--"There are two types of companies left in America; those that have been hacked and know it, and those that have been hacked and don't know it." -- Chairman of the House Intelligence Committee, Rep. Mike Rogers (R-MI), 2012------------------------------------------------|
Why are these networks under attack? Most large organizations are serious about security. They run specialized departments tasked with protecting two key networks:
data center (servers) and office automation (workstations). These networks are essential for supporting the business processes throughout the organization.
However a “third network,” the process control network, has yet to receive the same attention.
Often referred to as SCADA (supervisory control and data acquisition) networks due to their association with industrial processes, these networks connect equipment rather than computers and support systems rather than people. In sectors such as utilities, transportation, logistics, manufacturing and pharmaceuticals, these networks are critical to the operation of the organization. In utilities, they are so important as to be considered part of the national critical infrastructure. In logistics, they route millions of parcels a day. But in other companies this network operates behind the scenes, quietly mediating access to buildings, controlling heating and ventilation, elevators and data center cooling.
SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights. If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.
What makes these networks more vulnerable?
• Attacks are becoming more sophisticated as motives move away from amateur glory seeking, to politics in the form of ‘hactivism,’ espionage and nation-state aggression. Advanced persistent threats—the professionals—are driving a new level of stealthy and complex attacks that are difficult to discern let alone disarm.
• Networks are becoming more connected as the business hungers for data to drive decision-making and suppliers Internet-enable everything in order to drive down support costs and increase customer retention. • Designed in a different time, process control networks have been considered inherently safe and often do not include security basics. When released by systems vendors, patches are difficult to apply due to system availability requirements.
• The SCADA network is often ‘invisible’ and lacks the attention and investment to raise the level of security commensurate with increased threats.
• In most organizations process control engineers manage the process control network while the IT department runs the other networks. The two groups have separate mandates and priorities.
Given the typical separate of duties, when considering security solutions organizations should shift their “IT security” mindset to account for the unique requirements and priorities of process control engineers charged with managing the SCADA network. First, security tools should not interfere with closed loop processes that could pose a risk to control. Second, availability/uptime is the most important goal of the network. Third, regular password change policies could endanger a plant, locking engineers out of a system. And, fourth, security tools that require direct Internet access are not viable—many control networks are tightly firewalled from the Internet.
At the same time, process control networks have various areas of vulnerability that must be protected. The Human Machine Interface (HMI), process servers and historians are typically MS-Windows based and are potential entry points for any attacker coming in via the corporate network and using known exploits. The Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs) are often proprietary and require sophisticated knowledge of the control system in order to penetrate, as demonstrated by Stuxnet and Duqu.
The following guidelines should help organizations identify security solutions that respect the requirements and priorities of the process control network environment while enhancing protection. Specifically, organizations should consider solutions that can:
• Provide the flexibility to operate in passive mode or in-line without interrupting closed-loop processes, even in the event of a software, hardware or power failure
• Support a vast rule library and an open rule format in order to accept SCADA rule sets, rules provided by government agencies, other third-party rules and proprietary rules unique to an organization’s own network
• Control network usage by application, user and group as an ideal way of segregating control network zones for maximum flexibility
• Provide passive asset discovery, automatic impact assessment and rules tuning to take corrective action only on threats that are relevant to an organization’s specific network
• Offer centralized monitoring and management to unify critical network security functions, streamline administration and expedite response
Process control networks are mission critical and security is of paramount importance. Increasingly on the radar of sophisticated attackers, it’s time for the SCADA network to be on the radar of management and get the organizational attention, and protection, it deserves.
Related Reading: A New Cyber Security Model for SCADA
Remember Stuxnet? Why the U.S. is Still VulnerableLast week, the Department of Homeland Security revealed a rash of cyber attacks on natural gas pipeline companies. Just as with previous cyber attacks on infrastructure, there was no known physical damage. But security experts worry it may only be a matter of time.
Efforts to protect pipelines and other critical systems have been halting despite broad agreement that they're vulnerable to viruses like Stuxnet — the mysterious worm that caused havoc to Iran's nuclear program two years ago.
The Frankenstein-like virus infected a type of industrial controller that is ubiquitous — used around the world on everything from pipelines to the electric grid.
Experts say manufacturers haven't fixed security flaws in these essential but obscure devices.
