
C|Net
http://www.news.com/News/Item/0,4,37949,00.html?st.ne.fd.mdh.ni
C|Net;
Microsoft server bug wrongly publicized?
By Stephanie Miles, Stephen Shankland, and Wylie Wong
Staff, CNET News.com
June 16, 1999, 6:50 p.m. PT
Microsoft offered a temporary fix for a problem with its Web server software that lets attackers "inject" a program that
can run on a Windows NT-based system.
In the meantime, the manner in which the bug was reported and publicized is generating controversy.
The bug attacks Internet Information Server, Microsoft's software for serving up Web pages. Putting the right type of malicious
code into a page request can cause IIS to crash, or worse, let an attacker run whatever
programming code he wants.
Firas Bushnaq, CEO of Eeye, today accused Microsoft of dragging its feet to solving the problem.
His company alerted Microsoft on June 8, he said, but Microsoft told him to keep quiet about it.
Bushnaq said he went public yesterday because he felt Microsoft wasn't doing anything to resolve
the issue.
But Bushnaq didn't stop at just publicizing the bug, and that's where the controversy comes in:
EEye posted a program that will exploit the weakness, a move Microsoft says runs contrary to
established procedures for reporting and patching bugs.
Not surprisingly, Microsoft disputes Bushnaq's version of the story.
"You can send a 'malformed' or very long request to a Web server. It could cause a buffer overflow,
which means you can embed application code that will execute on the server," Bushnaq explained
of the bug.
"Anything that is residing on the Web server and everything connected to that--back-end databases, e-commerce information,
credit card information--could be accessible," he continued. "It is extremely important for people to fix it."
"We've got a security response process that we set up a year ago so that customers would have a place to report bugs and so
that we could respond to it quickly," countered Scott Culp, a security product manager for Microsoft. No confirmed problems
occurring as a result of the bug have been reported, he said.
"For reasons we don't understand, at the beginning of this week they [Eeye] suddenly went public with the bug. It's contrary to all
of the normal rules of responsible security professionals," he said. "You don't provide tools that malicious users can use to hurt
innocent people."
Microsoft rushed to post a workaround to the problem, but a true fix to patch the bug is not yet available. The workaround will
protect users from malicious or arbitrary code, Culp said.
"We're completing the patch right now, but we need to make sure that we've fully tested it. In the meantime, nobody needs to be
vulnerable because of the workaround," he said.
@HWA
51.0 World Braces for International Day of Action
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 17th 1999
From HNN http://www.hackernews.com/
contributed by barbie
Officials in Australia and around the world are bracing
for International Day of Action on June 18th known as
J18. June 18 is also the same day as the G8 meeting in
Cologne, Germany. J18 organizers are calling for
disruption of financial centers, banking districts and
multinational corporate power bases. Examples of
possible activities include picketing, street parties,
leafleting, rallies, marches, strikes, carnivals, and of
course 'hacking'.
Australian Financial Review
http://www.afr.com.au/content/990616/update/update37.html
Australian Financial Review - Yes, there are two stories
J18 hackers 'could target Australia'
on Friday
Australian companies could be targeted by computer
hackers this Friday as part of an international day of
action against big business, a computer security
conference was told today.
But for those companies without adequate computer
security, it may be too late to bolster defences, Byron
Collie, from Australian Federal Police's national
computer crime team said.
Mr Collie told the conference the international day of
action on Friday, known as J18, could include
cyberattacks on business and banking computer
networks.
The J18 action coincides with the G8 meeting in
Cologne, Germany.
The official J18 site on the Internet calls for people to
plan individual "actions" focusing on disrupting "financial
centres, banking districts and multinational corporate
power bases".
"It is up to the groups themselves to decide what to do
on the day," it says.
"Examples could include picketing, street parties,
leafleting, rallies, marches, strikes, carnivals, hacking,
blockades, whatever."
Mr Collie said there was a growing trend for computer
hacking to be politically motivated and for a number of
hackers to work in cooperation.
"Motivation for these (hacking) activities have changed
slightly from the usual teenage intruder-type activity," he
told the Computer Security Incident Handling and
Response conference.
"There's a lot more political and issue motivated
activities."
Mr Collie said one example of "hackdivism" occurred
during the Kosovo conflict when a Serbian computer
expert distributed an e-mail calling for all Serbs
throughout the world to launch a concentrated
cyberattack on the computer systems of NATO
countries.
Late last year, as Indonesia was preparing for its
elections, hackers shut down an East Timorese website
based in Ireland, he said.
"I would hope that you have every measure already in
place," he told the conference delegates.
AAP
@HWA
52.0 ECD Targets Mexican Government
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 17th 1999
From HNN http://www.hackernews.com/
contributed by stealth
The people at Electronic Civil Disobedience are planning
a virtual 'sit-in' in protest of the treatment of the
Zapatistas by the Mexican government. The sit-in will
basically be a DoS attack against several Mexican
government internet sites. This demonstration is
planned to take place on June 18 from 10:00am to
4:00pm Mexico City time.
Electronic Civil Disobedience
http://www.thing.net/~rdom/ecd/ecd.html
The June 18th Sit-in report from ECD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JUNE 18: THE VIRTUAL AND THE REAL
ACTION ON THE INTERNET AND IN AUSTIN, TEXAS
ZAPATISTA FLOODNET AND RECLAIM THE STREETS
by Stefan Wray, June 19, 1999, 6:00 CDT
"The resistance will be as transnational as capital."
On June 18, 1999, simultaneous with the G8 meeting in Koln, Germany, people all over the world
participated in actions and events under the banner "Reclaim The Streets." Email reports coming in today
indicate that 10,000 people gathered in Nigeria and that San Francisco drew crowds of around 500. More
news and reports of events will surely be posted in the coming days. What follows is a contribution to this
emerging body of material.
Reclaim the Streets European Headquarters http://www.gn.apc.org/rts/ Below are two separate and very
different reports. The first describes the results of the virtual sit-in called by the Electronic Disturbance
Theater opposing the Mexican government that involved thousands of people from 46 countries. The
second is a longer narrative account describing events as they unfolded in Austin, Texas, an action that
involved about 50 people and resulted in three arrests. It ends with some comments on hybridity, meshing
the virtual and the real.
THE VIRTUAL
On June 15, the Electronic Disturbance Theater began sending out email announcements urging people
to join in an act of Electronic Civil Disobedience to stop the war in Mexico. The call made in conjunction
with the Reclaim The Streets day of action was intended to introduce a virtual component to the
numerous off-line actions happening all over the world. But a strong motivation for the action was also
due to the fact that in recent weeks there has been a significantly higher level of government and military
harassment of Zapatista communities in Chiapas, with reports indicating as many as 5,000 Zapatistas
have fled their communities.
The suggested action was for people using computers to point their Internet browser to a specific URL
during the hours of 4:00 and 10:00 p.m. GMT. By directing Internet browsers toward the Zapatista
FloodNet URL, during this time period, people joined a virtual sit-in. What this meant was that their
individual computer began sending re-load commands over and over again for the duration of the time
they were connected to FloodNet. In a similar way that people were out in the streets, clogging up the
streets, the repeated re-load command of the individual user - multiplied by the thousand engaged -
clogged the Internet pathways leading to the targeted web site. In this case on June 18, FloodNet was
directing these multiple re-load browser commands to the Mexican Embassy in the UK.
(http://www.demon.co.uk/mexuk)
The results of the June 18 Electronic Disturbance Theater virtual sit-in were that the Zapatista FloodNet
URL received a total of 18,615 unique requests from people's computers in 46 different countries. Of that
total, 5,373 hits on the FloodNet URL - 28.8 percent - came from people using commercial servers in the
United States - the .com addresses. People using computers in the United Kingdom accounted for the
second largest number of participants, 3,633 or 19.5 percent. People with university accounts in the U.S.,
1,677 of them, made up the third largest category of participants at 9.0 percent. Interestingly, the fourth
largest category of participants came from .mil addresses, from the U.S. military, for which there were
1,377 hits on the FloodNet URL, at 7.4 percent. Included among the military visitors were people using
computers at DISA, the Defense Information Systems Agency. [In the same way that police help to block
the streets when they show up at a demonstration, the military and government computer visitors to the
FloodNet URL inadvertently join the action.] And the fifth largest group of participants were from
Switzerland with 1,276 or 6.8 percent.
The remaining 5,329, or 28.6 percent, of global participants in the June 18 virtual sit-in came from all
continents including 21 countries in Europe (Austria, Belgium, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Macedonia, Netherlands, Norway,
Poland, Portugal, Spain, Sweden and Yugoslavia), 7 countries in Latin American (Argentina, Brazil, Chile,
Colombia, Mexico, Peru and Uruguay), 6 countries in Asia (Indonesia, Japan, Malaysia, Singapore, South
Korea and Taiwan), 5 in the Middle East (Bahrain, Israel, Qatar, Saudi Arabia and Turkey), Australia and
New Zealand, Canada, Georgia (former Soviet Union), and South Africa.
The global Zapatista FloodNet action on June 18 is the first that the Electronic Disturbance Theater
called for in 1999. The group began in the spring of 1998 and launched a series of FloodNet actions
directed primarily against web sites of the Mexican government, but action targets also included the White
House, the Frankfurt Stock Exchange, the Pentagon. The highlight was in September when the group
showcased FloodNet at the Ars Electronica festival on Information Warfare in Linz, Austria. At that time
one of the targets of FloodNet was a U.S. Department of Defense web site. This action is noteworthy
because a Pentagon countermeasure since it may be one of the first known instances in which the DOD
has engaged in an offensive act of information warfare against a domestic U.S. target - an act some say
could have been illegal.
More details on the Electronic Disturbance Theater can be found at:
http://www.thing.net/~rdom/ecd/ecd.html
THE BEGINNING OF THE REAL
I turned off my computer, moved away from the screen, and left work at 5:00. My girlfriend picked me up
in the car and we passed by the bank so I could cash my paycheck. Good thing too. My balance had
literally been 99 cents. Then we drove to the radio station, KOOP, where we do a half-hour news
program every Friday.
It was hot inside the station, as it was outside. But the studio was nice and cool, so we sat there and
waited for the Working Stiff show to end and the news to begin. We listened to John do a phone interview
with someone from the pipe-fitters union. They were talking about a strike.
We started off the news with a long piece from A-Infos about the World Trade Organization. It was a
decent article but a bit too long to read on the air. The piece ended with a call for people to travel to
Seattle later in the year to oppose the third WTO ministerial conference.
After the news we walked over to join a handful of IWW folks who put out the Working Stiff Journal. They
were at Lovejoys, a bar with a decent selection of beer just off 6th Street.
I started talking to a few friends about the war in Yugoslavia and an idea I'd had that it might good to form
a focus group on the history, present, and future of war. The idea being that the left doesn't really
understand war anymore, or rather, that the left is using the same techniques to oppose war that it used
30 years ago, but that the way wars are fought has changed. The few who I talked to supported the idea
and had some good suggestions.
RUTA MAYA
After swilling down a few pints, at around 7:30, my girlfriend and I left Lovejoys and drove over to Ruta
Maya. All I knew was that the Critical Mass bike ride was to end up there. And the ride was Austin's effort
to be part of the global Reclaim The Street actions that were happening all over the world.
Ruta Maya is a coffee shop in downtown Austin's warehouse district. They import coffee from Chiapas.
Local activist groups often stage benefits and events there.
When we got to Ruta Maya people from the bike ride were already filtering in. They had started the ride
up by the university. I wasn't on the ride so I only heard snapshots of what had happened. But I learned
that a few had spent the previous night working on some stickers that said, "Closed" and "Out of Order."
These were to put on ATM machines and other relevant symbols of capital. The ride passed by the Gap.
For a moment Gap workers were harassed for selling clothes manufactured in sweatshops.
The crowd inside and outside on the elevated sidewalk was a mix of Ruta Maya regulars, people who
came to hear an acoustic guitarist playing inside, customers of Ruta Maya's cigar shop, anyone who
happened to be walking by, and of course the cyclists from the Critical Mass/RTS ride.
First I talked to some people involved in Free Radio Austin, a local micropower radio station shut down by
the FCC a few weeks ago - which is incidentally scheduled to go back on the air today. We didn't talk
about that, but about some of the problems with a new space here called Pueblos Unidos. A long story,
but basically there is a power struggle among the original tenets of this allegedly collective warehouse
space on the eastside of Austin. Too complicated to go into here. Conversations about Pueblos Unidos,
the Grassroots News Network, and Point A threaded through the evening.
The riders included people I've know from Earth First!, from the local bicycle activist scene, and a whole
new set of folks from Point A who I dont really know. I just thought that Ruta Maya was a gathering point
after the ride was finished. But it turned out to be something else.
THE STREET After not long, some people started talking about how to encourage others to start
standing out in the street in front of Ruta Maya. People had just finished the ride and were all charged up
with energy. A moment later, two young riders were moving a construction barricade and a few orange
cones into the lane of traffic coming from the west. While at the other end of the block a group took similar
barricades and placed them to stop traffic coming from the east.
And then, one at a time, people started leaving the sidewalk or leaving the edges of the street to stand
out in the middle. For a little while there were just about 10 people. A few standing near the barricade. A
few more down at the other end of the street. And more starting to filter out right in front of Ruta Maya. I
actually hadn't anticipated this. I wanted to sit down so I asked someone to pass me down a chair from
the elevated sidewalk.
I sat on the chair in the middle of one lane. Someone else picked up another chair and sat down near me.
With barricades on both ends of the block, people sitting in chairs, cars lurching forward slowly and trying
to get out, others in Ruta Maya started to take notice, and those less inclined to be the first ones to
venture out into the street, followed. A Ruta Maya worker came out and said that needed his chair back. I
didn't argue. Ruta Maya is a cool place. And by sitting there momentarily it had served to encourage a few
more to join.
Soon there were people in both lanes of traffic out in front of Ruta Maya. At its peak maybe there were as
many as 50. Not a huge crowd. Enough to reclaim the street - temporarily. But not enough to remain once
the police started to arrive. And of course they did.
But before the police showed up, a few of the people whose idea it was to reclaim this particular section
of street spoke loudly and explained what Reclaim The Streets was all about. Small flyers titled "Whose
City Is This Anyway?" were passed out. And people started doing a "cheer" of sorts. Lacking were drums
or other instruments that are always good for stirring up a crowd.
THE POLICE
I first noticed a brown shirted Sheriff's deputy get out of a sports utility vehicle. But he simply walked by,
seemingly oblivious to what was happening. Soon thereafter the bike cops showed up. Like a number of
urban police forces in the U.S., Austin has its police-on-bicycle contingent, mostly used for patrolling the
busy downtown area.
The bike cops started to move around the crowd and address people whom they thought might be
leaders. I was actually standing with my back turned, talking to a friend, when one bike cop came up to
us. Maybe because I was smoking a cigar he thought I was a 'revolutionary leader'. (Just kidding.)
Anyway, the bike cop said to us, "I'm contacting my supervisor and if you aren't out of the street in ten
minutes, we are going to start making arrests."
I told the bike cop that I wasn't in charge. But anyway, my friend and I passed on this warning to a few
others. So when the three police vans and the handful of marked and unmarked cars showed up - to
inadvertently block the streets themselves - we were not surprised.
The three vans barreled down the road from the east and the marked and unmarked cars from the west,
stopping right at the intersection of 4th and Lavaca. Obviously, given that there were not many of us and
given that we had neither anticipated nor were we prepared to take a stand, we mostly filtered back off
the street and onto the side.
But there were a few who - for whatever reason - were not so content to give up the street that quickly.
Bike cops and regular police officers stood in the street in between the three vans and the rest of us on
the side of the road. People were jeering at the cops. I didn't see exactly what happened - or what
precipitated it - but in a flash a group of cops lunged forward and pulled someone from out of the crowd
on the side, not even someone who was standing closer to the police, but someone behind another. And
then another was arrested. And then a third.
People were yelling and screaming and the cops: "You fucking pigs!"; "Don't you have any real criminals
to arrest"; "Whose street? Our street!" They remained for awhile longer. Tensions quieted down. And the
vans and the marked and unmarked cars drove off.
All through this, my girlfriend had been trying to call a few local media outlets. She was at the payphone in
front of Ruta Maya. At one point she told me she had got through to KXAN. But no media ever showed up.
With the police gone, three of us on the way to jail, a number of the riders - who had only wanted to ride
their bikes and not get involved with this mess - on their way out, the ones who had planned this Austin
Reclaim The Street action bewilderedly consulted about how next to proceed. My girlfriend and I had both
been arrested before and were quite familiar with the process. She knew the inside of Austin's jail and
something about the procedure for getting out. She offered her advice to the younger activists and was
ready to leave them to it. But I suggested maybe we ought to also go down to the police station to help
sort things out. So we did.
THE POLICE STATION
By the time we parked the car and got inside the police station, there was already a crowd of perhaps 20
people, mostly sitting on the floor, inside the area where you ask about new arrestees. It looked like we
were now reclaiming the police station, rather than the street!
We weren't sure if the two young women and one young man were taken to this station. And there was
speculation that they could have taken them to any number of substations throughout the city, as they are
sometimes apt to do.
None of the people whose idea it was to reclaim the section the street in front of Ruta Maya were
prepared for arrests, and in Austin there aren't really known activist lawyers - like in some U.S. cities -
readily available to help in moments like this. Although a few of the people who ended up being in the
Austin RTS action were seasoned activists, most seemed to be people who had never actually had to
deal with police arrests before. Or if they had, they certainly hadn't made any arrangements in advance.
So everything was handled on the spot.
My girlfriend has a friend who is a lawyer who has helped her out in the past. While she was on the
phone to her, others were over at the main desk waiting to hear if in fact the three were at this station and
what they were being held for. Finally, at some point between 9:30 and 10:00 we learned that yes in fact
the three had been brought to this station, and what the charges were.
One was charged with a Class C misdemeanor for refusing to obey the order of a police officer. Another
was charged with a Class C misdemeanor for disorderly conduct. But the third was charged with a Class
B misdemeanor, a more severe level, for "inciting a riot."
First of all, there was no riot, by any stretch of the imagination. But more importantly, the young woman
charged with inciting a riot - as I later learned - had merely begun to yell out a cheer. She had said, "Give
me a 'P'," - and was probably going to spell "PIG" - at which point the cops lurched forward to grab her
from out of the crowd.
My girlfriend's friend who is a lawyer advised us that it would be best if a boisterous crowd did not linger
in the police station waiting area as it might only antagonize them and encourage them to hold the three
longer. So a group drifted off and went to Lovejoys - the bar where we had started the evening off earlier.
My girlfriend and I, and a couple of friends of the people being detained, remained at the police station.
We learned that the two with Class C misdemeanors would be able to be released for $200 bond,
although it wouldn't be until much later in the night, actually the wee hours of the mo
rning, but that the
young woman charged with inciting a riot would have to wait until a judge came at 10:30 in the morning.
When we saw that it was senseless to wait at the police station any longer, the rest of us left as well,
joining others back at Lovejoys where we drank from pitchers of beer, mulled over what had just
transpired, and continued an earlier thread about some of the internal dynamic of the new warehouse
space in Austin called Pueblos Unidos.
THE NEXT MORNING In the middle of the night the two with Class C misdemeanors were bailed out. And
at 10:30 or so on June 19, my girlfriend's lawyer friend - a bit begrudgingly - had to go down to the station
to deal with the magistrate and help the one with the inciting riot charge get released. My girlfriend went
back to the police station in the morning as well - in part to console her lawyer friend who had had to be
bothered on a Friday evening she was spending with her husband who works out of town all during the
week. She was able to help get the one with the inciting riot charge out of jail, by being able to visit her
while in custody and explain the procedure for getting a personal release - but did not agree to be the
lawyer for these cases.
Compounding factors were that two of the people arrested, including the one with the inciting a riot
charge, had just returned to the country - literally on the afternoon of June 18 - after having been in
Guatemala and Mexico.
Now, a criminal lawyer will need to be found. People will have to spend precious and limited resources on
the entire legal process. Those who must return to court will have added stress and worry. And what
started out as evening or revelry ends up in the onerous world of the courts.
AFTERTHOUGHTS ON THE REAL
Several things are clear. While a degree of planning for this action was undertaken - in that minimally a
date, time, and place were chosen and the action was given some form and content - there definitely
were important elements in the planning process that were overlooked. The first, obviously being that it
should have been known by the people whose intent it was to reclaim the street to realize that this sort of
activity generally falls outside the boundary of the law, that the police were likely to show up, and that
arrests were possible. And that given the possibility of arrest, contingency plans should have been made:
i.e. there should have been a lawyer on stand by and even some sort of legal observer.
The second oversight was that there was no attention given to drawing in media, nor were any of the
participants using any audio or video recording devices. No photographs nor any videotape of the above
arrests were made to supply concrete evidence demonstrating that in fact the Class B misdemeanor
inciting to riot charge is ludicrous. And finally it seems that the nature and purpose of the action was not
made clearly manifest to passersby or to unconnected people sitting inside or outside of Ruta Maya.
All of these things - legal preparation, media work, and public relations - are aspects of street actions that
are fairly important. And there are clearly people in Austin who have strong skills in all of these areas and
whose services could have been called upon. I'm not sure, but I think the Austin RTS action was a last
minute one, pulled off by just a few people who didn't have time to do everything needed.
I don't want to sound too critical. During the moment - albeit a short one - there was a temporary
autonmous zone. People did in fact reclaim a portion of a street. But the cost of doing this is that several
people now unwittingly must face the hassle and expense of the court system.
HYBRIDITY: THE VIRTUAL AND THE REAL One year ago I wrote a few short pieces with the theme of
hybridity, talking about the goal of developing actions that combined on-line (virtual) and off-line (real)
elements. In part this was a reaction to criticism the Electronic Disturbance Theater received which
claimed that by acting purely in the virtual realm we were isolating ourselves from people who focused
more or all of their attention on doing things in the street or in the flesh. We tried to introduce this idea of
Electronic Civil Disobedience to the community of activists who every year, for the past few anyway, have
gone to the School of the Americas to participate in the more traditional civil disobedience style of action.
And at a national conference on civil disobedience held in Washington, DC, this past January, two from
the EDT were part of a panel discussion on Electronic Civil Disobedience. Even so, this notion of joint
computer-based and street-based actions has a long way to go. There is still a disjuncture, a gap,
between what's happening now on the Net and what people are doing on the street. Many people
engaged in yesterday's street action in Austin, for example, probably had no idea that the virtual
component was even taking place.
EDT's participation in the global RTS actions is another step in developing both the theory and practice of
this sort of joint engagement. The Internet is inherently global and so Internet-based actions seem to be a
logical match with global street actions. But this is not to say that the particular example of FloodNet is the
most ideal way of meshing the street and Net together. The FloodNet action is something that individuals
may join from their computers at home, work, or in an educational environment. Even though acting
simultaneously, jointly, the participants in the on-line and off-line actions in this case may have been
completely different sets of people. What can be done differently?
Some examples from Amsterdam and London over the course of the last few years are instructive. During
demonstrations against a meeting of the EU in Amsterdam - which involved massive police presence in
the streets - people created web pages in which they mapped out the location of the police. The pages
were constantly updated with relevant information to demonstrators from people sending in email
messages or calling in from pay phones or cell phones. In another example, in London during an
occupation/takeover of a Shell office, activists used a portable laptop connected to a cell phone to send
out announcements to the media and others once they were inside. They were also able to directly
update a web site during the occupation.
Austin's Reclaim The Street action was about as low tech as you can go. The most sophisticated
technology were probably the bicycles used for the first part of the action. Clearly there was no digital
technology. No interface with the Net. The closest to this was probably when my girlfriend used the
payphone right in front of Ruta Maya to unsuccessfully call media as the police were making arrests. For
a moment she tapped in to the telephone infrastructure - which is basically what the Internet is.
What would have happened or what could happen in the future if we are able to enhance these sorts of
street actions with a real-time audio and video presence? Imagine if on the elevated sidewalk in front of
Ruta Maya and out on the street several people had had video cameras and they were taping the entire
action. Further imagine that there were cables running from the cameras to the interior of the café where
people were sitting with laptop computers capable of handling video input and these laptops were
connected to a phone line in the café - a live stream of audio and video being netcast about the RTS
action to a global audience.
Video recording and netcasting the street action may not have prevented people from being arrested, but
it certainly would have captured a public record and people other than the participants and the observers
at Ruta Maya would have known about it. As it stands there is no recorded imagery or audio of the Austin
RTS action. Nor have there been any reports about it in the local media. Nor does anyone on the Net -
apart from those reading this - know about it.
One would think that in a town such as Austin - one credited as having one of the fastest growing
economies in the U.S. largely linked to the high tech computer industry - that activists here would have
the wherewithal to develop these sorts of uses of seemingly readily available digital technology. But there
are obstacles. Some of the obstacles are ideological, perhaps. A lingering anti-technology critique. Some
of the obstacles are economic. A genuine lack of access. Some obstacles may simply be that the ideas
are still new.
To conclude - well at least to stop, concluding may be too premature right now - in addition to an obvious
need for more attention to some basic legal, media, and publicity training, there is a need to think about
and to experiment more with ways of bringing the street and the Net closer together. We should address
this question: how do we bring what is happening on the street onto the Net?
The Zapatista FloodNet action in conjunction with the global Reclaim The Street actions is an example of
real-virtual hybridity at a world-wide level. But it is only one form and it lies within the area of Internet as
site for resistance and direct action. Finally, then, it seems there are at least two important areas where
further exploration is needed: the first, greater experimentation with other forms of on-line action and
electronic civil disobedience to be used jointly with actions on the street; the second, greater
experimentation with bringing the street and the Net closer together so that what happens on the street is
netcast in real-time onto the Net to a global audience.
END
@HWA
53.0 Cyber Attacks in Australia Double
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 17th 1999
From HNN http://www.hackernews.com/
contributed by Code Kid
The Australian Computer Emergency Response Team
(AusCERT) is claiming that cyber attacks in Australia
have doubled over the last year. They claim that there
has been a sharp rise in DoS attacks and recommend
that companies have strong security and policies in
place.
Sydney Morning Herald
http://www.smh.com.au/news/9906/16/text/business4.html
Australian Computer Emergency Response Team
http://www.auscert.org.au/
Sydney Morning Herald'
On guard against hacker attacks
Date: 16/06/99
By KIRSTY NEEDHAM
The average hacker is no longer a clever but disgruntled techno-geek. Security experts warned yesterday that dangerous programs, ready for download and use
against corporate Web sites, were being uncovered by simple keyword searches on the Internet.
Hacker attacks in Australia have doubled this year, according to the Australian Computer Emergency Response Team (AusCERT), which has seen around 1,500
incidents. AusCERT is part of an international organisation, CERT, that co-ordinates efforts against Internet security breaches.
One of the latest security problems has been a rise in "denial of service" attacks, where a Web site is crippled by a flood of requests for information.
"This can be easy to do and there are tools available to would-be hackers," said Mr Eric Halil, AusCERT operations manager. "You don't have to be an expert to
use them."
Mr Halil said many Web sites were also being "probed" by automated scanning tools. "It is difficult to determine what the motives are. Some people are joy riders -
they like to break and enter systems.
"Others like breaking into well-known systems like financial institutions. They earn kudos with their peers," he said.
A Forum of Incident Response and Security Teams (FIRST) conference in Brisbane this week is being attended by members from the military, business, government
and academia in 22 countries.
"Incidents tend to be international in nature. Even the local hacker around the corner breaking into a university will break in overseas first to cover the trail," said Mr
Byron Collie, an agent with the Australian Federal Police who is on secondment to the Australian defence forces' directorate of information warfare.
The FBI estimates that 80 per cent of attacks are made by disgruntled employees, with 20 per cent coming from outside the organisation.
However, Mr Collie said this was shifting towards 50 per cent as companies failed to take adequate security measures.
"Organisations need to have a security policy in place, including incident response procedures, if they want to conduct e-commerce or have any connectivity to the
Internet," said Mr Collie.
"Early law enforcement contact and protocols in handling evidence will ensure it is admissible in court. If it is left until the last minute or files have been bandied
around in e-mail, it jeopardises prosecutions."
Mr Mowgli Assor, a computer security specialist with Ohio State University, said there had been an increase in both hacking incidents and the tools available to
attack computer networks.
Infoguard, an incident response team set up by the FBI in March, was part of a move by the US Government to raise awareness of computer attacks, Mr Assor
said.
A reluctance by embarrassed companies to report attacks to the police or FBI had been seen as a problem, he said.
"Disgruntled teenagers are growing up and not shedding their ways. Hackers have been becoming smarter and taking more careful approaches. Break-ins are harder
to detect and protect against," Mr Assor said.
@HWA
54.0 SmartCards Next Stop for Internet Crime
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Next stop? its already happening, see section 20.0 ... -Ed)
June 17th 1999
From HNN http://www.hackernews.com/
contributed by chippy
The Australian Institute of Criminology has released a
report that claims that SmartCards will be the next stop
for high-tech criminals. These new crimes will force
officials to develop new forensic processes and tool to
be able to extract data from such small storage devices.
Australian Financial Review
http://www.afr.com.au/content/990616/inform/inform2.html
Australian Institute of Criminology
http://www.aic.gov.au/
Australian Financial Review;
Smartcards may be set
to revolutionise crime
By Helen Meredith
Cyber crimebusters warn that smartcards will be the next
target for digital law breakers, with the technology
lending itself to concealment of data from law
enforcement agencies.
According to a report released yesterday by the Institute
of Criminology, smartcards may have the single greatest
impact on the conduct of crime in our society with their
ability to store, process and secure significant quantities
of data.
They are expected to make the job of policing and
bringing cyber criminals to book complicated, with
experts forced to develop new forensic processes and
tools that will enable them to analyse and extract data
from digital storage devices such as smartcards.
Entitled What is Forensic Computing? the AIC report
was released to coincide with the opening of an
international conference in Brisbane on the handling of
computer security incidents.
