Weird message from someone named "NIPC"

Jim Windle jim_windle at eudoramail.com
Wed Jul 25 19:16:53 PDT 2001


NIPC=National Infrastructure Protection Center 
--

On Wed, 25 Jul 2001 18:42:34   Tim May wrote:
>
>Cypherpunks,
>
>I've been getting anywhere from 10 to 30 "SirCam" worm messages a 
>day. The volume is now declining. Most have attached files containing 
>fragments of Microsoft Word documents, apparently extracted from the 
>disk drive of the sender. Most are the usual garbage people write to 
>each other, but some of the ones from corporations have been 
>interesting. And this one, assuming it is real, seems to have 
>orginated from within some department of the government called "NIPC."
>
>It must be bogus.This does not seem plausible, that they would send 
>me something, so I expect a hoax.
>
>The attached filed, with the message, is 926 K, so I'm only enclosing 
>a few tantalizing sections.
>
>I really cannot imagine why I am getting these SirCam messages from 
>some government agency named "NIPC," unless for some reason my e-mail 
>address is in their address book. How could that happen?
>
>(BTW, many of the SirCam messages have clock dates which are wrong. 
>This one is incorrectly dated "8/24/01".)
>
>At 2:39 PM -0400 8/24/01, NIPC Intern42 wrote:
>------017B5BE9_Outlook_Express_message_boundary
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: quoted-printable
>Content-Disposition: message text
>
>Hi! How are you=3F
>
>I send you this file in order to have your advice
>
>See you later=2E Thanks
>
>------017B5BE9_Outlook_Express_message_boundary
>Content-Type: application/mixed; name="DC TOOLZ.zip.bat"
>Content-Transfer-Encoding: base64
>Content-Disposition: attachment;  filename="DC TOOLZ.zip.bat"
>
>
>The NIPC and FedCIRC have recently received information on attempts 
>to locate, obtain control of and plant new malicious code known as 
>"W32-Leaves.worm" on computers previously infected with the SubSeven 
>Trojan.
>
>The default ports for SubSeven to listen for network traffic are 
>16959/tcp and 27374/tcp, though the numbers can be changed. Full 
>descriptions and removal instructions of a number of SubSeven 
>variants can be found at various anti-virus firm Web sites, including 
>the following:
>
>
>
>A computer security unit within the U.S. Federal Bureau of 
>Investigation has detected a series of intrusions into U.S. 
>government networks under an investigation code named Moonlight Maze, 
>and the intrusions appear to have originated from Russia, an FBI 
>official told Congress this week. A spokesman for the Russian embassy 
>here today quoted the head of the press service for the Russian 
>foreign intelligence service, Nikita Rabusov, as saying the Russian 
>special services have "no relation whatsoever" to the theft of 
>information from computer networks of the U.S. federal agencies.
>
>"American specialists have failed to establish from where this 
>intrusion originated," the embassy official quoted Rabusov as saying 
>in an interview with the Russian news agency Itar-Tass. "They only 
>indicated that it comes from a software company said to be 
>reverse-engineering the products of leading American software 
>companies. Russian special services are not so stupid to undertake 
>such an operation, in case the necessity arises, directly from 
>Moscow."
>
>Please report computer crime to your local FBI office 
>(www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate 
>authorities. Incidents may be reported online at 
>www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit also 
>can be reached at (202) 323-3204/3205/3206, or nipc.watch at fbi.gov.
>
>References to ECONCOM are to be deleted ASAP from all departmental 
>systems. SLAM DUNK cover to be vetted by NIPC for release to 
>journalists. Oakland and Monterey offices to coordinate.
>
>
>Michael Vatis, deputy assistant director and chief of the Federal 
>Bureau of Investigation's National Infrastructure Protection Center 
>(NIPC) created February 26, 1998, told the Senate Judiciary 
>Subcommittee on Terrorism, Technology and Government Information June 
>29 that 'crypto anarchists" see Washington's computers as "the final 
>exam, the ultimate challenge, the enemy which must be destroyed." 
>Agents are advised to seek out means of forcing these persons out of 
>the public debate.
>
>
>Internal Memorandum. The FRENZY Conference was a fantastic showing of 
>our capabilities for covert entry into target computers. PDs across 
>the country are asking how they can get their own CARNIVORE systems. 
>Here is one such request:
>
>"We've bought so many necessary items from vendors who attended the 
>last FRENZY Conference ... the Conference was definitely one of the 
>best I've attended. I was particularly impressed by how easy the 
>Carnivore system was to set up."
>
>Rick Smithman, Criminalistics Bureau Administrator, Lodi Police Department
>
>
>
>With this thought in mind, The Laissez Faire City Times interviewed 
>Ed Hertzog, editor of The Free Associator, an interesting e-zine that 
>wants to facilitate Digital Anarchy. This interview is a little 
>mirror of an underground, libertarian world, whose landmarks and 
>standard-bearers are John Perry Barlow and Neal Stephenson, Nicholas 
>Negroponte and Ayn Rand, Louis Rossetto and David Friedman.
>
>
>NIPC has been tasked to assist in the take-down of a high-profile 
>hacker terrorist at the DefCon conference next week in Las Vegas. The 
>take-down is being planned for maximal public impact, as per AG 
>Ashcroft's memo of 24JUN01. Full assistance will be provided by NIPC. 
>Plain clothes agents will be at the conference to render assistance.
>
>


Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com





More information about the cypherpunks-legacy mailing list