FBI Duuuhs It Again...

Via NY Transfer News * All the News That Doesn't Fit

FBI Duuuhs It Again:

Interent "Attack" Predicted by Famous But Incompetent a Non-Event


Reuters via Yahoo - August 6, 2002

http://story.news.yahoo.com/news?tmpl=story&ncid=582&e=1&cid=582&u=/nm/20020806/wr_nm/tech_traffic_dc_2


Internet Traffic Flows Smoothly After Warning

By Andy Sullivan 

WASHINGTON (Reuters) - The Internet continued to operate smoothly one
day after the FBI warned of wide-scale attacks against U.S. Web sites
and Internet service providers, network engineers said on Tuesday.

Despite worries that a crippling attack could be launched from
Western Europe on Monday and Tuesday, experts who monitor Internet
traffic said that they knew of no Web sites that had been knocked
offline, and had detected little or no change in the speed of the
global computer network.

An analyst for a company that measures network speeds said he had
detected a spike in traffic coming out of Turkey and Kyrgyzstan at
around 2 a.m. EDT, and a slight slowdown in the U.S. network two
hours later.

"We saw a definite degradation of performance, but it was very
minimal," said Matrix NetSystems' Abelardo Gonzalez.

Others said they had seen no unusual activity at all.

"I don't see anything much out there ... it's pretty flat," said Ravi
Venkatesam, vice president of operations at Atesto Technologies,
which monitors Web sites.

"Our data doesn't reflect any abnormalities," said Joanne Symons,
marketing director for the Internet Traffic Report, another network
monitor.

In a bulletin issued on Monday, the FBI's National Infrastructure
Protection Center warned network engineers to look out for a
wide-scale hacker attack, possibly coming from Western Europe, later
that night.

Cyberattacks have wreaked online havoc in the past. The Code Red and
Nimda worms shut down corporate computer systems and gobbled up
bandwidth last year, while popular government and commercial Web
sites have been knocked offline by "denial of service" attacks that
send overwhelming torrents of data.

But the additional traffic on Tuesday night only disabled 1 percent
of the Internet's infrastructure in the U.S., Gonzalez said. The
FBI's warning probably allowed Internet service providers to set
defenses against the attacks, he said.

The Internet's decentralized design and an oversupply of bandwidth
allows traffic to easily find another path if one node is blocked,
Venkatesam said.

"That's the beauty of the Internet. If something goes wrong, it can
get routed through another path," he said.

An FBI spokeswoman said the agency was monitoring the situation and
would post additional information at http://www.nipc.gov if needed.

                                 *


Wired - August 7, 2002
http://www.wired.com/news/politics/0,1283,54382,00.html

FBI issues Chicken-Little internet warning

By Michelle Delio

In a Chicken Little-like incident that flew under virtually every
computer security experts' radar, the FBI's National Infrastructure
Protection Center bravely predicted and monitored a ferocious
cyberattack Tuesday morning on U.S. computer systems, launched by an
army of European enemy hackers.

Never mind that no independent Internet traffic monitoring service or
security expert had even noticed that any sort of cyberattack had
occurred.

The FBI's National Infrastructure Protection Center warned of the
impending widescale hacker attacks in an alert issued on Monday.
Then, on Tuesday, according to wire reports, Richard Clarke -- the
Bush administration's top official for cyber-security -- said, "There
was a real spike in Internet traffic at odd hours. It was clearly
unusual because it was five- times and seven-times normal, but it
didn't take anything down."

Perhaps there may have been a brief rise in Internet traffic early
Tuesday morning -- but it was a mere blip on the screen if anything,
security experts said. But the general consensus is that Monday's
alert was a self-created crisis caused by an over-reactive,
publicity-seeking government agency, sparked by the idle online
conversations of a band of young and aspiring "hackers" who had
threatened to attack U.S. sites in retaliation for the Aug. 1 arrest
of 14 Italian hackers in Milan.

"It is bizarre," ventured Vern Paxton, senior scientist with the
International Computer Science Institute in Berkeley, California.
"And if there were political cyberattacks, then they appear miserably
unsuccessful. What sort of politically motivated attacker targets
East Coast sites at 2 a.m., EDT?"