Why hasn't more been done? Here's why Stuxnet remains a top national security risk.
Q. What is Stuxnet, anyway?
Stuxnet first made headlines when it burrowed into computers that controlled uranium centrifuges in Iran's renegade nuclear program. Its self-replicating computer code is usually transmitted on flash drives anyone can stick into a computer. Once activated, the virus made Iran's centrifuges spin out of control while making technicians think everything was working normally — think of a scene in a bank heist movie where the robbers loop old security camera footage while they sneak into the vault.
Q. Who created it?
Whoever knows the answer to this isn't telling — but if cybersecurity researchers, the Iranian government and vocal Internet users are to be believed, the two prime suspects are the U.S. and Israeli governments.
Q. How does it work?
Stuxnet seeks out little gray computers called programmable logic controllers, or PLCs. The size and shape of a carton of cigarettes, PLCs are used in industrial settings from pretzel factories to nuclear power plants. Unfortunately, security researchers say the password requirements for the devices are often weak, creating openings that Stuxnet (or other viruses) can exploit. Siemens made the PLCs that ran Iran's centrifuges; other makers include Modicon and Allen Bradley. Once introduced via computers running Microsoft Windows, Stuxnet looks for a PLC it can control.
Q. How big is the problem?
Millions of PLCs are in use all over the world, and Siemens is one of the top five vendors.
Q. After Iran, did Siemens fix its devices?
Siemens released a software tool for users to detect and remove the Stuxnet virus, and encourages its customers to install fixes Microsoft put out for its Windows system soon after the Iran attack became public (most PLCs are programmed from computers running Windows.) It is also planning to release a new piece of hardware for its PLCs, called a communications processor, to make them more secure — though it's unclear whether the new processor will fix the specific problems Stuxnet exploited. Meanwhile, the firm acknowledges its PLCs remain vulnerable— in a statement to ProPublica, Siemens said it was impossible to guard against every possible attack.
Q. Is Siemens alone?
Logic controllers made by other companies also have flaws, as researchers from NSS labs, a security research firm, have pointed out. Researchers at a consulting firm called Digital Bond drew more attention to the problem earlier this year when they released code targeting commonly used PLCs using some of Stuxnet's techniques. A key vulnerability is password strength — PLCs connected to corporate networks or the Internet are frequently left wide open, Digital Bond CEO Dale Peterson says.
Q. What makes these systems so tough to protect?
Like any computer product, industrial control systems have bugs that programmers can't foresee. Government officials and security researchers say critical systems should never be connected to the Internet — though they frequently are. But having Internet access is convenient and saves money for companies that operate water, power, transit and other systems.
Q. Is cost an issue?
System manufacturers are reluctant to patch older versions of their products, government and private sector researchers said. Utility companies and other operators don't want to shell out money to replace systems that seem to be working fine. Dan Auerbach of the Electronic Frontier Foundation, formerly a security engineer at Google, says the pressure on tech companies to quickly release products sometimes trumps security. "There's an incentive problem," he said.
Q. What's the government doing?
The Department of Energy and the Department of Homeland Security's Computer Emergency Readiness Team, or CERT, work with infrastructure owners, operators and vendors to prevent and respond to cyber threats. Researchers at government-funded labs also assess threats and recommend fixes. But government agencies cannot — and do not attempt to — compel systems vendors to fix bugs.
The only national cybersecurity regulation is a set of eight standards approved by the Federal Energy Regulatory Commission — but these only apply to producers of high-voltage electricity. A Department of Energy audit last year concluded the standards were weak and not well implemented.
Q. So is Congress weighing in?
Cybersecurity has been a much-debated issue. Leading bills, including the Cyber Intelligence Sharing and Protection Act, would enable government and the private sector to share more threat information. But while CISPA and other bills give the Department of Homeland Security and other agencies more power to monitor problems, they all take voluntary approaches.
"Some of my colleagues have said nothing will change until something really bad happens," said Peterson, whose consulting firm exposed vulnerabilities. "I'm hoping that's not true."
Q. What does the Obama administration want?
The White House has called for legislation that encourages private companies to notify government agencies after they've faced cyber intrusions, and recommends private companies secure their own systems against hackers. But the White House stops short of calling for mandatory cybersecurity standards for the private sector.