The Federal Minister for Justice, Senator Amanda
Vanstone, speaking during the plenary session of the
FIRST Conference, said: "We are used to seeing
computer hackers portrayed in the media as youthful
idealists who are simply engaging in a bit of mischievous
fun."
This did not match up with the reality of computer crime,
she said. Damaging digital data and communications had
the potential to ruin businesses and seriously affect
national economic interests, with criminals using digital
technology both to commit crimes and hide their
activities.
Senator Vanstone said a survey of businesses carried out
by the Office of Strategic Crime Assessment in the
Attorney-General's Department, in conjunction with the
Victorian Police and consultant Deloitte Touche
Tohmatsu, had shown that about a third of firms in the
banking, technology, communications and computer
sectors had suffered unauthorised use of their systems in
the previous 12 months.
The proportion of these attacks originating externally had
increased, a trend that was expected to continue. Until
recently, most assaults on computer systems had been
identified as internal, usually involving disgruntled
employees. Authorities were also concerned that about
42 per cent of businesses had not reported such external
cyber intrusions.
"I doubt very much that two in five businesses would fail
to call in the police should the intrusion involve a physical
breach of their security, such as a break and enter, even
if nothing was taken," she said.
The use of high-grade encryption, the loss of the human
interface in financial transactions and the lack of a paper
trail were serious impediments to law enforcement.
AIC director Dr Adam Graycar said investigating
sophisticated crimes and assembling the necessary
evidence for presentation in a court of law had become a
significant issue for police.
A new specialist law enforcement field, forensic
computing, had arisen as a result. This involved
identifying digital evidence and preserving it through the
investigation process.
@HWA
55.0 Internet Was Designed without Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 17th 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
Why are viruses and 'evil hackers' seemingly running
rampant all over the internet? Because in the beginning
it was designed that way. Take a romp through the
early formative years of the net, all in six or seven
paragraphs.
Washington Post
http://www.washingtonpost.com/wp-srv/WPlate/1999-06/15/150l-061599-idx.html
Vipers In the Sandbox
Used to Be, the Internet Was a Safe Place to Play
By John Schwartz
Washington Post Staff Writer
Tuesday, June 15, 1999; Page C01
Why are the newspapers full of reports of hackers defacing government
Web sites and nasty viruses wreaking havoc on computers around the
world?
In no small part it is a cultural problem that goes back to the '60s origins of
personal computing and the Internet. Many of the Internet pioneers were
bearded longhairs, academics and engineers whose techno-hippie ethos
suffused their new world. They knew each other, were part of a
community. Trust was the rule. The early Internet was much more about
openness and communication than walls and locks. The faults it was
supposed to correct were in the machines, not in us: corrupted packets,
not corrupted morals.
"Once upon a time there was the time of innocence," says Clifford Stoll,
whose work tracking down European hackers became a popular book,
"The Cuckoo's Egg." "Once upon a time computers were not used except
in academia, where there really is nothing that's mission-critical. Once upon
a time computers were mainly play toys for the techno-weirds--techie play
toys."
In that environment, hacking was part of the fun of what Stoll has called the
early Internet "sandbox."
"In that environment, there seems to be a cachet of 'Hey! I wrote a virus!
Hee-ho!' In that environment, it seems funny to break into somebody else's
computer. . . . It seems somewhat innocent to read somebody else's
e-mail."
It started with hacking telephone systems. The founders of Apple
Computer--Steve Jobs and Steve Wozniak--got their start in business
peddling "blue boxes"--little devices that allowed users to hack the
telephone network and make long-distance calls for free. These "phone
phreaks" were seen by some as cultural heroes--free spirits striking a blow
against the suits, the evil corporations seen as the enemies of spontaneity
and creativity.
Once computer systems were connected by networks, "remote hacking
was an attractive challenge," Internet pioneer Vinton Cerf recalls via
e-mail. "Surreptitiously making your way into the operating system from
your secret hideout. . . . Much of the motivation was like picking locks or
scaling walls--just to see if you could do it. Harm was not the objective,
most of the time."
Katie Hafner, who has written books about the history of the Internet and
about the lives of hackers, says that this metaphor of nerds at play is
compelling--and accurate. "It was a big open playscape for these guys,"
she says. "The Net was built as a completely open community. People
would actually be offended if files were protected." To be sure, there were
some early nods to security issues--the fledgling ARPANET, the precursor
to today's Internet, required passwords. It was funded by the military, after
all. However, "the subtext was this was an open community because this
was an experiment," Hafner says.
It was built by guys like Jon Postel, the Internet pioneer who died last year.
Postel had a vision of an Internet that didn't need a center to survive, a
network that could be governed by standards and consensus without ever
putting anybody in charge. Utopian? Sure. Vulnerable? Uh-huh.
That culture rejected attempts to create computer operating systems that
incorporated security from the ground up, but were complex and
cumbersome. Computer security expert Peter Neumann says: "Viruses
exist only because of the shortsightedness of subsequent developers who
almost completely ignored the security problems" that some designers had
effectively solved.
The problem is that the Net caught on, and in the biggest possible way.
The anarchic, antiauthoritarian, don't-tell-us-how-to-run-our-lives ethic
that defined the burgeoning network--and is still held out by most of the
experts as the source of its vitality and strength--has retained that early
vulnerability. Broader penetration of the Internet into society meant
broader penetration of society into the Internet; it became more like the
real world, and the real world is a tough place.
In '60s terms, the idea of free spirits being outside the control of central
authority was the best of all possible worlds. But with no one in charge, it
was damnedly hard to plug security holes.
A big wake-up call came in 1988 when Robert T. Morris Jr., then a
student at Cornell University, released a computer program that
single-handedly crashed systems across the Internet. His father, a famous
programmer and security expert, was of the generation that had hacked for
fun. Morris Jr. didn't mean to bring down the Net. "His mischief was kind
of in the spirit of the Net," says Hafner. But by then the Internet was no
longer a playscape, and the damage was real.
Of course if the Net's problem is anarchy, the problem with personal
computers is monarchy: Bill Gates. Microsoft "is indeed the evil empire
when it comes to robust infrastructures," says Neumann.
Two viruses that recently swept through the world's computers, Melissa
and Explore.zip, took advantage of the fact that so many millions of PCs
run on a suite of Microsoft's programs. The company's latest offerings
include security options--but the options are turned off at the factory. The
security measures make computing a little clunkier, and cut users off from
some of the bells and whistles that Microsoft writes into its programs. Says
computer security expert Eugene Spafford of Purdue University, it's as if
consumers "said they wanted faster cars," and so the vendors maximize
speed by providing "faster cars, but with no brakes and no air bags!"
Release a virus that attacks that company's software specifically, and "it's
analogous to the Spaniards bringing smallpox to the Incas," he says. "There
was no immunity--they just wiped everybody out. . . . We've really set up
our environment in an unsafe way."
Of course today's Internet is a mirror of society. It may have been
conceived in a spirit of trust and information wanting to be free and good
practical jokes. But today it's about--money. The frontier is getting settled
by corporations worth billions, all of which are promising to sell us our
future.
They have to deliver, so anti-virus programmers and network security
consultants have a market opportunity.
It's a tough time for a system that was created in an age of innocence. It
will be interesting to see if a network strong enough to survive nuclear
attack can survive its own success.
© Copyright 1999 The Washington Post Company
@HWA
56.0 Original Apple I On the Auction Block
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 17th 1999
From HNN http://www.hackernews.com/
contributed by Cuda
What is being called the first Apple I ever sold will soon
be sold via auction. The Auctioneers are expecting bids
to go well over $40,000. One of of approximately 200
that where ever built this one includes original
documentation including the original 8-page manual. The
auction company will accept absentee bids online.
Better hurry. The live bidding starts on Tuesday June
29, at 11 a.m
La Salle Auctions
http://www.lasallegallery.com/framemac.htm
@HWA
57.0 Microsoft Calls eEye Irresponsible
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
A week after notifying Microsoft of a major hole in its
Internet Information Server 4.0 eEye Digital Security
Team went public with the information and published an
exploit for the hole. The Microsoft spin machine labeled
this action as 'Irresponsible'. The finger here should not
be pointed at eEye who did the honorable thing by
alerting the public and posting a real fix before
Microsoft, but should instead be pointed at Microsoft for
creating bad software, and even worse, concealing the
information for up to a week. Unfortunately these
articles don't seem understand that.
LA Times
http://www.latimes.com/HOME/BUSINESS/t000054445.html
Nando Times
http://www.techserver.com/story/body/0,1634,61071-97188-693078-0,00.html
The UK Register
http://www.theregister.co.uk/990618-000010.html
Associated Press - Via San Jose Mecury News
http://www.mercurycenter.com/breaking/docs/078774.htm
InfoWorld
http://www.infoworld.com/cgi-bin/displayStory.pl?990617.hneeye.htm
eEye Digital Security Team
http://www.eeye.com/
Microsoft
http://www.microsoft.com/security/bulletins/ms99-019.asp
Late Update
Well, at least Forbes gets it.
Forbes
http://www.forbes.com/tool/html/99/Jun/0618/mu5.htm
Forbes;
Microsoft's security secret
By Benjamin Polen
EW YORK. 12:45PM EDTMicrosofts
(nasdaq: MSFT) failure to immediately alert
customers of a serious security flaw in its
Internet Information Server (IIS) could hurt the
companys image and cost it customers as the
software giant tries to establish a position within the
competitive marketplace of mission-critical server
applications.
Microsoft knew about the vulnerability for a week but
tried to delay telling customers until it could prepare
a software patch.
But Microsofts efforts to suppress notification of the
IIS bug ultimately backfired and proved embarrassing
when eEye, a privately held network security
company, took the information to the public on
Tuesday.
eEye detected the bug during a beta test of a
security program and alerted Microsoft of the
problem on June 8. The vulnerability is so severe that
anyone with modest programming skills and an
Internet connection can gain complete control over a
web server running IIS, which runs on 22.3% of the
web servers on the Internet, according to research
firm Netcraft.
Despite the severity of the problem, Microsoft
stopped responding to eEye's E-mails after June 11,
according to Firas Bushnaq, CEO of eEye. After
several days, eEye decided to post an advisory on
its web site on Tuesday. The CERT Coordination
Center, a federally funded computer security
research institute at Carnegie-Mellon University,
posted an advisory on the following day, lending
credence to eEye's concerns.
Firas Bushnaq said his company acted because
Microsoft was "not taking the vulnerability seriously."
When Microsoft still had not publicly acknowledged
the vulnerability six hours after eEye posted the
advisory, the security company went a step further
and published source code that could be used
against the IIS bug. "When it was at that level, we
decided we had to release the exploit, we would
definitely get more attention," said Bushnaq.
For its part, Microsoft was not pleased with eEyes
decision to issue an advisory, much less any source
code that could be used against their product.
Microsoft deems eEyes full disclosure decision as
"irresponsible" and "beyond comprehension,"
according to Jason Garms, Microsofts lead product
manager for Windows NT security.
The disagreement between Microsoft and eEye
highlights a burgeoning culture clash in the computer
world where traditional corporate secrecy collides
with the free-information ethos of the Net.
On its web site, eEye explained why it felt justified in
posting the advisory and the source code. "Our
responsibility to our clients and the whole network
community is to disclose as many details as
possible.
This is the way we can contribute to the
security community and keep software vendors
working hard at producing more robust products."
For its part, Microsoft hoped that by keeping
knowledge of the vulnerability secret, it could protect
its customers until a patch had been developed and
tested. "Frankly, the feedback from customers is
that they dont want us to go and publicize our bugs
before we have fixes for our problems," Garns said.
But at least one industry analyst questions
Microsofts handling of the situation. "If you want
your customers to depend on your products for
mission-critical applications, then you have to avoid
at all costs any kind of behavior that suggests youre
not to be trusted and youre not dependable," said
Eric Hemmendinger, a senior analyst at the
Aberdeen Group. "Having a problem occur is one
thing. But not acknowledging it is another issue
altogether. For that people should hold them
accountable."
Hemmendinger compared Microsofts attitude toward
corporate information technology managers with that
of a rude guest. "Its like an immature person being
invited to the party and not behaving responsibly.
This is not the kind of behavior that gets you invited
back to the party," he said.
The situation could come back to haunt Microsoft as
it tries to attract new corporate customers. "If you
are considering using IIS and you become aware of
things like this in Microsoft's behavior you got to
take this into consideration," Hemmendinger said. "If
they really want to be accepted in the data center
this is not the right behavior."
-=-
UK register;
Posted 18/06/99 12:33pm by John Lettice
Major MS Web Server security hole exposed,
plugged
Security outfit eEye has roused Microsoft's ire and garnered itself some cheap
publicity by going public with information on what it says is a serious security flaw in
Microsoft's Internet Information Server (IIS) 4.0. The move hasn't helped the company's
relationship with Microsoft any, but it seems to have triggered the appearance of a
swift patch, full fix to follow.
According to eEye the flaw allows arbitrary code to be run on any web server running
IIS 4.0, and by using a buffer overflow bug in the software attackers can remotely
execute code to enable access to all data on the server." So it's a serious one,
although Microsoft says it hasn't had any reports of the security hole being used so far.
eEye accuses Microsoft of failing to give the problem the attention it deserved. The
company claims to have hassled MS for days, but "after the fifth day of reporting the
bug to Microsoft, they stopped responding to our emails." So the company went public
with the problem three days later, as an attempt to force Microsoft's hand.
Microsoft swiftly posted a patch, but accuses eEye of irresponsibility in publicising a
problem before a fix had been found. There's some justification in that, but there's also
some in the view that being able to announce "we've found a hole, but we fixed it" is
better than having to confirm "Yike, there's a huge security hole in our product." ®
@HWA
58.0 Has the FBI Overreacted?
~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
Scott Peterson has some interesting commentary about
the recent crackdown of the FBI on web graffiti artists.
The government has compared recent cracks to the use
of terrorist weapons such as chemical and biological
weapons. Mr. Peterson says it is nothing of the sort and
that the recent crackdown fosters images of
McCarthyism. Definitely some interesting viewpoints
here and worth the time to read.
PC Week
http://www.zdnet.com/pcweek/stories/news/0,4153,406619,00.html
** Sorry the ZDNet nazis have cut and paste prevention in their html code so I
couldn't reprint the article here.(And you can't either for personal record
wtf kind of lame action is that?). the reason I do reprint the articles is
because often times (see previous section links for examples) the stories are
unavailable or pay only for archives, if anyone knows how to thwart ZDNet's
(or anyone elses) anti cut and paste tactics email me hwa@press.usmc.net! and
no view source doesn't work either ...
59.0 Printer at Spa War Compromised
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
contributed by Silicosis
Ron Broersma, from the Space and Naval Systems
Warfare Center, has claimed that Russians where able
to redirect print jobs destined for a local printer back to
Russia. While such a hack is possible in theory the
difficulties of doing so would make it seem unlikely. DNS
cache corruption seems like the most likely scenario. It
is too bad that Mr. Broersma did not respond to the
authors of this article with confirmation.
CMP Net
http://www.techweb.com/wire/story/TWB19990617S0007
Russians Hack U.S. Printer
(06/17/99, 10:56 a.m. ET)
By Lee Bruno and Robin Gareiss, Data Communications
Welcome back, Cold War. It looks as though
the Russians might be up to their old tricks,
if the infiltration of the network at the Space
and Naval Systems Warfare Center (Spa
War) in San Diego, Calif., is any indication.
The incursion was discovered by Ron Broersma, a Spa
War networkoperations engineer, when a local network
print job took an unusually long time. Monitoring tools
revealed a file had been hijacked from the printing
queue, sent to a server in Russia, and finally back to the
Spa War printer. Broersma concluded the network
intruder had hacked into the printer, and reconfigured
routing tables on equipment elsewhere on the Spa War
network to ship the file to Russia.
Broersma relayed his account of the network printer
hack at a recent meeting of the North American
Network Operators' Group. He said he secured Spa
War's printers after the attack by resetting router filters,
and by eliminating older printers that, he said, are
especially vulnerable.
"It turned out to be a real tough problem for us," he
said.
Broersma has not returned subsequent phone calls for
further comment, however. It's also not known who the
Russian server belonged to, or what information was
compromised.
Networked printers are known to be especially
vulnerable to hacking attacks. They have their own IP
addresses, and they run various standard protocols that
can be exploited. To make matters worse, printer
vendors haven't added any strong security features to
their products that would protect them against
break-ins.
@HWA
60.0 Popular Singapore Sites Defaced
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
contributed by lamer
Two high profile sites in Singapore where recently
defaced. MediaCity and Television Corporation Of
Singapore. Unfortunately no mirrors of either site are
available.
The Electric New Paper
http://newpaper.asia1.com.sg/spore/nplo05.html
(link dead)
@HWA
61.0 DOD Says its CRAP! (Mustn't be Scottish)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
DOD Labels Software as 'Crap'
contributed by Code Kid
Art Money, senior civilian IT official for the Defense
Department, while speaking at at the GovTechNet
International Conference in Washington, D.C, said "The
quality of software we're getting from vendors today is
crap, vendors are not building quality in."
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0614/web-crap-6-17-99.html
JUNE 17, 1999 . . . 15:17 EDT
Contractors' software 'crap,' says top DOD IT
official
BY BOB BREWIN (antenna@fcw.com)
The Pentagon's top information technology official sharply criticized, in the
plainest possible language, the quality of software that IT contractors currently
supply to the Defense Department.
"The quality of software we're getting from vendors today is crap," said Art
Money, senior civilian official, who is acting as assistant secretary of Defense
for command, control, communications and intelligence.
"Vendors are not building quality in," Money said today at the GovTechNet
International Conference in Washington, D.C. "We're finding holes in it."
DOD buys hundreds of millions of dollars worth of software each year,
including everything from shrink-wrapped packages designed to run on the
desktop to customized systems running millions of lines of code.
The quality of much of the software that DOD is receiving is so poor, Money
said, that he is worried about the future of the U.S. software industry. Money
predicted that if the U.S. software industry does not get its act together, it
could suffer the same fate as the U.S. automobile manufacturing industry, with
software sales moving offshore to Japan, for example.
@HWA
62.0 DOE Still Unsecure
~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
contributed by Space Rogue
Even after one of the worst cases of spying in US
history a special investigative report has found that the
Department of Energy is not taking computer security
seriously. The report labels computer security practices
at DOE as "naive at best and dangerously irresponsible
at worst."
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0614/web-report-6-16-99.html
Science at its Best, Security at its Worst - DOE Security Report
http://jya.com/pfiab-doe.htm
Federal Computer Week;
JUNE 16, 1999 . . . 17:24 EDT
Cybersecurity holes persist at DOE labs, study
finds
BY DANIEL VERTON (dan_verton@fcw.com)
Despite what may be the worst spy case in U.S. history involving nuclear
weapon design data, the computer networks at the nation's five weapons
laboratories continue to be "riddled with vulnerabilities," according to a report
by a special investigative panel of intelligence and security officials.
According to the report, "Science at its Best, Security at its Worst," issued this
month by the President's Foreign Intelligence Advisory Board, midlevel
managers throughout the Energy Department have responded to the recent
Chinese spy scandal with a "business as usual" attitude, while foreign nationals
residing in "sensitive countries" continue to have unmonitored remote dial-up
access to lab networks.
The three-month study uncovered recurring problems with DOE's computer
security program, including poor labeling and tracking of computer media,
problems with lax password enforcement on laboratory computer
workstations and a significant failure to control access to sensitive and
classified networks.
Computer security methods throughout DOE over the last two decades have
been "naive at best and dangerously irresponsible at worst," the report said. In
fact, "computer systems at some DOE facilities were so easy to access that
even department analysts likened them to 'automatic teller machines,'
[allowing] unauthorized withdrawals at our nation's expense," the report said.
Security audits also uncovered what the report calls "remarkable" lapses in
addressing security problems and procedural gaps at many DOE labs.
According to the report, it took DOE 31 months to write and approve a
network security plan, 24 months to order security labels for mislabeled
software, 20 months to ensure that improperly stored classified computer
media had been safeguarded and 51 months to properly safeguard
cryptographic material used to secure telephones. It even took 11 months to
remove a deceased employee from classified document access lists, according
to the report.
The report also outlined instances of classified information being placed on
unclassified networks well after the department had developed a corrective
action plan in July 1998. "The predominant attitude toward security and
counterintelligence among many DOE and lab managers has ranged from
half-hearted, grudging accommodation to smug disregard," the report
concluded.
-=-
** A few diagrams were omitted from this report go to the url at jya
fo see the report with diagrams (they're most useful NOT)... - Ed
24 June 1999: Revise links to PFIAB report at the White House.
23 June 1999: Link to DOE Secretary Richardson's June 22 Senate testimony.
22 June 1999: Add notice on Senate joint hearings.
[Congressional Record: June 21, 1999 (Digest)]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
Monday, June 21, 1999
Daily Digest
Senate
COMMITTEE MEETINGS FOR TUESDAY,
JUNE 22, 1999
(Committee meetings are open unless otherwise indicated)
Senate
Committee on Armed Services: with the Select Committee on Intelligence,
and with the Committee on Energy and Natural Resources, and with the
Committee on Governmental Affairs, to hold joint hearings on the
President's Foreign Intelligence Advisory Board's report to the
President: Science at its Best; Security at its Worst: A Report on
Security Problems at the U.S. Department of Energy, 9:30 a.m., SD-106.
18 June 1999: Add balance of HTML conversion.
15 June 1999. Thanks to the White House Office of the PFIAB (202) 456-2352.
From: Jane_E._Baker@pfiab.eop.gov
To: jya@jya.com, dellaratta@exchangemonitor.com, jhorowitz@tribune.com,
bullfrog@enteract.com, catpano@nytimes.com, jpcarson@mindspring.com
Date: Tue, 15 Jun 1999 15:34:33 -0400
Subject: PFIAB RPT
See attached file: Report of Presidents Foreign Intelligence Advisory Board, "Science At Its Best, Security At Its Worst: A Report on Security Problems at
the U.S. Department of Energy," June, 1999:
http://www.whitehouse.gov/WH/EOP/pfiab/pfiab_report.pdf (72 pages; 420K)
See attached file: Unclassified Appendix to PFIAB Report:
http://www.whitehouse.gov/WH/EOP/pfiab/appendix.pdf (34 pages; 191K)
Source: http://www.whitehouse.gov/WH/EOP/pfiab/pfiab_report.pdf
SCIENCE AT ITS BEST
__________________________
SECURITY AT ITS WORST
A Report on Security Problems at the
U.S. Department of Energy
[Presidential Seal]
____________________________
A Special Investigative Panel
Presidents Foreign Intelligence Advisory Board
JUNE 1999
ABSTRACT
On March 18, 1999, President William J. Clinton requested that the Presidents Foreign Intelligence Advisory Board (PFIAB) undertake an inquiry and issue a
report on the security threat at the Department of Energys weapons labs and the adequacy of the measures that have been taken to address it.
Specifically, the President asked the PFIAB to address the nature of the present counterintelligence security threat, the way in which it has evolved over the last two
decades and the steps we have taken to counter it, as well as to recommend any additional steps that may be needed. He also asked the PFIAB to deliver its
completed report to the Congress, and to the fullest extent possible consistent with our national security, release an unclassified version to the public.
In response, the Honorable Warren B. Rudman, Chairman of PFIAB, appointed board members Ms. Ann Z. Caracristi, Dr. Sidney Drell, and Mr. Stephen
Friedman to form the Special Investigative Panel and obtained detailees from several federal agencies (CIA, DOD, FBI) to augment the work of the PFIAB staff.
Over the past three months, the panel and staff interviewed more than 100 witnesses, reviewed more than 700 documents encompassing thousands of pages, and
conducted onsite research and interviews at five of the Department of Energys national laboratories and plants: Livermore, Los Alamos, Oak Ridge, Pantex, and
Sandia.
The panel has produced a report and an appendix of supporting documents, both of which are unclassified to the fullest extent possible. A large volume of classified
material, which was also reviewed and distilled for this report, has been relegated to a second appendix that is available only to authorized recipients. This report
examines:
The 20year history of security and counterintelligence issues at the DOE national laboratories, with an emphasis on the five labs that focus on
weaponsrelated research;
The inherent tension between security concerns and scientific freedom at the labs and its effect on the institutional culture and efficacy of the
Department;
The growth and evolution of the foreign intelligence threat to the national labs, particularly in connection with the Foreign Visitors Program of the labs;
The implementation and effectiveness of Presidential Decision Directive No. 61, the reforms instituted by Secretary of Energy Bill Richardson, and
other related initiatives; and,
Additional measures that should be taken to improve security and counterintelligence at the labs.
PANEL MEMBERS
The Honorable Warren B. Rudman, Chairman of the Presidents Foreign Intelligence Advisory Board. Senator Rudman is a partner in the law firm of Paul,
Weiss, Rifkind, Wharton, and Garrison. From 1980 to 1992, he served in the U.S. Senate, where he was a member of the Select Committee on Intelligence.
Previously, he was Attorney General of New Hampshire.
Ms. Ann Z. Caracristi, board member. Ms. Caracristi, of Washington, DC, is a former Deputy Director of the National Security Agency, where she served in a
variety of senior management positions over a 40year career. She is currently a member of the DCI/Secretary of Defense Joint Security Commission and recently
chaired a DCI Task Force on intelligence training. She was a member of the Aspin/Brown Commission on the Roles and Capabilities of the Intelligence Community.
Dr. Sidney D. Drell, board member. Dr. Drell, of Stanford, California is an Emeritus Professor of Theoretical Physics and a Senior Fellow at the Hoover
Institution. He has served as a scientific consultant and advisor to several congressional committees, The White House, DOE, DOD, and the CIA. He is a member
of the National Academy of Sciences and a past President of the American Physical Society.
Mr. Stephen Friedman, board member. Mr. Friedman is Chairman of the Board of Trustees of Columbia University and a former Chairman of Goldman, Sachs,
& Co. He was a member of the Aspin/Brown Commission on the Roles and Capabilities of the Intelligence Community and the Jeremiah Panel on the National
Reconnaissance Office.
PFIAB STAFF
Randy W. Deitering, Executive Director
Mark F. Moynihan, Assistant Director
Roosevelt A. Roy, Administrative Officer
Frank W. Fountain, Assistant Director and Counsel
Brendan G. Melley, Assistant Director
Jane E. Baker, Research/Administrative Officer
PFIAB ADJUNCT STAFF
Roy B., Defense Intelligence Agency
Karen DeSpiegelaere, Federal Bureau of Investigation
Jerry L., Central Intelligence Agency
Christine V., Central Intelligence Agency
David W. Swindle, Department of Defense, Naval Criminal Investigative Service
Joseph S. OKeefe, Department of Defense, Office of the Secretary of Defense
TABEL OF CONTENTS
FOREWORD I-IV
FINDINGS 1
ROOT CAUSES 7
An International Enterprise 7
Big, Byzantine, and Bewildering Bureaucracy 8
Lack of Accountability 10
Culture and Attitudes 11
Changing Times, Changing Missions 12
RECURRING VULNERABILITIES 13
Management and Planning 13
Physical Security 18
Screening and Monitoring Personnel 20
Protection of Classified and Sensitive Information 21
Tracking Nuclear Materials 22
Foreign Visitors Program 23
ASSESSMENTS 29
Responsibility 29
Record of the Clinton Team 30
The 1995 Walk-In Document 30
W-88 Investigation 31
Damage Assessment 35
PDD-61: Birth and Intent 36
Timeliness of PDD-61 37
Secretary Richardsons Initiatives 38
Prospects for Reforms 39
Trouble Ahead 40
Back to the Future 41
REORGANIZATION 43
Leadership 43
Restructuring 46
RECOMMENDATIONS 53
ENDNOTES
APPENDIX
Map of DOE Installations
Chronology of Events
Chronology of Reports on DOE
Damage Assessment of Chinas Acquisition of U.S. Nuclear Information
Presidential Decision Directive 61
Bibliography
FOREWORD FROM THE SPECIAL INVESTIGATIVE PANEL
For the past two decades, the Department of Energy has embodied science at its best and security of secrets at its worst.
Within DOE are a number of the crown jewels of the worlds governmentsponsored scientific research and development organizations. With its record as the
incubator for the work of many talented scientists and engineersincluding many Nobel prize winnersDOE has provided the nation with farreaching advantages.
Its discoveries not only helped the United States to prevail in the Cold War, they undoubtedly will continue to provide both technological benefits and inspiration for
the progress of generations to come. The vitality of its national laboratories is derived to a great extent from their ability to attract talent from the widest possible
pool, and they should continue to capitalize on the expertise of immigrant scientists and engineers. However, we believe that the dysfunctional structure at the heart of
the Department has too often resulted in the mismanagement of security in weaponsrelated activities and a lack of emphasis on counterintelligence.
DOE was created in 1977 and heralded as the centerpiece of the federal solution to the energy crisis that had stunned the American economy. A vital part of this
new initiative was the Energy Research and Development Administration (ERDA), the legacy agency of the Atomic Energy Commission (AEC) and inheritor of the
national programs to develop safe and reliable nuclear weapons. The concept, at least, was straightforward: take the diverse and dispersed energy research centers
of the nation, bring them under an umbrella organization with other energyrelated enterprises, and spark their scientific progress through closer contacts and
centralized management.
__________________________________
At the birth of DOE, the brilliant
scientific breakthroughs of the nuclear
weapons laboratories came with a troubling
record of security administration.
Twenty years later, virtually every one
of its original problems persists.
However, the brilliant scientific breakthroughs at the nuclear weapons laboratories came with a very troubling record of security administration. For example,
classified documents detailing the designs of the most advanced nuclear weapons were found on library shelves accessible to the public at the Los Alamos
laboratory. Employees and researchers were receiving little, if any, training or instruction regarding espionage threats. Multiple chains of command and standards of
performance negated accountability, resulting in pervasive inefficiency, confusion, and mistrust. Competition among laboratories for contracts, and among researchers
for talent, resources, and support distracted management from security issues. Fiscal management was bedeviled by sloppy accounting. Inexact tracking of the
quantities and flows of nuclear materials was a persistent worry. Geographic decentralization fractured policy implementation and changes in leadership regularly
depleted the small reservoirs of institutional memory. Permeating all of these issues was a prevailing cultural attitude among some in the DOE scientific community
that regarded the protection of nuclear knowhow with either fatalism or naiveté.
