Advance notice of Web site warning may have helped block attacks

Early warnings issued by the FBI to four vertical-industry groups about the continuing threat of Web site break-ins by Eastern European organized crime groups may have helped block thousands of copycat attacks against banks and other companies doing business online, according to security analysts.

The warnings, which were sent out at least 19 hours before a public advisory that was released later (see story), demonstrated the importance of the role that the FBI and its National Infrastructure Protection Center (NIPC) can play in efforts to prevent cybercrimes, analysts said.

The NIPC has been criticized for what a former Clinton administration official called its "fundamental inability to communicate" with companies and the security community. The problem, sources said, has been that the FBI treats all potential cybercrimes as law enforcement investigations first and foremost.

There have even been claims that yesterday's warnings, which followed an initial alert about the Eastern European attacks that was issued by the NIPC in December, were little more than a thinly veiled public relations campaign on the part of the agency. But that contention was rejected by several security experts who were involved in yesterday's developments.

William Marlow, vice president and chief strategy officer at New York-based Predictive Systems Inc., said the advance notice about the upcoming advisory helped companies in the financial services industry block "at least 1,600" attempts by hackers to penetrate their defenses yesterday and today.

Predictive Systems operates an Information Sharing and Analysis Center (ISAC) for the financial industry. The NPIC "did an outstanding job of notifying [us] early, which gave the financial institutions time to ensure they were locked down before the announcement went out," Marlow said.

While there have been problems in the past with the sharing of information about security threats by the FBI and the NIPC, Marlow said, the situation is improving. "We now are working through the legal and privacy aspects so that we can [better share information]," he added. "We're very pleased that the NIPC did what they did."

Alan Paller, director of research at the SANS Institute in Bethesda, M.D., said he also didn't see any ulterior motives in the NIPC's new warning. "Everything I know says that's exactly wrong," Paller said. The SANS Institute, a research organization for systems administrators and security managers, released its own alert about the FBI's investigations that called the Eastern European hacking incidents "the largest criminal Internet attack to date."

Scott Christie, an assistant U.S. attorney and intellectual property coordinator with the U.S. Attorney's Office for the District of New Jersey, characterized the investigations now underway as national in scope. "We all felt it was appropriate to let a wider audience know what is going on," Christie said, describing the ongoing threat as "a serious impediment to public confidence in e-commerce."

But not everyone is convinced that the information-sharing problems have been fully resolved.

"Most people recognize the need for [the NIPC]," said Kathy Fithen, a senior consultant at PricewaterhouseCoopers in New York. "It's important for both [industry and the government] to find a way to share information." But Fithen, the former head of the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, said the two sides still appear to be "struggling with how to do that effectively."

The FBI disclosed it has launched investigations into 40 alleged hacking incidents by crime syndicates in Russia and Ukraine that are believed to have stolen more than 1 million credit card numbers from e-commerce and online finance Web sites in the U.S. The affected sites are powered by Windows NT servers, and FBI officials said companies have failed to heed earlier warnings about the need to patch several known security holes in the Microsoft Corp. software.

The current federal approach to cybersecurity and infrastructure protection has its roots in a directive signed by former president Bill Clinton three years ago. In addition to setting a 2003 deadline for the government to establish defenses against attacks on important elements of the U.S. infrastructure, the directive created the NIPC and encouraged private-sector participation through a series of industry-oriented ISACs.

But the Bush administration is now reviewing the entire structure of the government's security efforts. A congressionally-appointed panel recently recommended the creation of a single security agency (see story), and a decision on the future of the NIPC, the Commerce Department's Critical Infrastructure Assurance Office and other government entities is due later this year.

This story, "Advance notice of Web site warning may have helped block attacks" was originally published by Computerworld.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon