compiled by Dee Finney


8-26-2001 - DREAM - (FEAR) (This was like being in a movie.) I'm having a hard time remembering exactly how I got into this situation, but once I got into it, it was like being in a Stephen King novel.  My husband and kids were sitting outside in the car waiting for me while this was going on.  It occurred because I offered to give this woman's husband a ride in the car to work so he wouldn't be late. The woman agreed that would work out great so I went upstairs to her apartment with her while she went to get her husband and tell him the good news.

Her husband worked in the bank on the way to where I worked.

Once I entered the woman's apartment, it was like  being in another realm completely. Even the air felt heavy to breathe and events seemed rather normal, but took enormous effort and time to do.

When we got inside the apartment, the woman asked me if she could take my coat. As it was rather warm in the apartment and I was very over-dressed, I let her take my coat and hang it in the closet.  (Big mistake)

She left me then to go get her husband out of bed so we could give him a ride to work.

While she was gone, I met other people and other events took place which I couldn't see, but I could hear occurring in other rooms.

She asked me from the other room how much I paid for my shoes. I said, "$75."  She said, "I could tell. They are made of real high-quality leather compared to other shoes I've seen."

I agreed and began a discussion of high heeled shoes and the thinness of the leather and straps, while mine were flat and black and had a grid-like mesh across the toes and were extremely sturdy.

At tis point, the woman's husband came out of the bedroom. He was fully dressed and ready for work except for his coat. He rather resembled an engineer I used to work with.

I had just seen myself in a mirror and was wearing a slim, well-fitting dark red and black print dress which looked like silk and my hair was a big pouf of dark curls on my head, unlike my regular blonde, straight hair, which I currently have.

I wondered if he thought I looked sexy.

He walked past me and went into another room to get something .  I asked the woman if she would get my coat for me as I thought we would be leaving right away. I saw on the clock that it was 9:10 a.m. and we were all late already.

She said she would get my coat but went into another room and didn't come back right away, so I went to the closet myself to get the coat. My coat was a two-piece deal, such-like a thin short undercoat, with a heavier overcoat.

I put on the thin undercoat first, which was made of silk brocade, a rather golden-black color with fleur-de-lis print and the sleeves and collar had heavy white fur on them to keep the wind from coming up the sleeves or down the neck of the overcoat in winter.

I have to admit that when I saw all the fur, I wondered what animal lovers would say if they saw this coat.

When I put my coat on, I noticed when I looked in the mirror that my hair had gotten a little messed up, so I went into the bathroom to comb my hair.

There was nothing fancy about the bathroom, it wasn't very large, but it had a closet of some sort with a plastic curtain over the door and there were two high-boy wooden dressers and on top of each dresser which were 'his' and 'hers' ... a brush laying on it's back with two combs stuck down into the bristles in each one. Her brush and combs had thin handles, and his brush and combs had heavy thick handles.

I decided I would use 'his' comb for my hair which I did and my hair looked great. I noted that the woman's hair was just like mine, only a little shorter.

I left the bathroom and went into the livingroom, whereupon I heard a commotion going on back in the bathroom,... a lot of noise of banging and a falling body.

The woman hollered out to me, "You are going to owe me for this. Your cat got into things and knocked them over."

Since I hadn't come in with a cat and didn't even own a cat so that didn't make sense. I remembered the fur on my coat and thought perhaps she meant that but I wasn't in the bathroom when the noise occurred.

Just then another woman appeared from a back room. She was wearing a thinner beige winter coat and she was all upset. She looked like a younger version of myself.

She walked through the room and into another room and I could hear her tell the older woman she was going to work. The woman told her, "Oh, no you're not." and I couldn't figure out why she wouldn't allow her to go to work. That didn't make sense.

The husband again walked through the room, but he had changed. Now he looked like David R., who was married to my best friend Terry all those many years ago when we were in our 20's. Only now he was shorter and thinner than the first time I saw him.

I went into the livingroom where the two women were. The older woman was sitting on the floor, cross-legged, with a long thin partitioned box in front of her on the floor.  There were letters on the lids of the box's partitions. (This looked like a large size pill container that older people use to keep track of their pills for a week)

The younger woman was standing in front of her, angry that the older woman wouldn't let her leave to go to work.

She said to the older woman, "I know how you are controlled and I know how you control me."  She bent down and pounded on the lids of the box, each in turn, with the side of her fist... she hit the letters, 'F - N - T - N'.