Twenty years later, every one of these problems still existed. Most still exist today.
__________________________________
The panel found a department saturated
with cynicism, an arrogant disregard
for authority, and a staggering pattern
of denial.
In response to these problems, the Department has been the subject of a nearly unbroken history of dire warnings and attempted but aborted reforms. A cursory
review of the open-source literature on the DOE record of management presents an abysmal picture. Second only to its worldclass intellectual feats has been its
ability to fend off systemic change. Over the last dozen years, DOE has averaged some kind of major departmental shakeup every two to three years. No
President, Energy Secretary, or Congress has been able to stem the recurrence of fundamental problems. All have been thwarted time after time by the intransigence
of this institution. The Special Investigative Panel found a large organization saturated with cynicism, an arrogant disregard for authority, and a staggering pattern of
denial. For instance, even after President Clinton issued Presidential Decision Directive 61 ordering that the Department make fundamental changes in security
procedures, compliance by Department bureaucrats was grudging and belated.
Time after time over the past few decades, officials at DOE headquarters and the weapons labs themselves have been presented with overwhelming evidence that
their lackadaisical oversight could lead to an increase in the nuclear threat against the United States. Throughout its history, the Department has been the subject of
scores of critical reports from the General Accounting Office (GAO), the intelligence community, independent commissions, private management consultants, its
Inspector General, and its own security experts. It has repeatedly attempted reforms. Yet the Departments ingrained behavior and values have caused it to continue
to falter and fail.
PROSPECTS FOR REFORMS
We believe that Secretary of Energy Richardson, in attempting to deal with many critical security matters facing the Department, is on the right track in some, though
not all, of his changes. We concur with and encourage many of his recent initiatives, and we are heartened by his aggressive approach and command of the issues.
But we believe that he has overstated the case
when he asserts, as he did several weeks ago, that Americans can be reassured: our nations nuclear secrets are,
today, safe and secure.
After a review of more than 700 reports and studies, thousands of pages of classified and unclassified source documents, interviews with scores of senior federal
officials, and visits to several of the DOE laboratories at the heart of this inquiry, the Special Investigative Panel has concluded the Department of Energy is incapable
of reforming itselfbureaucratically and culturallyin a lasting way, even under an activist Secretary.
The panel has found that DOE and the weapons laboratories have a deeply rooted culture of low regard for and, at times, hostility to security issues, which has
continually frustrated the efforts of its internal and external critics, notably the GAO and the House Energy and Commerce Committee. Therefore, a reshuffling of
offices and lines of accountability may be a necessary step toward meaningful reform, but it almost certainly will not be sufficient.
Even if every aspect of the ongoing structural reforms is fully implemented, the most powerful guarantor of security at the nations weapons laboratories will not be
laws, regulations, or management charts. It will be the attitudes and behavior of the men and women who are responsible for the operation of the labs each day.
These will not change overnight, and they are likely to change only in a different cultural environmentone that values security as a vital and integral part of
daytoday activities and believes it can coexist with great science.
We are convinced that when Secretary Richardson vacates the office his successor is not likely to have a comparable appreciation of the gravity of the Departments
past problems, nor a comparable interest in resolving them. The next Secretary of Energy will not have spent months at the tip of the sword created by the recent
public outcry over DOE mismanagement of national secrets. Indeed, the core of the Departments bureaucracy is quite capable of undoing Secretary Richardsons
reforms, and may well be inclined to do so if given the opportunity.
Ultimately, the nature of the institution and the structure of the incentives under a culture of scientific research require great attention if they are to be made compatible
with the levels of security and the degree of commandandcontrol warranted where the research and stewardship of nuclear weaponry is concerned. Yet it must be
done.
THE PFIAB INQUIRY
The PFIAB panel is fully aware of the many recent allegations of management failures surrounding the Department of Energy and questions about the subsequent
roles of entities such as the Department of Justice, the Federal Bureau of Investigation, and the Central Intelligence Agency. Much of the research we conducted has
relevance to these allegations. However, the depth and the complexity of the issues call for examinations by institutions with greater resources and a wider charter:
namely, Congress and standing executive agencies of the federal government.
In the 90 days of our inquiry, the PFIAB panel conducted numerous interviews with senior federal officials who agreed to speak candidlywith the understanding
that they would not be identified by nameabout DOEs problems and recent events. On balance, the panel finds that some very damaging security compromises
may have occurred, as alleged by some in recent weeks. But we believe that in matters of intelligence and counterintelligence, one cannot brush off the reality that
conclusions are often intrinsically based on probabilities, rather than certainties.
Leaders, of course, are often obliged to act, and should act, based on the probability of impending danger, not only its certainty. And those entrusted with the public
weal are indisputably served better by having more information about risks than less. So the panel would like to note the contributions of those who have helped to
raise the publics awareness of the risks to national security posed by problems at DOE. Although we do not concur with all of their conclusions, we believe that
both intelligence officials at the Department of Energy and the members of the Cox Committee made substantial and constructive contributions to understanding and
resolving security problems at DOE. As we note later in this report, we concur on balance with the damage assessment of espionage losses conducted by the
Director of Central Intelligence. We also concur with the findings of the independent review of that assessment by Admiral David Jeremiah and his panel.
Our mandate from President Clinton was restricted to an analysis of the structural and management problems in the Departments security and counterintelligence
operations. We abided by that. We also recognize the unique nature of the assignment given to us by the President. Never before in its history of more than 35 years
has the PFIAB prepared a report for release to the general public. As a result, we have taken pains to ensure that the language of this report is plain English, not
bureaucratese, and that the findings of the report are stated directly and candidly, not with the indirection and euphemisms often employed by policy insiders.
SOLUTIONS
Our panel has concluded that the Department of Energy, when faced with a profound public responsibility, has failed. Therefore, this report suggests two alternative
organizational solutions, both of which we believe would substantially insulate the weapons laboratories from many of DOEs historical problems and promote the
building of a responsible culture over time. We also offer recommendations for improving various aspects of security and counterintelligence at DOE, such as
personnel assurance, cybersecurity, program management, and interdepartmental cooperation under the Foreign Intelligence Surveillance Act of 1978.
The weapons research and stockpile management functions should be placed wholly within a new semiautonomous agency within DOE that has a clear mission,
streamlined bureaucracy, and drastically simplified lines of authority and accountability. Useful lessons along these lines can be taken from the National Security
Agency (NSA) or Defense Advanced Research Projects Agency (DARPA) within the Department of Defense or the National Oceanographic and Atmospheric
Administration (NOAA) within the Department of Commerce. The other alternative is a wholly independent agency, such as the National Aeronautics and Space
Administration (NASA). There was substantial debate among the members of the panel about these two alternatives. Both have strengths and weaknesses. In the
final analysis, the decision rests in the hands of the President and the Congress, and we trust that they will give serious deliberation to the merits and shortcomings of
the alternatives before enacting major reforms. We all agree, nonetheless, that the labs should never be subordinated to the Department of Defense.
With either proposal it will be important for the weapons labs to maintain effective scientific contact on nonclassified scientific research with the other DOE labs and
the wider scientific community. To do otherwise would work to the detriment of the nations scientific progress and security over the long run. This argument draws
on history: nations that honor and advance freedom of inquiry have fared better than those who have sought to arbitrarily suppress and control the community of
science.
__________________________________
The nuclear weapons and research
functions of DOE need more autonomy,
a clearer mission, a streamlined bureaucracy,
and increased accountability.
However, we would submit that we do not face an either/or proposition. The past 20 years have provided a controlled experiment of a sort, the results of which
point to institutional models that hold promise. Organizations such as NASA and DARPA have advanced scientific and technological progress while maintaining a
respectable record of security. Meanwhile, the Department of Energy, with its decentralized structure, confusing matrix of crosscutting and overlapping
management, and shoddy record of accountability has advanced scientific and technological progress, but at the cost of an abominable record of security with deeply
troubling threats to American national security.
Thomas Paine once said that government, even in its best state, is but a necessary evil; in its worst state, an intolerable one. This report finds that DOEs
performance, throughout its history, should have been regarded as intolerable.
We believe the results and implications of this experiment are clear. It is time for the nations leaders to act decisively in the defense of Americas national security.
Warren Rudman
Chairman of the Presidents Foreign
Intelligence Advisory Board
Ms. Ann Caracristi
Board Member
Dr. Sidney Drell
Board Member
Mr. Stephen Friedman
Board Member
FINDINGS
On March 18, 1999, President Clinton tasked the Foreign Intelligence Advisory Board to review the history of the security and counterintelligence threats to the
nations weapons labs and the effectiveness of the responses by the U.S. government. He also asked the Board to propose further improvements.
This report, based on reviews of hundreds of source documents and studies, analysis of intelligence reports, and scores of interviews with senior level officials from
several administrations, was prepared over the past 90 days in fulfillment of the Presidents request.
BOTTOM LINE
Our bottom line: DOE represents the best of Americas scientific talent and achievement, but it has also been responsible for the worst security record on secrecy
that the members of this panel have ever encountered.
The national labs of the Department of Energy are among the crown jewels of the worlds governmentsponsored scientific research and development organizations.
With its record as the incubator for the work of many talented scientists and engineersincluding many Nobel prize winnersit has provided the nation with
farreaching advantages. Its discoveries not only helped the United States to prevail in the Cold War, they will undoubtedly provide both technological benefits and
inspiration for the progress of generations to come. Its vibrancy is derived to a great extent from its ability to attract talent from the widest possible pool, and it
should continue to capitalize on the expertise of immigrant scientists and engineers. However, the Department has devoted far too little time, attention, and resources
to the prosaic but grave responsibilities of security and counterintelligence in managing its weapons and other national security programs.
FINDINGS
The preponderance of evidence accumulated by the Special Investigative Panel, spanning the past 25 years, has compelled the members to reach many definite
conclusionssome very disturbingabout the security and wellbeing of the nations weapons laboratories.
As the repository of Americas most advanced know-how in nuclear and related armaments and the home of some of Americas finest scientific
minds, these labs have been and will continue to be a major target of foreign intelligence services, friendly as well as hostile. Two landmark events, the
end of the Cold War and the overwhelming victory of the United States and its allies in the Persian Gulf War, markedly altered the security equations and outlooks of
nations throughout the world. Friends and foes of the United States intensified their efforts to close the technological gap between their forces and those of America,
and some redoubled their efforts in the race for weapons of mass destruction. Under the restraints imposed by the Comprehensive Test Ban Treaty, powerful
computers have replaced detonations as the best available means of testing the viability and performance capabilities of new nuclear weapons. So research done by
U.S. weapons laboratories with high performance computers stands particularly high on the espionage hit list of other nations, many of which have used increasingly
more sophisticated and diverse means to obtain the secrets necessary to join the nuclear club.
______________________________________
Snapshot: DOE Weapons Operations
Percentage of Budget: Roughly $6 billion, a
third of the Departments $18 billion FY99 budget.
Allocation of Weapons-Related Budget:
Defense Programs $4.4 billion
Nonproliferation/Nat. Sec. 0.7
Fissile Material Disposal 0.2
Naval Reactors 0.7
Number of Contract Employees: 34,190
Number of Contract Employees Per Lab
Los Alamos 6,900
Sandia 7,500
L. Livermore 6,400
Pantex 2,860
Oak Ridge (Y-12) 5,500
Kansas City 3,150
Nevada Test Site 1,880
SOURCE: DEPT. OF ENERGY FIELD FACTBOOK, MAY 1998
More than 25 years worth of reports, studies and formal inquiriesby executive branch agencies, Congress, independent panels, and even DOE
itselfhave identified a multitude of chronic security and counterintelligence problems at all of the weapons labs (See Appendix). These reviews
produced scores of stern, almost pleading, entreaties for change. Critical security flawsin management and planning, personnel assurance, some physical security
areas, control of nuclear materials, protection of documents and computerized information, and counterintelligencehave been cited for immediate attention and
resolution
over and over and over
ad nauseam.
The opensource information alone on the weapons laboratories overwhelmingly supports a troubling conclusion: their security and
counterintelligence operations have been seriously hobbled and relegated to low-priority status for decades. The candid, closeddoor testimony of
current and former federal officials as well as the content of voluminous classified materials received by this panel in recent weeks reinforce this conclusion. When it
comes to a genuine understanding of and appreciation for the value of security and counterintelligence programs, especially in the context of Americas nuclear
arsenal and secrets, the DOE and its weapons labs have been Pollyannaish. The predominant attitude toward security and counterintelligence among many DOE and
lab managers has ranged from halfhearted, grudging accommodation to smug disregard. Thus the panel is convinced that the potential for major leaks and thefts of
sensitive information and material has been substantial. Moreover, such security lapses would have occurred in bureaucratic environments that would have allowed
them to go undetected with relative ease.
Organizational disarray, managerial neglect, and a culture of arroganceboth at DOE headquarters and the labs themselvesconspired to create
an espionage scandal waiting to happen. The physical security efforts of the weapons labs (often called the guns, guards, and gates) have had some isolated
shortcomings, but on balance they have developed some of the most advanced security technology in the world. However, perpetually weak systems of personnel
assurance, information security, and counterintelligence have invited attack by foreign intelligence services. Among the defects this panel found:
Inefficient personnel clearance programs, wherein haphazard background investigations could take years to complete and the backlogs numbered in the
tens of thousands.
Loosely controlled and casually monitored programs for thousands of unauthorized foreign scientists and assigneesdespite more than a decade of
critical reports from the General Accounting Office, the DOE Inspector General, and the intelligence community.
This practice occasionally created bizarre circumstances in which regular lab employees with security clearances were supervised by foreign nationals
on temporary assignment.
Feckless systems for control of classified documents, which periodically resulted in thousands of documents being declared lost.
Counterintelligence programs with parttime CI officers, who often operated with little experience, minimal budgets, and employed little more than
crude awareness briefings of foreign threats and perfunctory and sporadic debriefings of scientists travelling to foreign countries.
A lab security management reporting system that led everywhere but to responsible authority.
Computer security methods that were naive at best and dangerously irresponsible at worst.
Why were these problems so blatantly and repeatedly ignored? DOE has had a dysfunctional management structure and culture that only occasionally gave proper
credence to the need for rigorous security and counterintelligence programs at the weapons labs. For starters, there has been a persisting lack of real leadership and
effective management at DOE.
The nature of the intelligencegathering methods used by the Peoples Republic of China poses a special challenge to the U.S. in general and the
weapons labs in particular. More sophisticated than some of the blatant methods employed by the former Soviet bloc espionage services, PRC intelligence
operatives know their strong suits and play them extremely well. Increasingly more nimble, discreet and transparent in their spying methods, the Chinese services
have become very proficient in the art of seemingly innocuous elicitations of information. This modus operandi has proved very effective against unwitting and
illprepared DOE personnel.
Despite widely publicized assertions of wholesale losses of nuclear weapons technology from specific laboratories to particular nations, the factual
record in the majority of cases regarding the DOE weapons laboratories supports plausible inferencesbut not irrefutable proofabout the source
and scope of espionage and the channels through which recipient nations received information. The panel was not charged, nor was it empowered, to
conduct a technical assessment regarding the extent to which alleged losses at the national weapons laboratories may have directly advanced the weapons
development programs of other nations. However, the panel did find these allegations to be germane to issues regarding the structure and effectiveness of DOE
security programs, particularly the counterintelligence functions.
The classified and unclassified evidence available to the panel, while pointing out systemic security vulnerabilities, falls short of being conclusive. The actual damage
done to U.S. security interests is, at the least, currently unknown; at worst, it may be unknowable. Numerous variables are inescapable. Analysis of indigenous
technology development in foreign research laboratories is fraught with uncertainty. Moreover, a nation that is a recipient of classified information is not always the
sponsor of the espionage by which it was obtained. However, the panel does concur, on balance, with the findings of the recent DCIsponsored damage
assessment. We also concur with the findings of the subsequent independent review, led by retired Admiral David Jeremiah, of that damage assessment.
The Department of Energy is a dysfunctional bureaucracy that has proven it is incapable of reforming itself. Accountability at DOE has been spread so
thinly and erratically that it is now almost impossible to find. The long traditional and effective method of entrenched DOE and lab bureaucrats is to defeat security
reform initiatives by waiting them out. They have been helped in this regard by the frequent changes in leadership at the highest levels of DOEnine Secretaries of
Energy in 22 years. Eventually, the reformminded management transitions out, either due to a change in administrations or as a result of the traditional revolving
door management practices at DOE. Then the bureaucracy reverts to old priorities and predilections. Such was the case in December 1990 with the reform
recommendations carefully crafted by a special task force commissioned by thenEnergy Secretary Watkins. The report skewered DOE for unacceptable
direction, coordination, conduct, and oversight of safeguards and security. Two years later, the new administration rolled in, redefined priorities, and the initiatives
all but evaporated. Deputy Secretary Charles Curtis in late 1996 investigated clear indications of serious security and CI problems and drew up a list of initiatives in
response. Those initiatives also were dropped after he left office.
Reorganization is clearly warranted to resolve the many specific problems with security and counterintelligence in the weapons laboratories, but
also to address the lack of accountability that has become endemic throughout the entire Department. Layer upon layer of bureaucracy, accumulated
over the years, has diffused responsibility to the point where scores claim it, no one has enough to make a difference, and all fight for more. Convoluted, confusing,
and often contradictory reporting channels make the relationship between DOE headquarters and the labs, in particular, tense, internecine, and chaotic. In between
the headquarters and the laboratories are field offices, which the panel found to be a locus of much confusion. In background briefings of the panel, senior DOE
officials often described them as redundant operations that function as a shadow headquarters, often using their political clout and large payrolls to push their own
agendas and budget priorities in Congress. Even with the latest DOE restructuring, the weapons labs are reporting to far too many DOE masters.
The criteria for the selection of Energy Secretaries have been inconsistent in the past. Regardless of the outcome of ongoing or contemplated
reforms, the minimum qualifications for an Energy Secretary should include experience in not only energy and scientific issues, but national
security and intelligence issues as well. The list of former Secretaries, Deputy Secretaries, and Under Secretaries meeting all of these criteria is very short.
Despite having a large proportion of its budget (roughly 30 percent) devoted to functions related to nuclear weapons, the Department of Energy has often been led
by men and women with little expertise and background in national security. The result has been predictable: security issues have been a low priority, and leaders
unfamiliar with these issues have delegated decisionmaking to lesserranking officials who lacked the incentives and authority to address problems with dispatch and
forcefulness. For a Department in desperate need of strong leadership on security issues, this has been a disastrous trend. The bar for future nominees at the upper
levels of the Department needs to be raised significantly.
DOE cannot be fixed with a single legislative act: management must follow mandate. The research functions of the labs are vital to the nations
long term interest, and instituting effective gates between weapons and nonweapons research functions will require both disinterested scientific
expertise, judicious decisionmaking, and considerable political finesse. Thus both Congress and the executive branchwhether along the lines suggested by
the Special Investigative Panel or othersshould be prepared to monitor the progress of the Departments reforms for years to come. This panel has no illusions
about the future of security and counterintelligence at DOE. There is little reason to believe future DOE Secretaries will necessarily share the resolve of Secretary
Richardson, or even his interest. When the next Secretary of Energy is sworn in, perhaps in the spring of 2001, the DOE and lab bureaucracies will still have
advantages that could give them the upper hand: time and proven skills at artful dodging and passive intransigence.
The Foreign Visitors and Assignments Program has been and should continue to be a valuable contribution to the scientific and technological
progress of the nation. Foreign nationals working under the auspices of U.S. weapons labs have achieved remarkable scientific advances and contributed
immensely to a wide array of Americas national security interests, including nonproliferation. Some have made contributions so unique that they are all but
irreplaceable. The value of these contacts to the nation should not be lost amid the attempt to address deep, wellfounded concerns about security lapses. That said,
DOE clearly requires measures to ensure that legitimate use of the research laboratories for scientific collaboration is not an open door to foreign espionage agents.
Losing national security secrets should never be accepted as an inevitable cost of obtaining scientific knowledge.
In commenting on security issues at DOE, we believe that both Congressional and Executive Branch leaders have resorted to simplification and
hyperbole in the past few months. The panel found neither the dramatic damage assessments nor the categorical reassurances of the Departments
advocates to be wholly substantiated. We concur with and encourage many of Secretary Richardsons recent initiatives to address the security problems at the
Department, and we are heartened by his aggressive approach and command of the issues. He has recognized the organizational dysfunction and cultural vagaries at
DOE and taken strong, positive steps to try to reverse the legacy of more than 20 years of security mismanagement. However, the Board is extremely skeptical that
any reform effort, no matter how wellintentioned, welldesigned, and effectively applied, will gain more than a toehold at DOE, given its labyrinthine management
structure, fractious and arrogant culture, and the fastapproaching reality of another transition in DOE leadership. Thus we believe that he has overstated the case
when he asserts, as he did several weeks ago, that Americans can be reassured: our nations nuclear secrets are, today, safe and secure.
Similarly, the evidence indicating widespread security vulnerabilities at the weapons laboratories has been ignored for far too long, and the work of the Cox
Committee and intelligence officials at the Department has been invaluable in gaining the attention of the American public and in helping focus the political will
necessary to resolve these problems. Nonetheless, there have been many attempts to take the valuable coin of damaging new information and decrease its value by
manufacturing its counterfeit, innuendo; possible damage has been minted as probable disaster; workaday delay and bureaucratic confusion have been cast as
diabolical conspiracies. Enough is enough.
Fundamental change in DOEs institutional cultureincluding the ingrained attitudes toward security among personnel of the weapons
laboratorieswill be just as important as organizational redesign. Never have the members of the Special Investigative Panel witnessed a bureaucratic
culture so thoroughly saturated with cynicism and disregard for authority. Never before has this panel found such a cavalier attitude toward one of the most serious
responsibilities in the federal governmentcontrol of the design information relating to nuclear weapons. Particularly egregious have been the failures to enforce
cybersecurity measures to protect and control important nuclear weapons design information. Never before has the panel found an agency with the bureaucratic
insolence to dispute, delay, and resist implementation of a Presidential directive on security, as DOEs bureaucracy tried to do to the Presidential Decision Directive
No. 61 in February 1998.
The best nuclear weapons expertise in the U.S. government resides at the national weapons labs, and this asset should be better used by the
intelligence community. For years, the PFIAB has been keen on honing the intelligence communitys analytic effectiveness on a wide array of nonproliferation
areas, including nuclear weapons. We believe that the DOE Office of Intelligence, particularly its analytic component, has historically been an impediment to this goal
because of its ineffective attempts to manage the labs analysis. The offices mission and size (about 70 people) is totally out of step with the Departments
intelligence needs. A streamlined intelligence liaison body, much like Department of Treasurys Office of Intelligence Supportwhich numbers about 20 people,
including a 24hour watch teamwould be far more appropriate. It should concentrate on making the intelligence community, which has the preponderance of
overall analytic experience, more effective in fulfilling the DOEs analysis and collection requirements.
ROOT CAUSES
The sources of DOEs difficulties in both overseeing scientific research and maintaining security are numerous and deep. The Special Investigative Panel primarily
focused its inquiry on the areas within DOE where the tension between science and security is most critical: the nuclear weapons laboratories.1 To a lesser extent, the
panel examined security issues in other areas of DOE and broad organizational issues that have had a bearing on the functioning of the laboratories.
Inherent in the work of the weapons laboratories, of course, is the basic tension between scientific inquiry, which thrives on freewheeling searches for and wide
dissemination of information, and governmental secrecy, which requires just the opposite. But the historical context in which the labs were created and thrived has
also figured into their subsequent problems with security.
AN INTERNATIONAL ENTERPRISE
U.S. research laboratories have always had a tradition of drawing on immigrant talent. Perhaps the first foreignborn contributor to our nations nuclear program was
Albert Einstein. In his letter to President Roosevelt on August 2, 1939, Einstein advised the President of the possibility of the atomic bomb and the urgent need for
government action. By 1943, the ranks of the Manhattan project at Los Alamos, New Mexico were filled with scientists and engineers from Italy (Fermi), Germany
(Bethe), Poland (Ulam), Hungary (Wigner, Szilard, Von Neumann, and Teller), Russia (Kistiakovsy) and Austria (Rabi). Indeed, it is possible that the atomic bomb
would never have been completed but for immigrant talent, and the diversity of talent applied to the project was hailed at the time as a model of international
cooperation. Eleanor Roosevelt, in a 1945 radio address, declared that the development of the atomic bomb by many minds belonging to different races and
different religions sets the pattern for the way in which in the future we may be able to work out our difficulties.2
The role of and reliance on immigrant talent in the United Statesparticularly at the graduate school and doctoral levels where much of the nations research is
performedhas increased over the years. From 1975 to 1992, the aging of Americas baby boomers resulted in a decline in the overall size of the collegeage
population and, unlike other industrialized nations, the U.S. saw a decline in the number of American students receiving science and engineering degrees.3
From the 1950s until 1995, the number of nonU.S. citizens who earned doctorates in scientific and engineering fields from American universities steadily climbed,
reaching 27 percent by 1985 and 40 percent by 1995. Twothirds of those receiving those doctorates in 1995 held temporary residency visas, and Chinese
doctoral recipients outnumbered recipients from all other regions combined.4
But the willingness to draw on foreign talent also has meant a greater risk of falling prey to those with foreign allegiances. One of the earliest and most infamous
espionage scandals at the nations nuclear laboratories was centered on the physicist Klaus Fuchs, a German native and naturalized British citizen who spied on
researchers at Los Alamos for the Soviet Union. More recent instances of actual and alleged foreign espionage at the nuclear weapons laboratories are detailed in
the Classified Appendix to this report.
As growth of the U.S. talent pool in science and engineering stagnated, and the amount of available talent abroad grew rapidly, the U.S. has had to rely on more
foreignborn talent in national scientific research and development programs in order to maintain the best research facilities in the world. At the same time, since the
end of the Cold War, DOE has entered into more extensive cooperative programs with foreign nations in efforts to reduce the threats of proliferation and diversion
of nuclear weapons material. By June 1990, DOE had entered into 157 bilateral research and development agreements for scientific exchange purposes. Among
others, parties to the agreements were the Soviet Union, the Peoples Republic of China, Soviet bloc nations and countries that posed nuclear proliferation threats.5
In December 1990, a report to the DOE Secretary noted a high probability of greatly increasing numbers of foreign visits and assignments to DOE facilities in future
years.6 The widening of foreign contacts concurrent with a greater influx of foreignborn talent has raised concerns about security compromises by scientists with
foreign allegiances and highlighted the need for special care in implementing formal clearance procedures for involvement in classified work.
BIG, BYZANTINE, AND BEWILDERING BUREAUCRACY
DOE is not one of the federal governments largest agencies in absolute terms, but its organizational structure is widely regarded as one of the most confusing. That is
another legacy of its origins, and it has made the creation, implementation, coordination, and enforcement of consistent policies very difficult over the years.
The effort to develop the atomic bomb was managed through an unlikely collaboration of the Manhattan Engineering District of the U.S. Army Corps of Engineers
(hence the name, the Manhattan Project) and the University of Californiatwo vastly dissimilar organizations in both culture and mission. The current form of the
Department took shape in the first year of the Carter Administration through the merging of more than 40 different government agencies and organizations, an event
from which it has arguably never recovered.
The newly created DOE subsumed the Federal Energy Administration, the Energy Research and Development Administration (ERDA), the Federal Power
Commission, and components and programs of several other government agencies. Included were the nuclear weapons research laboratories that were part of the
ERDA and, formerly, of the Atomic Energy Commission.
Many of these agencies and organizations have continued to operate under the DOE umbrella with the same organizational structure that they had prior to joining the
Department.
Even before the new Department was created, concerns were raised about how high the nuclear weaponsrelated operations would rank among the competing
priorities of such a large bureaucracy. A study of the issue completed in the last year of the Ford Administration considered three alternatives: shifting the weapons
operations to the Department of Defense, creating a new freestanding agency, or keeping the program within ERDAthe options still being discussed more than 20
years later. As one critic of the DOE plan told The Washington Post, Under the AEC, weapons was half the program. Under ERDA, it was onesixth. Under
DOE, it will be onetenth. It isnt getting the attention it deserves. Although the proportions cited by that critic would prove to be inaccurate, he accurately spotted
the direction of the trend.
_____________________________________
The DOE Management Challenge
MISSION
· Lead agency for development of national
energy resources and technologies.
· Responsible for the largest environmental
cleanup effort in history.
· Nuclear energy and weapons research and
development.
· Management of special nuclear materials
stockpiles.
· Protection of highly sensitive classified and
proprietary information against foreign and
corporate espionage.
SIZE
· If included among the Nations Fortune 500
firms, would rank in the top 50.
· The fourth largest landowner in the United
States.
· Budget of roughly $18 billion comprises close to
3 percent of total discretionary spending at the
federal level.
· Employs more than 11,000 Federal employees
and more than 100,000 contract employees.
· Owns and manages more than 50 major
installations spread across 2.4 million acres and
35 states.
COMPLEXITY
· A diverse workforce of military and civilian per-sonnel;
U.S. citizens and foreign nationals;
career federal officials and part-time
researchers; white collar bureaucrats as well as
scientists and engineers specializing in narrow
esoteric fields.
· Constituencies include the White House,
Congress, the power industry, multinational
defense and aerospace corporations, major
universities, states and municipalities seeking or
monitoring environmental cleanups.
During 1978, its first year of operation within the new structure, DOE already had in place more than 9,500 prime contracts and more than 1,800 financial assistance
awards, which together were spread among 188 universities and more than 3,200 contractors. And the Department was growing: from 1977 to 1978, grants and
contracts with university researchers posted an increase of 22 percent.7
LACK OF ACCOUNTABILITY
Depending on the issue at hand, a line worker in a DOE facility might be responsible to DOE headquarters in Washington, a manager in a field office in another state,
a private contractor assigned to a DOE project, a research team leader from academia, or a lab director on another floor of the workers building. For example,
prior to Secretary Richardsons restructuring initiative earlier this year, a single laboratory, Sandia, was managed or accountable to nine different DOE security
organizations.
