Advance notice of Web site warning may have helped block attacks

[InfoSec News <isn () C4I ORG>]

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58475,00.html

By DAN VERTON
March 09, 2001

Early warnings issued by the FBI to four vertical-industry groups
about the continuing threat of Web site break-ins by Eastern European
organized crime groups may have helped block thousands of copycat
attacks against banks and other companies doing business online,
according to security analysts.

The warnings, which were sent out early yesterday in advance of a
public advisory that was released later, demonstrated the importance
of the role that the FBI and its National Infrastructure Protection
Center (NIPC) can play in efforts to prevent cybercrimes, analysts
said.

The NIPC has been criticized for what a former Clinton administration
official called its "fundamental inability to communicate" with
companies and the security community. The problem, sources said, has
been that the FBI treats all potential cybercrimes as law enforcement
investigations first and foremost.

There have even been claims that yesterday's warnings, which followed
an initial alert about the Eastern European attacks that was issued by
the NIPC in December, were little more than a thinly veiled public
relations campaign on the part of the agency. But that contention was
rejected by several security experts who were involved in yesterday's
developments.

William Marlow, vice president and chief strategy officer at New
York-based Predictive Systems Inc., said the advance notice about the
upcoming advisory helped companies in the financial services industry
block "at least 1,600" attempts by hackers to penetrate their defenses
yesterday and today.

Predictive Systems operates an Information Sharing and Analysis Center
(ISAC) for the financial industry. The NPIC "did an outstanding job of
notifying [us] early, which gave the financial institutions time to
ensure they were locked down before the announcement went out," Marlow
said.

While there have been problems in the past with the sharing of
information about security threats by the FBI and the NIPC, Marlow
said, the situation is improving. "We now are working through the
legal and privacy aspects so that we can [better share information],"
he added. "We're very pleased that the NIPC did what they did."

Alan Paller, director of research at the SANS Institute in Bethesda,
M.D., said he also didn't see any ulterior motives in the NIPC's new
warning. "Everything I know says that's exactly wrong," Paller said.
The SANS Institute, a research organization for systems administrators
and security managers, released its own alert about the FBI's
investigations that called the Eastern European hacking incidents "the
largest criminal Internet attack to date."

Scott Christie, an assistant U.S. attorney and intellectual property
coordinator with the U.S. Attorney's Office for the District of New
Jersey, characterized the investigations now underway as national in
scope. "We all felt it was appropriate to let a wider audience know
what is going on," Christie said, describing the ongoing threat as "a
serious impediment to public confidence in e-commerce."

But not everyone is convinced that the information-sharing problems
have been fully resolved.

"Most people recognize the need for [the NIPC]," said Kathy Fithen, a
senior consultant at PricewaterhouseCoopers in New York. "It's
important for both [industry and the government] to find a way to
share information." But Fithen, the former head of the CERT
Coordination Center at Carnegie Mellon University in Pittsburgh, said
the two sides still appear to be "struggling with how to do that
effectively."

The FBI disclosed it has launched investigations into 40 alleged
hacking incidents by crime syndicates in Russia and Ukraine that are
believed to have stolen more than 1 million credit card numbers from
e-commerce and online finance Web sites in the U.S. The affected sites
are powered by Windows NT servers, and FBI officials said companies
have failed to heed earlier warnings about the need to patch several
known security holes in the Microsoft Corp. software.

The current federal approach to cybersecurity and infrastructure
protection has its roots in a directive signed by former president
Bill Clinton three years ago. In addition to setting a 2003 deadline
for the government to establish defenses against attacks on important
elements of the U.S. infrastructure, the directive created the NIPC
and encouraged private-sector participation through a series of
industry-oriented ISACs.

But the Bush administration is now reviewing the entire structure of
the government's security efforts. A congressionally-appointed panel
recently recommended the creation of a single security agency (see
story), and a decision on the future of the NIPC, the Commerce
Department's Critical Infrastructure Assurance Office and other
government entities is due later this year.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".