The older woman was angry now too.

I turned and watched the husband ... David ... walk through the room again. Now he was even shorter. All he was, was a head on top of two legs with no apparent body. He said as he went past, "I used to think it would be fun to be blonde."

He then went back into the bedroom.

I was so disgusted. I could hardly believe how he was changing.

I turned back to the older woman and repeated what the other woman had done. I said, "You aren't going to control me either", and I too pounded on the box lids with my fist ... 'F - N - T - N".

I turned to leave the room and said, "I will be leaving to go to work now."  I looked down to my hands to make sure I had my wallet with me which I did.

She said firmly, "Oh, no you won't".

By now, I had already walked to the hallway, near the door. I hollered back, "The only way you'll be able to stop me now is with a shotgun," and instantly regretted my words, because ahead of me was the open door to the hallway with the coat closet which led to the bedroom beyond it where the husband was.

My fear instantly arose and I knew that if I took another step forward to leave that David, the husband would appear in that doorway with a shotgun pointed at me.

My neck became hot and burning and heat rose into my face and my heart started to pound and I froze in my tracks, afraid to take another step forward. .... and woke up feeling the same way.  I was too afraid to go back to sleep so I got up.

DREAM 2 - After researching F N T N, and finding out what it might mean, I suddenly got really tired and was forced to go lay down to sleep again.

DREAM - I was standing by the road, waiting to catch a bus. The bus arrived and as I got on, it seemed I was getting on at the rear/side exit, and there was a dark green curtain hiding the bus driver from this doorway.

A woman handed me an envelope and said, "This is for you."

I looked at the envelope and it was a window envelope and the letter inside was addressed to "Mrs. Webb TV." I tried to hand the letter back to her, saying, "This isn't for me."

She said, "Your name is Mrs. Webb ... isn't it?"  I said, "Yes!"  

She said, "Then this is for you."

The scene switched to when I was getting off the bus. I found a large diaper bag by the side of the road, that didn't have diapers in it. It was open and looked more like a black satchel with other small brown bags in it, and I thought I saw big black ants crawling in it, but I wasn't certain about that.

I put the black diaper bag on the table inside a house (I don't know whose house this was) I started to look inside and now I saw HUGE black ants and bugs crawling around inside the bag. It was really nasty looking. I needed to empty out this bag and put the little bags where they belonged.

This diaper bag, I discovered belonged to my sister-in-law Mary. She was sitting there, but wasn't aware that all these ants were in the bag.

My son Bill was standing there also. He was about 4 years old.

The first brown bag I took out of the diaper bag was full of Tinker Toy wheels, but no sticks to hold them all together. There were just the hubs.

There was another bag in there which was full of small metal toys. I looked at them. there were army tanks, jeeps, soldiers, etc.  I gave this bag to my son Bill to take care of.

Another brown bag was full of ' rotten apples'. I could smell them as soon as I opened the bag.  I closed this bag again and set it aside.

I then took the diaper bag to the sink and filled it full of clear water, but the water that came out of the bag looked like coffee. I filled it full of clear water again and again until the water which came out was pure water again.

When I handed the diaper bag back to my sister-in-law, it was pure white inside.

I then had a couple of newspapers in my hands and there was trash receptacle nearby that looked like a wooden wine keg. It was full of trash, but I could tell what it was. It was all black.

I put one newspaper down on top of the wine keg and as soon  as I did, someone snatched it away. I had another newspaper still and put that one down on top of the wine keg also. as soon as I did, someone snatched that one away too.

ANALYSIS OF THE DREAMS:  FNTN became apparent when I went on the internet. I have put the news of these pages below.

The Tinker-toys as everyone is aware, are a series of hubs/wheels that uses long and short sticks to hold them together at various angles to create a network of sticks and hubs to create whatever the maker wants them to look like, whether it be a house, a car, a truck, an animal or whatever you can imagine.  A hub/wheel/stick symbolism to me looks exactly like a map of the internet if you've even seen that on the web.   The fact that this brown bag only had the wheels/hubs and no sticks means that they had been removed from whoever owned them.

The bag with the metal toys which were also symbolic of the U.S. Army/military were also stolen from whoever owned them.

The bag with the 'rotten apples' is rather indicative of the symbolism "One rotten apple spoils the whole barrel". Rotten apples are indicative of 'evil'.  

