National ANSIR Threat Advisory

From: ansir-admin@listserv.leo.gov [mailto:ansir-admin@listserv.leo.gov]
Sent: Tuesday, September 18, 2001 6:24 PM
To: ansir@listserv.leo.gov
Subject: [Ansir] ANSIR E-Mail - National Threat Advisory


ANSIR E-Mail - National ANSIR Threat Advisory, September 18, 2001

FBI-ANSIR THREAT ADVISORY:

DUE TO THE UNCERTAINTY REGARDING THE POTENTIAL FOR FURTHER TERRORIST
ATTACKS, ALL RECIPIENTS ARE ADVISED TO REMAIN ALERT TO ANY SIGNS OF
SUSPICIOUS ACTIVITY.

THE FBI'S AWARENESS OF NATIONAL SECURITY ISSUES AND RESPONSE (ANSIR)PROGRAM
IS SHARING THE FOLLOWING INFORMATION TO ASSIST RECIPIENTS RESPONSIBLE FOR
SECURITY WITH ASSESSING THEIR OWN SITUATION AND IMPLEMENTING AN INTERNAL
RESPONSE AS NECESSARY.

UNCONFIRMED THREATS (NON-CYBER)

Since September 11, 2001, unconfirmed terrorist threats have been reported
regarding the potential use of chemical and/or biological and/or
radiological and/or nuclear weapons of mass destruction. The FBI emphasizes
that these threats are unconfirmed by the intelligence community; however,
it is requested that recipients stay on heightened alert.

The FBI appreciates the invaluable and continued cooperation from the
corporate security community to immediately report any unusual incident
regarding industrial chemicals, pesticides, or potentially dangerous
biological or chemical agents. To thwart the introduction of such chemicals
into the air or into an infrastructure such as a municipal water system,
advise if you have any information regarding unusual activity by anyone
using equipment, such as agricultural aircraft, that may be used for large
area aerosol spraying. FBI contact numbers are available at www.fbi.gov or
in the local phone book in the government section.

Any suspicious activity, such as unusual purchases by employees or customers
of facilities that manufacture, distribute, transport, or store hazardous
chemicals should be immediately reported to the FBI. Point of contact is the
Weapons of Mass Destruction Coordinator (or WMD Coordinator) in the local
FBI office.

UNCONFIRMED THREATS (CYBER)

The National Infrastructure Protection Center (NIPC) expects an increase in
cyber related incidents as a result of the tragic events of September 11,
2001. More specifically:

Anticipated increase in Distributed Denial Service (DDoS) attacks. This
warning was derived from a September 12, 2001 claim by the hacker group
"Dispatchers" who have begun network operations against information
infrastructure components such as routers. This same group stated they were
targeting the communications and finance infrastructure. NIPC anticipates
that hackers will mask their operations by using the IP addresses and
pirated systems of uninvolved third parties. System administrators are
encouraged to check their systems for zombie agents' software and ensure
they institute best practices such as ingress and egress filtering.

Anticipated increase in Political Hacktivism by self-described "patriot"
hackers targeting those perceived as responsible for the terrorist attacks.

Anticipated virus propagation in which old viruses are renamed to appear
related to recent events. One such incident has already been reported in
which a new version of the life_stages.txt.shs virus was renamed wtc.txt.vbs
to appear related to the World Trade Center.

NIPC ASSISTANCE

NIPC has made available the "Find DDoS" tool to determine if the most common
DDoS agents have infected your computer. The tool may be downloaded from the
following web site: http://www.nipc.gov/warnings/advisories/2000/00-055.htm

Report computer intrusions to www.fbi.gov, or NIPC at
www.nipc.gov/incident/cirr.htm
NIPC Watch and Warning Unit may be reached at (202) 323-3204/3205/3206.

A list of best practices is available at:
http://www.cert.org/security-improvement. NIPC recommends at a minimum the
following:

Increase user awareness.
Update anti-virus software.
Stop hostile attachments at the e-mail server.
Utilize ingress and egress filtering.
Establish policy and procedures for responding and recovery.

FBI ANSIR PROGRAM

This FBI Awareness of National Security Issues and Response (ANSIR)
communication is intended for corporate security professionals and others
who have requested to receive unclassified national security advisories.
Individuals who wish to become direct recipients of FBI ANSIR communications
should provide business card information, i.e., company name, address,
phone, fax, etc., to ansir@leo.gov for processing, with a brief description
of the product and/or service provided by your organization.