- Email: [email protected]
Script Kiddies Rule The Internet
reports
Federal IT Systems Vulnerable To Attack Barbara Gengler
US Government systems continue to be vulnerable to disruptions, data tampering, fraud and inappropriate disclosure, according to a Government watchdog report, which also said that federal agencies are not in step with the rising information security threats. The report, released by the US General Accounting Office (GAO), called the High Risk Series, was co-authored by US Senators Joseph Lieberman and Fred Thompson. The report pointed out the continuing rise of incidents reported by federal agencies and, in particular the ‘I Love You’ virus last May, that federal computer security “continued to be fraught” with weaknesses. The virus caused message system disruptions at public agencies and private companies. It also said that most federal Internet sites do not comply with the privacy practices set for commercial sites. Even the Federal Trade Commission, which has spearheaded a campaign pressing industry to regulate how it uses the personal information it collects online, did not meet the privacy standards it asks of commercial sites. “The bad news is that we have made little progress in resolving the core
management challenges that continue to plague the federal government,” said Thompson. He also said that the same underlying government-wide problems on the list year after year include financial management, information technology management and contract management. Thompson said that he fears the US could be brought to its knees by an attack on the nation’s computers. “I mean, it runs our entire infrastructure, when you talk about transportation, communications, banking, everything. You shut those things down, you cripple the country without having to fire a shot.” The report also cited nearly two-dozen government programmes at risk of failure, many non-IT-related. Three big IT projects — at the Internal Revenue
Script Kiddies Rule The Internet In the run up to Valentine's Day, a cacophony of anti-virus vendors declared that 14 February would see a veritable infestation of viruses after the mould of the Love Bug. Some industry commentators were of the mind that after all that hype, the anti-virus companies would have to release a virus themselves in order to fulfil their prophesy. But a script kiddie named 'OnTheFly' from the Netherlands made everything worthwhile. On 13 February, sure enough, Kaspersky Labs reported that they had found a “new modification of the ‘Lee’ worm going by the moniker ‘Kournikova’,” in the wild. Kournikova is very like the LoveBug but differs in that its author could not write a single line of code.
In an online confession, OnTheFly admitted to using the popular virus creation kit ‘[K]Alamar’s VBS Worms Creator’. This is a point-and-drool application which allows the unskilled to select a modus operandi and a payload and unleash a fully customized worm.
Service, the Federal Aviation Administration and the US Department of Defense — which have been on the GAO’s high-risk list for some time remained in that category for this report. Laws that protect consumers’ information also have not been updated to reflect technology advances and the Internet, the GAO found. Almost all the federal agencies reviewed, 69 of 70, have privacy policies posted on their principal websites, a substantial improvement over a survey taken last year, the GAO said. Only two had privacy policies that were not clearly labelled and easily accessed, the report said. Over half, 46 agencies, disclosed what information they automatically collected, why they were collecting it, and how they planned to use it. Thompson’s other concerns include theft of nuclear secrets, export policies, fighting terrorism and protecting the nation’s computer system, all of which he describes as “new kinds of threats that are replacing the old Soviet Union threats that we had”. The High Risk list is a compilation of reports which document management challenges facing most of the major agencies of the federal Government and is announced at the start of each new Congress. OnTheFly explained, “I don't know any programming languages.” Scary as that is, February also saw hacking group ‘insanity zine c0rp’ put up a few defacements bearing the legend “whut u k1ds r d0ing in my b0x?...God save the script kiddies!!!” Insanity zine’s targets to date include HP Openview, the California State Assembly and software firm Netfact Design. The traditional view of script kiddies is of wannabe hackers who can’t actually program. It seems odd that they should revel in their incompetency or be able to hit the targets that they do. Insanity zine also includes a statement chiding those who use Microsoft FrontPage to generate code — presumably, real hackers use notepad... 5
Federal IT Systems Vulnerable To Attack Barbara Gengler
US Government systems continue to be vulnerable to disruptions, data tampering, fraud and inappropriate disclosure, according to a Government watchdog report, which also said that federal agencies are not in step with the rising information security threats. The report, released by the US General Accounting Office (GAO), called the High Risk Series, was co-authored by US Senators Joseph Lieberman and Fred Thompson. The report pointed out the continuing rise of incidents reported by federal agencies and, in particular the ‘I Love You’ virus last May, that federal computer security “continued to be fraught” with weaknesses. The virus caused message system disruptions at public agencies and private companies. It also said that most federal Internet sites do not comply with the privacy practices set for commercial sites. Even the Federal Trade Commission, which has spearheaded a campaign pressing industry to regulate how it uses the personal information it collects online, did not meet the privacy standards it asks of commercial sites. “The bad news is that we have made little progress in resolving the core
management challenges that continue to plague the federal government,” said Thompson. He also said that the same underlying government-wide problems on the list year after year include financial management, information technology management and contract management. Thompson said that he fears the US could be brought to its knees by an attack on the nation’s computers. “I mean, it runs our entire infrastructure, when you talk about transportation, communications, banking, everything. You shut those things down, you cripple the country without having to fire a shot.” The report also cited nearly two-dozen government programmes at risk of failure, many non-IT-related. Three big IT projects — at the Internal Revenue
Script Kiddies Rule The Internet In the run up to Valentine's Day, a cacophony of anti-virus vendors declared that 14 February would see a veritable infestation of viruses after the mould of the Love Bug. Some industry commentators were of the mind that after all that hype, the anti-virus companies would have to release a virus themselves in order to fulfil their prophesy. But a script kiddie named 'OnTheFly' from the Netherlands made everything worthwhile. On 13 February, sure enough, Kaspersky Labs reported that they had found a “new modification of the ‘Lee’ worm going by the moniker ‘Kournikova’,” in the wild. Kournikova is very like the LoveBug but differs in that its author could not write a single line of code.
In an online confession, OnTheFly admitted to using the popular virus creation kit ‘[K]Alamar’s VBS Worms Creator’. This is a point-and-drool application which allows the unskilled to select a modus operandi and a payload and unleash a fully customized worm.
Service, the Federal Aviation Administration and the US Department of Defense — which have been on the GAO’s high-risk list for some time remained in that category for this report. Laws that protect consumers’ information also have not been updated to reflect technology advances and the Internet, the GAO found. Almost all the federal agencies reviewed, 69 of 70, have privacy policies posted on their principal websites, a substantial improvement over a survey taken last year, the GAO said. Only two had privacy policies that were not clearly labelled and easily accessed, the report said. Over half, 46 agencies, disclosed what information they automatically collected, why they were collecting it, and how they planned to use it. Thompson’s other concerns include theft of nuclear secrets, export policies, fighting terrorism and protecting the nation’s computer system, all of which he describes as “new kinds of threats that are replacing the old Soviet Union threats that we had”. The High Risk list is a compilation of reports which document management challenges facing most of the major agencies of the federal Government and is announced at the start of each new Congress. OnTheFly explained, “I don't know any programming languages.” Scary as that is, February also saw hacking group ‘insanity zine c0rp’ put up a few defacements bearing the legend “whut u k1ds r d0ing in my b0x?...God save the script kiddies!!!” Insanity zine’s targets to date include HP Openview, the California State Assembly and software firm Netfact Design. The traditional view of script kiddies is of wannabe hackers who can’t actually program. It seems odd that they should revel in their incompetency or be able to hit the targets that they do. Insanity zine also includes a statement chiding those who use Microsoft FrontPage to generate code — presumably, real hackers use notepad... 5