The Mary with the baby symbolism brings to mind 'Jesus and his Mother Mary'. Interestingly enough, I've been working on a series of web pages with the Dire Messages of Jesus and Mary.

Ants and bugs in dreams are symbolic of irritations or problems. The bigger the ant/bug, the bigger the problem.

The coffee water in the diaper bag is symbolic of being awake. Coffee is what we drink to wake up in the morning. Jesus also said,

Mat 26:38,40 (Phi) ...he told them, "stay here and keep watch with me."... He spoke to Peter, "Couldn't you three stay awake with me for a single hour? Watch and pray, all of you, that you may not have to face temptation. Your spirit is willing, but human nature is weak."

Luke 22:45-46 (NIV) When he rose from prayer and went back to the disciples, he found them asleep, exhausted from sorrow. "Why are you sleeping?" he asked them. "Get up and pray so that you will not fall into temptation."

Col 4:2 (Jer) Be persevering in your prayers and be thankful as you stay awake to pray.

Luke 12:37 (NIV) "It will be good for those servants whose master finds them watching when he comes..." [watching here, and in the next verse, is used figuratively.]

Mark 13:36-37 (NIV) "If he comes suddenly, don't let him find you sleeping. What I say to you, I say to everyone: 'Watch!'"

NOTE AND DISCLAIMER:  I have no special knowledge of anything that follows the dream. I am merely writing down my dream and analyzing the symbols and speculating on what all that means.  All I know is the great fear that I felt when I woke up.  I, for one, would feel really terrible if the internet was destroyed, and as far as the rest of world goes, especially the United States, if our internet services were disabled or destroyed, it would be an act of terrorism that we might never recover from.  If anything, it would bring this country to its knees temporarily, and put us back 20 to 30 years technologically.

DISCLAIMER: I am not accusing any of the following people, companies or information services of doing anything secretly or underhanded, or any illegal act, but one can look at them and see for yourselves how the symbolism fits what I dreamed.  

FURTHER NOTES:  'The FNTN' I am using as an example below owns 100% of Chinese holdings.


Internet Terrorism Escalates The New Info-War.

Cyber terrorism is the new face of international warfare, taking
the dangers of Internet crime and anarchy far beyond recipes
for pipe bombs. Cyber terrorists have the capacity to undermine
and disable entire societies without a shot being fired or a missile
launched, says Dr Matthew Warren, a lecturer in information
systems at Deakin University and a specialist on cyber terrorism.


Financial Intranet Inc.


Price as of 3/24: $0.80 Current Quote Chart News SEC Filings

Company Website: Financial Intranet Inc.

Financial Intranet Inc. is a network service provider of video-on-demand learning services, interactive video teleconferencing, mutual fund product information, and news and analysis. The Company provides these services through its proprietary, on-demand data and video financial information network that links the brokerage and mutual fund industry to the individual investor. Strategic partners with Siemens, S&P Comstock, Global Crossing (GBLX), MyTrack and

This company is a B2B site for financial institutions. We feel institutions rely on companies to provide them with the best information. Financial Intranet's partners our all solid and safe business. We see a lot of business for them in the future. This isn't a short-term play, but more a long term buy. There will probably be a run up on speculation of the new site and if it fulfills everyone's expectations this stock will rock.

They have a new site coming out. The site, which is projected to be fully functional within the next three weeks, will host and serve streaming media programming featuring public company & mutual fund executives, as well as on line investment tools and market information. The site will also be the portal into FNTN's secure business-to-business Intranet for investment professionals. We are hoping this site is as good as what people think it will be. More info on FNTN

Financial Intranet Inc.
410 Saw Mill River Road
Ardsley NY 10502
Phone: 914-693-5060
Contact: Michael Sheppard

August 20, 2001


Quarterly Report (SEC form 10QSB)

Item 2. - Management's Discussion and Analysis of the Plan of Operations


Technest Holdings, Inc. is a Georgia based company that has its executive offices in Atlanta, Ga and Ridgefield, CT and currently holds a 100% ownership interest in a Chinese Internet content provider and a Technology development company in Georgia.

In April 2001 the company acquired, Inc. a privately held development company based in Atlanta, GA. Technest has a corporate strategy of identifying and accelerating the growth and maturity of talented technology companies with innovative ideas. This business model fit into the restructuring of Technest Holdings, Inc formally Financial Intranet, Inc. as an emerging growth and development Company. The acquisition was for 100% of Technest for 90% of Financial Intranet common stock. The acquisition has been accounted for as a reverse acquisition under the purchase method for business combinations. The combination of the two companies is recorded as a recapitalization of Technest, pursuant to which Technest is treated as the continuing entity.

