http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/clarke.html
August 12, 2003
Worm Blasts Windows Users Worldwide
By Mark Berniker
Internetnews.com
The 'Blaster' worm, also referred to as the 'Lovesan' or 'MSBlaster' worm, takes advantage of a vulnerability in Microsoft's Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface, widely publicized in July as the first 'critical' vulnerability in Microsoft's new Windows Server 2003 operating system, though it also affects Windows NT 4.0, Windows NT 4.0 Terminal Services Edition, Windows 2000, and Windows XP.
http://www.internetnews.com/dev-news/article.php/2247801
So a lot of system administrators, rather than go through all of that, not knowing what's going on in their own system, just don't apply the patches, or they take months to apply the patches. What we saw with the Sapphire worm, or we saw with Nimda, or we saw with Code Red, was that the vulnerability had been identified, the patch had been issued. But people hadn't bothered to put it on, because it's just too cumbersome, too hard to do, and you don't know what effect it's going to have on other pieces of software.
Right now, our electric power companies, both the generating companies and the distribution companies, have paid very little attention to security in cyberspace
In this one case, I think federal regulation makes sense, because without it, these electric power companies are not going to pay attention to security.
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/clarke.html
Computer
worm wreaks havoc
By DAVID AKIN
>From Thursday's Globe and Mail
Aug 14, 2003
A worm, though, crawls across the Internet automatically, search ing out vulnerable machines. MSBlast was looking for comput ers running certain Microsoft op erating system software. Those operating systems include the lat est consumer operating system, Windows XP, as well as the busi ness-class systems Windows NT 4.0, Windows 2000 and Windows Server 2003.
Bharat Puri's half-a-million-dollar headache began precisely at 10:19 a.m. Tuesday.
That was when the computers at Mr. Puri's company, Young & Rubicam Canada, registered the first instance of MSBlast, the latest software worm to threaten the sta bility of the Internet and force cor porate information technology departments to spend what could turn out to be millions of dollars cleaning up the mess.
"This is the worst one I've seen in the last three years," Mr. Puri said yesterday. "The bandwidth was through the roof and the network was slow as hell."
http://www.globeandmail.com/servlet/story/RTGAM.20030813.rvirus0814/BNStory/Business/
From An Interview With Richard Clarke The Former White House Cyber Security Advisor from 2001 to March 2003. (3-18-03) So what would you suggest?I'd suggest the Federal Electric Regulatory Commission create an even standard for all power-generating companies and all power distribution companies, and a high standard that's achieved in several steps over the course of the next several years.
Will this administration go and do this?
The Federal Electric Regulatory Commission is independent of the administration. I think they are beginning to move in that direction. I think they do recognize the cost. If it's evened out in several steps over the course of the next several years, the cost [to] the ratepayers, the consumers, will be very small. But the benefit to the country, in terms of securing our electric power system, will be very great.
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/clarke.html
In June of 2001, Bush opposed and the congressional GOP voted down legislation to provide $350 million worth of loans to modernize the nation's power grid because of known weaknesses in reliability and capacity. Supporters of the amendment pointed to studies by the Energy Department showing that the grid was in desperate need of upgrades as proof that their legislation sponsored by U.S. Rep. Sam Farr (D-CA) should pass.
http://www.buzzflash.com/analysis/03/08/15_blackout.html
From An Interview With Richard Clarke The Former White House Cyber Security Advisor from 2001 to March 2003. (3-18-03)You talked about SCADA systems. The master hacker we interviewed stated that the reason that they were vulnerable was because of the Microsoft systems, Windows 2000, NT. All of them are tending to use the same software.
There are four or five companies, two or three of them European, that make the SCADA software that's widely used in the electric power industry and manufacturing. They all have security vulnerabilities. But the biggest vulnerability in the SCADA system is that they're not encrypted, and the users don't have to really authenticate themselves. If we can get those fixes made, then we'll greatly improve the security and skills.
Cyber security for the country is now being more or less taken over by a much larger organization -- the Department of Homeland Security -- which has a lot of other concerns. Are they up to the job to deal with the problems at hand?
The National Strategy gives the new Department of Homeland Security the lead in implementing most of the programs required. It's a big challenge. They're merging 22 organizations, five of them having something to do with cyber security. In any merger, things get lost. I think we all need to try to help the department, but I think we all need also to be critics of the department.
If, for any reason, the department drops the ball on cyber security while it's worrying about aviation security or port security, we need to raise a flag, and we need to raise a ruckus. We have asked that department to carry a huge burden on securing cyberspace. If it doesn't look like it's doing a good job, we need to blow the whistle. It's too early to tell right now whether they'll be able to do it or not.
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/clarke.html
Net Worm Heightens Security Concerns
By Jonathan Krim
Washington Post Staff Writer
Friday, August 15, 2003; Page E02
While computer users and network operators work to recover from the "Blaster" worm that has infected more than 250,000 computers worldwide, security experts are examining whether it has left a potentially more dangerous calling card.
Although worms can eat files, launch attacks to deface Web sites and otherwise disrupt networks, experts say such results often are diversions to mask a more malicious intent: implanting hidden "back doors" in the attacked systems that can allow malicious hackers to break in and steal sensitive information, such as financial or corporate records, or inflict more damage well after an initial attack appears to have been resolved. Increasingly, experts say, such attacks are the work of sophisticated criminal organizations that use worms to enable fraud, embezzlement, identity theft, and sabotage."
"These are not thugs," McNevin said of the worm developers. "These are astrophysicists and computer scientists who have been brought in to take down or compromise systems."
Experts said the financial industry often keeps such attacks quiet, for fear of upsetting customers and giving publicity to the hackers.
http://www.washingtonpost.com/wp-dyn/articles/A60273-2003Aug14.html
By Steven
Musil
Staff Writer, CNET News.com
August 15, 2003, 12:00 PM PT
The ability of the MSBlast worm to spread has underscored the view that today's methods of patching security flaws, while necessary to lock down specific computers, is too time-consuming to react to critical vulnerabilities.
http://news.com.com/2100-1083_3-5064223.html
Washington Times, AUG 15, 2003
"One thing I can say for certain, this was not a terrorist attack," President Bush told reporters last night, adding that the government's first priority would be to deal with the consequences of the blackout and then to determine what caused it.
http://washingtontimes.com/national/20030815-120239-7902r.htm
