Agencies find LOVE stinks

[William Knowles <wk () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0501/web-agencies-05-04-00.asp

BY FCW Staff
05/04/2000

Heres how some agencies responded to the "ILOVEYOU" virus on Thursday,
May 4.

Agriculture: William Hadesty, USDAs assistant CIO for security, said
the ILOVEYOU virus hit parts of the agency early in the day. "It got
into the system. It did not impact our operations," Hadesty said. "We
learned a lot of lessons from Melissa [a similar virus]."

Hadesty said USDA put an emergency system in place by 8 a.m. to deal
with the virus and got an antivirus download from Symantec Corp. to
prevent the spread of the virus. However, he said it is too early to
say how many USDA sites were affected or whether it had spread
worldwide. "It did not affect our business mission," Hadesty said.
"Were always going to be subjected to something like this. That is the
price of being open."

Army: A spokesmen said Army offices in the Pentagon experienced major
e-mail disruptions, and some major commands such as the
Aviation-Missile Command, Redstone Arsenal, Ala. and the
Tank-Automotive Command, Warren, Mich.  took down their main servers
to eliminate the virus.

Census: The ILOVEYOU virus e-mail hit five computers at the Census
Bureaus main office in Suitland, Md., but Census 2000 data was never
in any danger of being compromised. Census data is kept in a mainframe
computer that has no outside access to e-mail and is surrounded by
firewalls that make access virtually impossible.

J. Gary Doyle, the Census systems integration manager, said that free
e-mail subscriptions from several contractors carried the virus into
the bureaus main headquarters in the morning. The defect was
discovered almost immediately, and users were told to delete the
e-mail without opening it. "Were lucky because we have Lotus Notes,"
Doyle said. "On our office automation side, we dont use the Microsoft
suite."

CIA: The agency "experienced a handful of isolated attacks or viruses
on our unclassified systems, which were identified and quickly
resolved with negligible effect," a spokeswoman said. The agency has
since purged its systems of the e-mails and has posted warnings to all
of its employees, the spokeswoman said. "At this point that seems
adequate."

DOD: The department discovered the virus in many of its unclassified
systems and placed a warning on its Computer Emergency and Response
Team World Wide Web page instructing users not to open the e-mail,
according to spokeswoman Sue Hansen. "Some units have taken their
systems offline, but that was [supposed to be] a last resort," Hansen
said.

Education: The department shut down its e-mail and Internet access
from 9:30 a.m. to 2 p.m., spokesman Jim Bradshaw said. After the
systems were shut down, the department began installing software to
prevent the virus spread, he said. Bradshaw said the Pentagon notified
the department at 7:30 a.m., and "as a result we were able to take
defensive measures immediately," he said.

Bradshaw said that chief information officer Craig Luigart found
10,000 incoming ILOVEYOU e-mails queued up for recipients whose last
names began with "A" or "B." Luigart estimates that throughout the
entire department, the system prevented another 100,000 to 200,000
infected e-mails from being sent out. All of the viruses have been
rendered harmless, Bradshaw said.

Educations Washington, D.C., office has about 3,000 workstations, but
only 17 computers were fully infected after users opened the
attachment; 102 other computers received the virus but did not open
the attachment, Bradshaw said.

Energy: Security guards met Energy Department employees at the DOE
entrances in Washington, warning them about the ILOVEYOU virus and
telling them not to open e-mail with it. Nevertheless, the virus
apparently entered the computer system. "It is still spreading," said
DOE spokeswoman Ruth Vass. "Some of the machines are frozen.

EPA: Only two computers were infected and have been restored,
according to an agency spokesman. The virus first reached EPAs system
at 9:40 a.m. and was blocked by 9:48 a.m., and no systems were shut
down. The EPA spokesperson speculated that because the agency uses
Lotus Development Corp.s Notes e-mail product that the agency didnt
have as many problems.

FEMA: The agency found a way to throttle the virus. Click here.
(ISN Moderators Note: Story being forwarded -WK)

HCFA: Gary Christoph, CIO at the Health Care Financing Administration,
which oversees Medicare and Medicaid, sent a memo to all employees in
the morning that said the agency would be stopping all incoming and
outgoing mail with external sources in order to deal with the virus,
according to HCFA spokesman.

The HCFA spokesman also said that most agencies within the Department
of Health and Human Services were taking similar actions. He said
internal e-mail was not affected, but as of 4:40 p.m., the external
e-mail shutdown was still in effect at HCFA.

House of Representatives: The virus bloomed in abundance. "All I know
is Ive had more love letters today than Ive ever had before," said
Bonnie Heald, spokeswoman for the Government Management, Information
and Technology Subcommittee. The House e-mail system was turned off to
keep the virus from spreading, a move that also prevented Heald from
dispatching press releases.

Interior: Ninety percent of the Interior Department's eight bureaus
were not affected by the virus. It primarily hit the Mineral
Management Services Division, which is the only one that does not use
Lotus Notes. Interior took its Microsoft Exchange servers off line
until the virus was contained, according to David Shearer, of
Interior's Chief Information Architecture Division. Agency IT
personnel worked "all day and through the night" with several
antivirus vendors, he said.

NARA: A spokeswoman at the National Archives and Records
Administration said a virus warning issued early in the day headed off
any complications. The Archives, which stores the nations valuable
records, is tackling the technology of electronic records storage,
including e-mail messages.

Despite ongoing controversy over whether or when it is legal to delete
e-mail messages from government computer systems, Archives officials
said it is OK to delete virus-bearing e-mails. "One may delete an
e-mail containing a computer virus, just as one may delete personal
messages such as an e-mail to arrange lunch with ones wife," an
Archives official said.

NASA: The space agency confirmed the virus infected agency systems but
no mission-critical systems were damaged. Some e-mail systems were
brought down for analysis.

SBA: The agency shut down all its databases and has posted warnings on
every floor of its buildings as well as on its intranet. "Our biggest
concern is this may go beyond e-mail systems and SBA, and other
agencies are looking at the potential of losing some very important
government information," an SBA spokesman said. "We are having to
revert back to the age-old, hard-copy directories for information," he
said.

Senate: The "ILOVEYOU" virus prompted the Senate to shut down parts of
its e-mail system for several hours, but "by and large, the impact was
pretty minimal," said Tracy Williams, director of technology
development for the Senate sergeant at arms.

"We got a lot of inbound messages with the ILOVEYOU subject line and
the virus attachment," but Senate workers were warned early not to
open them. Some Senate e-mail post offices were shut down for several
hours while Williams and his staff researched the virus. But it
appears that few computers were infected and little if any data was
damaged, he said.

State: "Weve blocked the ability to send attachments on both our
classified and unclassified systems at the firewalls," a State
Department source said.

Transportation: Confirmed the virus infected its networks but no
mission-critical systems were damaged.

VA: The Department of Veterans Affairs e-mail system was shut down for
24 hours to prevent the Love bug from getting into the system.

White House, OMB: Officials said the "love bug" was successfully held
at bay. "I understand there are a few isolated cases that have been
dealt with," said presidential spokesman Joe Lockhart. Cybersecurity
personnel "dealt with" the virus early in the morning, and operations
are running smoothly," he said.

An OMB official said White House e-mail systems remained running
despite the virus scare. "Our e-mail is part of the White House
system, and mine wasnt shut down."


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".