Results of operations


Revenues for the six months ended June 30, 2001 were $1,037,096 as compared to $19,000 for the six months ended June 30, 2000. Revenues for the six months ended June 30, 2001 included realized gains from security transactions of approximately $875,000. The increase was a result of realized gains from security transactions.

Selling, general and administrative expenses

Selling, general and administrative expenses for the six months ended June 30, 2001 were $1,018,016 as compared to $209,376 for the six months ended June 30, 2000. The June 30, 2000 period represented a shorter period of operations as the Company began operations during May 2000. Extraordinary Gain

The extraordinary gain of $100,000 for the six months ended June 30, 2001 represents settlement of accounts payable.

Liquidity and capital resources

Cash was $958,388 and $160,749 at June 30, 2001 and December 31, 2000, respectively.

Net cash used in operating activities was $168,777 for the six months ended June 30, 2001. Cash used in operating activities was primarily attributable to a decrease in accounts payable and accrued expenses of $242,294. This was partially offset by non-cash items such as depreciation and amortization of $120,998. Net cash provided by operating activities for the six months ended June 30, 2000 was $76,685, which was principally due to the net loss from continuing operations offset primarily by an increase in accounts payable and accrued expenses of $108,585 and an increase in deferred revenue of $132,000.

Net cash provided by investing activities of $390,693 for the six months ended June 30 2001, increased $2,134,908 from ($1,744,215) for the six months ended June 30, 2000. Investing activities for the six months ended June 30, 2000 was primarily attributable to the purchase investments. Net cash provided by financing activities for the six months ended June 30, 2001 was $20,015 and consisted of proceeds from convertible notes. Net cash provided by financing activities for the six months ended June30 2000 was $4,375,000, which were proceeds from the issuance of preferred stock.

We anticipate that we can continue, in the ordinary course of business from funds provided from operations.

Forward-looking statements in this report may prove to be materially inaccurate. In addition to historical information, this report contains forward-looking information that involves risks and uncertainties. The words "may", "will", "expect", "anticipate", "continue", "estimate", "project", "intend" and similar expressions are intended to identify forward-looking statements. Actual results may differ materially from those included within the forward-looking statements as a result of factors, including the risks described above and factors described elsewhere in this report.

August 09, 2001


On July 11, 2001, Financial Intranet, Inc. ("Financial Intranet" or the "Company") completed its acquisition of all the outstanding capital stock of, Inc., a Delaware corporation ("Technest"), pursuant to an Agreement and Plan of Reorganization dated March 21, 2001, among Financial Intranet, Technest and all of the stockholders of Technest (the "Agreement"). The stockholders of Technest have received an aggregate of 33,450,000 shares of Financial Intranet's common stock in exchange for all of the outstanding shares of Technest common stock owned by them. Technest is now a wholly-owned subsidiary of Financial Intranet. The 33,450,000 shares of Financial Intranet common stock issued to the Technest stockholders is equal to approximately 90% of the total number of Financial Intranet shares of common stock currently outstanding.

On March 19, 2001, the Board of Directors of Financial Intranet approved a 1-for-35 reverse split of Financial Intranet's common stock. After the reverse split became effective on April 2, 2001, Financial Intranet possessed only 10,000,000 shares of common stock available for issuance to Technest's stockholders. To complete the transaction, on March 19, 2001, Financial Intranet's Board of Directors unanimously approved, and recommended to Financial Intranet's stockholders, an amendment to Financial Intranet's Articles of Incorporation to increase the number of the company's authorized shares of common stock to 500,000,000 (the "Authorized Share Increase"). On June 14, 2001, the Company filed a Definitive Proxy Statement on Schedule 14A describing the items to be presented to the stockholders for approval. On June 28, 2001, holders of a majority of Financial Intranet's outstanding shares of common stock voted on and approved, among other things, (i) a change of name from "Financial Intranet, Inc." to "Technest Holdings, Inc." and (ii) the Authorized Share Increase. The name change and the Authorized Share Increase became effective on July 9, 2001, upon the filing of the Company's Certificate of Amendment to the Articles of Incorporation with the Nevada Secretary of State. On July 11, 2001, Financial Intranet delivered the remaining 23,450,000 shares of its common stock it owed to the Technest stockholders under the Agreement.

