Cypherpunks, I've been getting anywhere from 10 to 30 "SirCam" worm messages a day. The volume is now declining. Most have attached files containing fragments of Microsoft Word documents, apparently extracted from the disk drive of the sender. Most are the usual garbage people write to each other, but some of the ones from corporations have been interesting. And this one, assuming it is real, seems to have orginated from within some department of the government called "NIPC." It must be bogus.This does not seem plausible, that they would send me something, so I expect a hoax. The attached filed, with the message, is 926 K, so I'm only enclosing a few tantalizing sections. I really cannot imagine why I am getting these SirCam messages from some government agency named "NIPC," unless for some reason my e-mail address is in their address book. How could that happen? (BTW, many of the SirCam messages have clock dates which are wrong. This one is incorrectly dated "8/24/01".) At 2:39 PM -0400 8/24/01, NIPC Intern42 wrote: ------017B5BE9_Outlook_Express_message_boundary Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: message text Hi! How are you=3F I send you this file in order to have your advice See you later=2E Thanks ------017B5BE9_Outlook_Express_message_boundary Content-Type: application/mixed; name="DC TOOLZ.zip.bat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="DC TOOLZ.zip.bat" The NIPC and FedCIRC have recently received information on attempts to locate, obtain control of and plant new malicious code known as "W32-Leaves.worm" on computers previously infected with the SubSeven Trojan. The default ports for SubSeven to listen for network traffic are 16959/tcp and 27374/tcp, though the numbers can be changed. Full descriptions and removal instructions of a number of SubSeven variants can be found at various anti-virus firm Web sites, including the following: A computer security unit within the U.S. Federal Bureau of Investigation has detected a series of intrusions into U.S. government networks under an investigation code named Moonlight Maze, and the intrusions appear to have originated from Russia, an FBI official told Congress this week. A spokesman for the Russian embassy here today quoted the head of the press service for the Russian foreign intelligence service, Nikita Rabusov, as saying the Russian special services have "no relation whatsoever" to the theft of information from computer networks of the U.S. federal agencies. "American specialists have failed to establish from where this intrusion originated," the embassy official quoted Rabusov as saying in an interview with the Russian news agency Itar-Tass. "They only indicated that it comes from a software company said to be reverse-engineering the products of leading American software companies. Russian special services are not so stupid to undertake such an operation, in case the necessity arises, directly from Moscow." Please report computer crime to your local FBI office (www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Incidents may be reported online at www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit also can be reached at (202) 323-3204/3205/3206, or nipc.watch@fbi.gov. References to ECONCOM are to be deleted ASAP from all departmental systems. SLAM DUNK cover to be vetted by NIPC for release to journalists. Oakland and Monterey offices to coordinate. Michael Vatis, deputy assistant director and chief of the Federal Bureau of Investigation's National Infrastructure Protection Center (NIPC) created February 26, 1998, told the Senate Judiciary Subcommittee on Terrorism, Technology and Government Information June 29 that 'crypto anarchists" see Washington's computers as "the final exam, the ultimate challenge, the enemy which must be destroyed." Agents are advised to seek out means of forcing these persons out of the public debate. Internal Memorandum. The FRENZY Conference was a fantastic showing of our capabilities for covert entry into target computers. PDs across the country are asking how they can get their own CARNIVORE systems. Here is one such request: "We've bought so many necessary items from vendors who attended the last FRENZY Conference ... the Conference was definitely one of the best I've attended. I was particularly impressed by how easy the Carnivore system was to set up." Rick Smithman, Criminalistics Bureau Administrator, Lodi Police Department With this thought in mind, The Laissez Faire City Times interviewed Ed Hertzog, editor of The Free Associator, an interesting e-zine that wants to facilitate Digital Anarchy. This interview is a little mirror of an underground, libertarian world, whose landmarks and standard-bearers are John Perry Barlow and Neal Stephenson, Nicholas Negroponte and Ayn Rand, Louis Rossetto and David Friedman. NIPC has been tasked to assist in the take-down of a high-profile hacker terrorist at the DefCon conference next week in Las Vegas. The take-down is being planned for maximal public impact, as per AG Ashcroft's memo of 24JUN01. Full assistance will be provided by NIPC. Plain clothes agents will be at the conference to render assistance.