From...

December 27, 1999
Web posted at: 9:55 a.m. EST (1455 GMT)

by Jennifer Jones and Brian Fonseca

(IDG) -- Amid a heightened shroud of security in the waning days before New Year's, President Clinton's Y2K point man and the FBI expressed little tolerance for hackers working under a guise of goodwill.

John Koskinen, chairman of the President's Council on Year 2000 Conversion, issued diplomatic but cautionary words to those infecting systems who claim their work is aimed only at turning up weaknesses in major corporate or government computers.

	MESSAGE BOARD
Insurgency

"We think that, hopefully, those people will recognize that we are going to have enough things going on [New Year's] weekend [without their] trying to demonstrate the need for more information security," Koskinen said at a recent briefing.

MORE COMPUTING INTELLIGENCE

IDG.net home page

InfoWorld home page

Holiday virus threats continue

Feds leave door open for hackers

E-BusinessWorld

Reviews & in-depth info at IDG.net

Hackers take a holiday

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for IT leaders

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Koskinen predicted that Y2K-related viruses will turn up during the rollover weekend. But others are saying there will be more intrusion-detection schemes.

"Cyber-crime focus has really moved toward hack threats for Y2K. More attention is being paid to the firewall and the threat of backdoor attacks," said Narender Mangalam, director of security at Computer Associates International, in Islandia, N.Y.

To clamp down on any malicious efforts, the FBI will work around the clock feeding news of any attacks to the White House's central Y2K Information Coordination Center. The White House is also working with an industry-manned security desk to flag viruses and other year-2000 incidents (see related story, Page One).

Central to the Justice Department command center are the efforts of the FBI's National Infrastructure Protection Center (NIPC) -- a counterterrorism operation set up by the White House last year to help protect the nation's critical systems, such as banking, transportation, and telecom, against cyber attacks.

NIPC Director Michael Vatis told Congress earlier that the FBI is particularly worried that "malicious actors" could have inserted "malicious code" during efforts to overhaul systems for Y2K compliance.

Vatis said most of those working on systems were given "trusted" insider status. Should one of the trusted programmers prove untrustworthy, that person could install trapdoors, obtain root access to exploit systems, or engage in denial of service attacks.

Inside hackers might also have placed a logic bomb or time-delayed virus, or tinkered with passwords. Or worse, Vatis said, they could have "mapped systems" to sell economic or government intelligence secrets.

There is heightened awareness even outside the FBI and in areas less sensitive than those that the NIPC guards. Particularly troublesome might be backdoors -- access programs installed by hackers working at a secure site. Backdoors could let a remote user access a PC.

Sal Viverios, director of McAfee Total Virus Defense at NAI, said he did not anticipate denial of service attacks (using a group of computers to rapidly flood a targeted server with bogus data packets to shut down the pipeline) as a serious concern during Y2K because these require too many participants.