May 18, 2001


Quarterly Report (SEC form 10QSB)

Item 2. - Management's Discussion and Analysis of or Plan of Operations


Financial Intranet, Inc. is a Connecticut based company that currently holds a 100% ownership interest in a Chinese Internet content provider.

Results of operations


Do to the discontinuance of our domestic operations; we have eliminated all of the revenue associated with our activities in the United States, and as such only report earnings consolidated through our Chinese subsidiary. Such revenue totaled $1,719 for the quarter ended March 31, 2001

Cost of revenue

Do to the discontinuance of our operations, we eliminated all of the costs of revenue associated with our activities in the United States, and as such only report such costs consolidated through our Chinese subsidiary. Such costs totaled $86 for the quarter ended March 31, 2001.

Selling, general and administrative expenses

General and administrative expenses consist primarily of: promotional, advertising and public relations costs

employee compensation and related expenses (including payroll taxes and benefits) for executive, administrative and operations personnel

licensing, legal and other professional fees

travel and entertainment

facility and office-related costs such as rent, insurance, maintenance and telephone.

These costs increased, from $30,931 in 2000 to $226,122 in 2001 after taking into consideration certain costs eliminated due to the discontinuing of certain operations of the Company.

Stock compensation expenses

Other expenses charged to operations consist of non-cash costs of the issuance of common stock, warrants, and stock options. These expenses decreased 100% from $40,751 in 2000 to no compensation expense in 2001. The restructuring of the Company should have no material effect on stock compensation expenses in the near future.

Depreciation and amortization

Depreciation and amortization consists primarily of depreciation of computer equipment, amortization of software development costs, exclusive of a write down of assets due to the discontinuance of certain of the Company's domestic operations. Depreciation and amortization was $28,612 and $6,000 in the first quarters of 2001 and 2000, respectively although the amount for the first quarter of 2000 was eliminated in the accounting for discontinued operations.

Other income and expense

Other income consists principally of interest from loans, notes receivable and short-term investments. Interest and other income increased to $26,500 for the three months ended March 31, 2001 from $2,736 for the three months ended March 31, 2000. The $23,764 increase is due primarily to the recording of the beneficial conversion feature on the convertible note payable. Interest expense consists of interest accrued on loans and convertible notes payable. Interest income or expense is not expected to be affected by the discontinuance of certain of the Company's operations.

Income taxes

No provision for federal and state income taxes has been recorded as the Company incurred net operating losses in the first quarter of 2000and 2001. The net operating losses will be available to offset any future taxable income. Given the Company's limited operating history, losses incurred to date and the difficulty in accurately forecasting future results, management does not believe that the realization of the potential future benefits of these carry forwards meets the criteria for recognition of a deferred tax asset required by generally accepted accounting principles. Accordingly, a full 100% valuation allowance has been provided.

Liquidity and capital resources

Cash and cash equivalents were $28,224 and $160,749 at March 31, 2001 and December 31, 2000, respectively.

The Company had negative working capital of $235,900 at March 31, 2001. Net cash used in operating activities was $204,124 for the three months ended March 31, 2001. Cash used in operating activities was primarily attributable to a net loss of $254,476. This was partially offset by non-cash items such as depreciation and amortization of $28,612. Net cash used in operating activities for the three months ended March 31, 2000 was $425,857, which was principally due to the net loss from continuing operations of $483,874 offset primarily by a non-cash compensation expense resulting from stock options granted and issuance of stock for consulting fees of $50,751, interest expense on conversion of promissory notes into equity of $394,747, and loss from discontinued operations of $378,797.

Net cash used for investing activities of $3,401 for the three months ended March 31, 2001, decreased $496,496 from $499,897 for the three months ended March 31, 2000. Investing activities for the three months ended March 31, 2000 was primarily attributable to the purchase of the LNT assets and an investment in The Energy Corp., a Florida based intellectual property company with patents related to the wireless communications industry. Net cash provided by financing activities for the three months ended March 31, 2001 was $75,000 and consisted of proceeds from demand notes. Net cash provided by financing activities for the three months ended March 31 2000 was $1,960,629, and consisted primarily of proceeds from the issuance of common stock and demand notes.

