FBI computer bug squad defends readiness

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500206728-500288285-501556612-0,00.html

By THOMAS HARGROVE, Scripps Howard News Service

WASHINGTON (May 21, 2000 2:43 p.m. EDT http://www.nandotimes.com) -
The FBI sounded the alarm about the "New Love" computer virus Friday -
just hours after congressional investigators concluded that
authorities have "not been effective" in rapidly responding to
computer threats.

The eruption of the polymorphic virus - so-called because the latest
version of the devastating "I LoveYou" e-mail virus is able to change
its name - again taxed law-enforcement officials' ability to protect
cyberspace.

"We jump on these as quickly as we can," said Michael Vatis, deputy
assistant FBI director and chief of the agency's National
Infrastructure Protection Center. "We started notifying other agencies
at approximately 2 a.m. (EDT Friday)."

Vatis defended his agency's response time. He said the FBI must first
"check with other sources to see if this is a significant virus"
before warning the public.

"We have all been up all night, so I'm glad that the FBI was up with
us," joked Marian Merritt, a group product manager at Symantec Corp.,
a California firm that studies computer viruses and markets anti-virus
software.

Symantec issued a consumer warning at 8 p.m. EDT Thursday that it had
identified "a polymorphic variant of the Love Letter virus with an
extremely destructive payload." The virus, if activated by opening an
attachment to an e-mail message, will destroy almost all the files in
a computer.

Vatis said the FBI learned of the virus "just slightly before" it
began warning federal agencies and private industry groups.

Investigators at the General Accounting Office on Thursday criticized
the protection center's response time following discovery of the I
LoveYou virus May 4. The General Accounting Office is a congressional
agency that audits federal programs.

Jack Brock Jr., director of the office's government and defense
information systems division, said the FBI first learned about that
May 4 virus at 5:45 a.m. EDT when agents were warned by a private
computer firm. Even as sensitive computer systems in the Department of
Defense were being harmed by the virus, he said agents "checked other
sources in attempts to verify the initial information with limited
success."

Brock said the FBI did not issue a warning "until 11 a.m. - hours
after many federal agencies were reportedly hit." He said the agency
"did not offer advice on dealing with the virus until 10 p.m. that
evening."

But Vatis defended the caution his agency uses before issuing
warnings. He said computer mischief makers are writing 20 or 30 new
viruses a day, although few have the disruptive potential of the Love
Letter bug.

"Frankly, that is why it's necessary to assess the spread and the
destructive potential of a virus before we leap into action by issuing
warnings and doing other things," Vatis said. "Not every virus really
makes it out in any significant way. Right now, there are over 50,000
viruses known to be out there to some degree."

The newest virus appears to have had little impact. Vatis said the FBI
estimated it had infected "upward of 1,000 machines" scattered in the
United States and around the world by Friday morning - nothing
compared to the I Love You bug that caused up to $10 billion in
damage.

Merritt said the design of the New Love virus was flawed. "The damage
it causes is so bad that it tends to destroy its host computer before
it can disseminate itself too far," she said.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".