One of the side effects of Y2K was the secretive banking legislation that was passed. It was literally made against the law for a bank employee to disclose Y2K status (whether it was positive or negative). According to the following article; major banks had plenty of notice that websites were about to be hacked; but they COULD NOT tell the FBI investigators about it. What kind of sense does this make?

FROM: http://www.canoe.ca/HackerAttack/feb14_bankswarned.html

Banks warned of impending Web attacks days before they happened WASHINGTON (AP) -- At least eight times, starting days before unusually forceful attacks against major commercial Web sites, computer experts at some of the nation's largest financial institutions received detailed warnings of impending threats. Banking officials never passed their detailed warnings to the FBI or other law enforcement agencies, even as alerts escalated last week from the first assault against the Yahoo! Web site on to eBay, Amazon, Buy.Com, CNN and others.

The urgent alerts, by e-mail and pager, began fully four days before Yahoo! fell under electronic assault Feb. 8. They cautioned that dangerous attack software had been discovered implanted on powerful computers nationwide. The messages ultimately identified specific Internet addresses of attacking machines.

Participating banks weren't allowed to share the warnings with government investigators under rules of an unusual $1.5 million private security network created in recent months for the financial industry. The Treasury Department said mandated disclosures might hamper banks and others from being forthcoming about attacks by rogue employees, software bugs, viruses or hackers.

The industry said such guarantees helped ensure it was protected.

"Everybody felt comfortable sharing information," said William Marlow, executive vice president for Global Integrity Corp., which runs the network. "The government wasn't involved, everything was anonymous. The private sector can help each other without additional regulation."

The technology industry is now struggling with the dilemmas of openly sharing information about new electronic threats, even as companies remain fearful of admitting Internet vulnerabilities to governments or even rivals. Industry experts, including a self-proclaimed hacker known only as "Mudge," planned to discuss that awkward balance Tuesday during at a White House security meeting.

"These denial of service attacks obviously are very disturbing," President Clinton said Monday. "And I think there is a way that we can clearly promote security."

Clinton also urged consumers not to panic over last week's attacks. He predicted: "We'll figure out how to do it, and go forward."

The banking industry's warning network, run from the secretive Financial Services Information Sharing and Analysis Center, is among the first of its kind. The center grew out of the president's orders for better protection from cyberattack for America's most important industries. Its member banks, and even its location, are closely guarded secrets.

To encourage open participation by banks and other financial firms, the Treasury Department decided that information disclosed would not be turned over to federal regulators or law enforcement agencies. It worked well last week for banks, which enjoyed early warnings about pending attacks, but it also guaranteed the same warnings weren't widely distributed.

Only licensed banks and other government-regulated financial firms that become subscribers are able to exchange information or tap into the network's details of known security threats. Urgent alerts are sent by e-mail, pager and cellular phones to a bank's experts, who pay $13,000 to $125,000, depending on how many employees use the information.

The center issued the first alert in the latest attacks on Feb. 4, "when we started seeing certain machines being compromised," Marlowe said. The Yahoo! Web site was attacked four days later.

The FBI confirmed Monday that one machine used remotely to attack Web sites last week was in Portland, Ore., but would not identify it. A law enforcement official, speaking on condition of anonymity, also said the agency wants to speak with someone known on the Internet as "Mixter," believed to be living in Germany.

Mixter created software that may have been used in last week's attacks. Although the FBI did not identify him as a suspect, it believes he may have useful information.

Those attending Tuesday's meeting at the White House include Charles Wang, chairman of Computer Associates International Inc.; Howard Schmidt, chief information security officer at Microsoft Corp.; Harris Miller, head of the Information Technology Association of America; and "Mudge," a member of a hacker think tank that does security consulting under the name AtStake.

Top Stories Caisse head says Vidiotron-Rogers deal not yet in the

-- meg davis (meg9999@aol.com), February 14, 2000