May 10, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at email at usfacipc@dhs.gov.
The National Infrastructure Protection Center (NIPC) reports that an Internet worm named "Lion" is infecting computers and installing distributed denial of service (DDOS) tools on various computer systems. Illegal activity of this nature typically creates large networks of hosts capable of launching coordinated packet flooding denial of service attacks. Possible motives for this malicious activity include exploit demonstration, exploration, reconnaissance, or preparation for widespread DDOS attacks. NIPC speculates that this current worm appears to be the precursor to a larger DDOS attack. These backdoor compromises provide root access to the victim systems making security more difficult. Systems administrators who detect such a compromise should take steps to reestablish the integrity of their computers and networks. NIPC further recommends that all computer network owners and organizations examine their systems for evidence of this worm and associated DDOS tools. Specific technical instructions for detection of the "Lion" worm are available from the System Administration, Networking, and Security Institute (SANS) website at http://www.sans.org/y2k/lion.htm.
An increasing number of fire and emergency service departments are using wireless information devices. Therefore, it is important to note that handheld palm pilots and wireless notebook computers are vulnerable to attack. Wireless information devices connect with networks and computers in offices or homes by means of radio signals. These devices are so convenient because they dispense with cables and foster maximum movement while remaining connected to a network or the Internet. However, many wireless networks are not running any security, and consequently, allow easy access to intruders. Malicious eavesdroppers could steal passwords, access servers, commandeer websites, or shut down networks altogether. The SANS Institute reminds wireless users that the "virtual private network" software (VPN), but only if turned on, will keep a wireless network hidden from prying eyes.
"The single biggest cause of network security breaches is not software bugs and unknown network vulnerabilities but the action of PC users," according to a survey published by the computer research company, "@Stake." Company researchers said that despite the risk of computer fraud, many computer users leave passwords on paper notes, fail to change passwords from the default, and incorrectly configure hardware. Other security weaknesses include "encrypting data but leaving it on a machine in an unencrypted format or locking it with a blank password and failing to change system passwords during updates." The survey also discovered that some organizations connect servers directly to the Internet and bypass router firewalls. "Expensive and elaborate security measures are often completely undone by an organization's failure to enforce even the most simple precautions, opening up the entire cyber-infrastructure to malicious attack."
Utah Republican Senator, Robert Bennett, said concerns over the safety and integrity of the Internet have him considering legislation to keep secret any information on cybersecurity issues. Speaking at the recent Electronic Industry Association Conference, Senator Bennett expressed fear that creating a "cyber-deterrent" will not prevent criminally malicious and disastrous hacking by the "lightly computerized countries or less-centralized attackers." He believes that the threat of retaliation will not stop such attackers if they decide to engage in electronic warfare to shut down our industrial complex and destroy our critical infrastructures. The solution to this situation, both economically and operationally, is to prepare for any attack beforehand, he said. "If we pay attention to protect our computers, we will get benefits on the other end that will ultimately provide us with time, money, and security," Bennett said. He continued that "key to the effort would be narrowly drawn legislation to exempt government information on computer infrastructure security from the Freedom of Information Act." Therefore, he is currently considering legislative solutions along those lines and may have a bill ready to submit in approximately 45 days.
Record temperatures in California caused the state's power grid managers to order rolling blackouts starting on 7 May, subsequently cutting service to more than 100,000 customers. The blackouts quickly snarled rush-hour traffic in several portions of the state. In some instances, emergency vehicles had difficulty negotiating dense traffic congestion at major road and highway intersections. Where practicable, alternate emergency routes can be considered for first response vehicles. Such would be comparable to the emergency snow routes that are utilized during and after heavy snowfalls.
The process of controlling modifications to hardware, software, firmware, and documentation to ensure that an information system is protected against improper modification before, during, and after system implementation.
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer.
This INFOGRAM may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes "fair use" of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond "fair use," you must obtain permission from the copyright owner.
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC.Fusion@dhs.gov.
The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm
For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by email at NICC@dhs.gov.
When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
Weekly INFOGRAM's are now available as an RSS Feed. More Information »
Last Reviewed: Historical Document
Happy New Year! Add this resolution to the top of your list: test all home smoke alarms each month - starting today! January 1, 2013 @ 10:04 AM ET
U.S. Fire Administration, 16825 S. Seton Ave., Emmitsburg, MD 21727 | USNG: 18SUJ00529652
(301) 447-1000 Fax: (301) 447-1346 Admissions Fax: (301) 447-1441