Last year, after years of reports highlighting the problem of confused lines of authority, DOE was still unable to ensure the effectiveness of security measures because
of its inability to hold personnel accountable. A 1998 report lamented that short of wholesale contract termination, there did not appear to be adequate
penalty/reward systems to ensure effective daytoday security oversight at the contractor level.8
The problem is not only the diffuse nature of authority and accountability in the Department. It is the dynamic and often informal character of the authority that does
exist. The inherently unpredictable outcomes of major experiments, the fluid missions of research teams, the mobility of individual researchers, the internal
competition among laboratories, the ebb and flow of the academic community, the setting and onset of project deadlines, the cyclical nature of the federal budgeting
process, and the shifting imperatives of energy and security policies dictated from the White House and Congressall of these dynamic variables contribute to
volatility in the Departments workforce and an inability to give the weaponsrelated functions the priority they deserved. Newcomers, as a result, have an
exceedingly hard time when they are assimilated; incumbents have a hard time in trying to administer consistent policies; and outsiders have a hard time divining
departmental performance and which leaders and factions are credible. Such problems are not new to government organizations, but DOEs accountability vacuum
has only exacerbated them.
Management and security problems have recurred so frequently that they have resulted in nonstop reform initiatives, external reviews, and changes in policy
direction. As one observer noted in Science magazine in 1994: Every administration sets up a panel to review the national labs. The problem is that nothing is done.
The constant managerial turnover over the years has generated nearly continuous structural reorganizations and repeated security policy reversals. Over the last
dozen years, DOE has averaged some kind of major departmental shakeup every two to three years. During that time, security and counterintelligence
responsibilities have been punted from one office to the next.
CULTURE AND ATTITUDES
In the course of this inquiry, many officials interviewed by the PFIAB panel cited the scientific culture of the weapons laboratories as a factor that complicates,
perhaps even undermines, the ability of the Department to consistently implement its security procedures. Although there seemed to be no universally accepted
definition of the culture, nearly everyone agreed that it is distinct and pervasive.
One facet of the culture mentioned more than others is an arrogance borne of the simple fact that nuclear researchers specialize in one of the worlds most advanced,
challenging, and esoteric fields of knowledge. Nuclear physicists, by definition, are required to think in literally other dimensions not accessible to laymen. Thus it is
not surprising that they might bridle under the restraints and regulations of administrators and bureaucrats who do not entirely comprehend the precise nature of the
operation being managed.
Operating within a large, complex bureaucracy with transient leaders would only tend to accentuate a scientists sense of intellectual superiority: if administrators have
little more than a vague sense of the contours of a research project, they are likely to have little basis to know which rules and regulations constitute unreasonable
burdens on the researchers activities.
With respect to at least some security issues, the potential for conflicts over priorities is obvious. For example, how are security officials to weigh the risks of
unauthorized disclosures during international exchanges if they have only a general familiarity with the cryptic jargon used by the scientists who might participate?
The prevailing culture of the weapons labs is widely perceived as contributing to security and counterintelligence problems. At the very least, restoring public
confidence in the ability of the labs to protect nuclear secrets will require a thorough reappraisal of the culture within them.
CHANGING TIMES, CHANGING MISSIONS
The external pressures placed on the Department of Energy in general, and the weapons labs in particular, are also worth noting. For more than 50 years, Americas
nuclear researchers have operated in a maelstrom of shifting and often contradictory attitudes. In the immediate aftermath of World War II, nuclear discoveries were
simultaneously hailed as a destructive scourge and a panacea for a wide array of mankinds problems. The production of nuclear arms was regarded during the
1950s and 1960s as one of the best indices of international power and the strength of the nations military deterrent.
During the 1970s, the nations leadership turned to nuclear researchers for solutions to the energy crisis at the same time that the general public was becoming more
alarmed about the nuclear buildup and the environmental implications of nuclear facilities.
Over the past 20 years, some in Congress have repeatedly called for the dissolution of the Department of Energy, which has undoubtedly been a distraction to those
trying to make longterm decisions affecting the scope and direction of the research at the labs. And in the aftermath of the Cold War, the Congress has looked to
the nations nuclear weapons labs to help in stabilizing or dismantling nuclear stockpiles in other nations.
Each time that the nations leadership has made a major change in the Departments priorities or added another mission, it has placed additional pressure on a
government agency already struggling to preserve and expand one of its most challenging historical roles: guarantor of the safety, security, and reliability of the
nations nuclear weapons.
RECURRING VULNERABILITIES
Over the past 20 years, six DOE security issues have received the most scrutiny and criticism from both internal and external reviewers: longterm security planning
and policy implementation; physical security over facilities and property; screening and monitoring of personnel; protection of classified and sensitive information,
particularly information that is stored electronically in the Departments computers; accounting for nuclear materials; and the foreign visitors programs.
MANAGEMENT AND PLANNING
Management of security and counterintelligence has suffered from chronic problems since the creation of the Department of Energy in 1977.
During the past decade, the mismatch between DOEs security programs and the severity of the threats faced by the Department grew more pronounced. While the
number of nations possessing, developing, or seeking weapons of mass destruction continued to rise, Americas reliance on foreign scientists and engineers
dramatically increased, and warnings mounted about the espionage goals of other nations, DOE spending on safe-guards and security decreased by roughly
onethird.1
The widening gap between the level of security and the severity of the threat resulted in cases where sensitive nuclear weapons information was certainly lost to
espionage. In countless other instances, such information was left vulnerable to theft or duplication for long periods, and the extent to which these serious lapses may
have damaged American security is incalculable. DOEs failure to respond to warnings from its own analysts, much less independent sources, underscores the depth
of its managerial weakness and inability to implement legitimate policies regarding wellfounded threats.
_________________________________________
A Sample of Security Issues
MANAGEMENT AND PLANNING
Decentralized decisionmaking undermines
consistency of policies.
Lack of control for security budget has allowed
diversion of funds to other priorities.
Department leaders with little experience in
security and intelligence.
Lack of accountability.
PHYSICAL SECURITY
Training insufficient for some security personnel.
Nuclear materials stored in aging buildings not
designed for containment purposes.
Recurring problems involving lost or stolen
property.
Poor management results in unnecessary training
and purchasing costs.
PERSONNEL SECURITY CLEARANCES
Extended lags in obtaining clearances, reinvestigating
backgrounds, and terminating clearance
privileges for former employees.
Some contractors not adequately investigated
or subject to drug & substance abuse policies.
Lack of uniform procedures and accurate data.
Inadequate preemployment screening.
More clearances granted than necessary.
PROTECTION OF CLASSIFIED INFORMATION
Poor labeling and tracking of computer media
containing classified information.
Problems with lax enforcement of password
policies.
Network, email, and Internet connections make
transfer of large amounts of data easier.
ACCOUNTING FOR NUCLEAR MATERIALS
Chronic problems in devising and operating an
accurate accounting system of tracking stocks
and flows of nuclear materials.
FOREIGN VISITORS
Weak systems for tracking visits and screening
backgrounds of visiting scientists.
Decentralization makes monitoring of discussions
on sensitive topics difficult.
During the mid1980s, the predominant concern of DOE officials was improving the physical security of the nuclear weapons laboratories and plants. Following a
January 1983 report2 that outlined vulnerabilities of the weapons labs to terrorism, the Department embarked on a fiveyear program of construction and purchases
that would see its overall safeguards and security budget roughly double and its spending on upgrades nearly triple. Included was money for additional guards,
security training, helicopters, fortified guard towers, vehicle barriers, emergency planning, and advanced alarm systems.3
Improving physical security in a wide array of nuclear weapons facilities whose replacement value was an estimated $100 billion4 , proved to be difficult. Reports
through the late 1980s and early 1990s continued to highlight deficiencies in the management of physical security. In the late 1980s, priorities began to shift
somewhat. Listening devices were discovered in weaponsrelated facilities,5 and a 1990 study advised the Department leadership of an intensifying threat from
foreign espionage. Less and less able to rely on the former Soviet Union to supply technology and resources, an increasing number of states embarked on campaigns
to bridge the economic and technological gap with the United States by developing indigenous capabilities in high technology areas. The study noted that the freer
movement of goods, services and information in a less hostile world intensified the prospects and opportunities for espionage as missing pieces of critically needed
information became more easily identified.6
An intelligence report further highlighted the changing foreign threat to the labs by noting that new threats are emerging from nontraditional adversaries who target
issues key to U.S. national security. DOE facilities and personnel remain priority targets for hostile intelligence collection.7 Anecdotal evidence corroborates, and
intelligence assessments agree, that foreign powers stepped up targeting of DOE during the early 1990s. (See Classified Appendix) While this threat may have been
taken seriously at the highest levels of the DOE, it was not uniform throughout the Department.
A former FBI senior official noted in discussions with the PFIAB investigative panel that DOE lab scientists during these years appeared naive about the level of
sophistication of the nontraditional threat posed by Chinese intelligence collection. The trend in openness to foreign visitors and visits does not indicate any sense of
heightened wariness. A 1997 GAO report concluded that from mid1988 to the mid1990s, the number of foreign visitors to key weapons labs increased from
3,800 to 5,900 annually and sensitive country visitors increased from 500 to more than 1,600.8 Meanwhile, the DOE budget for counterintelligence was in
nearconstant decline.
How Long Does It Take?
Each year DOE security officials compile audits to identify security lapses and vulnerabilities in the facilities and procedures of the nuclear weapons laboratories
and plants. The following year, they report on whether the problems have been addressed. Given the sensitivity of what was being protectedinformation
about how to build, miniaturize, store, and maximize the destructiveness of nuclear weaponsthe numbers logged in the audits are remarkable:
11
No. of months a DOE employee was dead before Department officials realized four documents with CLASSIFIED and RESTRICTED DATA were
still assigned to him.
20
No. of months before DOE officials could ensure that improperly stored classified computer media had been properly safeguarded.
24
No. of months it took to order security labels (SECRET, TOP SECRET, etc.) for mislabeled software.
31
No. of months that 2,750 out of 3,000 non-classified computer terminals were connected and being used on a classified network.
31
No. of months to write and approve a network security plan.
35
No. of months it took DOE officials to write a work order to replace a lock at a weapons lab facility containing sensitive nuclear information.
45
No. of months taken to correct a broken doorknob that was sticking in an open position and allowing access to sensitive areas.
51
No. of months to correct mistake that allowed secure telephone cryptographic materials to go improperly safeguarded.
?
No. of months before security audit team discovered that the main telephone frame room door at a weapons lab had been forced open and the lock
destroyed.
SOURCE: DEPT. OF ENERGY
As noted in the previous chapter, federal officials in charge of oversight of nuclear weapons laboratories have historically allowed decisionmaking on basic aspects of
security to be decentralized and diffuse. With their budget spread piecemeal throughout a number of offices, security and counterintelligence officials often found
themselves with a weak voice in internal bureaucratic battles and an inability to muster the authority to accomplish its goals. Indeed, an excerpt from a history of the
early years of the Atomic Energy Commission, reads much like recent studies:
Admiral Gingrich, who had just resigned as director of security [in 1949], had expressed to the Joint Committee [on Atomic Energy] a lack of
confidence in the Commissions security program. Gingrich complained that decentralization of administrative functions to the field offices had left him
with little more than a staff function at headquarters; even there, he said, he did not control all the activities that seemed properly to belong to the
director of security.9
More than 30 years later, decentralization still posed a problem for security managers. An internal DOE report in 1990 found that the Department lacked a
comprehensive approach to management of threats and dissemination of information about them.10 A DOE annual report in 1992 found that security has suffered
from a lack of management focus and inconsistent procedural execution throughout the DOE complex. The result is that personnel are seldom held responsible for
their disregard, either intentional or unintentional, of security requirements.11
The counterintelligence effort at DOE in the late 1980s and mid1990s was in its infancy and grossly underfunded. Although the Department could have filled its gap
in some areas, such as counterintelligence information, through cooperation with the broader intelligence community, PFIAB research and interviews indicate that
DOE headquarters relationship with the FBIthe United States primary domestic CI organizationwas strained at best.
DOE requested an FBI agent detailee in 1988 to assist in developing a CI program, but the agent found that DOE failed to provide management support or access
to senior DOE decisionmakers. A formal relationship with the FBI was apparently not established until 1992: a Memorandum of Understanding between the FBI
and DOE on respective responsibilities concerning the coordination and conduct of CI activities in the United States. However, in 1994 two FBI detailees assigned
to DOE complained about their limited access and were pulled back to FBI because of a lack of control of the CI program by DOE headquarters which resulted in
futile attempts to better manage the issue of foreign visitors at the laboratories.12
________________________________
We asked a number of DOE officials to
whom they report, to whom they were
responsible. Invariably, their answer
was: It depends.
The haphazard assortment of agencies and missions folded into DOE has become so confusing as to become a running joke within the institution. In the course of the
panels research and interviews, rare were the senior officials who expressed any sort of confidence in their understanding of the extent of the agencys operations,
facilities, or procedures. Time and again, PFIAB panel members posed the elementary questions to senior DOE officials. To whom do you report? To whom are
you accountable? The answer, invariably, was: It depends.
DOEs relationship with the broader intelligence community was not welldefined until the mid1990s. Coordination between DOE CI elements and the broader
intelligence community, according to a 1992 intelligence report, was hampered from the 1980s through the early 1990s by DOE managers inadequate
understanding of the intelligence community.13 The Department did not become a core member of the National Counterintelligence Policy Board (established in
1994 under PDD-24) until 1997.
Over much of the past decade, rather than a heightened sensitivity to espionage threats recognized widely throughout the intelligence community, DOE lab officials
have operated in an environment that allowed them to be sanguine, if not skeptical. Numerous DOE officials interviewed by the PFIAB panel stated that they
believed that the threat perception was weakened further during the administration of Secretary OLeary, who advanced the labs openness policies and downgraded
security as an issue by terminating some security programs instituted by her predecessor.
Even when the CI budget was expanded in the late1990s, the expenditures fell short of the projected increases. In Fiscal Year 1997, for example, DOEs CI
budget was $3.7 million but the actual expenditures on CI were only twothirds of that level, $2.3 million. Shortly before the 1997 GAO and FBI reports on DOEs
counterintelligence posture were issued, DOE began instituting changes to beef up its counterintelligence and foreign intelligence analytic capabilities.14
When DOE did devote its considerable resources to security, it too often faltered in implementation. A report to the Secretary in January 1994 noted growing
confusion within the Department with respect to Headquarters guidance for safeguards and security. At this time, there is no single office at Headquarters
responsible for the safeguards and security program. Most recently, a number of program offices have substantially expanded their safeguards and security staff to
officesize organizations. These multiple safeguards and security offices have resulted in duplication of guidance, unnecessary requests for informati
on and
clarification, and inefficient program execution. Unchecked, this counterproductive tendency threatens the success of the overall safeguards and security effort.15
A 1996 DOE Inspector General report found that security personnel at the weapons programs had purchased and stockpiled far more firepowerranging from
handguns and rifles to submachine guns and grenade launchersthan could ever be used in an actual emergency. The Oak Ridge facilities had more than three
weapons per armed security officeron and off duty. Los Alamos National Laboratory had more than four.16
____________________________________
Foreign agents could probably not
shoot their way into U.S. weapons laboratories.
But they could apply for an
access pass to walk in and strike up a
conversation.
Around the same time, GAO security audits of the research laboratories at these sites found lax procedures for issuing access passes to secure areas, inadequate
prescreening of the more than 1,500 visitors from sensitive countries that visited the weapons laboratories annually, and poor tracking of the content of discussions
with foreign visitors. The implication: foreign agents could probably not shoot their way past the concertina wires and bolted doors to seize secrets from U.S.
weapons laboratories, but they would not need to do so. They could probably apply for an access pass, walk in the front door, and strike up a conversation.
PHYSICAL SECURITY
The physical security of the Department of Energys weaponsrelated programs is roughly divided into two essential functions: tracking and control over the property
and equipment within the weapons-related laboratories, and keeping unwarranted intruders out, often referred to as the realm of guns, guards, and gates.
The general approach to security, of course, was defined by the emphasis on secrecy associated with nuclear weapons program during World War II. Los Alamos
National Laboratory was created as a closed citya community with a high degree of self-sufficiency, clearly defined and protected boundaries, and a minimum of
ingress from and egress to the outer world. Although the community is no longer closed, the weapons laboratories at Los Alamos, like those at the other national
laboratories, still retain formidable physical protections and barriers. In examining the history of the laboratories, the panel found only a few instances where an
outsider could successfully penetrate the grounds of an operation by destruction of a physical safeguard or direct violent assault.
__________________________________
Clearances to secure DOE areas have
been granted simply for convenience,
such as to reduce the length of an
employees walk from the car to the
office each morning.
In visits to several of the weapons laboratories, the members of the Special Investigative Panel were impressed by the great amount of attention and investment
devoted to perimeter control, weaponry, and security of building entrances and exits. Indeed, one cannot help but be struck by the forbidding and formidable
garrisontype atmosphere that is prevalent at many of the facilities: barbed wire, chainlink fences, electronic sensors, and surveillance cameras. Further, the panel
recognizes that the labs themselves have developed and produced some of the most sophisticated technical security devices in the world. Nonetheless, DOE reports
and external reviews since at least 1984 have continued to raise concerns about aging security systems.17
Management of the secure environments at the laboratories has posed more serious problems. As noted earlier, DOE may be spending too much money in some
areas, buying more weapons than could conceivably be used in an emergency situation. In other cases, it may be spending too little. Budget cuts in the early and
mid-1990s led to 40 to 50 percent declines in officer strength and over-reliance on local law enforcement. Resources became so low that normal protective force
operations required the use of overtime scheduling to accomplish routine site protection.18 GAO has found an assortment of problems at Los Alamos over the past
decade: security personnel failed basic tests in such tasks as firing weapons, using a baton, or handcuffing a suspect, and inaccurate and incomplete records were
kept on security training.19 Other DOE facilities have had substantial problems in man-agement of physical property.
In 1990, Lawrence Livermore Laboratory could not account for 16 percent of its inventory of government equipment, acquired at a cost $18.6
million.20
In 1993, DOE sold 57 components of nuclear reprocessing equipment and associated documents, including blueprints, to an Idaho salvage dealer.
Much of what was sold was subsequently found to be potentially useful to any nation attempting to develop or advance its own reprocessing
operation.21
Following a GAO report in 1994, which found that the Rocky Flats facility was unable to account for large pieces of equipment such as forklifts and a
semitrailer, some $21 million in inventory was written off.22
DOE had begun to consolidate its growing stockpile of sensitive nuclear material by 1992, but a 1997 DOE report to the Secretary found that significant quantities
of the material remain in aging buildings and structures, ranging in age from 12 to 50 years, that were never intended for use as storage facilities for extended
periods.23
SCREENING AND MONITORING OF PERSONNEL
Insider threats to security have been a chronic problem at the nations weapons laboratories. From the earliest years, the importance of the labs missions and their
decentralized structure have had an uneasy coexistence with the need for thorough background investigations of researchers and personnel needing access to
sensitive areas and information.
In 1947, the incoming director of security for the AEC was greeted with a backlog of more than 13,000 background investigations and a process where clearances
had been dispersed to field offices that operated with few formal guidelines.24
Forty years later, GAO found that the backlog of personnel security investigations had increased more than nine-fold, to more than 120,000. Moreover, many
clearances recorded as valid in the Departments records should have been terminated years before.25
____________________________________
Even after DOE discovered listening
devices in some of its weapons
laboratories, security audits found that
thousands of Q clearances were being
given to inappropriate personnel.26
The research of the PFIAB panel found that problems with personnel security clearances, while mitigated in some aspects, have persisted to an alarming degree.
From the mid1980s through the mid1990s, the DOE Inspector General repeatedly warned Department officials that personnel were receiving clearances that
were much higher than warranted and that out-dated clearances were not being withdrawn on a timely basis. The issue became more urgent with the discovery of a
clandestine surveillance device at a nuclear facility.27
But problems persisted. DOE Inspector General reports in 1990 and 1991 found that one of the weapons laboratories had granted Q clearances (which provide
access to U.S. government nuclear weapons data) to more than 2,000 employees who did not need access to classified information.28 A 1992 report to the
Secretary of Energy noted that DOE grants clearances requested by its three major defense program sponsored labs based on lab policies to clear all employees
regardless of whether actual access to classified interests is required for job performance.29
Three years later, a review of personnel security informed the Secretary there were individuals who held security clearances for convenience only and limited
security clearances to those individuals requiring direct access to classified matter or [special nuclear materials] to perform official duties.30
More recent evidence is no more reassuring. A counterintelligence investigation at a nuclear facility discovered that the subject of an inquiry had been granted a Q
clearance simply to avoid the delay caused by the normal processing of a visit.31 That same year, an illegal telephone wiretap was discovered at the same lab. The
employee who installed it confessed, but was not prosecuted by the government.32
PROTECTION OF CLASSIFIED AND SENSITIVE INFORMATION
Two vulnerabilities regarding classified and sensitive information at DOE have recurred repeatedly throughout the past 20 years: inappropriate release of classified
information, either directly through inadvertence or indirectly through improper declassification; and the increasing mobility of classified and sensitive information
through electronic media, such as computers.
As computers have progressed from the large mainframes of the 1950s and 1960s to desktop models in the 1980s and decentralized networks in the 1990s, it has
become progressively easier for individuals to retrieve and transport large amounts of data from one location to another. This has presented an obvious problem for
secure environments. GAO found in 1991 that DOE inspections revealed more than 220 security weaknesses in computer systems across 16 facilities. Examples
included a lack of management plans, inadequate access controls, and failures to test for compliance with security procedures.33
As a 1996 DOE report to the President said, adversaries no longer have to scale a fence, defeat sensors, or bypass armed guards to steal nuclear or leadingedge
know-how or to shut down our critical infrastructure. They merely have to defeat the less ominous obstacles of cyberdefense.34
_____________________________________
Computer systems at some DOE
facilities were so easy to access that
even Department analysts likened them
to automatic teller machines, [allowing]
unauthorized withdrawals at our
nations expense.
DOEs cyberdefenses were, in fact, found to be less ominous obstacles. In 1994, an internal DOE review found that despite security improvement users of
unclassified computers continue to compromise classified information due to ongoing inadequacies in user awareness training, adherence to procedures, enforcement
of security policies, and DOE and [lab] line management oversight.35 Also in 1994, a report to the Energy Secretary cited five areas of concern: failure to properly
accredit systems processing classified information, lack of controls to provide access authorities and proper password management; no configuration management;
improper labeling of magnetic media; and failure to perform management reviews.36
Apparently, the warnings were to no avail. A year later, the annual report to the Secretary noted: Overall, findings and surveys, much like last year, continue to
reflect deficiencies in selfinspections and procedural requirements or inappropriate or inadequate site guidance
In the area of classified matter protection and
control, like last year, marking, accountability, protection, and storage deficiencies are most numerous.37
Some reports made extra efforts to puncture through the fog of bureaucratic language. A 1995 report to the President said: By placing sensitive information on
information systems, we increase the likelihood that inimicable interests, external and internal, will treat those systems as virtual automatic teller machines, making
unauthorized withdrawals at our nations expenses. Indeed, a report found security breaches at one of the major weapons facility in which documents with
unclassified but sensitive information were found to be stored on systems that were readily accessible to anyone with Internet access.38 In other instances,
personnel were found to be sending classified information to outsiders via an unclassified email system.39
Ahead of its Time
In 1986, the DOE Office of Safeguards and Quality Assessment issued an inspection report on a weapons lab that warned of shortcomings in computer
security and noted that the ability of [a] user to deliberately declassify a classified file without detection and move classified information from the secure
partition to the open partition can be made available to any authorized user either on or off site.40
The warning turned out to be on the mark. In April of this year, Energy Secretary Bill Richardson issued a statement: While I cannot comment on the specifics,
I can confirm that classified nuclear weapons computer codes at Los Alamos were transferred to an unclassified computer system. This kind of egregious
security breach is absolutely unacceptable ... .
Even though the hard evidence points to only sporadic penetrations of the labs by foreign intelligence services (see classified appendix), volumes of sensitive and
classified information may have been lost over the yearsvia discarded or purloined documents; uninformed and often improperly vetted employees, and a maze of
uncontrolled computer links. In one recent case discovered by PFIAB, lab officials initially refused to rectify a security vulnerability because no probability is
assigned to [a loss of sensitive information], just the allegation that it is possible.41
As recent as last years annual DOE report to the President, security analysts were finding numerous incidents of classified information being placed on unclassified
systems, including several since the development of a corrective action plan in July 1998.42
TRACKING OF NUCLEAR MATERIALS: HOW MUCH MUF?
MUF stands for materials unaccounted for, the official term used until the late 1970s for discrepancies in the amount of nuclear materials that can be physically
located in inventory versus the amount noted in Department records. MUF (now termed with the more politic phrase inventory differences) has been a recurring
concernand debatein the nuclear research field since the beginning. The question at the center of the debate: if large quantities of nuclear material are impossible
to measure with absolute precision, what constitutes a significant loss?
As in many questions, the answer depends on whom you ask. Officials of nuclear research facilities have argued that the scale and complexity of the processing and
handling of nuclear material inevitably result in losses that are detectable but inconsequential. Outside observers have tended to be less sanguine about what
constitutes a significant loss from a security standpoint.
In 1976, the General Accounting Office reported that the Nuclear Regulatory Commission and the Energy Research and Development Administration (DOEs
predecessor) could not account for 8,000 pounds of highly enriched uranium and plutonium. Officials of the two agencies responded that part of the accounting
discrepancy could be ascribed to the statistical margin of error in their measuring equipment, the rest was probably dregs created during processing and left in
machinery parts, wiping cloths, and scrap items.43
Critics of the agencies have pointed out that thieves could easily use the variance in statistical measures to cover their tracks, stealing an increment during each
measuring period that falls just within the margin of error. They have also pointed out that if Department records are not accurate, it is impossible for anyone to
estimate the stock of nuclear material at any given point, much less the difference between two levels as it proceeds from one stage of the nuclear cycle to the next.
In December 1994, the Department released updated figures for the cumulative amount of MUF or inventory difference for the 50-year period beginning in 1944.
The cumulative figure: 6,174 pounds. Of that amount, a cumulative total of about 10 pounds was ascribed to accidental losses and approved write-offs.44
GAO has continued to highlight the issue since DOE has become the steward of the nations nuclear weapons laboratories. GAO published a report in 1991
criticizing the insufficiency of the Departments measuring systems and handling procedures45 ; in 1994, criticizing its methods of tracking exported nuclear material;46
and in 1995, for installing a new system that was allegedly faulty.47
Even if accurate systems of measurement and accounting had been in place, it is not clear whether DOE officials would have been qualified to manage them
effectively. A 1995 report to the President warned that severe budget reductions, diminished technical resources, increased responsibilities, and reduced mission
training ... have undermined protection of special nuclear material and restricted data.48
Last year, a report by an external review panel found a lack of nuclear physical security expertise at all levels in the oversight process; ad hoc structuring of
safeguards and security functions throughout the Department, and placement of oversight functions in positions which constrain their effectiveness.49
The dispute over the accuracy of nuclear measurements, of course, is beyond the technical capabilities of this panel to resolve. But the panel members do believe that
its persistence and the low priority given to the issue relative to other DOE scientific goals is indicative of the insti-tutional attitude that DOE has had toward security:
nonscientists have a poor understanding of all things nuclear, so their judgments about acceptable levels of risk are suspect prima facie.
FOREIGN VISITORS AND ASSIGNMENTS PROGRAM
True to the tradition of international partnership molded by the experiences of the Manhattan Project, the weapons labs have remained a reservoir of the best
international scientific talent. Recent examples abound: a supercomputing team from Oak Ridge National Lab, made up of three PRC citizens and a Hungarian,
recently won the Gordon Bell Prize; a Bulgarian and a Canadian, both world-class scientists, are helping Lawrence Livermore National Lab solve problems in fluid
dynamics; a Spanish scientist, also at Livermore, is collaborating with colleagues on laser propagation.
But for more than a decade, the increasing prominence of foreign visitors in the weapons labs has increased concern about security risks. The PFIAB panel found
that as early as 1985, the DCI raised concerns about the foreign visitors program with the Energy Secretary. A year later, researchers conducting internal DOE
review could find only scant data on the number and composition of foreign nationals at the weapons labs. Although intelligence officials drafted suggestions for
DOEs foreign visitor control program, PFIAB found little evidence of reform efforts until the tenure of Secretary Watkins.
A 1988 GAO report cited DOE for failing to obtain timely and adequate information on foreign visitors before allowing them access to the laboratories. The GAO
found three cases where DOE allowed visitors with questionable backgroundspossible foreign agentsaccess to the labs. In addition, the GAO found that about
10 percent of 637 visitors from sensitive countries were associated with foreign organizations suspected of conducting nuclear weapons activities but DOE did not
request background data on them prior to their visit. DOE also had not conducted its own review of the visit and assignment program at the weapons labs despite
the DOE requirement to conduct audits or reviews at a minimum of every five years. Moreover, GAO reported that few postvisit or host reports required by DOE
Order 12402 were submitted within 30 days of the visitors departure and some were never completed.50
The following year, DOE revised its foreign visitor policy and commissioned an external study on the extent and significance of the foreign visitor problem. DOEs
effort to track and vet visitors, however, still lagged well behind the expansion of the visitor program, allowing foreigners with suspicious backgrounds to gain access
to weapons facilities. A study published in June 1990 indicated DOE had a crippling lack of essential data, most notably no centralized, retrievable listing of foreign
national visitors to government facilities.51
By September, 1992, DOE had instituted Visitor Assignment Management System (VAMS) databases, used to track visitors and assignees requesting to visit DOE.
