Virus hits Navy Marine Corps Intranet

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.fcw.com/fcw/articles/2003/0818/web-nmci-08-19-03.asp

By Matthew French 
Aug. 19, 2003

The lead contractor for the Navy Marine Corps Intranet blames a new
worm for NMCI's connection problems today.

NMCI users have been experiencing "intermittent problems" in
connecting to outside networks, said a spokesman for tech services
firm EDS, the lead vendor for the program. The network did not fully
crash, and NMCI users still have access to their desktop applications.  
NMCI personnel are trying to distribute a patch from security firm
Symantec.

"We are currently experiencing connectivity issues enterprise wide to
include e-mail, Web and shared drive access due to a virus," states a
recording on a hotline for the NMCI Strike Force, which is made up of
Navy and contractor personnel who handle network problems.

A so-called "good Samaritan" worm roots through networks looking for
the Blaster worm that debilitated so many networks last week. The new
virus finds the Blaster, removes it and fixes it by automatically
downloading the Microsoft patch, but does so at the expense of
processing speed and bandwidth, EDS said. When the new worm got inside
the NMCI network, it ate up huge amounts of bandwidth by sending out
pings to locate instances of the Blaster worm, EDS spokesman Kevin
Clarke said.

Pushing the Symantec patch out to users who were already experiencing
very limited bandwidth proved to be difficult, he said.

NMCI is an enterprisewide network designed to connect everyone in the
Navy and Marine Corps on a single, secure network. Since users started
being moved to the system in 2001, almost 97,000 seats have been
shifted from legacy systems.

Until now, NMCI officials have always said that their network has
never been successfully attacked by a virus. Last week, the Blaster
worm affected some legacy systems, but no system moved to NMCI had
been affected, a department spokesperson said at the time.

EDS, the lead contractor on the $8.8 billion deal, could earn up to
$10 million per year for information assurance if NMCI performs well
in unannounced "information warfare" tests of its security and
survivability. It is not known if an outside source's ability to bring
the system down would affect this financial incentive. Symantec is one
of several subcontracts who provide security devices, patches and
software for the NMCI network. Symantec supplies 10 products for NMCI,
including NetProwler, Norton AntiVirus, Raptor Firewall and Mail Gear.

Consultant Robert Guerra of Guerra, Kiviat, Flyzik and Associates said
he doubts the outage will have any lasting effects on either EDS or
the NMCI program.

"The history of the performance of the network is incredible," he
said. "It's been up for a couple of years and this would mark the
first time it's been down. The project has a responsible vendor, who's
done a great job at deploying a very complex network, and a very good
customer in the Navy."

Guerra said he hopes people don't rush to any conclusions before the
Navy can sort out what brought the network down.

"We had a power outage last week across several states and the border
with Canada, but no one is looking to shut down" Con Edison, he said.  
"I hope this doesn't affect the program, because the Navy has decided
this is the right way for the Navy to go."
 


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.