The "enemy" combatants appear to be a half-dozen, evidently clueless
Italian youngsters who couldn't even sort out the time difference
between Italy and the East Coast of the United States.

Last week, Italian police arrested 14 local hackers, acting on tips
received from American officials. The Italian hackers are charged
with attacking U.S. government sites, including those belonging to
the Army and NASA.

And some published news reports indicated that the NIPC's hack attack
alert on Monday was based on information provided by Italian
authorities.

Italian computer security experts said that they had noticed "vague
threats" about retaliatory hacks, but dismissed them since the
threats appeared to be originating from youngsters.

"There was some talk on Italian Internet chat channels about DOSing
and defacing American websites last week in response to the Milano
arrests," Augustine DelFalco, a security consultant based in Rome,
said. "But to me it was apparent that the conversations were being
conducted by young teenagers. It's odd that such nonsense should
concern your government."

"At one point, the kids said they would attack at 9 in the morning,
when the American business was just getting started," DelFalco added.
"Young children who perhaps didn't know of the time difference?"

George Smith, editor of virus and computer security information site
vMyths, wondered whether the "spike" in Internet activity that
Richard Clarke alluded to occurred before or after the NIPC issued
its warning.

The Associated Press story, Smith said, gives the impression that the
alleged attack occurred a few hours after the NIPC posted its alert.

"Knowing the average cyber-ankle-biter, people known to stay up at
odd hours, it's not at all unreasonable to entertain the idea that
the NIPC alert might have precipitated some nincompoops who had
nothing better to do with their time except create a statistical blip
in someone's Internet monitoring service," Smith said.

But neither Smith nor his colleagues in the security community saw
anything unusual yesterday, and no one seemed surprised that the
NIPC's alert apparently fizzled.

"The NIPC and Richard Clarke do have an excellent track record of
warning about cyberattacks and cyber-badness that is often only
visible to them," Smith said.

Such warnings of invisible menaces include the NIPC's 1999 alert
warning that every nation whose name began with the letter "I" would
target American computer systems on Jan. 1, 2000.

That warning was followed by another prediction of worldwide hack
attacks on Jan. 1, 2001, and the impending fall of the Internet due
to the Code Red worm last summer.

Since the NIPC doesn't have a sterling reputation among many security
experts, more time and energy was devoted to attempts to figure out
what might have induced them to issue their latest alert rather than
hardening websites and systems.

Some believe that the latest NIPC warning may have been a rather
desperate move made in the hopes of gaining publicity and proving the
agency's value.

According to Rob Rosenberger, also of vMyths, it appears the CERT
Coordination Center, a federally funded research lab focused on
computer security, has decided to sever what Rosenberger described as
its "co- dependent relationship" with the NIPC.

Rosenberger mentioned this rumor at his keynote speech Tuesday at
CERT's annual computer security conference.

"NIPC believes they need CERT's technical prowess if they want to
survive politically. I tend to agree," Rosenberger said. "But if CERT
doesn't want to continue the relationship, I imagine they'll suffer
the classic symptoms of a co-dependent breakup. I can imagine NIPC
wailing how the relationship must continue in order to save the world
from future cyber-terrorism. 'Honey, I swear, just give me one more
chance, I need you'...."

"So who knows?" Rosenberger added. "The NIPC's latest PR move could
be a manifestation of a co-dependent breakup in progress."

Whatever motivated Monday's warning, security experts believe that
the NIPC shouldn't issue public alerts about issues that concern Web
and systems administrators.

"It seems to me that warnings of attacks against the Internet
infrastructure and large websites don't really require a public
announcement," said security researcher Richard Smith. "A private
e-mail list for system administrators should be good enough."

 
=================================================================
  NY Transfer News Collective   *   A Service of Blythe Systems 
           Since 1985 - Information for the Rest of Us          
              339 Lafayette St., New York, NY 10012             
  http://www.blythe.org                  e-mail: nyt@blythe.org 
=================================================================
 
nytmed-08.10.02-14:25:40-16615