The system, however, failed to provide links between the labs that could be used for CI analysis and cross-checking of prospective visitors. Moreover, labs
frequently did not even use the database and failed to enter visitor information. Instead, each lab developed its own computer program independently.
Reviews of security determined that, despite an increase of more than 50 percent in foreign visits to the labs from the mid1980s to the mid1990s, DOE controls
on foreign visitors actually weakened in two critical areas: screening for visitors that may pose security risks, and monitoring the content of discussions that might
touch on classified information.
In 1994, DOE headquarters delegated greater authority to approve nonsensitive country visitors to the laboratories, approving a partial exception for Los Alamos
and Sandia National Laboratories to forego background checks to help reduce costs and processing backlogs. This resulted in almost automatic approval of some
foreign visitors and fewer background checks. The FBI and GAO subsequently found that questionable visitors, including suspected foreign intelligence agents, had
access to the laboratories without DOE and/or laboratory officials advance knowledge of the visitors backgrounds.52
Changes in records checks over the past decade also made it easier for individuals from sensitive countries to gain access to the laboratories. In 1988, for example,
all visitors from Communist countries required records checks regardless of the purpose of the visit. By 1996, records checks were only required for visitors from
sensitive countries who visited secure areas or discussed sensitive subjects.
An internal DOE task force in 1996 determined that the Departments definitions of sensitive topics were not specific enough to be useful. It directed the DOE office
of intelligence to develop a new methodology for defining sensitive topics, but did not set a due date. The 1996 group also called for a Deputy Secretarylevel
review of foreign visits and assignments to be completed by June 1997.53 The PFIAB panel found no evidence to suggest that these tasks were accomplished.
In 1997, GAO found that DOE lacked clear criteria for identifying visits that involve sensitive subjects, U.S. scientists may have discussed sensitive subjects with
foreign nationals without DOEs knowledge or approval; and the Departments counterintelligence program had failed to produce comprehensive threat assessments
that would identify likely facilities, technologies, and programs targeted by foreign intelligence.54 The study found that records checks were still not being conducted
regularly on foreign visitors from sensitive countries.55 Last year, 7,600 foreign scientists paid visits to the weapons labs.56 Of that total, about 34 percent were from
countries that are designated sensitive by the Department of Energymeaning they represent a hostile intelligence threat. The GAO reported last year that foreign
nationals had been allowed after-hours and unescorted access to buildings.57
Administration Track Records
CARTER
(Schlesinger: Aug '77-Aug '79; Duncan: Aug '79-Jan '81)
'77 DOE established
First visiting U.S. scientists to China in '79 and '80 face Chinese elicitation effort.
Late 1970s FBI investigates possible espionage
at a lab.
'80 GAO reports on problems safeguarding against the spread of nuclear weapons technology.
REAGAN I
(Edwards: Jan '81-Nov '82; Hodel: Nov '82-Feb '85; Herrington: Feb '85- )
'82 DOE's Inspection and Evaluation program formed
GAO reports safeguards and security of weapons labs not adequate, recommends independent
assessments program.
'83 DOE issues threat guidance to provide a consistent basis" for identifying vulnerabilities.
Memo to DOE, DOD states President
has "decided to strengthen WH role
concerning the security of U.S. nuclear facilities."
President signs National Security Decision Directive (NSDD) on
DOE security.
DOE Safeguards and Security Steering Group formed at President's direction to oversee fulfillment of physical security improvements
GAO reports security concerns at Rocky Flats facility.
DOE conducts eight internal security inspections at weapons facilities and DOE HQ; provides
criticisms and recommendations to DOE management.
'84 DOE's Central Training Academy established for protective force personnel.
REAGAN II
(Herrington: Feb '85-Jan '89)
'86 Rep. Dingell letter to President re: lab security vulnerabilities, management problems and lack of confidence in DOE.
Four GAO reports on DOE
security and CI problems
External report requested by DOE finds problems with management of foreign visitors and adequate security.
'87 Three GAO
reports on DOE highlight the transfer of technology to proliferating nations and inefficient security clearance program.
Seven internal DOE security
inspections criticize management and security practices in '87-'88.
DOE initiates the Personnel Security Assurance Program (PSAP)
DOE focuses on
insider protection and strengthens classified document controls.
Three DOE IG reports about security clearance problems from '86-'88.
'88 Intelligence
Community paper reflects concerns with international scientific exchanges at the DOE labs.
President signs NSDD on Nuclear Weapons Safety, Security,
and Control.
FBI detailee to DOE cites inaccessibility to senior DOE managers.
President states "Improved nuclear security is an important legacy for us
to leave the next administration;" DOE official opines that Energy has done "essentially all that can be done against the outsider threat."
Senate Intelligence
Committee staff briefed on CI activities at labs.
Four GAO reports address DOE security and counter-intelligence problems, including: major weaknesses in
foreign visitor controls at labs, and foreign agents possibly gaining access to labs.
BUSH
(Watkins: Mar '89-Jan '93)
'89 New Secretary concerned about 1988 GAO criticism of DOE CI/security, defers DOE annual report on security until he reviews issue; NSC concurs.
GAO finds insufficient control over weapons-related information and technology.
'90 Four IG reports on security
Secretary of Energy Advisory Board
(SEAB) chartered
Interagency CI group prepares assessment of intelligence threat to government facilities from visiting foreign nationals.
GAO cites lack
of clear, concise physical security standards and inconsistent material measurements at labs.
Freeze Task Force critical of split management of classified and
unclassified computer security; finds direction, coordination, conduct and oversight of safeguards and security activities throughout DOE warrant structural
changes.
External CI review highlights DOE's inability to manage comprehensive approach to foreign threat; inadequate oversight, control over secret
document inventory; uncoordinated computer security responsibilities.
'91 Four IG reports criticize security
GAO reports property, classified document
control problems at LLNL; 10,000 documents unaccounted; inability of DOE to track, monitor, and correct security deficiencies
'87, '89, and '91 GAO
reports foreign countries routinely obtaining unclassified but sensitive information that could assist nuclear programs.
Memo to President highlights previous
security problems at DOE, Secretary's efforts to fix the deficiencies.
'92 Two IG reports on security
SSCI-requested CI assessment finds DOE
headquarters lacks authority to direct labs, CI resources, and current threat information.
GAO cites weak internal security oversight controls; incomplete
safeguards and security planning at DOE facilities.
DOE Order on CI issued.
DOE and FBI formalize relationship for conduct of CI activities.
Internal
security report to Secretary finds "personnel are seldom held responsible for their disregard, either intentional or unintentional, of security requirements."
Another report finds "Problems in management and oversight represent the most significant weakness" for the Department
and "security systems continue to
be plagued with potential single point failures."
ASSESSMENTS
RESPONSIBILITY
While cultural, structural, and historical problems have all figured into the management and security and counterintelligence failures of DOE, they should not be
construed as an excuse for the deplorable irresponsibility within the agency, the pattern of inaction from those charged with implementation of policies, or the
inconsistency of those in leadership positions. The panel identified numerous instances in which individuals were presented with glaring problems yet responded with
footdragging, fingerpointing, bland reassurances, obfuscations, and even misrepresentations.
The record of inattention and false start reforms goes back to the beginning of DOE. There have been several Presidents; National Security Advisors, Energy
Secretaries, Deputy Secretaries, Assistant Secretaries, and Lab Directors; scores of DOE Office Directors and Lab managers; and a multitude of Energy
Department bureaucrats and Lab scientists who all must shoulder the responsibility and accountability.
As noted above, severe lapses in the security of the nations most critical technology, data, and materials were manifest at the creation of the DOE more than 20
years ago. Many, if not most, of the problems were identified repeatedly. Still, reforms flagged amid a lack of discipline and accountability. The fact that virtually
every one of those problems persistedindeed, many of the problems still existindicates a lack of sufficient attention by every President, Energy Secretary, and
Congress.
This determination is in no way a capitulation to the standard of everyone is responsible, therefore no one is responsible. Quite the contrary. Even a casual reading
of the opensource reports on the Departments problems presents one with a compelling narrative of incompetency that should have merited the aggressive action
of the nations leadership. Few transgressions could violate the national trust more than inattention to ones direct responsibility for controlling the technology of
weapons of mass destruction.
The PFIAB panel was not empowered, nor was it charged, to make determinations of whether specific acts of espionage or malfeasance occurred regarding alleged
security lapses at the weapons labs. Nor was it tasked to issue performance appraisals of the various Presidents, Energy Secretaries, or members of the
Congressional leadership during their respective terms in office. However, an inquiry into the extent to which the system of administrative accountability and
responsibility broke down at various times in history has been necessary to fulfill our charter. In fairness, we have tried to examine the nature of the security problems
at DOEs weapons labs in many respects and at many levels, ranging from the circumstances of individuals and the dynamics of group behavior to the effectiveness
of midlevel management, the clarity of the laws and regulations affecting the Department, and the effectiveness of leadership initiatives.
THE RECORD OF THE CLINTON TEAM
To its credit, in the past two years the Clinton Administration has proposed and begun to implement some of the most farreaching reforms in DOEs history. The
1998 Presidential Decision Directive on DOE counterintelligence (PDD-61) and Secretary Richardsons initiatives are both substantial and positive steps. We offer
an analysis of some of these initiatives, and their likelihood of success, elsewhere in this chapter and elsewhere in this report.
However, the speed and sweep of the Administrations ongoing response does not absolve it of its responsibility in years past. At the outset of the Clinton
Administrationin 1993, when it inherited responsibility for DOE and the glaring record of mismanagement of the weapons laboratoriesthe incoming leadership
did not give the security and counterintelligence problems at the labs the priority and attention they warranted. It will be incumbent on the DOE transition team for the
incoming administration in 2001 to pay particular heed to these issues.
While the track record of previous administrations responses to DOEs problems is mixed (see box on previous administrations, on pp. 26-27), the panel members
believe that the gravity of the security and counterintelligence mismanagement at the Department will, and should, overshadow post facto claims of due diligence by
any administrationincluding the current one. Asserting that the degree of failure or success with DOE from one administration to the next is relative is, one might
say, gilding a figleaf.
The fact is that each successive administration had more evidence of DOEs systemic failures in hand: the Reagan Administration arrived to find several years worth
of troubling evidence from the Carter, Ford, and Nixon years; the evidence had mounted higher by the time that the Bush Administration took over; and higher still
when the Clinton Administration came in. The Clinton Administration has acted forcefully, but it took pressure from below and outside the Administration to get the
attention of the leadership, and there is some evidence to raise questions about whether its actions came later than they should have, given the course of events that
led the recent flurry of activity.
Clinton Administration Track Record
OLeary: Jan 93Jan 97
93 New Secretary works to make labs more open
launches major declassification effort.
DOE 92 Annual Report to President does not mention
security problems highlighted same year in reports to Secretary .
GAO criticizes DOEs ineffective management of personnel security cases.
Four IG
reports on security
Internal report to Secretary on computer security uncovers lack of access controls; no configuration management; failure to perform
management reviews.
94 Three IG reports on security
FBI detailees to DOE recalled because of lack of control of the CI program by DOE HQ.
Internal report finds classified and unclassified information on lab computer network.
GAO reports computer security deficiencies found in 1985 at six
facilities still not fixed.
95 Four IG reports on security
Congress considers numerous bills between 9599 to abolish DOE.
Galvin Task Force
offers SEAB options for change within the labs.
Walk-in provides documents containing sensitive U.S. nuclear information.
DOE officials meet with
FBI regarding potential espionage involving nuclear weapons data.
Analysis group formed at DOE to review Chinese weapons program; senior DOE, CIA,
White House officials discuss options.
GAO reports on poor management of nuclear material tracking capabilities
Laboratory Operations (oversight)
Board created.
96 First three lab-to-lab exchanges between U.S. and China.
Internal DOE report discovers required nuclear material physical
inventories not being performed.
Two IG reports on security
DOE Deputy Secretary directs six initiatives to lab directors and field office heads for the
foreign visitors and CI programs (most initiatives ignored after he leaves DOE in 1997.)
Pena: Mar 97Jun 98
97 Mar New Secretary confirmed.
FBI report to Congress and DOE critical of DOE CI capabilities; addresses CI program oversight, foreign visits and
assignments, CI analysis, professional training/CI awareness.
FBI Director personally delivers CI review to Secretary.
Two additional LabtoLab
exchanges held in Beijing.
DOE staff briefs Congressional staff, and NSC, CIA, FBI senior officials on Chinese nuclear program, possible Chinese
espionage before Secretary informed
DOE increases budget for CI in FY 1997, hires more CI professionals.
Inter-agency Working Group reports that
systemic and serious CI and security problems at DOE have been well documented over at least a ten year period
few of the recommendations in the past
studies have been implemented,
A senior CI official states There is every reason to believe the labs will resist any outside assistance
National Security
Advisor requests independent assessment of China's nuclear program and the impact of U.S. nuclear information.
Two DOE internal reports cite confusing,
fragmented, dysfunctional security management structure.
External report finds multiple, uncoordinated internal and external oversight activities.
DCI and
FBI Director meet with Secretary to discuss DOE CI problem and reform plan;
meeting notes state Despite all the studies conducted, experience over time
has shown that DOEs structure and culture make reform difficult, if not impossible, from within.
Internal DOE report states in all candor, we have been
hampered in meeting [the safeguards and security] obligations by organizational obstacles and competing internal interests.
PDD61 drafted, coordinated in
inter-agency process.
DOEs Laboratory Operations Board finds inefficiencies due to the Department's complicated management structure.
Peter Lee
(formerly of LLNL) pleads guilty, inter alia, to transmitting classified national defense information to representatives of the PRC in 85.
GAO finds faulty
procedures for foreign visitor indices checks and controlling dissemination of sensitive information; lack of clear criteria for identifying visits that involve sensitive
subjects; indirect and inconsistent CI funding; DOE CI programs not based on comprehensive assessment of foreign espionage threat.
Institute of Defense
Analyses 120 Day Report finds inadequate management of DOE workforce and confusing chains of com-mand.
98 Feb. President signs PDD-61.
External report says DOE management and oversight of security problematic
Security Management Board created by Congress, meets twice in next 18
months
CIA/FBI report provided to Congress on Chinese espionage activities.
Jun 30 Secretary resigns, Deputy designated as Acting Secretary.
DOEs 90-day report on CI reveals problems remain regarding separate management of classified and unclassified information.
Lab-to-lab exchange held in
Beijing.
Richardson: Aug 98
98 Aug 18 New Secretary sworn in
GAO again finds problems in DOEs foreign visitor program; notes lack of clear procedures for identifying sensitive
subjects.
External report highlights lack of DOE oversight expertise and ad hoc security structure.
Per PDD61, assessment of the foreign collection
threat against DOE published.
'99 DOE security review finds unhealthy, adversarial environment of mistrust among DOE security organizations,
recommends several management process changes
Cox Committee publishes report
Lab-to-Lab exchange held in Beijing.
President directs PFIAB to
review security, CI at labs; directs Intelligence Community to conduct damage assessment of possible security breaches at labs; directs CI community to review
security of nuclear weapons information in USG.
DOE CI Implementation Plan delivered to Secretary.
GAO reports inadequate separation of classified
and unclassified computer networks at same lab in 1988, 1992, 1994, and 1998.
Chiles Report describes management problems in nuclear weapons
program.
Internal DOE report highlights computer security problems at a lab.
DOE counterintelligence implementation plan (per PDD61) issued to labs.
DOE shuts down all classified computers at LANL, LLNL, and SNL.
DOE holds tri-lab computer security conference.
Secretary announces new
security organization at DOE, to be headed by a security czar.
THE 1995 WALK-IN DOCUMENT
In 1995, a U.S. intelligence agency obtained information that has come to be called the walk-in document. A copy of a classified PRC report, it contains a
discussion of various U.S. nuclear warheads. The PFIAB has carefully reviewed this document, related information, and the circumstances surrounding its delivery.
Serious questions remain as to when it was written, why it was written, and why it was provided to the U.S. We need not resolve these questions.
The document unquestionably contains some information that is still highly sensitive, including descriptions, in varying degrees of specificity, of technical
characteristics of seven U.S. thermonuclear warheads. This information had been widely available within the U.S. nuclear weapons community, including the
weapons labs, other parts of DOE, the Department of Defense, and private contractors, for more than a decade. For example, key technical information concerning
the W88 warhead had been available to numerous U.S. government and military entities since at least 1983 and could well have come from many organizations
other than the weapons labs.
W-88 INVESTIGATION
Despite the disclosure of information concerning seven warheads, despite the potential that the source or sources of these disclosures were other than the bomb
designers at the national weapons labs, and despite the potential that the disclosures occurred as early as 1982, only one investigation was initiated. That investigation
focused on only one warhead, the W88, only one category of potential sourcesbomb designers at the national labsand on only a four-year window of
opportunity. It should have been pursued in a more comprehensive manner. The allegations raised in the investigation should still be pursued vigorously. And the
inquiry should be fully exploredregardless of the conclusions that may result.
The episode began as an administrative inquiry conducted by the DOE Office of Energy Intelligence, with limited assistance from the FBI. It developed into an FBI
investigation, which is still under way today. Allegations concerning this case and related activities high-lighted the need for improvements in the DOEs
counterintelligence program, led along the way to the issuance of a Presidential Decision Directive revamping the DOEs counterintelligence program, formed a
substantial part of the information underlying the Cox Committees conclusions on nuclear weapons information, and ultimately led, at least in part, to the Presidents
decision to ask this Board to evaluate security and counterintelligence at the DOEs weapons labs.
It is not within the mandate of our review to solve the W88 case or any other potential compromises of nuclear weapons information. Further, it is not within our
mandate to conduct a comprehensive and conclusive evaluation of the handling of the W88 investigation by the DOJ and FBI. In fact, as we understand it, that is
the purpose of a task force recently appointed by the Attorney General. We trust that among the issues that the task force will resolve are:
Whether the FBI committed sufficient resources, including agents with appropriate expertise, and demonstrated a sense of urgency commensurate with
an apparent compromise of classified U.S. nuclear weapons information;
Whether the DOJ Office of Intelligence Policy Review (OIPR) applied an inappropriately high standard to the FBIs request for electronic surveillance
under the Foreign Intelligence Surveillance Act (FISA);
Whether the FBI provided to DOJ OIPR all U.S. government information relevant to an appropriate evaluation of the FBIs FISA request;
Why the FBIs FISA request did not include a request to monitor or search the subjects workplace computer systems, particularly since an attorney in
the FBIs General Counsel Office had provided an opinion in 1996 that such monitoring or searching in this case would require FISA authorization;
Why the FBI did not learn until recently that in 1995 the subject had executed a series of waivers authorizing monitoring of his workplace computer
systems;
Whether the FBI adequately raised to the Attorney General the FBIs concerns over the declination of the FISA request;
Whether communications regarding the subjects job tenure broke down between DOE, FBI, and Los Alamos;
Whether the DOJ OIPR maintained appropriate records concerning FISA requests that were declined;
Whether the FBI appropriately relied on technical opinions provided by the DOE;
Why DOE, rather than the FBI, conducted the first polygraph examination in this case when the case was an open FBI investigation; and, perhaps most
importantly,
Whether additional cases should be opened to investigate whether the apparent disclosures may have arisen out of organizations other than Los Alamos
lab.
Again, resolving these issues is not within our mandate. It is, however, explicitly within our mandate to identify additional steps that may need to be taken to address
the security and counterintelligence threats to the weapons labs. Also, it is within our standing PFIAB obligation under Executive Order 12863 to assess the
adequacy of counterintelligence activities beyond the labs. In this regard, what we have learned from our limited review of the W-88 case and other cases are
significant lessons that extend well beyond these particular cases. These lessons relate directly to additional steps we believe must be taken to strengthen our
safeguards against current security and foreign intelligence threats. Those steps are discussed further in the Classified Appendix to this report.
We have learned, for example, that under the current personnel security clearance system a person who is under FBI investigation for suspected counterintelligence
activities may sometimes be granted a new or renewed clearance. We also have learned that although the written standards for granting a first clearance and for
renewing an existing clearance may be identical, the actual practice that has developedcertainly within DOE and we strongly suspect elsewhereis that clearance
renewals will be granted on a lower standard. We find such inconsistency unacceptable. We think it appropriate for the National Security Council to review and
resolve these issues.
We have also learned that the legal weapons designed to fight the counterintelligence battles of the 70s have not necessarily been rigorously adapted to fight the
counterintelligence battles of the 90s (and beyond). For example, with the passage of more than twenty years since the enactment of the Foreign Intelligence
Surveillance Act (FISA) of 1978, it may no longer be adequate to address the counterintelligence threats of the new millennium. We take no position on whether the
statute itself needs to be changed. It may well still be sufficient. However, based on all of the information we have reviewed and the interviews we have conducted,
and without expressing a view as to the appropriateness of the DOJ decision in the W88 case, we do believe that the Department of Justice may be applying the
FISA in a manner that is too restrictive, particularly in light of the evolution of a very sophisticated counterintelligence threat and the ongoing revolution in information
systems. We also are concerned by the lack of uniform application across the government of various other investigative tools, such as employee waivers that grant
officials appropriate authority to monitor sensitive government computer systems.
Moreover, there does not exist today a systematic process to ensure that the competing interests of law enforcement and national security are appropriately
balanced. Law enforcement, rightly so, is committed to building prosecutable cases. This goal is often furthered by leaving an espionage suspect in place to facilitate
the gathering of more evidence. The national security interest, in contrast, is often furthered by immediately removing a suspect from access to sensitive information to
avoid additional compromises. Striking the proper balance is never easy. It is made all the more difficult when there is no regular process to ensure that balance is
struck. We have learned in our review that this difficult decision often is made by officials who either are too focused on the investigative details or are too unaware
of the details to make a balanced decision. This is another matter deserving National Security Council attention.
PFIAB EVALUATION OF THE INTELLIGENCE
COMMUNITY DAMAGE ASSESSMENT
Following receipt of the walk-in document, CIA, DOE, Congress, and others conducted numerous analyses in an effort to determine the extent of the classified
nuclear weapons information the PRC has acquired and the resultant threat to U.S. national security. Opinions expressed in the media and elsewhere have ranged
from one extreme to the other. On one end of the spectrum is the view that the Chinese have acquired very little classified information and can do little with it. On the
other end is the view that the Chinese have nearly duplicated the W88 warhead.
After reviewing the available intelligence and interviewing the major participants in many of these studies, we conclude that none of these extreme views holds water.
For us, the most accurate assessment of Chinas acquisition of classified U.S. nuclear weapons information and the resultant threat to U.S. national security is
presented in the April 1999 Intelligence Community Damage Assessment. Written by a team of experts, this assessment was reviewed and endorsed by an
independent panel of national security and nuclear weapons specialists, chaired by Admiral David Jeremiah. We substantially agree with the assessments analysis
and endorse its key findings. The full text of the assessments unclassified summary appears in the unclassified appendix.
PRESIDENTIAL DECISION DIRECTIVE 61: BIRTH AND INTENT
In mid1997, it became clear to an increasingly broader range of senior administration officials that DOEs counterintelligence program was in serious trouble.1 In
late July, DOE officials briefed the Presidents National Security Advisor, who concluded that, while the real magnitude and national security implications of the
suspected espionage needed closer scrutiny, there was nonetheless a solid basis for taking steps to strengthen counterintelligence measures at the labs. He requested
an independent CIA assessment of Chinas nuclear program and the impact of U.S. nuclear information, and he directed that the National Counterintelligence Policy
Board (NACIPB)2 review the DOE counterintelligence program. That September, the National Security Advisor received the CIA assessment, and the NACIPB
reported back that it had found systemic and serious CI and security problems at DOE [had] been well documented over at least a ten year period and few of the
recommendations in the past studies [had] been implemented. The NACIPB made 25 recommendations to significantly restructure the DOE CI program; it also
proposed that a Presidential Decision Directive or Executive Order be handed down to effect these changes.
At an October 15 meeting, the Director of Central Intelligence and the FBI Director discussed with Secretary Pena and his Deputy Secretary the need to reform the
DOE CI program. The DCI and FBI Director sought to make clear there was an urgent need to act immediately, and despite all the studies conducted, experience
over time [had] shown that DOEs structure and culture make reform difficult, if not impossible, from within. All agreed to develop an action plan that would serve
as the basis for a Presidential Decision Directive. Several senior officials involved felt that the necessary reforms wouldwithout the mandate of a Presidential
directivehave little hope of overcoming the anticipated bureaucratic resistance, both at DOE headquarters and at the labs. There was a clear fear that, if the
Secretary spoke, the bureaucracy wouldnt listen; if the President spoke, the bureaucracy might at least listen.
That winter, the NSC coordinated a draft PDD between and among the many agencies and departments involved. Serious disagreements arose over several issues,
particularly the creation of independent reporting lines to the Secretary for the Intelligence and Counterintelligence Offices. Also at issue was the subordination of the
CI officers at the labs. Much of the resistance stemmed simply from individuals interested in preserving their turf won in previous DOE bureaucratic battles. After
much bureaucratic maneuvering and even vicious infighting, these issues were finally resolved, or so it seemed; and on February 11, 1998, the President signed and
issued the directive as PDD-61.
The full PDD remains classified. An unclassified summary, which contains all significant provisions, is set forth in the unclassified annex. In our view, among the most
significant of the 13 initiatives directed by PDD-61 are:
The CI and foreign intelligence (FI) elements would be reconfigured into two independent offices and report directly to the Secretary of Energy;
The Director of the new Office of CI (OCI) would be a senior executive from the FBI and would have direct access to the Secretary of Energy, the
DCI and the Director of the FBI;
Existing DOE contracts with the labs would be amended to include CI program goals and objectives and performance measures to evaluate
compliance with these contractual obligations, and CI personnel assigned to the labs would have direct access to the lab directors and would
concurrently report to the Director, OCI;
The incoming Director, OCI would prepare a report for the Secretary of Energy ninety days after his arrival that would address progress on the
initiative, a strategic plan for achieving long-term goals, and recommendations on whether and to what extent other organizational changes may be
necessary to strengthen CI; and,
Within 120 days, the Secretary of Energy would advise the Assistant to the President for National Security Affairs on the actions taken and specific
remedies designed to implement this directive.
On April 1, 1998, a senior executive from the FBI assumed his duties as the Director of the OCI, and began his 90day study. He completed and forwarded it to
the Secretary of Energy on July 1, the day after Secretary Pena resigned. The Acting Secretary led a review of the study and its recommendations. On August 18,
Secretary Richardson was sworn in. On November 13, he submitted the action plan required by the PDD to the National Security Advisor. Secretary Richardson
continued to develop an implementation plan. The completed implementation plan was delivered to Secretary Richardson on February 3, 1999, and issued to the
labs on March 4.
TIMELINESS OF PDD61
Criticism has been raised that the PDD took too long to be issued and has taken too long to implement. Although the current National Security Advisor was briefed
on counterintelligence concerns by DOE officials in April of 1996, we are not convinced that the briefing provided a sufficient basis to require initiation of a broad
Presidential directive at that time. We are convinced, however, that the July 1997 briefing, which we are persuaded was much more comprehensive, was sufficient to
warrant aggressive White House action. We believe that while the resulting PDD was developed and issued within a customary amount of time, these issues had such
national security gravity that it should have been handled with more dispatch. That there were disagreements over various issues is not surprising; that the DOE
bureaucracy dug in its heels so deeply in resisting clearly needed reform is very disturbing. In fact, we believe that the NACIPB, created by PDD in 1994, was a
critical factor in ramrodding the PDD through to signature. Before 1994, there was no real structure or effective process for handling these kinds of issues in a
methodical way. Had the new structure not been in place and working, we doubt if the PDD would have made it.
With regard to timeliness of implementation, we have far greater concern. It is not unreasonable to expect that senior DOE officials would require some time to
evaluate the new OCI Directors 90day study, and we are aware that Secretary Richardson did not assume his DOE duties until midAugust. However, we find
unacceptable the more than four months that elapsed before DOE advised the National Security Advisor on the actions taken and specific remedies developed to
implement the Presidential directive, particularly one so crucial.
More critically, we are disturbed by bureaucratic footdragging and even recalcitrance that ensued after issuance of the Presidential Decision Directive. Severe
disagreements erupted over several issues, including whether the CI program would apply to all of the labs, not just the weapons labs, and the extent to which
polygraph examinations would be used in the personnel security program. We understand that some DOE officials declined to assist in the implementation simply by
declaring that, It wont work. The polygraph program was finally accepted into the DOEs security reforms only after the National Security Advisor and the DCI
personally interceded. The fact that the Secretarys implementation plan was not issued to the labs until more than a year after the PDD was issued tells us DOE is
still unconvinced of Presidential authority. We find worrisome the reports of repeated and recent resistance by Office of Management and Budget officials to
requests for funding to implement the counterintelligence reforms mandated by PDD-61. We find vexing the reports we heard of OMB budgeteers lecturing other
government officials on the unimportance of counterintelligence at DOE.
SECRETARY RICHARDSONS INITIATIVES
Since November of 1998 and especially since April of this year, Secretary Richardson has taken commendable steps to address DOEs security and
counterintelligence deficiencies. In November of last year, in the action plan required by PDD-61, Secretary Richardson detailed 31 actions to be taken to reform
DOEs counterintelligence program. These actions addressed the structure of the counterintelligence program, selection and training of field counterintelligence
personnel, counterintelligence analysis, counterintelligence and security awareness, protections against potential insider threats, computer security, and relationships
with the FBI, the Central Intelligence Agency, and the National Security Agency.
Though many matters addressed in the
action plan would require further evaluation before specific actions would be taken, immediate steps included granting to the
Office of Counterintelligence (OCI) direct responsibility for programming and funding counterintelligence activities of all DOE field offices and laboratories; granting
the Director, OCI the sole authority to propose candidates to serve as the counterintelligence officers at the weapons labs; and instituting a policy for a polygraph
program for employees with access to sensitive information.
