Re: What use is the NIPC?

[<bonk () webchat chatsystems com>]

On Sun, 5 Aug 2001 aleph1 () securityfocus com wrote:

> This latest worm incident has left me wondering of what real use is
> the NIPC. The certainly do not appear to be a rapid reaction force,
> never mind that their web page defines them as providing "timely warnings
> of international threats, comprehensive analysis and law enforcement
> investigation and response".


I have to agree with you.  As a former computer crimes investigator with
the government, I've contacted the NIPC after hours on many different
occasions.  To my knowledge, they have support personnel (non agent types)
answering the phones and the agents get briefed (or so one would think)
but I could never get an agent to the phone unless I contacted my agency
rep.  For those who don't know, most agencies have reps on the floor at
NIPC.  Agencies like NASA, USAF OSI, DCIS, NCIS and many others.  As for
the contacting the NIPC Watch Officer, I always found that to be totally
useless when it came to intrusion notification or any other sort of
incident.  I would go the extra step and contact a sysadmin at the
affected site and found that 99.99% of the time, they were very grateful
and would address the problem or issue.  I would also have them maintain
the data as evidence in case an agency needed it.  Here again, that was
another purpose with contacting the NIPC but it was always useless.
Contacting a Field Office would have been more beneficial IMO.

> Yesterday, I contacted the NIPC, informed them to the fact that a new
> worm was on the loose, explained that it left behind a backdoor, that
> I had a binary of it they were welcomed to have for analysis, and that
> we would be happy to assist them in any way. The nice person I talked to
> on the phone took down all of this and my information.
>
> I've yet to hear from the NIPC. Not a problem. I am probably not the
> only person to report the worm. They are probably busy with their
> own analysis. But it is surprising that they have yet to put out
> an alert.

No, it's not suprising at all.  The NIPC hasn't ever been on the 'leading
edge' as far as I've ever seen.  NASA, OSI and some other agencies have
much better organization and intelligence when it comes to information
technology crimes in my opinion.  I simply got tired of having to deal
with the NIPC because it's all take and no sharing.  That is a very bad
way to conduct business in this area as information sharing is critical to
EVERYBODY in information assurance.




> I guess national infrastructure guards don't work on weekends.

They're mostly agents and I have the same opinion.


> CERT seems rather quiet on the topic as well.



******This information is my own opinion.  It's not geared towards
slamming the NIPC, FBI or anyone else who may work there but it may shed
insight as to how I think their operation rates********




================================================
Travis
Email: Bonk () Undernet Org | Bonk () cyberabuse org
================================================


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com