- OPEN SOURCE
Web War II: What a future cyberwar will look like
These people represent a new kind of combatant - the cyber warrior.
One team of IT specialists taking part in Locked Shields, were detailed to attack nine other teams, located all over Europe. At their terminals in the Nato Co-operative Cyber Defence Centre of Excellence, they cooked up viruses, worms, Trojan Horses and other internet attacks, to hijack and extract data from the computers of their pretend enemies.
DDOS attacks are quite straightforward. Networks of thousands of infected computers, known as botnets, simultaneously access the target website, which is overwhelmed by the volume of traffic, and so temporarily disabled. However, DDOS attacks are a mere blunderbuss by comparison with the latest digital weapons. Today, the fear is that Web War II - if and when it comes - could inflict physical damage, leading to massive disruption and even death.
Clarke's worries are fuelled by the current tendency to put more of our lives online, and indeed, they appear to be borne out by experiments carried out in the United States.
And crucially, they use cyberspace to communicate with their masters, taking commands on what to do next, and reporting any problems back. Hack into these networks, and in theory you have control of national electricity grids, water supplies, distribution systems for manufacturers or supermarkets, and other critical infrastructure.
In 2007, the United States Department of Homeland Security (DHS) demonstrated the potential vulnerability of Scada systems. Using malicious software to feed in the wrong commands, they attacked a large diesel generator. Film of the experiment shows the machine shaking violently before black smoke engulfs the screen.
One reason why Scada systems may be prone to hacking is that engineers, rather than specialist programmers, are often likely to have designed their software. They are expert in their field, says German security consultant Ralph Langner, but not in cyber defence. "At some point they learned how to develop software," he adds, "but you can't compare them to professional software developers who probably spent a decade learning."
Moreover, critical infrastructure software can be surprisingly exposed. A power station, for example, might have less anti-virus protection than the average laptop. And when vulnerabilities are detected, it can be impossible to repair them immediately with a software patch. "It requires you to re-boot," Langner points out. "And a power plant has to run 24-7, with only a yearly power-down for maintenance." So until the power station has its annual stoppage, new software cannot be installed.
Langner is well-qualified to comment. In 2010 he, along with two employees, took it upon himself to investigate a mystery computer worm known as Stuxnet, that was puzzling the big anti-virus companies. What he discovered took his breath away.
Stuxnet appeared to target a specific type of Scada system doing a specific job, and it did little damage to any other applications it infected. It was clever enough to find its way from computer to computer, searching out its prey.
Optimists say Stuxnet does at least suggest a scrap of reassurance. Professor Peter Sommer, an international expert in cyber crime, points out that the amount of research and highly skilled programming it involved would put weapons of this calibre beyond anyone but an advanced nation state. And states, he point out, usually behave rationally, thus ruling out indiscriminate attacks on civilian targets.
"You don't necessarily want to cause total disruption. Because the results are likely to be unforeseen and uncontrollable. In other words, although one can conceive of attacks that might bring down the world financial system or bring down the internet, why would one want to do that? You would end up with something not that different from a nuclear winter."
One thing is for sure, he adds: If cyber weapons do become widespread, their targets will lie mostly in the west, rather than in countries like Iran, which have relatively little internet dependence. This means that the old rules of military deterrence which favoured powerful, technologically advanced countries like the United States do not apply: Responding in kind to a cyber attack could be effectively impossible.
This asymmetry is likely to grow, as developed countries become ever more internet-dependent. So far, the Internet Protocol format allows only 4.3 billion IP addresses, most of which have now been used. But this year, a new version is rolling out, providing an inexhaustible supply of addresses and so allowing exponential growth in connectivity. Expect to see far more machines than people online in the future.
In the home, fridges will automatically replenish themselves by talking to food suppliers; ovens and heating systems will respond to commands from your smartphone. Cars may even drive themselves, sharing GPS data to find the best routes. For industry, commerce and infrastructure, there will be even more reliance on cyber networks that critics claim are potentially vulnerable to intrusion.
According to Richard Clarke, the mighty American armed forces themselves are not immune, since their command & control, supplies, and even some weapons systems, also rely on digital systems.
"The US military ran headlong into the cyber age," he says. "And we became very dependent on cyber devices without thinking it through. Without thinking that if someone got control of our software, what would we be able to do? Do we have backup systems? Can we go back to the old days?"