In April of 1999, in an effort to eliminate multiple reporting channels and improve lines of communications, direction and accountability, Secretary Richardson
ordered changes in the departments management structure. In short, each of the 11 field offices reports to a Lead Program Secretarial Office (LPSO). The LPSO
has overall line accountability for site-wide environment, safety and health, for safeguards and security and for the implementation of policy promulgated by
headquarters staff and support functions. A newly established Field Management Council is to be charged with program integration.
In May of 1999, Secretary Richardson announced substantial restructuring of the security apparatus at DOE. Among these is the new Office of Security and
Emergency Operations, responsible for all safeguards and security policy, cybersecurity, and emergency functions throughout DOE. It will report directly to the
Secretary and consist of the Office of the Chief Information Officer, and Office of Emergency Management and Response, and an Office of Security Affairs, which
will include the Office of Safeguards and Security, the Office of Nuclear and National Security Information, the Office of Foreign Visits and Assignments, and the
Office of Plutonium, Uranium, and Special Material Inventory.
Also announced was the creation of the Office of Independent Oversight and Performance Assurance. It also will report directly to the Secretary to provide
independent oversight for safeguards and security, special nuclear materials accountability, and other related areas.
To support additional cyber-security improvements, DOE will be asking Congress for an additional $50 million over the next two years. Improvements are to include
continual monitoring of DOE computers for unauthorized and improper use. New controls will also be placed on computers and workstations, removable media,
removable drives, and other devices that could be used to download files. In addition, warning banners are now mandatory on all computer systems to alert users
that these systems are subject to search and review at the governments discretion. Cybersecurity training is also to be improved.
Secretary Richardson further announced additional measures designed to strengthen DOEs counterintelligence program. They include: a requirement that DOE
officials responsible for maintaining personnel security clearances be notified of any information that might affect the issuance or maintenance of such a clearance,
even when the information does not rise to the level of a criminal charge; and mandatory reporting by all DOE employees of any substantive contact with foreign
nationals from sensitive countries. DOE also plans to strengthen its Security Management Board; accelerate actions necessary to correct deficiencies in security
identified in the 1997/1998 Annual Report to the President on Safeguards and Security; expedite improvements in the physical security of DOE nuclear weapons
sites; and delay the automatic declassification of documents more than 25 years old.
In sum, as of mid-June of 1999, progress has been made in addressing counterintelligence and security. Of note, all of the PDD61 requirements are reported to
have been substantially implemented. Other important steps also reportedly have been completed. Among these are the assignment of experienced
counterintelligence officers to the weapons labs.
PROSPECTS FOR REFORMS
Although we applaud Secretary Richardsons initiative, we seriously doubt that his initiatives will achieve lasting success. Though certainly significant steps in the right
direction, Secretary Richardsons initiatives have not yet solved the many problems. Significant objectives, all of which were identified in the DOE OCI study
completed nearly a year ago, have not yet been fully achieved. Among these unmet objectives are revising the DOE policy on foreign visits and establishing an
effective polygraph examination program for selected, highrisk programs. Moreover, the Richardson initiatives simply do not go far enough.
These moves have not yet accomplished some of the smallest fixesdespite huge levels of attention and Secretarial priority. Consider the following example: with all
the emphasis of late on computer security, including a weekslong standdown of the weapons labs computer systems directed by the Secretary, the stark fact
remains that, as of the date of this report, a nefarious employee can still download secret nuclear weapons information to a tape, put it in his or her pocket, and walk
out the door. Money cannot really be the issue. The annual DOE budget is already $18 billion. There must be some other reason.
Under the Richardson plan, even if the new Security Czar is given complete authority over the more than $800 million ostensibly allocated each year to security of
nuclear weapons-related functions in DOE, he will still have to cross borders into other peoples fiefdoms, causing certain turmoil and infighting. If he gets no direct
budget authority, he will be left with little more than policy guidance. Even then, as the head of a staff office, under the most recent Secretary Richardson
reorganization he has to get the approval of yet another fiefdom, the newly created Field Management Council, before he can issue policy guidance. Moreover, he is
unlikely to have much success in obtaining approval from that body when he is not even a memberand the majority of those who are members are the very
program managers that his policy guidance would affect.
TROUBLE AHEAD
Perhaps the most troubling aspect of the PFIABs inquiry is the evidence that the lab bureaucraciesafter months at the epicenter of an espionage scandal with
serious implications for U.S. foreign policyare still resisting reforms. Equally disconcerting, other agencies have joined the security skeptics list. In the past few
weeks, officials from DOE and other agencies have reported to us:
There is a heightened attention to security at the most senior levels of DOE and the labs, but at the midlevel tiers of management there has been
lackluster response and business as usual.
Unclassified but sensitive computer networks at several weapons labs are still riddled with vulnerabilities.
Buildings that do not meet DOE security standards are still being used for open storage of weapons parts.
Foreign nationalssome from sensitive countriesresiding outside a weapons lab have remote dial-up access to unclassified networks without any
monitoring by the lab.
In an area of a weapons lab frequented by foreign nationals, a safe containing restricted data was found unsecured. It had not been checked by guards
since August 1998. When confronted with the violation, a midlevel official is said to have implied that it was not an actual security lapse because the
lock had to be jiggled to open the safe door.
A weapons lab was instructed to monitor its outgoing email for possible security lapses. The lab took the minimal action necessary; it began monitoring
emails but did not monitor the files attached to emails.
When Secretary Richardson ordered the recent computer stand-down, there was great resistance, and when it came time to decide if the labs
computers could be turned on again, a bevy of DOE officials fought to have final approval power.
BACK TO THE FUTURE
In 1976, federal officials conducted a study of the nations nuclear weapons laboratories and plants. In trying to devise a coherent and viable way of managing the
labs, they settled on three possible solutions: place the weapons labs under the Department of Defense, make them a freestanding agency, or leave them within the
Energy Research and Development Administration. Congress chose to leave the weapons labs within ERDA, the successor agency of the Atomic Energy
Commission.
Nearly a decade later, the oversight of the weapons labs was still of great concern. Senators Sam Nunn and John Warner led a push to place the weapons labs
under the auspices of the Department of Defense. However, the Reagan Administration staved off their effort by agreeing to put together a blueribbon panel to
study the issue. The panel studied the problem for six months and issued a report in July, 1985. Again, Congress and federal officials weighed whether the weapons
labs should be transferred to the Department of Defense or restructured to be given more autonomy.
The status quo prevailed. The weapons labs stayed within the Department of Energy.
As this report has detailed, problems in the managerial relationship between DOE and the weapons labs have persisted, perhaps even increased, over the past 14
years. Indeed, the discussion today sounds hauntingly familiar to the discussions in the 1980s and 1970s.
Today, however, there is a difference. The record of mismanagement of the weapons labs in matters of security and counterintelligence has become so long and so
compelling as to demand a rejection of the status quo. There can be no doubt that the current structure of the Department of Energy has failed to give the nations
weapons laboratories the level of care and attention they warrant. Thus, our panel is recommending deep and lasting structural change that will give the weapons
laboratories the accountability, clear lines of authority, and priority they deserve.
REORGANIZATION
What makes a government agency run well? There are a multitude of characteristics that arguably can make for an efficient and effective government agency or
department. This Panel holds no illusions about the completeness of its understanding nor the purity of its wisdom regarding government bureaucracies. Indeed, some
people would say that truly comprehending the inner workings of a federal department is the intellectual equivalent of grasping the enormity of the universe. Over the
course of many years, however, we, as members of the Presidents Foreign Intelligence Advisory Board, have evaluated the performance of numerous federal
entities, from the Department of Defense to the Foreign Broadcast Information Service. Some, we found, were in good order, others in pretty bad shape. In that
sense, we believe we do know a lot about what makes some agencies work and not work. Although somewhat subjective and by no means exhaustive, our list of
good things to look for includes several attributes.
LEADERSHIP
Certainly at the top, but also throughout the organization. The leaders and managers set the standards and expectations regarding performance and accountability.
They are the foundation upon which a successful organizational culture is built. If management sets, demonstrates and enforces high standards for performance and
accountability, there is a strong likelihood that the organization will follow. And, longevity is a key ingredient. For example, Daniel S. Goldin, Administrator of the
National Aeronautics and Space Administration (NASA), was named to his post in the spring of 1992. Goldin has won considerable acclaim for demanding nothing
but the best from his employees, and thereby turning around a bureaucracy that had become ossified and recalcitrant to higher authority, including the President. He
did not do it overnight, though. His watch is now seven years long and still going. By contrast, the average stay for an Energy Secretary has been about two and a
half years; a Deputy Secretary, less than two years; and an Under Secretary, less than 18 months.1
CLARITY OF MISSION
Employees must know who they are and why they are there. Mission statements may seem corny to some, but from our experience good ones work. NASAs is
crisp, clear and bold: NASA is an investment in Americas future. As explorers, pioneers and innovators, we boldly expand frontiers in air and space to inspire and
serve America, and to benefit the quality of life on Earth. The Energy Department also declares itself a department of the future; its slogan is Science, Security and
Energy: Powering the 21st Century. However, we wonder if the DOE employees in the field really have a sense of purpose and direction. Those at the Oakland
Operations Office are challenged to, serve the public by executing programs and performing DOE contract management. At Albuquerque Operations Office, the
rallying cry is, to contribute to the welfare of the nation by providing field-level federal management to assure effective, efficient, safe and secure accomplishment of
the Departments national defense, environmental quality, science and technology, technology transfer and commercialization and national energy objectives.2
DEDICATION TO EXCELLENCE
It is the responsibility of leadership to emphasize continuously and top-to-bottom the absolute importance of quality of performance. People truly dedicated to
excellence usually achieve it.
EMPHASIS ON CORE COMPETENCIES
Those agencies that constantly emphasize the business areas in which they must absolutely excel, usually do so. At NASA, we are told, rarely, if ever, does the
Administrator give a speech in which safety is not emphasized. DOE has appropriately emphasized excellence in the quality of its scientific and technical work, but
only recently has begun to emphasize security, and only in recent months has articulated the importance of counterintelligence. The panel was hard pressed to find
either words mentioned in speeches by most of Secretary Richardsons predecessors.
MINIMAL POLITICAL PRESSURES
Blessed is the government manager whose operations fall into only a handful of Congressional districts and under the purview of only a couple of oversight
committees. It doesn't take a nuclear scientist to understand that the more Congressional districts and committees with which a federal agency must contend, the
more it is politically whipsawed in its priorities and stuffed with pork. We suspect the Department of Energy probably holds some federal records: its multitudinous
and widely cast operations come under the scrutiny of no less than 18 Congressional committees and fund well-paying federal and contractor jobs in more than 50
congressional districts.
STREAMLINED FIELD OPERATIONS
In just about any endeavor, but especially in managing government contracts, simpler is better. Managing government contracts has become a major function in more
and more agencies and departments as they seek to cut costs. We know of a few good examples of agencies where this effort is both efficient and effective.
One is the National Reconnaissance Office (NRO), a semi-autonomous Defense Department agency, which has long managed huge contracts with major industrial
firms that have built and help operate our nation's surveillance satellites. The NRO, however, came under heavy fire several years ago for budget irregularities, partly
as a result of tangled lines of bureaucratic authority. Today, after some substantial streamlining, multi-million dollar contracts are run out of program management
offices at NRO Headquarters on a line of accountability leading directly to the contracting company. Rather than maintaining large field offices, the NRO employs
only a handful of representatives in the fieldtypically only one or two people resident at their largest contractors. The rest is done from Washington. To manage
their largest contracts, no more than 15 contracting officersfrom workerlevel to management are involved. Some are worth several billion dollars. Currently,
the NRO manages over 1,000 contracts worldwide, with a combined value numbering in the tens of billions of dollars. They manage these contracts using a staff of
approximately 250 contract officers.3
Though we acknowledge that there are differences between the missions of NROs satellite contractors and DOEs nuclear weapons lab contractors, we are
stunned by the huge numbers of DOE employees involved in overseeing a weapons lab contract. For example, Sandia National Weapons Laboratory, a
contractoroperated facility in New Mexico, has several layers of Energy Department employees with whom it must deal: the Kirtland (Air Force Base) Area Office,
with about 55 feds, which is subordinate to the Albuquerque Field Office (AFO), which has a total complement of about 1,300 government workers. Albuquerque
also monitors contracts with Los Alamos National Lab (through a Los Alamos Area Office of some 70 people), and several other contractors throughout the
southern United States. Notably, Albuquerque is but one of 11 such DOE Field Offices, that boast a total field complement of about 6,000. Back at DOE
Headquarters, which has a total work force of close to 5,000, Sandias contracts are monitored, depending on the subject, by several Program Officesincluding
Defense Programs (somewhat over 100 officials) and Environmental Management (somewhat over 200 officials).
We repeatedly heard from officials at various levels of DOE and the weapons labs how this convoluted and bloated management structure has constantly transmitted
confusing and often contradictory mandates to the labs. This is vividly illustrated by the labyrinthine organizational charts that one must decipher to trace lines of
authority.
RESPONSIBILITY AND ACCOUNTABILITY IN SECURITY
One senior CIA official told us that the NRO security system is the best in the governmenta view echoed, we understand, in a forthcoming report by the
DCI/Defense Secretary Joint Security Commission. One can see why. At the NRO, security starts at the top. The chief of security provides policy guidance and
monitors implementation. However, from the Director on down, all line managers are responsible for implementation. If a security breach occurs, the Director and
appropriate line subordinates all are accountable. Similarly, NRO contractors are expected to meet fully NRO security standards and guidelines. Failure to meet
those guidelines could well result in forfeiture of performance award fees, at the least.
FULL OPERATIONAL INTEGRATION
To be effective, security must be more than a concept, it must be woven into every aspect of the agencys business and the daily work of every employee. The NRO
integrates security more fully than most other federal agencies we have seen. Though it has separate line items for security and counterintelligence functions, most
securityrelated expenditures are integrated directly into the line items of every satellite program. Thus, rather than imposing security mandates as contract
add-ons, security officials work with the NRO managers to fold their requirements into a given program during the planning stages. In this structure, security
requirements are as much a part of an NRO satellite program as are solar cells and thrusters. And, the NRO security professionals, rather than treated as staff
functionaries, are accepted as true partners in the NRO mission.
A PREVAILING CONSCIOUSNESS
Making people aware is vital. The record clearly shows that DOE has had mixed results from its various security and counterintelligence indoctrination programs.
Briefings, town hall meetings and educational films are helpful, but they cannot take the place of a working environment in which security is just part of the daily
routine. Again at the NRO, when a management decision is made, security always gets a voice. A security official is present at every level of NRO decision making:
from the Office Director, to his Board of Directors, to the management teams of the smallest NRO program, security officials are part of the management process.
Moreover, security gets a vote equal to that of any program manager. From the record, we judge that security at DOE, until recently, only occasionally had a
voice; and when it did, many managers vociferously objected. Counterintelligence, on the other hand, was allowed little more than a whisper.
RESTRUCTURING
The panel is convinced that real and lasting security and counterintelligence reform at the weapons labs is simply unworkable within DOEs current structure and
culture. To achieve the kind of protection that these sensitive labs must have, they and their functions must have their own autonomous operational structure free of all
the other obligations imposed by DOE management. We strongly believe that this cleaving can best be achieved by constituting a new government agency
that is far more missionfocused and bureaucratically streamlined than its antecedent, and devoted principally to nuclear weapons and national
security matters.
The agency can be constructed in one of two ways. It could remain an element of DOE but become semi-autonomousby that we mean strictly segregated from
the rest of the department. This would be accomplished by having the agency director report only to the Secretary of Energy. The agency directorship also could be
dual-hatted as an Under Secretary, thereby investing it with extra bureaucratic clout both inside and outside the department.
We believe there are several good models for this course of action: the National Security Agency and the Defense Advanced Research Projects Agency, both
elements of the Defense Department; and the National Oceanographic and Atmospheric Administration, an agency of the Commerce Department. Alternatively, the
agency could be completely independent, with its administrator reporting directly to the President. The National Aeronautics and Space Administration and the
National Science Foundation are also good models.
Regardless of the mold in which this agency is cast, it must have staffing and support functions that are autonomous from the remaining operations at DOE. These
functions, which report directly to the Director, must include: an inspector general; a general counsel; a human resources staff; a comptroller; a senior official
responsible solely for security policy, and another responsible solely for counterintelligence policy. To protect its autonomy and avoid the diversion of funds to other
purposes, the agency budget must be a separate line item strictly segregated by Congress from other budget pressureseven if it remains nominally within the
current DOE structure. The agency also must have a separate employee career service. The panel recommends an excepted service model of employment, like
many of the intelligence community elements, which would facilitate accountability and higher performance levels by allowing management to reward, punish, hire,
and fire employees more easily.
To ensure its longterm success, this new agency must be established by statute. That statute, moreover, must clearly stipulate that nothing less than an act of
Congress can amend the agencys mission, functions or affiliations. Clearly, Congress and the President must decide definitively which of these two solutions to
enact. The panel has no specific preference between them; we believe either can be made effective. Should Congress and the President conclude that retaining the
agency inside DOE is not workable, the wholly-independent approach should be enacted.
We emphasize that it is very important for the new structure to be organized to preserve and, if possible, enhance the ability of the national weapons labs to attract
and retain scientists of the highest caliber. Excellence in the caliber of the scientists and their research and development programs must be sustained if the weapons
labs are to fulfill their missions in the front line of U.S. national security. To meet this goal, continued but carefully controlled interaction with foreign visitors and
scientists from around the world as well as with researchers from DOEs nondefense labs is essential for producing the best science. In the semi-autonomous model,
the Secretary would be responsible for managing and ensuring the effectiveness of agency relations with the nonweapons labs.
Whichever solution Congress enacts, we do feel strongly that the new agency never should be subordinated to the Defense Department. Defense already is
populated with a number of semiautonomous agencies; we see no reason to add to that burden. Moreover, we believe the decision made long ago to house
Americas nuclear weapons research and development in a civilian government agency still makes sense. Specifically, we recommend that the Congress pass
and the President sign legislation that:
Creates a new, semiautonomous Agency for Nuclear Stewardship (ANS), whose Director will report directly to the Secretary of Energy.
The Director should be dualhatted as an Under Secretary of Energy. This new agency will oversee all nuclear weaponsrelated matters previously
housed in DOE, including Defense Programs and Nuclear Nonproliferation; it also will oversee all functions of the National Weapons labs. (If Congress
opts to create a totally independent agency, the Director should report directly to the President.)
Streamlines the ANS/Weapons Lab management structure by abolishing ties between the weapons labs and all DOE regional, field and
site offices, and all contractor intermediaries. The socalled GOCO, or government owned, contractor operated, concept of lab management
should be retained. GOCO has been very successful, particularly in providing employment conditions that attract scientists of the highest caliber, and
the federal government is strongly committed to maintaining that working relationship. Even if DOE opts to retain these field entities for other purposes,
the ANS should sever all association with them. All ANS/Weapons Lab communications and business should be handled by ANS Liaison Offices
established in each lab and manned with a small staff. (Our short review time did not permit us to explore fully this issue. We doubt that any amount of
time would be sufficient. Suffice it to say that we did learn enough about the costs and benefits of these myriad DOE field bureaucracies to persuade us
to recommend cutting all ties between them and the new agency.)
Mandates that the Director/ANS be appointed by the President with the consent of the Senate and, ideally, have an extensive background in
national security, organizational management, and appropriate technical fields. Admittedly, finding an individual with solid credentials in all three areas
may prove an elusive goal. However, meeting two out of those three criteria should be considered mandatory, provided that one of the criteria always
met is management experience. The Deputy Director should have a background in an area that compensates for areas in which the Director lacks
experience. The Director should serve for a minimum fixed term of 5 years, not coincident with quadrennial transitions of administrations, and be
subject to removal only by Presidential direction.
Stems the historical revolving door and management expertise problems at DOE by severely circumscribing the number of political
appointees assigned to ANS and requiring all ANS senior political appointees to have strong backgrounds in both national security (intelligence,
defense, or foreign policy) and management (corporate, government, or military).
Ensures effective administration of safeguards, security, and counterintelligence at all the weapons labs and plants by creating a
coherent security/CI structure within the new agency. We strongly recommend following the NROs model of security management. The senior
CI official at ANSwe recommend a Special Assistant to the Director for CI policyshould be mandated as a permanent FBI senior executive
service position.
Abolishes the Office of Energy Intelligence. A Special Assistant to the ANS Director for Intelligence Liaison should be created within the new
agency, with a staff of no more than 20. The Special Assistant should be responsible for managing relations with the intelligence community, briefing
ANS senior management on intelligence matters, and ensuring ANS intelligence requirements are met. This office should follow the Treasury
Department model. (The Secretary of Energy would not be precluded from establishing a similar special assistant to address the departments
non-weaponsrelated intelligence coordination and briefing needs.)
Shifts the balance of analytic billets from the former Office of Energy Intelligence (about 40) to the DCIs Nonproliferation Center to bolster intelligence
community technical expertise on nuclear matters. These billets should be permanently funded by ANS, but permanently assigned to the DCI Center.
Weapons lab employees and ANS civil servants should be temporarily assigned to these positions for two year tours.
A Semi-Autonomous or Wholly Independent Nuclear Weapons Stewardship Agency should have the following attributes:
The agency would be entirely separated from DOE, except in the semi-autonomous case, where the agency directoras a DOE Under Secretarywould report
directly to the Secretary.
The agency would have no other bureaucratic ties to DOE, other than R&D contracting, which would be managed by the agency Deputy Director. The weapons
labs would be encouraged nonetheless to foster strong scientific interactions with the other DOE research labs. In the case of a wholly independent agency, the
Director would be the chief executive officer.
In the case of a semi-autonomous agency, the Director would be dual-hatted as a DOE Under Secretary.
An independent oversight board would monitor performance and compliance to agency policies and guidelines, up and down the organizational structure.
Authority from the agency Director to the weapons labs would run directly through the Deputy Director, who also would be dual-hatted as the Defense Programs
Manager and, therefore, a manager of lab work.
The security chief, directly reporting to the agency Director, would promulgate all security policies and guidelines for the agency and the weapons labs, including
safeguards and cyber-security.
The counterintelligence chief, also directly attached to the agency Director, would promulgate all counterintelligence policies and guidelines for the agency and the
weapons labs. He/she also would manage the foreign visitors and assignments program.
As Defense Programs Manager for the weapons labs, the agency Deputy Director would be responsible for ensuring the integration of all security and
counterintelligence policies and guidelines into all weapons lab programs.
Security officers and counterintelligence officers would be attached to all line offices, with heavy representation in Defense Programs, where full integration would
occur. They also would be attached to all labs, in multiple numbers.
Security and counterintelligence officers would report to their appropriate line managers on a day-to-day basis, but also report respectively to the agency security
and counterintelligence chiefs on policy implementation issues. All policy implementation disputes would be referred back to the agency director for resolution.
ADDITIONAL RECOMMENDATIONS
There are a number of initiatives that must be undertaken immediately to start building a new agency culture and identity and restoring public confidence:
Establish a clear mission and clear standards of excellence. The agencys mission, and that each subordinate unit, must be clearly articulated. Strong
security and counterintelligence in addition to scientific achievement must be core elements of the mission. Similarly, clear standards of excellence must
be established throughout the organization. Excellence must be the goal of scientists, engineers, technicians, and managers as well as security and
counterintelligence officials.
Establish a clear chain of accountability. There must be clear, simple, indelible lines of accountability from top to bottom. If a failure occurs, there must
be a straightforward means for determining accountabilityat all levels. Seeking consensus and advice is important, but ultimately a decision must be
made by individuals, and those individuals should be held accountable.
Hold leaders accountable. Accountability must be enforced, particularly among the agency managers who will form the backbone of the new agency
and instill a new culture of excellence.
Reward achievement. Criteria should be clear and rewards substantial. Protection of nuclear secrets and expansion of scientific knowledge should be
among the most valued. Achievement must be judged on contribution to mission, not to program expansions or budget increases.
Punish failure ... with severity, if necessary. Penalties should be tough, but fair and proportional. Laxity in protecting nuclear secrets and other sensitive
information should be among the most severely punished.
Train and educate. Establish a formal educational and training system to develop a professional cadre of career managers and leaders. Security and
counterintelligence should be major parts of the core curriculum passed down to all lab personnel in regular briefings and training sessions.
Do not forget the primary mission. Preserve and strengthen those agency attributesincluding cutting edge research in the most advanced scientific
fieldsthat will attract the finest talent in the nation. With respect to the weapons laboratories, continue to foster their unparalleled lead in intellectual
excellence. But never lose sight that protecting the nation by securing its nuclear stockpile and nuclear secretsthrough good science and good
managementis Job Number One.
While maintaining its autonomy, the agency should nonetheless emphasize continued close scientific interaction with the DOE research labs not engaged
in weaponsrelated endeavors. In the semiautonomous alternative, DOE should also be responsible for ensuring that good relations are maintained
between the non-weapons labs and the weapons labs.
SECURITY AND COUNTERINTELLIGENCE ACCOUNTABILITY
Accountability. The agency director should issue clear security accountability guidelines. The agency security chief must be accountable to the agency
director for security policy at the labs, and the lab directors must be accountable to the agency director for compliance. The same system and process
should be established to instill accountability among counterintelligence officials.
Independent Oversight. Attentive, independent oversight will be critical to ensuring high standards of security and counterintelligence performance at the
new agency. In that regard, we welcome Senator John Warners recent legislative initiative to create a small, dedicated panel to oversee security and
counterintelligence performance at the weapons labs. This oversight should include an annual certification process.
Joint Committee for Congressional Oversight of ANS/Labs. Congress should abolish its current oversight system for the national weapons labs. Just as
the profligate morass of DOE contractors and bureaucrats has frustrated the critical national interest of safeguarding our nuclear stockpile, so has the
current scheme of Congressional oversight with roughly 15 competing committees laying claim to some piece of the nuclear weapons mission.
ANS Inspector General. The President, Congress, and the director of the new agency should cooperatively, through executive order, legislation, and
agency directive, provide teeth to the authority of the new agencys inspector general. For example, the inspector general, the independent oversight
body, and the agency director should all have to concur on the findings of the annual report to the President on safeguards and security at the weapons
labs.
EXTERNAL RELATIONS
The CIA and FBI should expand their National Security Partnership to include the new agency and the weapons labs. Reciprocal assignment
programs should be implemented to promote cross-fertilization of expertise and experience.
CIA and DIA should bolster their support for ANS needs. Both intelligence agencies should establish analytic accounts to support the specific
substantive and counterintelligence interests and needs of the new ANS and the weapons labs. These accounts, among other issues, should regularly
produce data on the nuclearrelated collection efforts of all foreign governments and foreign intelligence services. This data should serve as the
foundation for regularized weapons lab counterintelligence briefs for the foreign visits/foreign visitors programs.
Improve national security and law enforcement cooperation, particularly with respect to counterintelligence case referrals and handling. The National
Security Council should take the lead in establishing clear Executive Branch guidelines and procedures for resolving disputes between agencies over law
enforcement and national security concerns. A governmentwide process needs to be established by which competing interests can be adjudicated by
officials who are properly informed of all relevant facts and circumstances, but who also are sufficiently senior to make decisions stick.
Ensure a governmentwide review of legal tools to address the current foreign intelligence threat. The National Security Council should conduct a
review to ensure that sufficient legal authority and techniques are available and appropriate in light of the evolution of a very sophisticated threat and the
ongoing revolution in information systems.
PERSONNEL SECURITY
An effective personnel security program. The agency director should immediately undertake a total revamping of the Q clearance program and look
to the security elements in the intelligence community for advice and support. This review should result in a complete rewrite of existing guidance and
standards for the issuing, revoking and suspending of security clearances. Special attention should be paid to establishing a clearand relatively
lowthreshold for suspending clearances for cause, including pending criminal investigations. The review also should significantly strengthen the
background investigation process by restructuring contracts to create incentives for thoroughness. We strongly advocate abolishing the prevalent
method of paying investigators by the case. Strict needtohave regulations should be issued for regular reviews of all contract employees
clearance requirements. Those without a continuing need should have their clearances withdrawn. The National Security Council should review and
resolve issues on a governmentwide basis that permit a person who is under FBI investigation for suspected espionage to obtain a new or renewed
clearance; existing standards for clearance renewal also should be reviewed with an eye toward tightening up.
A professional administrative inquiry process. Promulgate new agency guidelines and standards for securityrelated administrative inquiries to ensure
that proper security/counterintelligence procedures and methods are employed. Very high professional qualification standards should be established and
strictly maintained for all security personnel involved in administrative inquiries.
PHYSICAL/TECHNICAL/CYBERSECURITY
Comprehensive weapons lab cybersecurity program. Under the sponsorship and specific guidance of the agency Director, the weapons labs should
institute a broad and detailed program to protect all computer workstations, networks, links and related systems from all forms of potential
compromise. This program, which should be reviewed by and coordinated with appropriate offices within the U.S. intelligence community, must include
standard network monitoring tools and uniform configuration management practices. All lab computers and networks must be constantly monitored and
inspected for possible compromise, preferably by an agencysponsored, independent auditing body. A best practices review should be conducted
yearly by the appropriate agency security authority.
Comprehensive classified document control system. Document controls for the most sensitive data of the weapons labs should be reinstituted by the
agency Director. The program should be constantly monitored by a centralized agency authority to ensure compliance.
A comprehensive classification review. The new agency, in coordination with the intelligence community, should promulgate new, concise, and precise
classification guidance to define and ensure awareness of information and technologies that require protection. This guidance should clear up the
widespread confusion over what is exportcontrolled information; what information, when joined with other data, becomes classified; and the
differences between similarly named and seemingly boundless categories such as unclassified controlled nuclear information and sensitive but
unclassified nuclear information.
BUSINESS ISSUES
Make security an integral part of doing business. Security compliance must be a major requirement in every agency contract with the weapons labs.
Rather than a detailed list of tasks, the contract should make clear the security and counterintelligence standards by which the lab will be held
accountable. It is the responsibility of the lab to develop the means to achieve those objectives. If a lab fails to conform to these standards and
requirements, the agency should withhold performance award fees.
