fair use for educational purposes

Link

Pentagon Blocks Public Web Site Access

Servers Struck by 'Code Red' Virus

By David Ruppe

July 23 — The U.S. military has blocked public access to nearly all its Web sites after its servers were attacked by a new computer virus.

Late last week, the U.S. Space Command, which provides security for military computers, instructed all military organizations to block public access after a number of sites had contracted the virus, called the "Code Red" bug, according to an official. The virus is known as a "denial of service" bug, because it replicates itself by reading the log files on a network server and sending copies to other servers — thereby multiplying and sometimes crashing a system — and denying access to legitimate users of the site.

One version of the virus, experts say, emblazons on sites it attacks the message: "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!"

DoD Sites Struck

The virus exploits a security flaw in certain Microsoft network servers. The flaw was announced last month when a patch was released to fix it.

"To protect our DoD [Department of Defense] Web sites from being compromised, DoD organizations have been told to review the status of the Internet information servers … to make sure that all the patches that were previously installed had been installed," says command spokesman Army Maj. Barry Venable.

Only a handful of the major Defense Department sites, with the suffix ".mil," appear currently accessible to the public, including the central public affairs site DefenseLink and the military services' main homepages. Public access is blocked to information connected to those sites, and others such as the National Missile Defense site and the U.S. Air Forces in Europe site. Authorized Department of Defense personnel continue to have access to the sites, Venable said.

"My gut hunch is that this is the single largest security incident ever, in terms of number of servers, and number of pages effected, and duration," says John Pike, who heads the GlobalSecurity.org military resource site. Pike says he first noticed blocked access to some sites Thursday morning.

When the so-called "ILOVEYOU" virus swept the globe in May 2000, it also swept across U.S. military computer networks, prompting some installations to shut down e-mail for days. The Defense Department then expended "enormous efforts" at containing and then recovering from that virus, with personnel across the military pulled away from their primary responsibilities, according to a subsequent congressional report.

Defense organizations worldwide are currently checking their 2.5 million computers linked to 2,000 networks to ensure that they have the applicable software patches to prevent infiltration by the virus, according to Venable.

"The Code Red worm did in fact show up in some DoD Web sites and we're working to contain that," Venable said. "Ways we're going about that is blocking public access to the Web sites, because that's the way this worm works, to prevent it from using our networks to propagate itself."

At Least 225,000 Computer Systems Believed Infected

In recent weeks, variations of the virus are believed to have infected at least 225,000 business and institutional computer systems. Last Thursday, infected computers were instructed to flood the White House Web site, but with minutes to spare the White House was able to protect itself.

Venable could not say when public access to the sites would resume. "Until the worm no longer poses a threat to DoD Web sites, our networks will not be accessible to the public," he said.

The effectiveness of the Code Red virus in exploiting network weaknesses has been known by the military since June, according to Venable.

The fact the military did not have the patch fully installed, and then its decision to block public access to all of its networks, was received uncharitably from a critic of the Pentagon's cybersecurity policies.

"DoD turned tail in cyberspace and disconnected from the Internet," says computer security critic George Smith. "Did Google go offline? Did America Online go offline? Did all the porn sites go offline?"

-- Anonymous, July 23, 2001

Answers

Sounds like a good idea to me. I mean, it's not as if Google, AOL and all the porn sites have national secrets to lose. Or do they?

-- Anonymous, July 23, 2001

I remember spring of 2000 when Congress made the EPA shut down its online databases, as being too vulnerable to hacking. It was a real nuisance for the several weeks when they were unavailable.

-- Anonymous, July 23, 2001

guess that explains why I couldn't get to the .gov earthquake sites today.

-- Anonymous, July 23, 2001

http://digitalmass.boston.com/news/2001/07/24/worm.html

Pentagon closes Web sites to guard against worm

By Reuters, 07/24/2001

WASHINGTON - Public access to hundreds of Defense Department computer Web sites was restored Tuesday, after protection was installed against the damaging "Code Red" computer worm, a Pentagon spokeswoman said.

"The Code Red worm appears to have gone dormant," Susan Hansen said in a brief statement released by the Pentagon. "Accordingly we are able to allow public access to DOD (Department of Defense) Web sites to resume."

She spoke shortly after Navy Adm. Craig Quigley, another Pentagon spokesman, told reporters at a briefing the sites would not reopened to the public until the damaging electronic intruder was no longer a threat to computer systems.

Some versions of the rapidly spreading worm display "Hacked by Chinese!" on infected Internet sites.

Quigley said software security "patches" were being installed to protect against Code Red, which first came to light last week. It infected a small number of Pentagon computers but did no damage to classified or other secure networks, he said.

"We were able to catch it in the very early going," he told reporters. "We have no impact in ... tactical military operations around the world. Certainly none of our classified systems were affected."

The worm, similar to a computer virus, has already infected hundreds of thousands of computers, spreading more quickly than any worm in recent history.

Quigley said that the shut-down had been more than an inconvenience for the public.

"There are still many functions that are performed --business functions, information sharing, a variety of exercise sites around the world -- that are not classified that are usable by both military members" and the public, he said.

The Code Red virus, which is technically a self-propagating worm, first surfaced last week, according to Marc Maiffret, chief hacking officer at security software company eEye Digital Security.

"Since then, at least 300,000 sites have infected, including a large number of U.S. government and U.S. military Web servers," Maiffret said Monday.

Code Red is programmed to start replicating itself on the first day of the month, so it could start spreading again next month, Maiffret said.

The White House last week averted a planned Code Red attack on its Web site, the home page for the Bush administration, security experts said.

The FBI's National Infrastructure Protection Center issued a warning, calling the worm a significant threat that could "degrade services running on the Internet."

Experts said that Code Red spread so quickly that security companies had not been able to figure out who wrote and unleashed it.

-- Anonymous, July 24, 2001