The answer it seems is no. A new form of weapon appears to be emerging. And the world may have to learn to adapt.
- OPEN SOURCE
Web Site Ranks Hacks and Bestows Bragging Rights
By RIVA RICHMOND
Published: August 21, 2011
Enter the Cyber-dragon
Act of War?
Playing the Fool
CONTINUE READING Full Story HERE...
INDIAN MINISTRY OF DEFENSE HACKED:
Terrorist Magazine Celebrates Its Most Epic Failures
By Spencer Ackerman | July 19, 2011 | 6:09 pm
- Watch Out, Conde Nast: Al-Qaida Launches English-Language Lifestyle Mag
- Stop the Presses! Spooks Hacked al-Qaida Online Mag
- Al-Qaeda Mag: We Heart The Mideast Revolts
- Qaeda Pushes Snack Attacks, ‘Ultimate Mowing Machine’
- Someone Tell Obama’s Counterterrorism Crew About the Internet
Spencer Ackerman is Danger Room's senior reporter, based out of Washington, D.C., covering weapons of doom and the strategies they're used to implement.
Accused Fort Hood Shooter to Have Military Trial, Will Face Death Penalty
The 40-year-old is expected to appear in a Fort Hood courtroom for an arraignment and could enter a plea.
Read more: http://www.foxnews.com/us/2011/07/06/accused-fort-hood-shooter-to-have-military-trial-will-face-death-penalty/#ixzz1RLHLnwco
A website that served as al-Qaeda’s main channel for spreading its extremist ideology has been shut down by what experts said had the hallmarks of a hacking attack by a Western intelligence agency.
CONTINUE READING Full and Related HERE...
Hacker group LulzSec says it’s disbanding after attacks on CIA, Sony, US Senate, PBS, and more
By Associated Press,
CONTINUE Reading FULL Story HERE...
By Ellen Nakashima,
- OPEN SOURCE
EMPactAMERICA.org; US/121; TSP/2; US/1
As an Op-Ed in the Wall Street Journal points out, the language used in the email is closely designed to mimic the tone used in millions of emails by U.S. bureaucrats and other professionals. It doesn’t sound like one of those African money transfer scheme emails we all get and laugh off. While China denies any official involvement in the attack, this hardly seems like the work of amateur hackers. These custom tailored attacks were targeted at specific individuals — possibly even a Presidential cabinet member — who had knowledge of U.S. government policy.
Screenshots via Contagio, click here for more.
Read more: http://defensetech.org/2011/06/06/what-those-chinese-phishing-emails-look-like/#ixzz1Oep6xE9c
UMUC's cybersecurity programs are designed to address the serious workforce shortages of highly skilled cyber professionals needed to protect our nation's infrastructure. These programs provide students — looking to advance professionally, change careers or build on existing skill sets — with the proper tools to enter the cybersecurity field. UMUC is designated a National Center of Academic Excellence in Information Assurance Education by the National Security Agency and the Department of Homeland Security. To learn more about these degree and certificate programs offered entirely online, visit http://military.umuc.edu.
Read more: http://defensetech.org/2011/06/06/what-those-chinese-phishing-emails-look-like/#ixzz1Oezrzmp8
BlackNET: HOW THE BLACKNET CAME TO BE
[ed.note: Below is the story of how the BlackNET came to be.]
CONFIDENTIAL - SENSITIVE
ATTORNEY WORK PRODUCT
FOR: Legal Counsel 30 October 2000
VIA: NCL, WRM, COPS, KR, C/ROGUE, DRCOL, EDJ, WHB, NEW, GUS, SR-6, BAR, BOJ, DPF
SUBJ: 'BLACKNET' Investigation #1
According to two special agents of the Federal Bureau of Investigation (FBI), someone affiliated with a loosely associated network of alleged "cyber-criminals" have appropriated my "cyber-identity" to commit apparently unauthorized access to NASA computer systems. Investigation to date reveals that this has apparently occurred, and it involves a "multi-agency," very secret investigation of the alleged perpetrators (one of whom I am apparently not). This alleged cyber-criminal network is further described by intelligence sources as very dangerous.
