hacker group — cracked

3

news

CERT accused ofprofiting fromresearchA vulnerability research ven-dor has denounced CERT forprofiting from research car-ried out by its company.

Mark Litchfield from NGSSoftware expressed his disap-pointment at CERT on aBugtraq mailing list for pre-maturely disclosing vulnera-bilities that NSGSoftwarediscovered.

CERT admits that it doesprovide premature vulnera-bility information to spon-sors, members of theInternet Software Allianceand critical infrastructureproviders.

NGS has decided that it will now only cooperate withthe affected vendor andexclude CERT from the dis-closure process.

Other companies thatcharge for advanced and premature vulnerability alerts include Symantec and Internet Security Systems.

Hacker group —crackedTwo members of a hackinggroup called Thr34t-krewhave been arrested in theUK by the Hi-Tech CrimeUnit. This hacker group are responsi-ble for creating the TK worm,which has infected 18 000computers worldwide.“Technically speaking, this isnot a brand new worm” saidKevin Hogan, senior managerat Symantec SecurityResponse. “This worm exploitsa very old vulnerability inMicrosoft IIS server — theUnicode Directory Traversal

vulnerability, which waspatched in August 2000.”

After the TK worm infects,the victim machine links viathe Internet to a host of com-puters under the control of theThr34t-Krew.

Both suspects have beenreleased on bail but mustreturn to the UK police sta-tion on 3 April.

“Symantec has seen fewcases” of this worm saidHogan, it is being treated as acategory one threat.

The suspect’s homes wereraided and evidence was seizedin parallel with another relatedraid in Illinois, US.

New US Internetmonitoring centre

Wayne Madsen

President Bush's 2004 budgetcontains funds for a new Internet monitoring centre dubbed the "GlobalEarly Warning System"(GEWIS ).

GEWIS, is an early-warningsystem that will notifyAmerican and allied govern-ment agencies and privatecompanies of possible cyber-attacks. Informed observers point outthat GEWIS is similar to theUK's Government TechnicalAssistance Centre (GTAC), acomponent of MI-5 whichwas created by the RIP(Regulation and InvestigatoryPowers) Act.

Privacy and civil libertiesgroups maintain that GEWIScould circumvent Federalwiretap laws by permittinggovernment agents to read email and monitorInternet activity without acourt order.

The GEWIS proposal isincluded in the budget for theNational CommunicationsSystem (NCS), an entity thatwas created in 1962 after theCuban missile crisis. The NCSis made up of 22 Federaldepartments and agenciesincluding the Defense and Justice Departments,CIA, and National SecurityAgency.

The NCS works closelywith the President's NationalSecurity TelecommunicationsAdvisory Committee(NSTAC), which also runs anInternet monitoring centre.

NSTAC is made up of 30telecommunications, comput-er companies and ISPs,including, Verizon, Microsoft,Cisco Systems, Worldcom,and Sprint. The NSTAC Internet monitoring centre, theInformation Sharing andAnalysis Centre (ISAC) alsoalerts the government andprivate sector of Internetanomalies. However, unlike GEWIS, thetelecommunications ISAC isoperated solely by the privatesector. Other monitoring systemsbeing absorbed into the DHSinclude the FBI's NationalInfrastructure ProtectionCentre (NIPC), the EnergyDepartment's NationalInfrastructure Simulation and Analysis Centre and the General ServicesAdministration's FederalComputer Incident ResponseCentre (FedCIRC).It remains unclear howGEWIS will interface with other Internet securityanalysis and monitoring cen-tres being absorbed into theDHS.

In Brief

Norway's Data Inspectoratesent out a security email to1700 subscribers that wasinfected with the FunLovevirus. A virus infected thegovernment agency's exter-nal email server and distrib-uted itself to everyone onthe list.

Nasa's servers suffered anattack last week, where hack-ers broke in and posted infor-mation, protesting against USrelations with Iraq. All nineJPL.NASA.GOV servers wererunning on the Sun Solarisoperating system at the timeaccording to Mi2G.

IDC predicts that the total ITsecurity market includingsoftware, hardware and ser-vices will rise to $45 billion inrevenues by 2006, growingfrom $17 billion in 2001.Security hardware will growthe most, with 25% com-pound annual growth rate(CAGR) followed by servicesat 24% and thirdly, softwareat 16%.

David Litchfield from NGSSoftware confirmed that hepublished the proof-of-con-cept code that was used in thecreation of the Slammer code.He asserts that he will contin-ue to publish code, on thebasis that it is important forsecurity overall.

Two hackers in the US brokeinto Riverside County courtcomputer systems and manip-ulated information so crimi-nal charges appeared to bedismissed.