Hackers pound ISP to death

march.qxd

2/14/02

8:23 AM

Page 1

March 2002 ISSN 1361-3723

“We do know how the attack was done and can now protect orselves against it, but hindsight doesn’t help us. It’s too late” see page 1.

Editor: Sarah Hilley American Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California, USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK Editorial Advisors: Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P.Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Silvano Ongetta, Italy; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand. Correspondents: Frank Rees, Melbourne, Australia; John Sterlicchi, California, USA; Paul Gannon, Brussels, Belgium. Editoral Office: Elsevier Advanced Technology, PO Box 150 Kidlington, Oxford OX5 1AS, UK Tel: +44-(0)1865-843645 Fax: +44-(0)1865-843971 Email: [email protected] Subscription Price for one year: (12 issues) (£442)*US$732/¥89,700/
675.00 including first class airmail delivery subject to our prevailing exchange rate * Sterling prices are quoted as a reference/guide only. If you wish to pay in sterling you will be charged at the current daily rate of exchange at the time of purchase. Price valid to end of 2002 Subscription Enquiries: Orders and Payments: For customers residing in the Americas (North, South and Central America) Elsevier Science Customer Support Department PO Box 945, New York NY 10010 USA Tel: (+1) 212-633-3730 [Toll free number for North American customers: 1-888-4ES-INFO (437-4636)] Fax: (+1) 212-633-3680 Email: [email protected] For customers in the rest of the World: Elsevier Science Customer Support Department PO Box 211, 1000 AE Amsterdam, The Netherlands Tel: (+31) 20-3853757 Fax: (+31) 20-4853432 Email: [email protected] To order from our website: www.compseconline.com

Publishers of Network Security Computers & Security Computer Fraud & Security Computer Law & Security Report Information Security Technical Report

Hackers pound ISP to death Cloud-Nine, a UK ISP was forced to shut down operations due to a furious denial-of-service attack. Cloud-Nine experienced widespread denial-of-service attacks against all its key servers, including email and DNS. After several endeavours to restart critical servers, the DoS attacks persisted and CloudNine had to abandon its efforts of reviving these key components. Cloud-Nine felt that the only option was to shut down. Also, they felt morally obliged to protect their customers from potential attacks. The harm inflicted was so severe that Cloud-Nine would have to implement a major network overhaul. The ISP’s insurance doesn’t cover this recommended rebuild, thus Cloud-Nine’s fate lies in the hands of its administrators or a potential buyer. “It was a very methodical attack,” said Emeric Miszti, Cloud-Nine, CEO.“It occurred over a number of months. Their objective was to map out our network, identifying the key servers and determining their capacity. Then they knew how to attack with appropriate force.” Cloud-Nine is forced to sell most of its assets and all of its six staff have been left jobless. The directors of Cloud-Nine signed a deal with the directors of Zetnet whereby Zetnet will purchase the assets and

operating leases of CloudNine. Zetnet is currently servicing Cloud-Nine customers. Cloud-Nine’s chief executive is cooperating with the police in an effort to bring the hackers who crippled his business to justice. Cloud-Nine is dealing with forensic investigators on the case and cooperating with the Hampshire Computer Crime Unit. Cloud-Nine, CEO Miszti said, “I have come to realize security must be a top priority. We do know how the attack was done and can now protect ourselves against it, but hindsight doesn’t help us. It’s too late.” Gary Milo, CEO of security specialist Webscreen, said the culprit could have several motives, “he or she could be a competitor, a member of an organized crime gang or it could be a job of a former disgruntled employee. Whatever the case, the attack could have been prevented with proper technology in place.” Ian Mears, a detective constable at Hampshire’s Computer Crime Unit, said, “We have to gather the relevant evidence just like in any other crime. Naturally we are relying on the close cooperation of Cloud-Nine to provide us with full Web logs and to help us make sense of them.”

Contents Hacking News Hackers pound ISP to death 1 Where do all the hackers come from? 2 Who said storage area network data was secure? 2 Privacy hole in Windows/MSN Messenger 3

Virus News Have you got the party bug?

3

Industry News Baltimore sells Content Technologies to Clearswift 3 Microsoft calls on hacker expert 3

Product News IBM and Verisign form security team 4 Virus protection now available for small-medium-sized enterprises 4

Internet News Another ISP Attack

4

Reports PayPal’s anti-fraud team FTC settles Eli Lilly privacy probe Network Security staff are being overwhelmed Terrrorism laws impact on network providers Companies shoddy about cyberattacks OFTEL plans to require telcos to maintain secure networks Ex-hacker millionaire suspected of fraud Cybercrime can be beat by publicprivate alliance

5 5 6 7 7 8 9 9

Features Technology Alone Can Never Be Enough 10 Provisioning as Prevention for Cyber-Sabotage 12 Quantum Cryptography Latest: Promises to Boost Security Within a Decade But Won’t End Arms Race 14

Information Warfare Mission Assurance — Is your Foundation Strong Enough To Assure It? 16

ShockwaveWriter The Nigerian Scam Just Keeps on Going and Going and Going

18

Stop Press

20

Events

20