Tip from Mtn. View sparked online terror probe

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.siliconvalley.com/mld/siliconvalley/3554398.htm

By Sean Webby
Mercury News
June 27, 2002

Laura Wigod, Mountain View's Web site coordinator, was thrilled when
she first noticed the Middle Easterners visiting the city's site.

``Oh, wow! That is so neat that we have visitors from Saudi Arabia,''
Wigod recalled thinking to herself as she looked over Web transaction
report one Monday in August. Wigod was studying Farsi, the main
language spoken in Iran, and was fascinated by the Mideast.

It wasn't until October, after Sept. 11 and with the faraway hits on
the site continuing -- from Saudi Arabia, Pakistan and the United Arab
Emirates -- that she got a chilling thought: Why would someone in the
Middle East be so intently researching how the Silicon Valley city's
water system, utilities and police department worked?

Her observations, which were soon shared with the FBI, were apparently
the catalyst for an investigation that documented a much larger
pattern throughout the country, now of great concern to the U.S.  
government.

A disturbing pattern

``We did get the impression from the FBI that no one else had yet
identified this pattern,'' City Manager Kevin Duggan said. ``We are
very happy we played a part in helping identify this issue for a
broader array of public agencies that could in theory be potential
targets.''

Duggan reported that the FBI had identified at least 30 other
municipalities with similar patterns.

The FBI did not return phone calls late Wednesday. Mountain View
police confirmed that their department referred the pattern to federal
investigators and helped them investigate it.

Wigod's reports showed that at least 50 times since August 2001,
people in certain Middle Eastern countries had used the Google or
Yahoo search engines to bring up the city's official Web site.

Specifically, they had spent time looking at the site's links to
Mountain View's engineering standards, its police and fire operations
and its utilities.

``It was a little chilling,'' Wigod said. ``What made me nervous was
what they were looking at. Why were they downloading the water
report?''

Wigod then brought the information to her supervisor and the Mountain
View Police Department.

``It seemed curious,'' Duggan said. ``We didn't want to leap to any
conclusions about it. But when you see a pattern like that you can't
be complacent.''

Police take over

Detective Chris Hsiung -- at the time the department's high-tech
investigator -- took over the case, said police news officer Jim
Bennett. After examining the traffic, Hsiung called the FBI's
high-tech squad in the Bay Area and began working with them on the
investigation. Hsiung, who is now a patrol supervisor, would not
comment for this story.

Meanwhile, the city continued to quietly watch the Web site. The hits
kept coming.

On Oct. 18, the city decided -- on the advice of the FBI -- to shut
down the Web site. By the next Monday, after having stripped off a
variety of information relating to the city's water supply and some
public-safety operations, they put the site back up.

Duggan cautioned that he had no reason to believe that Mountain View
is, or was, a terror target.

After she discovered the pattern, Wigod kept her secret to herself.  
But she said she was quietly thrilled whenever she saw the president
warning about cyberterror or an FBI warning about threats to the water
system.

``I go, `Wooo, I'm thwarting terrorists!' ''



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.