Re: U.S. monitoring Internet attacks / RFF Reply

[Richard Forno <rforno () infowarrior org>]

Any network ops from the major providers care to comment on what they're
seeing? Not seeing much discussion about this NIPC alert through overt or
back-channels, I'm tempted to place this in the FUDDY fear-mongering
category under Homeland Security Color Code Fuschia.

<SATIRE>

Let's think for a moment - there's not been much activity on the "cyber"
side of Homeland Hysteria -- er, Homeland Security -- as of late, so perhaps
they wanted to let the world know that "cyber" folks were still a part of
the game....?  

I mean, this *is* the same entity - America's self-monikered cybercrime
agency  -  that announced the Melissa virus with this on their website:
http://www.infowarrior.org/articles/NIPC.jpg. It took them several hours to
revise the page, by which time we had already received detailed warnings,
signatures, and remediation guidance from any number of other sources. These
guys were the laughing stock of the security community.

 </SATIRE>

If NIPC hascredible, specific information, they should release it. Otherwise
they should keep their mouths shut. Technology operations folks have enough
things to worry about during the day - from getting the latest Mickeysoft
patches deployed to resetting the bumbling executive's passwords to
uploading revised routes onto a Cisco on a longhaul backbone to support a
new customer -- they don't have time to be "extra vigilant" for shadowy
alerts of potential attack-type events that might happen tonight - but might
not - we're not really sure, but be on guard anyway.

(okay, maybe I wasn't quite done with satire yet.)

Memo to NIPC: Give us real, useful information, not this piecemeal drivel
that doesn't do anything but cover your tail -- if something happens, we all
know you can defend yourself and truthfully proclaim "we did post a warning"
- despite its questionable value to your intended audience.

This sort of game might be acceptable in the 'traditional' security and
intelligence community, but the private sector won't pay it much attention
when they have other, more pressing, more current problems that they ALREADY
KNOW ABOUT, security or otherwise.

Incidentially, state and local law enforcement feel the same way about the
repeated FBI terror alerts that essentially say "something might happen
sometime in the future, so stay on alert".....these local police entities
must contend with violent crime, drugs, gangs, and KNOWN problems affecting
their constituiencies and communities on a daily basis -- they'll give more
attention to those day-to-day hometown issues than vague alerts of potential
gloom and doom in the potential future based on potentially unconfirmed
information.

</RANT>

Bah. In the interests of bandwidth conservation on the list, comments
welcomed off-line.  I need more coffee....

rick
infowarrior.org




> From: "Al Rowland" <alan_r1 () corp earthlink net>
> Date: Tue, 6 Aug 2002 10:27:56 -0700
> To: <nanog () merit edu>
> Subject: RE: U.S. monitoring Internet attacks (fwd)
>
>
> FUD from Washington. No, that never happens.
>
> Or perhaps Victoria's Secret had another webcast. ;)
> End satire.
>
> Best regards,
> _________________________
> Alan Rowland
>
>
> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> Christopher X. Candreva
> Sent: Tuesday, August 06, 2002 10:04 AM
> To: nanog () merit edu
> Subject: U.S. monitoring Internet attacks (fwd)
>
>
>
>
> Anyone have any specifics on this ? I haven't seen anything.
>
> > From the Aug 6 2002 Chicago Tribune --
> http://www.chicagotribune.com/technology/sns-internetattack.story
>
> U.S. monitoring Internet attacks
> By Ted Bridis
>
> WASHINGTON -- The government was monitoring a series of electronic
> attacks launched early today against U.S. Internet providers, hours
> after European authorities passed warnings to the FBI predicting the
> attacks.
>
> The impact from the attacks appeared limited, and there were no reports
> of outages or even delayed e-mails.
>
> A flood of data, spiking nearly 700 percent more than usual traffic, was
> aimed at Internet providers and Web sites on the East coast starting
> about 2 a.m. EDT, then shifted toward providers and sites on the West
> coast, said a U.S. official, speaking on condition of anonymity.
>
> But unlike some recent so-called "denial of service" attacks, which
> employed hundreds or thousands of computers to overwhelm Web sites, this
> latest attack appeared to be coming from a relatively small number of
> machines, the official said. That has allowed Internet providers to
> protect their networks more easily by filtering data from the attacking
> computers.
>
> The FBI issued a dramatic warning hours before the attacks started,
> based on information from Italian authorities, the U.S. official said.
> The alert cited "credible but non-specific information that wide-scale
> hacker attacks" were planned against U.S. Web sites and Internet
> providers, "possibly emanating from Western Europe."
>
> The earliest attacks targeted East Coast companies, including some in
> Virginia and Maryland, then shifted to target sites in Seattle, the
> official said. The White House and FBI's National Infrastructure
> Protection Center were monitoring the attacks.
>
> Some experts indicated the attacks were so easily foiled that they did
> not register any impact on the health of the Internet.
>
> "We haven't seen anything out of the ordinary," said Chris Rouland of
> Atlanta-based Internet Security Systems Inc., which sells protective
> software to thousands of companies. "We're paying attention to any sites
> that may go down."
>
> Copyright  2002, The Associated Press