Weird message from someone named "NIPC"
David Honig
honig at sprynet.com
Wed Jul 25 23:10:14 PDT 2001
At 01:15 AM 7/26/01 -0400, Declan McCullagh wrote:
>There seem to be three explanations.
Yes. But we can assume that TM knows who NIPC are. (And
vice-versa :-) Ergo, this is Tim's humor.
But it almost caught me too.
>1. Tim is having some fun with us. It would be easy for him to do so, and
>NIPC (an FBI subagency) has been in the news today, with a WSJ article
>this morning posted to the list and a Senate hearing this afternoon.
>Tim's written similar things before and posted them straight-faced:
>http://www.politechbot.com/p-01332.html
>
>2. Someone is spoofing NIPC email and having fun with Tim.
>
>3. This really did originate from within NIPC and is a major
>cypherpunk intelligence find. The WSJ article
>(http://www.politechbot.com/p-02306.html) says NIPC has been hit by
>Sircam, which scans hard drives for email addresses in documents and
>mail archives, according to descriptions I've read. Reports say Sircam
>emails working documents (in My Documents or whatnot folder) and this
>could have happened.
>
>-Declan
>
>
>
>On Wed, Jul 25, 2001 at 06:42:34PM -0700, Tim May wrote:
>> Cypherpunks,
>>
>> I've been getting anywhere from 10 to 30 "SirCam" worm messages a
>> day. The volume is now declining. Most have attached files containing
>> fragments of Microsoft Word documents, apparently extracted from the
>> disk drive of the sender. Most are the usual garbage people write to
>> each other, but some of the ones from corporations have been
>> interesting. And this one, assuming it is real, seems to have
>> orginated from within some department of the government called "NIPC."
>>
>> It must be bogus.This does not seem plausible, that they would send
>> me something, so I expect a hoax.
>>
>> The attached filed, with the message, is 926 K, so I'm only enclosing
>> a few tantalizing sections.
>>
>> I really cannot imagine why I am getting these SirCam messages from
>> some government agency named "NIPC," unless for some reason my e-mail
>> address is in their address book. How could that happen?
>>
>> (BTW, many of the SirCam messages have clock dates which are wrong.
>> This one is incorrectly dated "8/24/01".)
>>
>> At 2:39 PM -0400 8/24/01, NIPC Intern42 wrote:
>> ------017B5BE9_Outlook_Express_message_boundary
>> Content-Type: text/plain; charset=ISO-8859-1
>> Content-Transfer-Encoding: quoted-printable
>> Content-Disposition: message text
>>
>> Hi! How are you=3F
>>
>> I send you this file in order to have your advice
>>
>> See you later=2E Thanks
>>
>> ------017B5BE9_Outlook_Express_message_boundary
>> Content-Type: application/mixed; name="DC TOOLZ.zip.bat"
>> Content-Transfer-Encoding: base64
>> Content-Disposition: attachment; filename="DC TOOLZ.zip.bat"
>>
>>
>> The NIPC and FedCIRC have recently received information on attempts
>> to locate, obtain control of and plant new malicious code known as
>> "W32-Leaves.worm" on computers previously infected with the SubSeven
>> Trojan.
>>
>> The default ports for SubSeven to listen for network traffic are
>> 16959/tcp and 27374/tcp, though the numbers can be changed. Full
>> descriptions and removal instructions of a number of SubSeven
>> variants can be found at various anti-virus firm Web sites, including
>> the following:
>>
>>
>>
>> A computer security unit within the U.S. Federal Bureau of
>> Investigation has detected a series of intrusions into U.S.
>> government networks under an investigation code named Moonlight Maze,
>> and the intrusions appear to have originated from Russia, an FBI
>> official told Congress this week. A spokesman for the Russian embassy
>> here today quoted the head of the press service for the Russian
>> foreign intelligence service, Nikita Rabusov, as saying the Russian
>> special services have "no relation whatsoever" to the theft of
>> information from computer networks of the U.S. federal agencies.
>>
>> "American specialists have failed to establish from where this
>> intrusion originated," the embassy official quoted Rabusov as saying
>> in an interview with the Russian news agency Itar-Tass. "They only
>> indicated that it comes from a software company said to be
>> reverse-engineering the products of leading American software
>> companies. Russian special services are not so stupid to undertake
>> such an operation, in case the necessity arises, directly from
>> Moscow."
>>
>> Please report computer crime to your local FBI office
>> (www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate
>> authorities. Incidents may be reported online at
>> www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit also
>> can be reached at (202) 323-3204/3205/3206, or nipc.watch at fbi.gov.
>>
>> References to ECONCOM are to be deleted ASAP from all departmental
>> systems. SLAM DUNK cover to be vetted by NIPC for release to
>> journalists. Oakland and Monterey offices to coordinate.
>>
>>
>> Michael Vatis, deputy assistant director and chief of the Federal
>> Bureau of Investigation's National Infrastructure Protection Center
>> (NIPC) created February 26, 1998, told the Senate Judiciary
>> Subcommittee on Terrorism, Technology and Government Information June
>> 29 that 'crypto anarchists" see Washington's computers as "the final
>> exam, the ultimate challenge, the enemy which must be destroyed."
>> Agents are advised to seek out means of forcing these persons out of
>> the public debate.
>>
>>
>> Internal Memorandum. The FRENZY Conference was a fantastic showing of
>> our capabilities for covert entry into target computers. PDs across
>> the country are asking how they can get their own CARNIVORE systems.
>> Here is one such request:
>>
>> "We've bought so many necessary items from vendors who attended the
>> last FRENZY Conference ... the Conference was definitely one of the
>> best I've attended. I was particularly impressed by how easy the
>> Carnivore system was to set up."
>>
>> Rick Smithman, Criminalistics Bureau Administrator, Lodi Police Department
>>
>>
>>
>> With this thought in mind, The Laissez Faire City Times interviewed
>> Ed Hertzog, editor of The Free Associator, an interesting e-zine that
>> wants to facilitate Digital Anarchy. This interview is a little
>> mirror of an underground, libertarian world, whose landmarks and
>> standard-bearers are John Perry Barlow and Neal Stephenson, Nicholas
>> Negroponte and Ayn Rand, Louis Rossetto and David Friedman.
>>
>>
>> NIPC has been tasked to assist in the take-down of a high-profile
>> hacker terrorist at the DefCon conference next week in Las Vegas. The
>> take-down is being planned for maximal public impact, as per AG
>> Ashcroft's memo of 24JUN01. Full assistance will be provided by NIPC.
>> Plain clothes agents will be at the conference to render assistance.
More information about the cypherpunks-legacy
mailing list