In January 2001 the Company issued an unsecured 8% convertible promissory note in the principal amount of $75,000 due on August 31, 2001.

The Company has satisfied its cash requirements to date primarily through public and private placements of common stock, warrants, debentures convertible into shares of common stock and the issuance of common stock in lieu of payment for services. Also, officers have loaned the Company funds as needed to provide working capital.

We anticipate that we can continue, in the ordinary course of business with additional financing transactions, whether such financings are from additional offerings or other sources, to continue our existence in the United States and China through June 2002.

In April 2001 we acquired, Inc. a privately held development company based in Atlanta, GA. Technest has a corporate strategy of identifying and accelerating the growth and maturity of talented technology companies with innovative ideas. This business model fit into the restructuring of Financial Intranet as an emerging growth and development Company. The acquisition was for 100 percent of Technest for Financial Intranet common stock.

Forward-looking statements in this report may prove to be materially inaccurate. In addition to historical information, this report contains forward-looking information that involves risks and uncertainties. The words "may", "will", "expect", "anticipate", "continue", "estimate", "project", "intend" and similar expressions are intended to identify forward-looking statements. Actual results may differ materially from those included within the forward-looking statements as a result of factors, including the risks described above and factors described elsewhere in this report.


Monday August 6, 2001 5:18 pm Eastern Time

Experts warn "Code Red II" a meaner Internet worm

By Elinor Mills Abreu

SAN FRANCISCO, Aug 6 (Reuters) - A smarter and nastier version of the ``Code Red'' worm is spreading across the Internet, potentially exposing sensitive information and setting infected computers up to launch attacks on other Web servers, security experts said on Monday.

The new worm, dubbed ``Code Red II'' surreptitiously infects computers running Microsoft's (NasdaqNM:MSFT - news) Windows NT or 2000 operating systems and its Internet Information Server Web server software, and then spreads to other machines.

The malicious program, which first surfaced on Saturday, is not spreading any faster than its predecessor, but it could prove to be far more damaging because of the way that it leaves servers vulnerable to future hacking, experts said.

``Every single human being on the Internet with a clue can break into your server if you have been infected by Code Red II,'' said Alan Paller, research director at the Systems Administration, Networking and Security Institute (SANS).

``If you have credit card numbers stored on your Web server you have to consider them forfeit,'' Paller added.

Computers infected by the virus are easy targets for malicious hackers who could find potential victims by simply looking at the Internet addresses of the computers that are scanning their own Web-connected computers, experts said.

``The people who run Web sites are frantic,'' Paller said. ``The companies that run big Web hosting services, they're just getting hammered.''

Code Red II installs a ``back door'' onto an infected computer's machine that would allow anyone using a Web browser to remotely access the server and execute commands, said Elias Levy, chief technology officer at


The new worm also allows a remote attacker to access files on the computer's ``C'' and ``D'' drives, Levy said.

``We're seeing some indication that people are starting to look through the back doors,'' said Levy, who captured a version of the new worm on Saturday.

``The number of potentially vulnerable machines has gone down,'' Levy said. However, Code Red II ``is a lot more aggressive and fast than the old worm.''

Machines infected by Code Red I scan 100 other computers at a time looking for vulnerable computers to infect, Levy said.

Machines infected with Code Red II running Chinese language versions of the Microsoft software can scan and spread to 600 other computers simultaneously and all other infected computers can spread to 300 other machines simultaneously, Levy said.

Code Red II also is able to move quicker than Code Red I because it doesn't wait for connections to time-out when scanning other computers that might be unreachable, Levy said.

The new worm also doesn't just scan random numeric Internet protocol (IP) addresses looking for new computers to infect, but selects IP addresses that look like they may be in the same network as the infected computer, to increase the likelihood of finding susceptible victims, Levy added.

For instance, digital subscriber line and cable modem users are Fa???ed by others who use the same network service, experts said.

"It will tend to sweep through?



There appear to be an estimated 150,000 to 160,000 Web-connected computers infected with one worm or the other, and around 70,000 infected by both worms, Levy said.

That is a large number considering that it only takes 200 computers to effectively shut down a Web site by launching a distributed denial of service attack, Paller said. In a denial of service attack a Web site is bombarded with so much traffic that no one else can access the site.

Code Red originally was written to launch such an attack on the White House Web site ( but the attack was averted by changing the IP address of the Web server in July.