This report is a compilation and an expansion of two memoranda written on an internet-connected, AOL account "WSMfiles"-linked, Dell computer (Model Dimension 4100). This report is being written on my PBS-linked Macintosh PowerBook laptop (Model 520c). As far as can be determined to date, this matter apparently pertains to the time period of 1998-1999, and is not APPARENTLY related directly to my work on two rather sensitive cases for a Washington corporate security consulting group..
The first memorandum I wrote was dated 17 OCT 2000, and was entitled "FBI Visit." It stated in its entirety:
"Special Agents (SAs) Steven J. PANDELIDES and John T. CURRAN of the Washington Field Office (WFO), VA Branch, visited with me in the OpCenter for approximately 45 minutes at 10:00 am this morning. They stated that they are checking out a request from 'another office' about whether my computer or computer identities have apparently been appropriated via some method of 'cyber theft,' and employed to enter the NASA computer systems at the Johnson Space Center in Houston and their Goddard Space Flight Center facility in Greenbelt [MD]. This allegedly occurred sometime in 1998 or 1999. SA PANDELIDES had specified in a telcon message (recorded) on 16 OCT 2000 that I was apparently the 'unknowing victim of a computer-type intrusion.'
"During our meeting, the Special Agents inquired as to my programming proficiency, and they seemed most interested in LINUX. I informed the agents that the most important thing I knew about FORTRAN was 'rubber bands, since if you drop your IBM programming cards [while] standing in line to run your program, your program would quickly get out of order.' They asked about the operating system I used, (Mac OS 7.5 circa 1995). I informed the agents that I did have very sensitive 'proprietary information' on this computer, which they declined to examine (although it was on and sitting in front of me during the interview).
"They inquired if I recognized the following 'screen names' (I did not):
The special agents also inquired if I had ever participated in any "chat-rooms." To my certain knowledge, the true "WSMfiles@aol.com" has NEVER participated in any single chat-room, ever. The above listed screen names are apparently linked to some sort of "chat-room chat," as may well be the "WSMfiles" impostor(s).
The SAs also inquired as to any web sites I may have visited. I informed them that, to the best of my recollection, I had visited the following governmental sites:
NSA re: VENONA transcripts
NRO re: Satellite Coverage
NOAA re: Weather reports
DEPARTMENT OF LABOR
CENTRAL INTELLIGENCE AGENCY re: Country Reports
EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
The SAs expressed no further interest, not even in the dates I may have visited the above listed sites (most all in 1997). I did explain to SA CURRAN that the NRO stood for the National Reconnaissance Office, which has recently employed a "PAO" (Public Affairs Officer).
SA John T. CURRAN, listed above, was subsequently physically described to me, (with no prompting or descriptions from me), by a source familiar with the Foreign Counter-Intelligence (FCI) operations of the WFO, down to his most recent haircut. SA CURRAN's FBI business card has his Washington WFO phone number crossed-out and a VA number handwritten in, unlike his counterpart, SA PANDELIDES.
After I physically escorted these two FBI SAs from the premises, I informed them that I would be happy to cooperate in anyway on this investigation, and I would make all the services available that were mine to offer. My final words to these two SAs as they walked West on across L St. N.W. toward 17th, to their parking space, were: "Don't call me a confidential informant--just call me."
Pursuant to a spare-time investigation, I began to draft another memorandum on the same internet-connected, AOL account "WSMfiles"-linked, Dell computer. It was originally dated 25 OCT 2000, and entitled "The 'BLACK NETWORK' Investigation." It states, in rough-draft form, the following:
"Over the weekend [21-22 OCT 2000], I learned that there was a loosely organized group of apparent cyber-criminals going by the name of the "BlackNet." Some of these operators were arrested and prosecuted in 1999. They were former telephone company technicians and were able to re-route around some telephone company switching stations. These individuals would purloin confidential databases of credit card holders; telephone credit card accounts and virtually anything in any database anywhere believed to be of value. They sold this information over the internet to all sorts of customers, including P.I.s.
