The FED knew about the hacking 8 days before it happened.
from the Wash Post
"Banks Warned of Hacker Attacks
By Ted Bridis
AP Technology Writer
Monday, Feb. 14, 2000; 10:13 p.m. EST
WASHINGTON �� At least eight times, starting days before unusually
forceful attacks against major commercial
Web sites, computer experts at some of the nation's largest financial
institutions received detailed warnings of
impending threats.
Banking officials never passed their detailed warnings to the FBI or
other law enforcement agencies, even as alerts
escalated last week from the first assault against the Yahoo! Web
site on to eBay, Amazon, Buy.Com, CNN and others.
The urgent alerts, by e-mail and pager, began fully four days before
Yahoo! fell under electronic assault Feb. 8.
They cautioned that dangerous attack software had been discovered
implanted on powerful computers nationwide.
The messages ultimately identified specific Internet addresses of
attacking machines.
Participating banks weren't allowed to share the warnings with
government investigators under rules of an unusual
$1.5 million private security network created in recent months for
the financial industry. The Treasury Department
said mandated disclosures might hamper banks and others from being
forthcoming about attacks by rogue employees,
software bugs, viruses or hackers.
The industry said such guarantees helped ensure it was protected.
"Everybody felt comfortable sharing information," said William
Marlow, executive vice president for Global Integrity
Corp., which runs the network. "The government wasn't involved,
everything was anonymous. The private sector
can help each other without additional regulation."
The technology industry is now struggling with the dilemmas of openly
sharing information about new electronic
threats, even as companies remain fearful of admitting Internet
vulnerabilities to governments or even rivals.
Industry experts, including a self-proclaimed hacker known only as
"Mudge," planned to discuss that awkward
balance Tuesday during at a White House security meeting.
"These denial of service attacks obviously are very disturbing,"
President Clinton said Monday. "And I think there is a
way that we can clearly promote security."
Clinton also urged consumers not to panic over last week's attacks.
He predicted: "We'll figure out how to do it, and go
forward."
The banking industry's warning network, run from the secretive
Financial Services Information Sharing and Analysis
Center, is among the first of its kind. The center grew out of the
president's orders for better protection from
cyberattack for America's most important industries. Its member
banks, and even its location, are closely guarded secrets.
To encourage open participation by banks and other financial firms,
the Treasury Department decided that information
disclosed would not be turned over to federal regulators or law
enforcement agencies. It worked well last week for
banks, which enjoyed early warnings about pending attacks, but it
also guaranteed the same warnings weren't
widely distributed.
Only licensed banks and other government-regulated financial firms
that become subscribers are able to exchange
information or tap into the network's details of known security
threats. Urgent alerts are sent by e-mail, pager and
cellular phones to a bank's experts, who pay $13,000 to $125,000,
depending on how many employees use the information.
The center issued the first alert in the latest attacks on Feb. 4,
"when we started seeing certain machines being
compromised," Marlow said. The Yahoo! Web site was attacked four days
later.
The FBI confirmed Monday that one machine used remotely to attack Web
sites last week was in Portland, Ore., but
would not identify it. A law enforcement official, speaking on
condition of anonymity, also said the agency wants to
speak with someone known on the Internet as "Mixter," believed to be
living in Germany.
Mixter created software that may have been used in last week's
attacks. Although the FBI did not identify him as a
suspect, it believes he may have useful information.
Those attending Tuesday's meeting at the White House include Charles
Wang, chairman of Computer Associates
International Inc.; Howard Schmidt, chief information security
officer at Microsoft Corp.; Harris Miller, head of the
Information Technology Association of America; and "Mudge," a member
of a hacker think tank that does security
consulting under the name AtStake. "
-- ng (cantprovideemail@none.com), February 15, 2000.