NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.

Significant Changes and Assessment - NTR

Private Sector - A newly discovered mass-mailing Internet worm with an anti-American message is in the wild, virus researchers warned on 24 September. The worm, which experts have named W32.Vote.A@mm or simply the Vote worm, targets Windows computer users and arrives in an e-mail with the subject line "Fwd:Peace BeTweeN AmeriCa and IsLaM!" and bearing an attachment named wtc.exe. In an apparent attempt to trick users into running the program, the message body reads "Is it a war against America or Islam. Lets Vote to live in peace." Details on the worm and removal instructions can be found on major US commercial anti-virus vendor’s Web sites. (NIPC Comment: The NIPC has become aware of a new Internet worm named W32.Vote.A@mm aka wtc.exe. The worm appears to be a mass mailer targeting users of Microsoft Outlook/Outlook Express. The anti-virus vendors have rated the damage as low with moderate to high distribution. This does not appear to be the same virus as wtc.txt.vbs identified in the NIPC Advisory 01-020. As stated in that advisory, users are cautioned about opening such e-mail attachments claiming to be related to the terrorist attacks because they may contain malicious code. Several major anti-virus vendors have posted new .dat files to detect this worm. Also, the anti-virus industry is recommending that consumers filter incoming messages for .exe files to ensure that they don't contain malicious code.) (Source: Newsbytes, 24 September)

Wired news reported that hackers say it's easy to take over America Online's (AOL) Instant Messenger (AIM) accounts using several hacking programs that are in wide circulation on the Internet. They can then pose as the users who accounts have been commandeered. The AIM program allows users to send instant text messages and transfer files to each other. Most AIM users create a "buddy list," a personal directory of their friends and family who use the service. Hackers who take over an account have full access to that account's buddy list. Accounts that have been taken over can then be used to distribute viruses by sending infected files from a "buddy." (Source: Wired News, 24 September)

Government - An expert on computer security says if the US launches attacks in Afghanistan, watch out for cyber-terrorism. Other experts agree that it could become one more way for terrorists to do their dirty work. A comprehensive and destructive attack on a critical infrastructure, such as the power grid or banks, could cause serious problems. So far, most assaults on computer systems have been "denial of service" attacks that are more annoying than devastating. The CIA's top advisor on science and technology says traditional terrorists still prefer bombs over bytes. Lawrence Gershwin told congress that could change, as more computer savvy recruits enter the ranks. The FBI says it's on the watch for cyber-terrorists. (Source: Associated Press, 24 September)

On 24 September, Treasury Secretary Paul O’Neill said the foreign terrorist asset tracking center at the Treasury Department is up and running, The center identifies and investigates the financial infrastructure of international terrorist networks. President George W. Bush signed an executive order that freezes US assets of 27 entities, including what he called terrorist organizations and individual terrorist leaders. “With the signing of this executive order, we have the President’s explicit directive to block the US assets of any domestic or foreign financial institution that refuses to cooperate with us in blocking assets of terrorist organizations,” O’Neill said. The center is working with government agencies and industrialized nations to stamp out financial networks that fund terrorism. (Source: Government Computer News, 24 September)

Fairfax County Virginia, fell victim to the Nimda virus, forcing it to shut down its Web site until each of the county's 9,000 computers and 300 servers has been screened, officials said on 24 September. Technicians said it could be several days before the county reopens its Web site, which receives more than a million hits a day as residents log on for a variety of services, from paying their car taxes to renewing library books and reserving tee times at county-owned golf courses. Fairfax mobilized enormous resources to battle the so-called Nimda virus "admin" spelled backward which began its march through county computers on 19 September. A virus command center was set up, and approximately 150 technicians have been working round the clock to keep the Nimda virus from spreading further. (Source: Washington Post, 25 September)

Military - The DoD, in consultation with law-enforcement agencies, is considering expanding its ability to take pro-active measures to thwart would-be intruders of its computer networks. These measures, if adopted, would give the department the unprecedented ability to conduct reconnaissance of non-DoD domestic and foreign networks as a means of providing advanced warning of pending attacks and tracing their origin. Army Maj. Gen. James Bryan, who directs the DoD's Joint Task Force-Computer Network Operations (JTF-CNO), told Jane's Defense Weekly: "People are free to browse all over the global Internet and that is what we are really talking about - a form of reconnaissance that is much like browsing." At the same time, he said these deliberations are in a very preliminary stage and the DoD is "a long way" from performing these activities. US law currently precludes the DoD from conducting computer network defense (CND) activities outside its own network infrastructure. (Source: Jane's Defense Weekly, 26 September)

International - Asia's largest Internet show kicks off in the Indian capital on 26 September, with plans to showcase a range of technologies on using the Web more efficiently after the dotcom meltdown. Some 70 firms participating in the three-day India Internet World will offer their expertise on leveraging the web for Internet based finance and customer management, digital commerce, web procurement and virtual infrastructure. “The focus of the show is based on the assumption that the Internet is a reality now and only a web presence is not enough,” Pradeep Kar, chairman of Microland, one of the organizers of the show. E-commerce in India is projected to grow 10 times to $40.7 billion over the next five years, according to a joint study undertaken by the country's main software industry body and a Boston Consulting Group. (Source: Reuters, 25 September)


Electrical Power - Authorities and the Moffat County hospital went on alert over the weekend following a call that two men of Middle Eastern descent suspiciously delivered a substance to an area power plant. An investigation by the FBI and a hazardous materials team found the substance to be Ecodex, a water treatment agent used at the power plant, Moffat County Sheriff Buddy Grinstead said. No arrests were made. He said a worker at the Tri-State Generation and Transmission Power Plant notified authorities on 23 September. The worker said the driver of the delivery truck took longer than usual to back up and drop off the materials. He also said some of the shrink wrap had been removed or opened. Grinstead said increased awareness and fears following the terrorist attacks in New York and Washington probably led the worker to telephone police. (Source: Associated Press, 24 September)

Water Supply - US drinking water suppliers have been advised, at the direction of the FBI, to be on alert and exercise caution to guard against possible attempts at sabotage in the wake of the recent terror attacks. "We have advised all utilities to be on alert and cautious," Tom Curtis, the deputy executive director of the American Water Works Association (AWWA). "We are not responding to a specific threat advisory from the FBI concerning water utilities, but we have advised water utilities to be on a heightened state of alert." (Source: UPI, 24 September)

Transportation - The FAA said that hundreds of thousands of airport workers need to have their credentials verified to ensure they are valid in an attempt to reassure airline passengers and flight crews that security gaps at the nation's airports are being addressed. The unprecedented order, which covers the spectrum of workers authorized to enter secure areas of airports, gives airport authorities until 3 October to re-validate employee identification in an attempt to track down any that may have been falsified or stolen. "The general belief is that at many airports, there are a lot of badges that have not been returned and might be held by people who no longer work at the airport," said James Coyne, president of the National Air Transportation Association, which represents contractors providing services at airports. (Source: Chicago Tribune, 25 September)

Telecommunications - The number of cell phones worldwide could eclipse the number of traditional land lines by 2006, according to a report issued on 20 September by a California research company. With Asia and Europe leading the way as heavy adopters of wireless technology, by 2006 there will be 1.6 billion cellular phone subscribers and just 963 million fixed-line subscribers, according to a report published by The Carmel Group. This shift toward a highly mobile world could increase the productivity of workers around the globe, as users will have almost immediate access to many forms of information no matter where they go. (Source: InfoWorld, 24 September)

Emergency Services - NTR Banking and Finance - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR

IWS INFOCON Mailing List @ IWS - The Information Warfare Site