"This alleged criminal network frequently (and apparently gleefully), practiced what they described as 'social engineering.' Social engineering entails making pretext phone calls or cyber-visits wherein the hackers attempt to solicit information to attack the victims' computer systems. Some of these so-called 'social engineering' techniques are explored in a new book about cyber-crime:
[To] save [themselves] some time and trouble [hackers will] phone claiming to be from the "Help Desk" or "Tech Support"...Hackers revel in developing adroit 'social engineering' skills. They pose as telephone repair men, they pose as cable installers, they pose as long distance operators, they pose as co-workers you have never met. They cajole or bully you depending upon which they sense will get the best results. The questions they ask could be as simple as "What version of the operating system is installed o your system? We're doing an enterprise-wide update." The questions could be as brazen as "Could you tell me your password? We need to reconfigure your user account. There's been some file corruption and we can't retrieve your ID info..."
"In light of the above, I recalled an anomaly that would comport with an attempted 'social engineering' approach to my home. On Monday, 23 OCT 2000 (10:00 am), SA Steven J. PANDELIDES of the FBI WFO returned my page (Pager #202-592-7845; Cell #703-902-9812). I informed him that I had additional, possibly relevant information to impart. Specifically, approximately a year and a half ago (May 1999), a call was placed to my then rather recently installed third telephone line (703)524-5605. The caller inquired as to whether 'WSM Files' was a 'business.' When informed it was not, the caller seemed somewhat disappointed and hung up.
"SA PANDELIDES apparently took this information down. When I inquired as to the location of the 'another office' which had made the request to SA PANDELIDES' office to interview me, SA PANDELIDES declined to answer, stating that he would have the 'case agent' call me if the case agent deemed it 'necessary.' As of 4:00 PM, 25 OCT 2000, I have not been called.
"I inquired if this was the 'but-end of the BlackNet case,' to which SA PANDELIDES did not respond. I further inquired as to the other 'victims,' and as to whether any of them were journalists, investigators or members of other, similar professions. SA PANDELIDES responded that there were indeed 'other victims,' but that he did not have that information and that the 'case agent' had that information.
[Not described to anyone, my AOL account at that time was charged monthly to a credit card issued by the USAA insurance company, which also provided my long-distance telephone carrier, U.S. Sprint, with "bonus points." My AOL WSMfiles account 'profile' does NOT contain any identifying data whatsoever. This obviously is how my new telephone number received a "WSM Files" social engineering phone call.]
"At 1:30 PM on 24 OCT 2000, I was contacted by a source formerly with No Such Agency, who informed me what he be told by a former colleague now working at NASA. This source confirmed that the 'BlackNet' was the subject of a 'very large scale investigation.' The source further advised that this investigation was 'multi-agency,' involving NSA, NASA, FBI and other agencies not further specified. The source confirmed that this investigation commenced in 1998 and is 'still very current.' The members of this 'BLACKNET' are 'someone to be afraid of, very afraid.'
"The source added that this investigation is a 'very sensitive, close hold' case and it should not be disclosed to 'the media.' I informed the source that it was a little bit late considering the alleged nature and background of the actual 'WSM Files' AOL account holder circa 1998-1999.
"Another source, a frequent web browser and chat room participant, described for me on 24 OCT 2000 some of his own interesting troubles with his daughters AOL account approximately one year ago."
[WSM DRAFT ENDS]
The above listed “AOL” source further described how he had an AOL account “for my kids. One day my daughter calls upstairs and says ‘will you please get off Dad.’ I was not on any AOL account; I never used it. So I instant messaged (IM) the account and asked ‘who are you?’ And the person wrote back that it was ‘none of your business.’ I asked ‘why are you on here,’ to which he responded ‘because I can.’ Then he wrote ‘try and stop me if you can’.”
“In the meantime,” this AOL source continued, “I had gotten AOL on the phone while I still had this intruder on the account. They told me they could see the intruder, but they refused to identify him. Subsequently, some people at my office told me that they never tried to contact me at home anymore because ‘you’re always on there’.” This AOL source checked with an online contact by the screen name of “WEDGE,” whose identity is known to another source of mine. WEDGE told the AOL source that his computer and his accounts were “completely owned,” and that he should change everything, which the AOL source subsequently did.
There must be hundreds, if not thousands, of other such cyber-theft victims. I will later check out the no doubt many anti-AOL web sites and chat rooms.
It does clearly appear that AOL has a rather significant cyber-security problem. According to the Washington Post, AOL has had its customer database data stolen on at least one RECENT occasion. "This [Microsoft break-in] is the second computer break-in at a major technology company that has been publicized in RECENT months. In JUNE , hackers using a similar METHOD [Trojan Horse e-mail] broke in to the BILLING SYSTEMS of the world's largest on-ramp to the information superhighway, Dulles-based AMERICA ONLINE INC., and pilfered names, addresses and other personal information."