Review the process for lab management contracts. If the agency director has reason to open the bidding for lab management contracts, we strongly
recommend an intensive market research effort. Such an effort would help ensure that legitimate and competent bidders, with strong records for
productive research and development, participate in the competition.
Weapons labs foreign visitors program. This productive program should continue, but both the agency and the weapons labs, in concert, must ensure
that secrets are protected. This means precise policy standards promulgated by the agency to ensure: the integrity of the secure areas and control over
all foreign visitors and assignees; a clear demarcation between secure and open areas at the labs; strong enforcement of restrictions against sensitive
foreign visitors and assignees having access to secure facilities; and sensible but firm guidelines for weapons lab employees contacts with foreign
visitors from sensitive countries. Exceptions should be made by the agency director on a casebycase basis. Clear, detailed standards should be
enforced to determine whether foreign visits and appointments receive approval. The burden of proof should be placed on the employees who propose
to host visitors from sensitive countries. Visits should be monitored by the labs and audited by an independent office. The bottom line: treat foreign
visitors and assignees with the utmost courtesy, but assume they may well be collecting information for other governments.
Foreign travel notification. The agency should institute a program whereby all agency and weapons lab employees in designated sensitive positions must
make written notification of official and personal foreign travel well before departure. The agency must keep close records of these notifications and
also ensure that effective counterintelligence briefings are provided to all such travelers. Unless formally granted an exception, scientists for weapons
labs should travel in pairs on official visits to sensitive countries.
Counterintelligence. The FBI should explore the possibility of expanding foreign counterintelligence resources in its field offices nearby the weapons
labs. The panel offers additional thoughts for improving the Departments CI efforts in the Classified Appendix to this report.
ENDNOTES
CHAPTER: ROOT CAUSES
1 The Department of Energy National Weapons Labs and Plants discussed in this report are: Lawrence Livermore National Lab, California; Los Alamos National
Lab, New Mexico; Sandia National Lab, New Mexico; PANTEX Plant, Texas; Kansas City Plant, Missouri; Oak Ridge (Y-12) Plant, Tennessee.
2 Boyer, Paul. By the Bombs Early Light: American Thought and Culture at the Dawn of the Atomic Age. Chapel Hill: University of North Carolina Press, 1985, p.
138.
3 National Science Foundation, Science and Engineering Indicators, 1996.
4 National Science Foundation, Data Brief, Vol. 1996, No. 9, August 19, 1999.
5 Classified report.
6 Classified DOE Report.
7 DOE, Annual Report to Congress, 1978, April 1979.
8 U.S. Nuclear Command and Control System Support Staff, Assessment Report: Department of Energy Nuclear Weapons-Related Security Oversight Process,
March 1998.
CHAPTER: RECURRING VULNERABILITIES
1 U.S. Nuclear Command and Control System Support Staff, Assessment Report: Department of Energy Nuclear Weapons-Related Security Oversight Process,
March 1998.
2 Classified DOE Report.
3 Classified DOE Report.
4 Classified DOE Report.
5 Classified DOE Report.
6 DOE, Office of Counterintelligence, The Foreign Intelligence Threat to Department of Energy Personnel, Facilities and Research, Summary Report, August
1990.
7 Classified U.S. Government report.
8 GAO/RCED-97-229, Department of Energy: DOE Needs to Improve Controls Over Foreign Visitors to Weapons Laboratories, September 25, 1997.
9 Hewlett, Richard G. and Francis Duncan, Atomic Shield: A History of the U.S. Atomic Energy Commission, May 1969.
10 Classified DOE report.
11 DOE, Office of Safeguards and Security, Report to the Secretary: Status of Safeguards and Security, February 1993.
12 Classified FBI document.
13 Classified U.S. Government report.
14 Classified DOE report.
15 DOE, Office of Safeguards and Security, Status of Safeguards and Security, Fiscal Year 1993, January 1994 (U).
16 DOE/IG-385, Special Audit Report on the Department of Energys Arms and Military-Type Equipment, February 1, 1996.
17 Classified DOE report.
18 DOE, Annual Report to the President on the Status of Safeguards and Security at Domestic Nuclear Weapons Facilities, September 1996.
19 GAO/RCED-91-12, Nuclear Safety: Potential Security Weaknesses at Los Alamos and Other DOE Facilities, October 1990 (U) and GAO/RCED-92-39,
Nuclear Security: Safeguards and Security Weaknesses at DOEs Weapons Facilities, December 13, 1991.
20 GAO/RCED-90-122, Nuclear Security: DOE Oversight of Livermores Property Management System is Inadequate, April 18, 1990.
21 GAO/Key Factors Underlying Security Problems at DOE Facilities, (Statement of Victor S. Rezendes, Director, Energy, Resources and Science Issues,
Resources, Community, and Economic Development Division, GAO, in testimony before the Subcommittee on Oversight and Investigations, Committee on
Commerce, House of Representatives), April 20, 1999.
22 GAO/Key Factors Underlying Security Problems at DOE Facilities, (Statement of Victor S. Rezendes, Director, Energy, Resources and Science Issues,
Resources, Community, and Economic Development Division, GAO, in testimony before the Subcommittee on Oversight and Investigations, Committee on
Commerce, House of Representatives), April 20, 1999.
23 Classified DOE report.
24 Hewlett, Richard G. and Francis Duncan, Atomic Shield, A History of the United States Atomic Energy Commission, May 1969.
25 GAO/RCED-89-34, Nuclear Security: DOE Actions to Improve the Personnel Clearance Program, November 9, 1988.
26 DOE/IG/WR-O-90-02, Nevada Operations Office Oversight of Management and Operating Contractor Security Clearances, March 1990.
27 Classified DOE report.
28 DOE/IG/WR-B-91-08, Review of Contractors Personnel Security Clearances at DOE Field Office, Albuquerque, September 1991.
29 DOE, Office of Safeguards and Security, Report to the Secretary: Status of Safeguards and Security, February 1993.
30 DOE, Office of Safeguards and Security, Status of Safeguards and Security, Fiscal Year 1995, January 1996.
31 Classified U.S. Government report.
32 Classified DOE report.
33 GAO/RCED-92-39, Nuclear Security: Safeguards and Security Weaknesses at DOE Weapons Facilities, December 13, 1991.
34 Classified DOE report.
35 Classified DOE report.
36 DOE, Office of Safeguards and Security, Status of Safeguards and Security, Fiscal Year 1993, January 1994 (U).
37 DOE, Office of Safeguards and Security, Status of Safeguards and Security, Fiscal Year 1994, January 1995 (U).
38 Classified DOE report.
39 Classified DOE report.
40 Classified DOE report.
41 Classified DOE report.
42 Classified DOE report.
43 New York Times, Abstract, August 5, 1977.
44 DOE, Plutonium: The First 50 Years. United States Plutonium Production, Acquisition, and Utilization from 1944 Through 1994.
45 GAO/RCED-92-39, Nuclear Security: Safeguards and Security Weaknesses at DOEs Weapons Facilities, December 13, 1991.
46 GAO/RCED/AIMD-95-5, Nuclear Nonproliferation: U.S. International Nuclear Materials Tracking Capabilities are Limited, December 27, 1994.
47 GAO/AIMD-95-165, Department of Energy: Poor Management of Nuclear Materials Tracking Capabilities Are Limited, August 3, 1995.
48 DOE, Office of Safeguards and Security, Status of Safeguards and Security, Fiscal Year 1995, January 1996.
49 U.S. Nuclear Command and Control System Support Staff, Assessment Report: Department of Energy Nuclear Weapons-Related Security Oversight
Process, March 1998.
50 GAO/RCED-89-31, Major Weaknesses in Foreign Visitor Controls at Weapons Laboratories, October 11, 1988.
51 Classified U.S. Goverment report.
52 GAO/RCED-97-229, Department of Energy: DOE Needs to Improve Controls Over Foreign Visitors to Weapons Laboratories, September 25, 1997.
53 Classified DOE report.
54 GAO/RCED-97-229, Department of Energy: DOE Needs to Improve Controls Over Foreign Visitors to Weapons Laboratories, September 25, 1997
55 GAO/RCED-97-229, Department of Energy: DOE Needs to Improve Controls Over Foreign Visitors to Weapons Laboratories, September 25, 1997.
56 DOE, Response to the Cox Committee Report: The Benefits of Department of Energy International Scientific and Technical Exchange Programs, April 1999.
57 GAO/RCED-99-19, Department of Energy: Problems in DOEs Foreign Visitors Program Persist, October 6, 1998.
CHAPTER: ASSESSMENTS
1 In April 1997, the FBI Director met with Secretary Pena, who had taken office in March, to deliver a highly critical FBI assessment of DOEs counterintelligence
program. In June, DOE officials briefed the Special Assistant to the President and Senior Director for Nonproliferation and Export Controls. In July, the FBI
Director and the Director of Central Intelligence expressed serious concern that DOE had not moved to implement the recommendations in the FBI report.
2 The National Counterintelligence Policy Board (NACIPB) was created by a 1994 Presidential Decision Directive to serve as the National Security Councils
primary mechanism to develop an effective national counterintelligence program. Current core NACIPB members include senior representatives from the Director of
Central Intelligence /Central Intelligence Agency, the Federal Bureau of Investigation, the Department of Defense, the Department of State, the Department of
Justice, the military departments CI organizations, the National Security Council, and, as of 1997, the Department of Energy and NSA.
CHAPTER: REORGANIZATION
1 DOE, Department of Energy First Tier Organizations, Terms of Office, undated.
2 DOE, Field Fact Book, May 1998.
3 Unclassified organizational data provided by National Reconnaissance Office.
[End]
Conversion to HTML by JYA/Urban Deadline.
See also PDF version of Unclassified Annex: http://jya.com/pfiab-appx.pdf
@HWA
63.0 Terrorists Use the Net
~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
contributed by Anonymous
Since everyone else does it terrorists do to. Terrorists
are using the net as a means of communication,
collaboration, and information dissemination. Sharing
technology and spreading information to followers via
the internet has become a necessary way of doing
business. Web sites are new weapons terrorists are
adding to their armory. A good quote from this article,
"We cannot just make a law that will stop them from
using it."
Computer Currents
http://www.currents.net/newstoday/99/06/15/news13.html
Daily News
Terrorism Via The Net
By Erwin Lemuel G Oliva, Metropolitan Computer Times
June 15, 1999
Almost every sector in society has exploited the Internet.
Unfortunately, not everyone has good intentions. Terrorists now
use the Internet as means of communication and collaboration,
said Mike Coldrick, a bomb technician and anti-terrorism expert
from Scotland Yard during the recent ASEAN Defense
Technology Exchange forum in Manila.
"Modern terrorists travel by jet plane, communicate to followers
by satellite telephone, and recruit and spread messages via the
Internet," Coldrick states in a paper he presented during the
forum.
Technology has changed the face of terrorist organizations.
Coldrick noted, saying that there is growing evidence that
terrorists are currently using the latest means of
communication, such as the Internet, to disseminate terrorist
literature and doctrine.
In the same way, terrorist groups also use the Internet to
transfer terrorist technology to other groups all over the world.
"Lately, the Colombian revolutionary group, FARC, have
produced stand off weapons and heavy mortars to a design very
similar to those produced by the Provisional Irish Republican
Army. No doubt this technology was passed on by
PIRA-trained Basques (separatist group from Spain). Or did the
Colombian group find it on the Internet?" asked Coldrick.
Most often terrorist groups are able to create improvised
explosive devices and other weaponry using locally available
materials. In some instances, they buy them from international
black markets. The latter, however, entails a lot of risk, said
Coldrick.
Coldrick laments that despite the advances in technology,
terrorist groups' activities are not generally monitored due to
legal issues such as privacy. "We cannot just make a law that
will stop them from using it," he said.
"It is important for people to exchange information about the
activities of terrorists," he added. The International Association
of Bomb Technicians and Investigators and the World
Explosives Ordinance Disposal (EOD) Foundation, of which
Coldrick is president, actively exchange e-mail and hold
discussion groups over the Net.
"In 41 years of my practice, I'll still find new things on the
Internet," he remarked.Daily News
Terrorism Via The Net
By Erwin Lemuel G Oliva, Metropolitan Computer Times
June 15, 1999
Almost every sector in society has exploited the Internet.
Unfortunately, not everyone has good intentions. Terrorists now
use the Internet as means of communication and collaboration,
said Mike Coldrick, a bomb technician and anti-terrorism expert
from Scotland Yard during the recent ASEAN Defense
Technology Exchange forum in Manila.
"Modern terrorists travel by jet plane, communicate to followers
by satellite telephone, and recruit and spread messages via the
Internet," Coldrick states in a paper he presented during the
forum.
Technology has changed the face of terrorist organizations.
Coldrick noted, saying that there is growing evidence that
terrorists are currently using the latest means of
communication, such as the Internet, to disseminate terrorist
literature and doctrine.
In the same way, terrorist groups also use the Internet to
transfer terrorist technology to other groups all over the world.
"Lately, the Colombian revolutionary group, FARC, have
produced stand off weapons and heavy mortars to a design very
similar to those produced by the Provisional Irish Republican
Army. No doubt this technology was passed on by
PIRA-trained Basques (separatist group from Spain). Or did the
Colombian group find it on the Internet?" asked Coldrick.
Most often terrorist groups are able to create improvised
explosive devices and other weaponry using locally available
materials. In some instances, they buy them from international
black markets. The latter, however, entails a lot of risk, said
Coldrick.
Coldrick laments that despite the advances in technology,
terrorist groups' activities are not generally monitored due to
legal issues such as privacy. "We cannot just make a law that
will stop them from using it," he s
aid.
"It is important for people to exchange information about the
activities of terrorists," he added. The International Association
of Bomb Technicians and Investigators and the World
Explosives Ordinance Disposal (EOD) Foundation, of which
Coldrick is president, actively exchange e-mail and hold
discussion groups over the Net.
"In 41 years of my practice, I'll still find new things on the
Internet," he remarked.
@HWA
64.0 Beat the CIA at their own game? - crypto sculpture cracking
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
CIA Crypto Sculpture
contributed by lamer
There is an encoded sculpture in the Langley courtyard,
and now there is a public challenge to see if someone in
the general public can crack the code before the CIA
(of course, they have had a 10 year head start).
ABC News
http://www.abcnews.go.com/onair/WorldNewsTonight/wnt9990615_ciacode.html
By John Martin
ABCNEWS.com
L A N G L E Y, Va., June 15 Behind the Central
Intelligence Agencys headquarters, theres a
secret message waiting to be decoded.
To the delight of its creator, artist Jim
Sanborn of Washington, the message
remains a mystery to the agency and the
hundreds of employees who relax in the
courtyard where his sculpture stands. I
dont know that it will ever be totally
figured out, says Sanborn.
Only William Webster, CIA director
at the time the sculpture was erected, was
given the decoded text, and he locked it
in the office safe when he left the agency in 1991.
A Break in the Case
But finally, after all these years, theres been a break. An
analyst at the agency has deciphered part of the message.
In fact, hes deciphered two parts of the message.
The CIA public affairs office is quick to point out that
each employee works to unravel the puzzle on his own
time. Presumably, the agencys computers, or those of the
code-breaking National Security Agency, could unlock the
message in a matter of hours or days.
David Stein, a 38-year-old CIA physicist, working at
home nights and weekends for about 400 hours, has
deciphered all but 97 of the letters.
This is part of what he deciphered: They used the
earths magnetic field. The information was gathered and
transmitted underground to an unknown location.
What location? If you know the code, the coordinates
are there.
Thirty-eight degrees, 57 minutes, 6.5 seconds, north.
77 degrees, 8 minutes, 44 minutes west. IDed by rows,
reads Stein. That is the approximate location of the
sculpture.
We showed retired CIA cryptographer Ed Scheidt
Steins work. Scheidt says Stein is on the right track. And
he should know Scheidt is the one who taught the artist
how to encode his message.
As to the section Stein hasnt been able to solve,
Scheidt says, Thats still a secret.
And thats how the sculptor wants it. I think its
important that every piece of artwork holds ones attention
for as long as possible, says Sanborn.
Still, after nine years, the veil has been pulled back
slightly. But the mystery continues, and the CIA says it still
wants the message deciphered, if only to show it enjoys the
challenge.
Your Turn
We invite you to try cracking the code. You can see the full
code at the bottom of this page. Mull it over and then post
your guesses on the message board above or use the board
to discuss things with fellow cryptographers. And then we
will see whether one of our readers can accomplish what
the CIA has not in nearly a decade.
Need a Hint?
We have posted a partial transcript with an interview Stein
to help you. Each day we will post a portion of what Stein
has already deciphered. Look for it at the bottom of the
yellow box.
The Full Code
Left Side
EMUFPHZLRFAXYUSDJKZLDKRNSHGNFIVJ
YQTQUXQBQVYUVLLTREVJYQTMKYRDMFD
VFPJUDEEHZWETZYVGWHKKQETGFQJNCE
GGWHKK?DQMCPFQZDQMMIAGPFXHQRLG
TIMVMZJANQLVKQEDAGDVFRPJUNGEUNA
QZGZLECGYUXUEENJTBJLBQCRTBJDFHRR
YIZETKZEMVDUFKSJHKFWHKUWQLSZFTI
HHDDDUVH?DWKBFUFPWNTDFIYCUQZERE
EVLDKFEZMOQQJLTTUGSYQPFEUNLAVIDX
FLGGTEZ?FKZBSFDQVGOGIPUFXHHDRKF
FHQNTGPUAECNUVPDJMQCLQUMUNEDFQ
ELZZVRRGKFFVOEEXBDMVPNFQXEZLGRE
DNQFMPNZGLFLPMRJQYALMGNUVPDXVKP
DQUMEBEDMHDAFMJGZNUPLGEWJLLAETG
ENDYAHROHNLSRHEOCPTEOIBIDYSHNAIA
CHTNREYULDSLLSLLNOHSNOSMRWXMNE
TPRNGATIHNRARPESLNNELEBLPIIACAE
WMTWNDITEENRAHCTENEUDRETNHAEOE
TFOLSEDTIWENHAEIOYTEYQHEENCTAYCR
EIFTBRSPAMHHEWENATAMATEGYEERLB
TEEFOASFIOTUETUAEOTOARMAEERTNRTI
BSEDDNIAAHTTMSTEWPIEROAGRIEWFEB
AECTDDHILCEIHSITEGOEAOSDDRYDLORIT
RKLMLEHAGTDHARDPNEOHMGFMFEUHE
ECDMRIPFEIMEHNLSSTTRTVDOHW?OBKR
UOXOGHULBSOLIFBBWFLRVQQPRNGKSSO
TWTQSJQSSEKZZWATJKLUDIAWINFBNYP
VTTMZFPKWGDKZXTJCDIGKUHUAUEKCAR
Right side
ABCDEFGHIJKLMNOPQRSTUVWXYZABCD
AKRYPTOSABCDEFGHIJLMNQUVWXZKRYP
BRYPTOSABCDEFGHIJLMNQUVWXZKRYPT
CYPTOSABCDEFGHIJLMNQUVWXZKRYPTO
DPTOSABCDEFGHIJLMNQUVWXZKRYPTOS
ETOSABCDEFGHIJLMNQUVWXZKRYPTOSA
FOSABCDEFGHIJLMNQUVWXZKRYPTOSAB
GSABCDEFGHIJLMNQUVWXZKRYPTOSABC
HABCDEFGHIJLMNQUVWXZKRYPTOSABCD
IBCDEFGHIJLMNQUVWXZKRYPTOSABCDE
JCDEFGHIJLMNQUVWXZKRYPTOSABCDEF
KDEFGHIJLMNQUVWXZKRYPTOSABCDEFG
LEFGHIJLMNQUVWXZKRYPTOSABCDEFGH
MFGHIJLMNQUVWXZKRYPTOSABCDEFGHI
NGHIJLMNQUVWXZKRYPTOSABCDEFGHIJ
OHIJLMNQUVWXZKRYPTOSABCDEFGHIJL
PIJLMNQUVWXZKRYPTOSABCDEFGHIJLM
QJLMNQUVWXZKRYPTOSABCDEFGHIJLMN
RLMNQUVWXZKRYPTOSABCDEFGHIJLMNQ
SMNQUVWXZKRYPTOSABCDEFGHIJLMNQU
TNQUVWXZKRYPTOSABCDEFGHIJLMNQUV
UQUVWXZKRYPTOSABCDEFGHIJLMNQUVW
VUVWXZKRYPTOSABCDEFGHIJLMNQUVWX
WVWXZKRYPTOSABCDEFGHIJLMNQUVWXZ
XWXZKRYPTOSABCDEFGHIJLMNQUVWXZK
YXZKRYPTOSABCDEFGHIJLMNQUVWXZKR
ZZKRYPTOSABCDEFGHIJLMNQUVWXZKRY
H I N T O F T H E D A Y
Kryptos Completed Plaintext. Top Half.
BETWEEN SUBTLE SHADING AND THE ABSENCE OF
LIGHT LIES THE NUANCE OF ILLUSION. THEY USED
THE EARTHS MAGNETIC FIELD. THE INFORMATION
WAS GATHERED AND TRANSMITTED UNDERGROUND
TO AN UNKNOWN LOCATION.
DOES LANGLEY KNOW ABOUT THIS? THEY SHOULD
ITS BURIED OUT THERE SOMEWHERE. ONLY WW.
THIS WAS HIS LAST MESSAGE.
THIRTY-EIGHT DEGREES FIFTY-SEVEN MINUTES SIX
POINT FIVE SECONDS NORTH SEVENTY-SEVEN
DEGREES EIGHT MINUTES FORTY-FOUR SECONDS
WEST ID BY ROWS.
(Bottom Half) SLOWLY DESPARATLY SLOWLY THE
REMAINS OF PASSAGE DEBRIS THAT ENCUMBERED
THE LOWER PART OF THE DOORWAY WAS REMOVED
WITH TREMBLING HANDS I MADE A TINY BREACH IN
THE UPPER LEFT HAND CORNER AND THEN
WIDENING THE HOLE A LITTLE I INSERTED THE
CANDLE AND PEERED IN THE HOT AIR ESCAPING
FROM THE CHANBER CAUSED THE FLAME TO
FLICKER BUT PRESENTLY DETAILS OF THE ROOM
WITHIN EMERGED FROM THE MIST. CAN YOU SEE
ANYTHINGQ?
@HWA
65.0 Pirates of Silicon Valley
~~~~~~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
Pirates of Silicon Valley
contributed by Silicosis
'Pirates of Silicon Valley' airs on TNT this Sunday at
8pm. The show is supposed to detail the history of
Apple & Microsoft. While this info is going to be
plastered everywhere else, it may be worth watching (if
you have nothing better to do, after all, they are old
school hackers.
TNT
http://tnt.turner.com/movies/tntoriginals/pirates/
If you missed this show its available on the web via
the newsgroups, not that I condone such activity - Ed ;)
@HWA
66.0 .mil hacker cartoon
~~~~~~~~~~~~~~~~~~~~
June 18th 1999
From HNN http://www.hackernews.com/
Cartoon
contributed by carole
Here is a rather funny carton, found in a rather
interestingly funny place.
www.nswc.navy.mil
http://www.nswc.navy.mil/ISSEC/Gif/cartoons/hacked.gif
** This url is of course, dead now. Anyone have a copy of
the gif?, i'll check PacketStorm too...
@HWA
67.0 If Software Breaks Who is Liable? .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
Companies that manufacture toasters, cars, and other
products are liable for defects in their goods but not
software companies. According to the license
agreements you agree to when installing software the
manufacture is not liable for anything. Software is often
shipped with humongous problems that the
manufacturer knew about yet there is no accountability.
Boston Globe
http://www.globe.com/dailyglobe2/171/focus/You_lose_+.shtml
COMMERCE
You lose!
Cars and toasters are expected to work. But bad software is a
norm, and the industry wants to keep it that way
By Charles Palson, 06/20/99
he engine in your new car self-destructs after a five-minute drive. The
dealer later tells you the manufacturer knowingly produced the defect,
but you have to pay for a new engine anyway. That's because the
automakers convinced Congress that consumer protection laws would drive
up car prices beyond the reach of the average buyer, so the laws were
changed to exempt the companies.
Sound like B-grade fiction? Unfortunately, the answer is: not for the
American software industry. Their intention is clearly stated in the licensing
agreement displayed on your monitor when you install new software.
Clicking OK means you agree that the manufacturer bears no responsibility
for defects.
Did you find features that don't work as advertised? Truth-in-advertising
laws don't apply. Did the program erase your hard drive? So what. Did the
manufacturer have prior knowledge of 95 percent of all the defects
beforehand, the industry average? Irrelevant. You might be able to return the
product, but your time, whatever it is worth, is lost. It's the law.
But not according to some courts, which have recently declared these
licenses illegal because they contradict provisions in the Uniform Commercial
Code, the grandfather of all consumer-protection laws. The software
industry, seeing where this liability could lead, now wants to exclude itself
from the minimal consumer protections offered under the code. Its
argument? Perfect or error-free software would be either impossible or too
expensive to produce.
''Perfect'' was carefully chosen for its emotional effect. After all, everyone
knows that achieving perfection is beyond any mortal. But it's a false
argument. The Uniform Commercial Code doesn't mention anything about
perfection; it states in essence that a product should be fit for ordinary use
and conform to printed claims. If other American industries have managed to
conform to the code, why should software be any different?
Several reputable specialists this writer interviewed don't think it should be.
One of these, Ken Johnson, who is director of Minnesota's Rochester
Technology Center, a division of D.H. Andrews Inc., and who is a former
IBM software executive, is sure that software companies can produce
top-quality products.
Johnson should know. He helped manage a now legendary project that
produced the IBM AS400 computer. A huge effort at the time, the
developers delivered on schedule, and any significant defects were fixed in a
timely manner. And the price was reasonable. Actually, counting both direct
and indirect costs, the AS400 still costs significantly less than comparable
products from other companies, and it delivers more reliability.
The lesson is that, contrary to what industry spokesmen claim, high quality at
reasonable prices is indeed possible.
With a few notable exceptions, however, the industry as a whole chooses to
continue producing software riddled with defects that often make a mockery
of extravagant advertising claims.
Microsoft, for example, shows every intention of continuing the practice of
publicizing features that don't necessarily work. Not one word on the
well-known issue can be found in company president Steve Ballmer's recent
lengthy announcement that quality will take center stage. When this writer
questioned spokewoman Marla Polenz on the issue, she couldn't find anyone
to talk about it.
Perhaps nothing more eloquently illustrates the problems in Microsoft than
the fact that it cannot readily use its own flagship business product, NT
Server, for some mission-critical applications, such as shipping, because it is
too unreliable. According to several people close to IBM and Microsoft, the
latter uses AS400s when reliability really counts. Gartner Group studies
tracking computer reliability say that average downtime for NT Servers is
more than a half-hour per day, compared with a fraction of a second for the
AS400. That's a lot of lost revenue in a year.
But it should be emphasized that this is not just a Microsoft problem. Cem
Kaner, lawyer, former software engineer, and nationally known spokesman
on software quality, stresses that the great majority of companies knowingly
issue software with substantial defects. He, along with many other observers,
estimates that software manufacturers already know 95 percent of all the
bugs when they put their programs on the market.
Why the quality gap between IBM and so many other companies?
According to Kaner, the answer in principle is simple: Product quality
sometimes takes a back seat to getting products out the door for immediate
profit. The whole story, however, is more complex. The problem starts at
the beginning of a project when managers invariably underestimate the
development time requirements by a wide margin.
When the projected completion date arrives, pressure builds from anxious
marketing and financial departments that have made commitments based on
the promised date. Often, the product is finally released under pressure
despite defects.
The nature of the problem is well known in the industry. Roger Sherman,
former Microsoft director of testing, acknowledged, for example, that bad
schedules are responsible for most quality problems.
How has IBM largely found a resolution? According to Johnson, the
operative word is experience. Lots of it. Key development personnel at
IBM have carefully worked in different capacities on many successful
projects. These people have acquired through experience the knowledge it
takes to make useful time estimates. They know it is a little more expensive
to take such necessary measures to produce the first product version, but
they also know that, in the long run, it is less expensive because the
considerable costs associated with defects drop dramatically. ''The AS400
development team created and still adheres to meticulous quality practices,''
says Johnson.
A shift to more reliable software will not be easy. In any industry described
by observers as freewheeling, young and brash, the word ''meticulous'' might
as well be Sanskrit. Computer science departments don't teach its practical
meaning, and most software developers lack even the awareness that
quality, accurate scheduling, and reasonable cost are not mutually
contradictory.
But the point remains: Optimal software quality is doable, and any
protestations to the contrary are, well, whining.
Without even the currently minimal penalties under the Uniform Commercial
Code, the industry would have even less incentive to reform itself. Indeed,
some observers, such as Mark Paulk, professor at the computer science
department of Carnegie Mellon University, believe that the code should have
stricter provisions to increase the penalties for poor software quality. If the
industry felt the pain currently only felt by consumers, the pain would be a
positive impetus for change.
This story ran on page E01 of the Boston Globe on 06/20/99.
© Copyright 1999 Globe Newspaper Company.
@HWA
68.0 Trinux Release 0.61
~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by mdfranz
Besides upgrading to glibc2 and Linux kernel 2.2.x,
Trinux 0.61 now offers remote package loading via
wget, updated versions of many of the tools you know
and love (such as nmap and ntop) and new additions
like hping, cgichk, mns, and SAINT (well, at least the
scanner's underneath, who needs the sorry Web/CGI
interface). Just like before, all on 2 floppies and without
disturbing the other operating systems on your PC. The
standard kernel now provides support for the most
common Ethernet cards and with more reliable DHCP
support, booting Trinux from your school/office PC has
never been easier.
Trinux
http://www.trinux.org
69.0 Australia Looks to Increase Local Police Powers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by Code Kid
The Electronic Transactions Bill, expected to be
introduced in the Australian Parliament in the spring
session, will give local police departments more
authority when investigating computer crimes. Many
computer crimes involve computer trespass and criminal
damage neither of which has extra-territorial provisions.
