Banks Warned of Impending Web Attacks Days Before They Happened : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Feb 14, 2000 - 10:20 PM Banks Warned of Impending Web Attacks Days Before They Happened

By Ted Bridis The Associated Press

WASHINGTON (AP) - At least eight times, starting days before unusually forceful attacks against major commercial Web sites, computer experts at some of the nation's largest financial institutions received detailed warnings of impending threats.

Banking officials never passed their detailed warnings to the FBI or other law enforcement agencies, even as alerts escalated last week from the first assault against the Yahoo! Web site on to eBay, Amazon, Buy.Com, CNN and others.

The urgent alerts, by e-mail and pager, began fully four days before Yahoo! fell under electronic assault Feb. 8. They cautioned that dangerous attack software had been discovered implanted on powerful computers nationwide. The messages ultimately identified specific Internet addresses of attacking machines. Participating banks weren't allowed to share the warnings with government investigators under rules of an unusual $1.5 million private security network created in recent months for the financial industry. The Treasury Department said mandated disclosures might hamper banks and others from being forthcoming about attacks by rogue employees, software bugs, viruses or hackers.

The industry said such guarantees helped ensure it was protected.

"Everybody felt comfortable sharing information," said William Marlow, executive vice president for Global Integrity Corp., which runs the network. "The government wasn't involved, everything was anonymous. The private sector can help each other without additional regulation."

The technology industry is now struggling with the dilemmas of openly sharing information about new electronic threats, even as companies remain fearful of admitting Internet vulnerabilities to governments or even rivals. Industry experts, including a self-proclaimed hacker known only as "Mudge," planned to discuss that awkward balance Tuesday during at a White House security meeting.

"These denial of service attacks obviously are very disturbing," President Clinton said Monday. "And I think there is a way that we can clearly promote security."

Clinton also urged consumers not to panic over last week's attacks. He predicted: "We'll figure out how to do it, and go forward."

The banking industry's warning network, run from the secretive Financial Services Information Sharing and Analysis Center, is among the first of its kind. The center grew out of the president's orders for better protection from cyberattack for America's most important industries. Its member banks, and even its location, are closely guarded secrets.

To encourage open participation by banks and other financial firms, the Treasury Department decided that information disclosed would not be turned over to federal regulators or law enforcement agencies. It worked well last week for banks, which enjoyed early warnings about pending attacks, but it also guaranteed the same warnings weren't widely distributed.

Only licensed banks and other government-regulated financial firms that become subscribers are able to exchange information or tap into the network's details of known security threats. Urgent alerts are sent by e-mail, pager and cellular phones to a bank's experts, who pay $13,000 to $125,000, depending on how many employees use the information.

The center issued the first alert in the latest attacks on Feb. 4, "when we started seeing certain machines being compromised," Marlow said. The Yahoo! Web site was attacked four days later. The FBI confirmed Monday that one machine used remotely to attack Web sites last week was in Portland, Ore., but would not identify it. A law enforcement official, speaking on condition of anonymity, also said the agency wants to speak with someone known on the Internet as "Mixter," believed to be living in Germany.

Mixter created software that may have been used in last week's attacks. Although the FBI did not identify him as a suspect, it believes he may have useful information.

Those attending Tuesday's meeting at the White House include Charles Wang, chairman of Computer Associates International Inc.; Howard Schmidt, chief information security officer at Microsoft Corp.; Harris Miller, head of the Information Technology Association of America; and "Mudge," a member of a hacker think tank that does security consulting under the name AtStake.


-- Carl Jenkins (, February 14, 2000


Oh my....

Thanks for the post Carl.

-- Dee (, February 14, 2000.

I'm glad someone mentioned Steve Gibson's web site earlier in a related thread. Follow all the links-- but especially Shields UP!. You may be surprised at what you find.

-- Tom Carey (, February 15, 2000.

OK, this private financial network received warnings days in advance. Were the warnings were from outsiders? Financial sector security specialists -- and if so, where did they get their information? Were they tipped by some of the perpetrators, and if so, I assume that was not done gratis.

,"network device discussion" from EasyLiving, which is a continuation of a discussion thread on this board, appears to continue a plausible cause for some of the outages we have been seeing. I've been through that thread a number of times (thanks to pliney, for a very interesting logical discussion), and from admittedly limited, e.g., router knowledge, it does seem a reasonable explanation. Also, while I have read through a fair amount of writings from Paula Gordon, apparently I was absent when she was writing about network hardware-based problems. Can any of you offer me a link?

Perhaps one thing I am cautious of is a story playing into the hands of vastly-increased federal monitoring of the net. If this is a hardware-based problem in large part, I'd expect blame to have to be placed elsewhere -- because y2k was a non-event, right?

-- Redeye in Ohio (, February 15, 2000.

"They cautioned that dangerous attack software had been discovered implanted on powerful computers nationwide. The messages ultimately identified specific Internet addresses of attacking machines."

Sounds to me like this "Financial Services Information Sharing and Analysis Center" is doing a bit of probing into ports themselves, and probably spying into computers without firewalls. NWO bastards.

-- Hawk (flyin@high.again), February 15, 2000.

Redeye, Thanks for the link, very informative discussion. I find the fact that the so called hacker attacks are so widespread and the fact that nobody has taken credit for them very hard to swallow. Given the fact that active disinformation is taking place concerning the oil crisis (which was predicted repeatedly prior to rollover), I think it is highly likely that we are witnessing more of the same conduct concerning the internet router/server hardware/software problems that are being covered up with tales of hacker attacks...

-- Carl Jenkins (, February 15, 2000.

Moderation questions? read the FAQ