The two FBI special agents who visited my home in Arlington apparently did not properly identify themselves to at least one of my neighbors. I was informed by my next door neighbor that TWO young men in "suits" identified themselves as "FBI agents" and displayed "IDs on chains hanging around their necks," NOT their formal wallet-style credentials. They informed my neighbor that ""William Malone might be able to help us on a case." These two "FBI agents" also stated that they had "spoken to a neighbor across the street." After they left the first neighbor's home, "they went down and picked up a ticket off your car window, looked at it, and then put it back. [As observed by my neighbor], they then went back on your front porch and banged on the door again." (A canvas of immediate neighbors by me turned up no others who had talked to these agents.)
There was a indeed a traffic citation on the windshield of my 1989 Jeep Grand Wagoneer for an expired inspection rejection sticker. Upon being informed of this fact, I retrieved the ticket (which had indeed been moved since I had previously placed it to cover-up the above mentioned rejection sticker). I carefully placed this citation into a plastic baggie, for later possible fingerprint identification should these two "agents" later have turned out not to have been bona fide Federal agents. It is apparently a federal felony to falsely pose as a federal agent.
When I informed a former federal law enforcement officer with the CIA's Office of Security and the Naval Investigative Service, and a recently retired Supervisory Special Agent (SSA) with the FBI, of the above statements from my neighbor, they advised the author on 9 OCT 2000 that these agents had not exercised proper federal investigative procedure and may, in fact, NOT be bona fide federal agents.
On 10 OCT 2000, I telephonically contacted the "Duty Officer for the week of October 10th" of the FBI's WFO (202-228-2000) and inquired if the WFO was looking for my assistance, if not my presence. The duty officer advised that she could not say “one way or the other.” When further advised of the situation with the neck “Ids” and the lack of business cards. The duty officer stated that the proper procedure was to file a complaint, which I did then and there telephonically
I subsequently ascertained the name of the Assistant Special Agent in Charge (ASAC) of the WFO for "Administration--SHUBERT," along with the WFO's mailing address. On 16 OCT 2000, about the same time I received a voice message from SA PANDELIDES, I also received a voice message from a “Melissa MALOROW (PH) of the FBI” (Tel.703-762-3152). She did not return my voice mail message of the same date (after I had actually spoken to SA PANDELIDES and set up an appointment).
On 26 OCT 2000 (11:15 am), I spoke with SA PANDELIDES for a third time. He stated that he had “already conveyed your previous info” to “him,” the “case agent.” SA PANDELIDES stated that perhaps I should “file a complaint about the cyber-theft” I had experienced. When I reminded him that the real WSM-Files had been an investigative reporter for twenty-five years (I had already provided him with my resume), SA PANDELIDES advised that “you’re free to write whatever you want.”
It should also be noted that at NO TIME during their interview with me or during two subsequent telephone conversations, did the two FBI special agents advise me to change my AOL account name or password.
 WSM-Memorandum, 10/17/00.
 Confidential Source Interview, 10/10/00.
John T. Curran, FBI Business Card; Steven J. Pandelides, FBI Business Card; both received 10/17/00.
WSM-Interview with SAs Steven J. Pandelides and John T. Curran, 10/17/00.
Richard Power, Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace, Que-Macmillan, 2000, pp,300-301.
WSM-Draft Memorandum, 10/25/00.
 AOL Source Interview, 10/24/00.
Ariana Eunjung Cha and Carrie Johnson, Washington Post, 10/28/00.
Sue Cornwell, 728 N. Cleveland St. (Home Tel.703-528-2279), Interviews, 10/7/00; 10/17/00.
 DPF & WTR Interviews, 10/9/00.
 FBI-WSM Telcon, 10/26/00.
FBI-WSM Interview, 10/17/00; FBI-WSM Telcons, 10/23/00, 10/26/00. (Nor did I ask if I should.)
[Information contained in BKNT E-mail is considered Attorney-Client and Attorney Work Product privileged, copyrighted and confidential. Views that may be expressed are those of the author(s) and do not necessarily reflect those of any government, agency, or news organization.]----------------------------------------------------