This new bill will give police powers to investigate crimes
even when they originate outside their normal
jurisdictions.
The Age
http://www.theage.com.au/daily/990620/news/news11.html
Police may go after interstate
hackers
By DAVID ADAMS
The State Government is considering giving police greater
powers to investigate computer hackers operating from
interstate.
Because hacking normally involves offences of computer
trespass and criminal damage - neither of which has
extra-territorial provisions - police have limited powers to
pursue hackers who attack Victorian companies from
interstate.
Under the Draft Electronic Commerce Framework Bill,
released for public comment in December, it was
proposed that the new offences of unlawful access to
data in a computer and of damaging data in a computer
be introduced into the Victorian Crimes Act 1958.
The draft bill also provided for police in Victoria to
investigate people interstate committing the new offences
provided there was a substantial link to Victoria. The
period of public consultation ended in February. The bill,
since renamed the Electronic Transactions Bill, is
expected to be introduced in Parliament in the spring
session.
A spokesman for the Minister for Information and
Multimedia, Mr Alan Stockdale, said that he could not
disclose what was in the bill until it was presented in
Parliament. But he said there had been considerable
consultation.
The head of the Victoria Police computer crime
investigation squad, Detective Senior Sergeant David
Caldwell, said that it was less common for hackers to
operate across state borders than inside their own state.
He said that most hacking incidents in Victoria were
motivated by curiosity rather than malice but organised
gangs of hackers and individuals were known to
deliberately target companies. Reasons included revenge
or notoriety.
In one case last year, a Glen Waverley man known by
the name of ``Number Crunch'' claimed to have broken
into the computer systems of 1300 companies in all
Australian capital cities in a two-week hacking spree that
caused $130,000 damage.
Each time the man entered a company's computer
system, he left behind a message informing it of its victim
number and asking it to report the invasion to one of two
telephone numbers, those of Melbourne television
Channels 9 and 7.
Detective Senior Sergeant Caldwell said that hacking had
been identified as one of the greatest security threats
facing companies, but some companies still appeared to
have a ``false sense of security''.
Last year, a joint Victoria Police and Deloitte Touche
Tohmatsu survey found that 11per cent of companies
failed to have any security policy in place when
connecting to the Internet.
In the poll of about 90 of Australia's largest companies,
one-third said their computer systems had been attacked
in the previous 12 months. Of those, 58per cent were
attacked from an external source.
Sixty-four per cent of companies said that hacking was
the greatest security concern in the future.
@HWA
70.0 Aussie Gov Downloads Porn
~~~~~~~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
The Australian Protective Service, similar in function to
the US Secret Service has found that six of its members
downloaded pornography over the internet while on the
job. The Australian Defense Department is conducting
an investigation.
32 Bits Online
http://www.32bitsonline.com/news.php3?news=news/199906/nb199906175&page=1
Australian Govt Security Officers Caught Downloading Porn
Officers in the Australian Protective Service, the Federal Government's protective security agency, are being investigated
after a "routine" sweep found they had downloaded pornography from the Internet while on duty.
The Australian Defence Department is conducting the inquiry into the use of Defence Department
computers in its Canberra headquarters to download pornographic images by six officers, according to
the Australian Broadcasting Corporation (ABC).
A spokesman told the ABC that the incidents were not considered a serious breach of security but an
investigation would ensue, with all APS officers banned from using the department's Internet links while
it is conducted.
The APS is responsible for the protection of Parliament House in Canberra, the residences of the
Prime Minister and the Governor-General, foreign diplomatic missions, airport security and defense
establishments around Australia.
The use of government computers to access pornography on the Internet was highlighted recently by an
adult Website operator. The site owner publicized the Internet domain names of a number of Australian
government agencies, including the Defence Department, that regularly accessed the adult site in
protest at Australian Internet legislation that requires ISPs to block and filter access to material on the
Internet (Newsbytes, May 28, 1999).
@HWA
71.0 Software Glitch or Security Breach
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by Weld Pond
When all else fails claim a 'hacker' did it. After some
customers received discounts of as much as 85%,
Microworkz faxed at least one customer claiming that
their security had been breached. Later when contacted
by a reporter they denied it and claimed it was due to a
software problem.
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2279360,00.html?chkpt=zdnnstop
72.0 Viruses Cost Companies Big Dough
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by nvirB
In the first two quarters of 1999 viruses have costs US
businesses 7.6 billion in lost revenue. Computer
Economics of Carlsbad, California has completed a study
that says the amount can be attributed to computer
downtime and the expense of dealing with the virus
infestations.
Wired
http://www.wired.com/news/news/technology/story/20297.html
Fox Market Wire
http://foxmarketwire.com/061999/virus.sml
Computer Economics, Inc.
http://www.computereconomics.com/
Wired;
Viruses Cost Big Bucks
Wired News Report
12:20 p.m. 18.Jun.99.PDT
Businesses worldwide have lost a total of
US$7.6 billion in the first two quarters of
1999 at the hands of Melissa, the
Explore.Zip worm and other viruses, a
new study finds.
Computer Economics of Carlsbad,
California said the costs resulted from lost
productivity due to computer downtime,
and the expense of dealing with virus
attacks.
The study also predicted that the
frequency of the attacks will continue at
the current rate, and that systems
failures could be more severe.
Computer Economics polled 185 large
companies and totaled their combined
losses.
Michael Erbschloe, vice president of
research for Computer Economics, said
that companies must make an investment
in security to prevent further damage
from viruses.
"We've surveyed people in IT
organizations for the last 12 years,"
Erbschloe said. "We're constantly getting
the response that computer security is
underfunded."
-=-
Fox Market Wire;
Computer Virus Costs to Business Surge
11.09 a.m. ET (1509 GMT) June 19, 1999
NEW YORK Computer virus and "worm" attacks on information systems
have caused businesses to lose a total of $7.6 billion in the first half of 1999 as a
result of disabled computers, a research firm said Friday
The cost of viruses and worms computer bugs spread by e-mail that can
cause system shutdowns was about five times larger in the first six months of
1999 than businesses suffered during all of last year, said Computer Economics
Inc.
The most recent study was based on 185 companies representing 900,000
international users, while the 1998 survey used slightly different methodology,
researcher Michael Erbschloe said.
"The numbers probably came out low," he said. "It is a conservative number in
that not everyone tracks cost, and most companies tend to undercount and
underreport."
He said the $7.6 billion figure represented lost productivity and repair costs
reported by the company. The 1998 figure of about $1.5 billion also included
"intrusions" to corporate systems, in addition to general virus attacks.
Erbschloe said this year's high profile attacks by ExploreZip worm, which erased
computer files and caused the shutdown of some corporate e-mail systems, and
the Melissa virus, which spread quickly but did not destroy data, would only
draw more attacks.
"Hackers don't like to be outdone," he said. "And most companies are
underfunding their security efforts."
-=-
@HWA
73.0 B4B0 Issue 8 Released.
~~~~~~~~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by tip
The latest and greatest issue of B4B0 has been
released. Articles discuss issues on system/network
security, humor, as well as dementia. Their primary
focus has always been the liberation of normalcy, and
hopefully the redline youth of the world will turn the
new trend in the gospel sound.
B4B0
http://www.b4b0.org
@HWA
74.0 f41th Issue 7
~~~~~~~~~~~~~~
June 21st 1999
From HNN http://www.hackernews.com/
contributed by D4RKCYDE
D4RKCYDE have released f41th issue 7, the 3rd
installment to the magazine. This issue contains even
more than before, with in-depth articles such as '5ESS
Compact Digital Exchanges' and 'Chronus ICMP Packet
Timestamps' with much, much more.
f41th
http://darkcyde.system7.org
75.0 DOD Considers New Network
~~~~~~~~~~~~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
contributed by dis-crete
In an effort to defend against frequent cyber attacks,
the Pentagon is considering building a new computer
network to handle e-commerce and public web pages,
cutting off existing connections to the Internet. This
follows an increase in the rate of successful attacks on
the Non-Classified Internet Protocol Router Network
(NIPRNET). While a separate network sounds like a good
idea in theory the practicalities of completely separating
NIPRNET from the Internet will not be easy.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0621/fcw-newsnetwork-6-21-99.html
JUNE 21, 1999
Cyberattacks spur talk of 3rd DOD network
New network would support e-commerce and public access
to DOD Web sites
BY BOB BREWIN (antenna@fcw.com)<
AND DANIEL VERTON (dan_verton@fcw.com)
As part of a strategy to defend its unclassified networks against relentless
cyberattacks, the Pentagon may establish a new network to handle electronic
commerce and other interactions with the public while cutting off all other
existing connections to the Internet.
The proposal follows an increase in the rate of cyberattacks -- many stemming
from the Kosovo conflict -- on the Non-Classified Internet Protocol Router
Network (NIPRNET), through which the department transmits unclassified
information, including some tactical data, via the Internet.
Marv Langston, deputy assistant secretary of Defense for command, control,
communications and intelligence (C3I), said top DOD officials have begun
debating whether to disconnect NIPRNET from the Internet and create another
network, a so-called third layer, which would provide Internet links between
DOD and e-commerce partners and provide the public with access to military
Web pages.
The proposed strategy, under debate by DOD officials, would leave the
department with three layers of networks: the Secret Internet Protocol Router
Network, for classified information; NIPRNET, which would become a virtual
private network for internal DOD communications; and the new network,
through which the department would communicate with its business partners
and the public.
John Hamre, deputy secretary of Defense, framed the issues behind the policy
debate in stark terms last week, calling the short air campaign in Yugoslavia
against Serbia "the first cyberwar," citing Serb attacks against NATO's public
World Wide Web pages.
"We were under a cyberattack in our operations against Serbia," Hamre said at
last week's GovTechNet International Conference and Exhibition. DOD is
vulnerable to such attacks because the department "routinely operates in
commercial cyberspace" using NIPRNET, he said.
Lt. Gen. William Campbell, the Army's director for C3I, called the current
NIPRNET policy "close to madness" because it is used to actively support
military operations.
Campbell, who would like to see DOD set up the third-layer network, said the
Pentagon should not compromise the security of NIPRNET to support
e-commerce and interactions with the public. "The [e-commerce] tail should not
wag the C3I dog," Campbell said.
Tim Bass, president and chief executive officer of the security consulting firm
The Silk Road Group Ltd., said the third layer is a very wise plan.
"Denial-of-service attacks against [Internet Protocol] networks are a real threat,
and there is no disagreement that IP is highly vulnerable," Bass said.
"Furthermore, nonclassified IP access to the Internet is now a mission-critical
requirement."
Rick Forno, a security officer for Network Solutions Inc. and a former senior
security analyst at the House of Representatives' Information Resources
Security Office, also said DOD's plan is plausible. "All public-access networks
should be on a completely compartmented environment from anything [classified
"For Official Use Only"] or higher, including day-to-day routine local-area
networks," he said. If properly carried out, the policy "will be a great solution,"
Forno said.
However, the proposed strategy is not without some obstacles, DOD officials
said.
Langston, who also serves as DOD's deputy chief information officer, which
gives him a key role in the network security policy debate, said, "It is difficult to
unplug [DOD] from the Internet."
Establishing a third layer would, in essence, set up another U.S., if not global,
DOD network, which would be expensive, Langston said.
Langston advocates protecting NIPRNET by copying a Navy initiative to
secure networks with an array of technology, including intrusion-detection
systems, firewalls and encryption technology.
The Navy has developed its "defense in-depth" strategy as part of an effort to
build a secure Navywide intranet. Langston believes the strategy obviates the
need to pull the Internet plug except under the most extreme circumstances.
"The only reason to pull off the Internet is a massive cyberattack," Langston
said.
Rear Adm. John Gauss, commander of the Space and Naval Warfare Systems
Command, supports an ongoing NIPRNET redesign, which would involve the
Defense Information Systems Agency upgrading the network's security
measures. "What DISA's doing will protect DOD computing and still give us a
viable means of communicating with industry," Gauss said.
Lt. Gen. William Donahue, director of communications and information for the
Air Force, agreed that disconnecting NIPRNET from the Interent is not a viable
option. "We're not going to disconnect from the Internet because we depend on
it for too much," he said. But, he added, "You have to balance the need to
connect with the need to protect."
Although a decision has not yet been made about the third network, Donahue
envisions DOD reaching a stage where it initially will shut down all connections
between NIPRNET and the Internet, closing all "back door" connections, and
then reconnect DOD with a smaller number of open connections.
"There will probably be a finite number of connections to the Internet, and they
will be protected," Donahue said. When that occurs, DOD still will need "to be
serious, dedicated, dogged and persistent in protecting our network nodes," he
said.
But Campbell will continue to push to cut off DOD from the Internet. "If you
are going to be a pioneer...you cannot be faint of heart."
@HWA
76.0 NCIS Calls For National Computer Crime Squad
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
contributed by Code Kid
The UK National Criminal Intelligence Service (NCIS) has
called for the creation of a national cyber force in
England to fight the increasing amount of online crime.
While the Metro police in London do have a computer
crime unit there is no national organization.
BBC
http://news.bbc.co.uk/hi/english/sci/tech/newsid_375000/375156.stm
Sci/Tech
Cyber criminals feel the heat
By Internet Correspondent Chris Nuttall
A national cyberforce of computer specialists is needed
to combat a rising tide of online crime, according to a
major report by the UK National Criminal Intelligence
Service (NCIS).
Project Trawler, a three-year study of Internet crime,
foresees a struggle between criminals and those trying to
prevent illegal activities over the mastery of Net technology
and information.
It says crimes currently being committed include
paedophilia, pornography, hacking, hate sites, fraud and
software piracy. Criminals' use of the Net for secure
communications is an emerging problem.
Interception powers being eroded
The director general of NCIS, John Abbott, told a news
conference:
"I believe that serious
consideration should be given
to the establishment of a
national investigative
computer crime unit to
combat the growing number
of computer crimes being
carried out in the UK and to
identify and target emerging
threats.
"Furthermore, any such unit
should be intelligence-led,
separating out the minor
offenders from those with
both the motivation and capability
to commit serious crimes."
On the day the Home Office released a consultation
paper on the review of the Interception of
Communications Act, the report says existing
capabilities to lawfully intercept communications and
search seized computers will be eroded by the Internet.
"Potentially this would seriously damage law
enforcement's ability to fight serious and organised
crime," it says.
Home Secretary to bolster interception
The Home Secretary, Jack Straw, said he was
determined his proposals would "maintain interception
as the most powerful weapon in the armoury against
crime."
"It often provides the vital intelligence or the crucial piece
of the jigsaw in solving such crimes with on average, one
in two interception warrants resulting in an arrest", he
said.
"But in recent years their capability has come under
threat - sophisticated criminals and terrorists have been
quick to exploit a revolutionised communications
industry and dated legislation on interception."
The proposals, detailed on the Home Office Website,
include creating a single legal framework to regulate
interception of all networks both public and private,
wireless telegraphy and interception of mail.
Encryption expertise needed
Regarding Project Trawler's recommendations, the
Metropolitan Police in London has a computer crime
unit, but there is no such national organisation.
MPs of the Trade and Industry Select Committee said
last month there was a case for such a body in order to
combat criminals using encryption to organise their
illegal activities over the Internet.
NCIS says a national unit would investigate the most
serious offences, develop Internet expertise and support
local forces encountering sophisticated cybercrimes.
Call for international co-operation
Given the global reach of the Net, the report emphasises
that international co-operation is also vital. This includes
combined law enforcement operations, extra-territorial
jurisdiction and consistent extradition of criminals.
It points out that last year's Operation Cathedral had
demonstrated the effectiveness of co-ordinated
international action by law enforcement against
paedophile rings. This involves both exchanging
information at the preliminary stage and preventing
paedophiles tipping off other ring members when arrests
and seizures are made.
The creation of a central library of known paedophilic
images at an international level would both aid the
search for victims and help to determine the nature of
offences, it says.
Cyber complaints on the rise
NCIS suggests that filed complaints of cyber crimes
have risen from 12,000 in 1997 to more than 40,000 in
1998.
But, in an apparent reference to media coverage of the
Internet, it says it does not assess the risks or scale of
criminal activity on the Internet to be as extensive as
sometime portrayed.
The report's author , David Hart, says there is a need for
preventative steps now to avoid having to deal with a
bigger problem later:
"If the rewards are great enough and the risks low
enough then undoubtedly established criminals will
migrate to the new territory of the Internet.
"But, at the moment, even if they had
the motivation, it's not evident that
they have the capability to commit
serious computer crimes. They could
recruit or coerce people who do have
the capabilities but there are associated risks with that."
Future threats
NCIS says the 1990 Computer Misuse Act allows for
penalties of up to five years in jail and unlimited fines.
In future, it says, offences inspired by political motives,
hacking for information with financial value and "work
rage" assaults on systems will feature more.
The approach of the year 2000 is likely to spur some
program writers to create viruses triggered by the
01/01/2000 date.
Project Trawler will be available on the NCIS Website in
an unclassified version. The full report with extensive
statistics will be available to to law enforcement
agencies and government departments.
Report welcomed by cyber rights group
"The conclusions of the report and a multi-layered
approach is welcome for dealing with cybercrimes rather
than heavy-handed government regulation," said Yaman
Akdeniz, director of Cyber-Rights & Cyber-Liberties
(UK), reacting to Project Trawler.
" However, all these initiatives within the layers proposed
should take into account the rights and liberties of
Internet users."
He said the concerns expressed about the ability to
intercept communications revealed law enforcement
bodies were still worried about the use of cryptography
for criminal purposes.
"Overall the publication of the report is welcome and
most of the future problems may be avoided and
prevented by the use and development of better security
tools. Therefore the use and development of encryption
tools should be encouraged rather than controlled for the
prevention of cyber-crimes"
@HWA
77.0 !Hispahack Found Not Guilty
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
contributed by LeCreme
The trial against !Hispahack member Jfs finished on June
2nd. The Spanish judge considered not guilty the only
!Hispahack member that was accused of breaking into a
university computer. This was the first case of
unauthorized computer intrusion ever judged in Spain.
!Hispahack
http://hispahack.ccc.de/en/index.htm
78.0 asahi.com Defaced
~~~~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
contributed by YingYang
One of the major news sites in Japan, Asahi Shimbun
Publishing Co.'s "asahi.com" was defaced in the last few
days. The most interesting thing in this article is the
claim that the news site has suffered several cyber
intrusions in the past but that this was the first one to
cause damage.
Asia Biz Tech
http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/moren/74419
Asahi Shimbun's News Site Suffers Illegal Access
June 22, 1999 (TOKYO) -- Asahi Shimbun Publishing Co.'s news site "asahi.com" was accessed
illegally and could not display the home page in a standard way for a few minutes on June 20.
According to Asahi Shimbun, the problem occurred because an outside person gained illegal
access to one of the company's several mirror servers. <BR><BR>Within about 10 minutes,
the mirror server was separated off, and a switch was made to the other servers.
An investigation is focusing on the detailed circumstances and cause of the incident. From
June 20 to the morning of June 21, the company reinforced its surveillance setup. A full-
fledged investigation was set to start June 21, according to the company.
Asahi Shimbun's www.asahi.com has been subjected to illegal access a few times, but the
previous cases ended without causing any substantive damage. This was the first time that
the content was actually written over.<BR><BR>As for illegal access to a newspaper company's
news site and rewriting of the top page, another incident occurred recently in Japan. Mainichi
Newspapers Co., Ltd.'s www.mainichi.co.jp, Mainichi INTERACTIVE suffered such a case on
June 12.
(BizTech News Dept.)
@HWA
79.0 NSTAC Releases Reports
~~~~~~~~~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
contributed by lamer
The National Security Telecommunications Advisory
Committee has released several new reports detailing
various aspects of federal computer security and
infrastructure.
NSTAC
http://www.ncs.gov/nstac/NSTACReports.html
@HWA
80.0 FBI This Week
~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
FBI This Week
contributed by ne0h
"FBI, This Week" is the name of the radio program
broadcast to over 3,200 ABC Radio Network affiliates.
This weeks episode is all about International Computer
Crime. If you miss the broadcast on your local station a
real player version is available.
FBI This Week
http://www.fbi.gov/pressrm/radio/fbiweek.htm
@HWA
81.0 Cartoon Hackers?? (From HNN rumours section)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 22nd 1999
From HNN http://www.hackernews.com/
contributed by delchi
WB Scraps 'Real Hackers' Cartoon
Rumor has it that Warner Brothers and Mattel have
scrapped an idea for a new Saturday morning cartoon
with a tie in toy line called "Real Hackers". The defunct
storyline was to portray a group of real life hackers in
cartoon form, reformed and fighting for good. Amongst
the hackers to be represented were 'phiber optik',
'bernie s', 'death veggie', 'emmanuel goldstein' and 'weld
pond' as cyber warriors as they fought criminals bent on
destroying the internet. It is unknown why Warner
Brothers and Mattel scrapped this idea or if it even
existed in the first place but in this hot pre Christmas
marketplace, one can only wonder how long it will be
before this ground breaking idea starts making money
for somebody.
@HWA
82.0 Nuke Labs Stand Down
~~~~~~~~~~~~~~~~~~~~
June 23rd 1999
From HNN http://www.hackernews.com/
contributed by Dr. Mudge
Yesterday was one of two stand down day at the
national weapons labs (Los Alamos, Sandia, LLNL, etc),
ordered by Energy Secretary Bill Richardson. This means
that due to the pressure and publicity from the
Cox/PFIAB reports no normal work was allowed at the
labs. Only emergency and operational tasks were to be
continued - 16 hours of training courses, web tests,
discussion groups, etc. over a two day period take
everything elses place. The training dealt with review of
existing security efforts, everything from operational to
computer security is being discussed, dissected, and
hopefully digested. While this may be an excellent way
to educate employees one can only hope that network
security monitoring and analysis is considered essential
daily activity.
Albuquerque Journal
http://www.abqjournal.com/news/1secrets06-21.htm
Future of Nuclear Weapons Program
in Dispute
By Jim Abrams
The Associated Press
WASHINGTON -- The head of a presidential panel on nuclear
weapons security, backed by congressional Republicans, says
security problems within the Department of Energy can't be
fixed without creating a new semi-independent agency to
oversee nuclear arms programs But Energy Secretary Bill
Richardson said he is successfully confronting the security lapses
revealed in investigations of suspected Chinese spying at
weapons laboratories, and that no new agency is needed.
"We are ready to have a beefed-up security entity within
the Department of Energy that is stronger," Richardson said on
"Fox News Sunday." "What I don't want is a new agency that is
autonomous that does not report to me."
But former Sen. Warren Rudman, R-N.H., who chaired a
panel of the president's Foreign Intelligence Advisory Board that
issued a highly critical report of the DOE's counterintelligence
efforts last week, said the department has failed to carry out
two key security measures that President Clinton ordered 16
months ago.
It has yet to fully implement polygraph tests for scientists at
the labs and tighter security checks for foreign visitors, Rudman
said on NBC's "Meet the Press." "The attitude of people within
that department, in that bureaucracy, is astounding," he added.
The Washington Post reported today that the federal
government has begun administering polygraphs on the first of
5,000 nuclear weapons scientists and other sensitive employees
at DOE.
It could take four years to complete an initial round of
examinations on the federal workers and private contractors
working with highly classified nuclear secrets, said Edward J.
Curran, head of Energy's counterintelligence office.
So far, only that office's staff has been given the tests, he said.
Richardson told the Post some employees and civil liberties
groups are likely to protest the polygraphs and "I fully expect
lawsuits."
Richardson said there were still problems to resolve but "we
have had dramatic improvements." He said he ordered a
two-day stand-down at all the nuclear labs to test security
measures, and that he plans to dismiss some people responsible
for security lapses in about three weeks.
Richardson last week also named retired Air Force Gen.
Eugene Habiger, the former commander of all U.S. strategic
nuclear forces, to head security operations at DOE.
The president of the University of California, Richard C.
Atkinson, has ordered a review of security at the three nuclear
laboratories managed by the university to make sure national
security is not being compromised.
The FBI has investigated allegations that a former employee
of Los Alamos National Laboratory was a spy for China. The
university also manages Lawrence Livermore National
Laboratory and Lawrence Berkeley National Laboratory.
Atkinson has asked his Council on National Laboratories to
examine whether newly tightened measures are being
implemented and whether additional measures are needed. He
also wants to compare the university's security to the protocol
used by Lockheed Martin, which manages Sandia National
Laboratories in Albuquerque.
Rudman, meanwhile, is expected to receive a good reception
Tuesday when he testifies to Congress on his panel's
recommendation that the weapons program become
semi-autonomous, reporting only to the energy secretary.
"I agree with the Rudman report," said Sen. Richard Shelby,
R-Ala., chairman of the Senate Intelligence Committee. "We've
said all along that the labs are not safe today. They're not safe
tomorrow."
Richardson, he said, is trying to "seal the leaks at the labs.
He's trying to bring accountability to the labs. But I believe it's
going to take statutory change to do it. I don't believe ultimately
he can do it just by himself."
Shelby said Republican Sens. Frank Murkowski of Alaska, Jon
Kyl of Arizona and Pete Domenici of New Mexico would try to
attach language on such a separation of powers to an
intelligence spending bill coming before the Senate soon.
@HWA
83.0 X-Force Down Under is Hiring
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 23rd 1999
From HNN http://www.hackernews.com/
contributed by solvant
Need a job? Live in Australia? X-Force, part of ISS, is
recruiting Australian security experts for their three
month old Australian office. We sure hope they do
thorough background checks, wouldn't want them hiring
any evil hackers by mistake. A quote from the article by
Cris Rouland of ISS "I don't go out and recruit hackers
per se; I look for very strong software engineers with a
deep understanding of security and strong knowledge of
the computer underground." If that isn't a hacker I don't
know what is.
Fairfax IT
http://www.it.fairfax.com.au/software/19990621/A56795-1999Jun21.html
Australians hack into the X-Force
By DAVID BRAUE AN international anti-hacker organisation,
X-Force, is recruiting Australian security experts for an
Australian brigade.
X-Force is operated by the security software company
Internet Security Systems (ISS), which opened its
Australian office three months ago.
X-Force director Chris Rouland, in Brisbane last week
to speak at a conference on computer security incident
handling and response, said recruits for X-Force were
"very difficult to find".
"I don't go out and recruit hackers per se; I look for very
strong software engineers with a deep understanding
of security and strong knowledge of the computer
underground."
The Australian X-Force will join counterparts in London
and Atlanta in keeping tabs on the underground
community of hackers who attack government and
corporate computer networks.
Australian recruits will work while their overseas
counterparts sleep, allowing a 24-hour security
research organisation with global response capabilities.
The 50-strong X-Force continually folds, spindles and
mutilates commercial software to identify weaknesses
that might be taken advantage of by hackers.
Among its accomplishments was being the first to
decipher the insidious Back Orifice trojan horse virus
and produce a fix for the problem. "That was a good
exercise for us, a chance to stretch our legs," laughs
Rouland, about the application considered to be one of
the most dangerous hacker attacks of the decade.
Reports suggest the team's efforts are paying off: the
analyst firm Yankee Group recently reported ISS as
having 30 per cent of the $US315 million ($485 million)
adaptive security market, while the No 2 firm, Axent
Technologies, had 19 per cent.
Many of the team's innovations - including
proof-of-concept projects that are developed by a
special team known as Protoworx - end up as additions
to ISS's commercial suite of intrusion detection
software.
Recent X-Force work has produced the likes of the
Attack Tracker (which allows intrusion detection
systems to trace and identify incoming intruders);
Casper (a Linux server that offers itself as a tempting
target for hackers while collecting data on their break-in
attempts); and the new Total Surveillance Architecture.
@HWA
84.0 More Canadian RedBoxing from HackCanada
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 23rd 1999
From HNN http://www.hackernews.com/
contributed by RenderMan
Need a RedBox in Canada? Got a Diamond Rio for your
MP3s? One more reason for the authorities to hate MP3s
and the device. HackCanada has released a text file on
how to use your Diamond RIO as a RedBox.
HackCanada
http://www.hackcanada.com/canadian/phreaking/riobox.txt
85.0 SecureMac is Now Open
~~~~~~~~~~~~~~~~~~~~~~
June 23rd 1999
From HNN http://www.hackernews.com/
contributed by MacUser
SecureMac.com has opened their doors this week to a
new site devoted to Macintosh Security. Learn more
about the security that exists for the mac, and how to
make your system more secure. Learn just how weak or
strong the security is on certain products as well. This
site covers encryption, security, virus, and much more.
This site is run by the same person who runs Freaks
Macintosh Archives a site devoted to macintosh hacking
and security.
SecureMac.com
http://www.securemac.com
Freaks Macintosh Archive
http://freaky.staticusers.net
@HWA
86.0 Microsoft Demands Privacy
~~~~~~~~~~~~~~~~~~~~~~~~~
June 23rd 1999
From HNN http://www.hackernews.com/
contributed by Sangfroid
Following in IBMs footsteps Microsoft will now demand a
privacy statement be present on all web sites that it
buys advertising from. Why have the two largest
internet advertisers taken this stance? The FTC is about
to make its recommendations to congress about
whether tough new federal privacy laws should be
enacted. Of course this means that HNN will have to
post something about how you have no privacy and
that we log everything, but then so does every other
web site. It should be a fun page to write. Look for it in
the next few days.
Nando Times
http://www.techserver.com/story/body/0,1634,62850-99839-710835-0,00.html
Microsoft to require privacy statement before advertising on Web sites
Copyright © 1999 Nando Media
Copyright © 1999 Associated Press
By TED BRIDIS
WASHINGTON (June 22, 1999 11:21 p.m. EDT http://www.nandotimes.com) - Microsoft Corp., the largest advertiser on the Internet, has
decided it will not buy ads next year on Web sites that fail to publish adequate privacy promises to consumers. The announcement
comes less than three months after a similar decision by IBM, the Web's second-largest advertiser.
The actions by the two companies come as the Federal Trade Commission prepares its recommendations to Congress on whether tough new federal
p
Comments