The worm was written to go dormant on the 28th of the month, but infected computers with incorrect internal clocks caused the worm to begin spreading again on Aug. 1.

More infections are being spread from the U.S., Korea and China than other countries, however experts still don't know the origin of either of the worms, Levy added.

Code Red first became a threat in mid-July, hitting an estimated 350,000 machines. Another version of the worm has hit an estimated 540,000 computers since Aug. 1, but many of those likely are reinfections of the same computer.

The worm caused no significant impact on overall Internet performance last week, but it did overload some routers and Web sites, forcing them to be taken off-line or to crash.

Network Associates' Mcafee anti-virus software detects and removes the backdoor that Code Red II installs, but the software patch provided by Microsoft is needed to prevent future infections, experts said.

A free software patch with instructions remains available. ( The Mercury Interactive Web is also offering free vulnerability scans for Code Red. (

Wednesday August 01, 2001  09:15 AM EDT

Who is to blame for the Code Red worm?

By Robert Vamosi, Help & How-To

If your Internet connection is slow over the next few weeks, you can blame the Chinese or maybe blame Microsoft, says security expert Robert Vamosi. But you probably should really blame IIS administrators who still have haven't patched their software.

Evidence of Red Worm Attack Keeps Officials Waiting -

COMMENTARY--You may have noticed some extra Internet traffic this morning. As I write this column on Monday afternoon, July 30, dire predictions are being made about the Code Red worm and what it will do to the Internet on Wednesday morning, August 1. Call me an optimist, but I predict you'll be reading this column just fine. That's not to say we should take this whole Code Red event lightly. Not at all.

Analysis has concluded that the worm was launched on July 13 from Foshan University in Guangdong, China. Of course, the Chinese take exception to that. A Chinese network safety official said that Code Red is too sophisticated for China. The official further stated that if the worm did originate in Guangdong, then how come there haven't been more infections in China?

I think that's beside the point. Remember the recent media-inflated United States-Chinese hacker war? The Chinese, especially the students, really wanted to retaliate for their downed fighter jet pilot, so why would they engage in a wimpy Internet war? Why not wait and make a really big statement instead?

Perhaps the Chinese students got their break on June 18, when eYe Digital Security first reported the .ida vulnerability in IIS servers. Microsoft promptly issued its own stern warning that this was indeed serious, and offered a patch. Of course, not everyone got around to patching their IIS servers, and on July 13, less than one month later, the first few infections of Code Red were reported. (For an excellent history of the Code Red worm, see ZDNN's Code Red: What went wrong?)

I'm willing to concede that picking a Microsoft vulnerability (of all things), then choosing only English (U.S.) versions of Windows servers to deface, and attacking no less than the White House, could all just be red herrings. Certainly the message "Hacked by Chinese!" is a little too obvious. But on the other hand, if you have a group of pissed-off students at a university such as Foshan, then Code Red is a brilliant response. I, for one, do not agree with the Chinese network safety official who said he's "never heard of anything so powerful in China." I think that statement belittles Chinese intelligence and skill.

Fortunately, the first incarnation of Code Red is flawed. The random IP address generator uses the same "seed" address, so eventually the spawn of the original worm will begin generating the same IP addresses over again, attacking the same Web sites, creating little motes of denial-of-service attacks during the first 19 days of the month. Had the code been truly random, more sites on the Internet would have been infected before July 19.

What has everyone wondering now is if newer, better variations of Code Red will infect more systems. Or perhaps Code Red would do more than deface English (U.S.) Web servers, or even launch a more successful denial-of-service attack against some target other than the White House. Unfortunately, we'll just have to wait and see.

If your Internet connection is slow over the next few weeks, you can blame the Chinese, blame Microsoft, or even Washington, D.C., but you probably should blame those IIS administrators who still have haven't patched their software.

Tuesday July 31, 2001  01:11 PM EDT

China Denies Code Red Virus Connection

By Robyn Weisman,

Although initial versions of the "Code Red" worm inscribed "Hacked by Chinese" on its Web site defacements, Chinese officials have expressed doubt that the perpetrators of the recently troublesome virus were Chinese.

An official with China's State Office of Network and Information told the Reuters news agency Tuesday that Code Red seemed too sophisticated for the average Chinese hacker.

"I've never heard of anything so powerful in China," said the official. "This is not something that an ordinary person has the skill to create."

Rare in China

IT security experts in China expressed agreement with that assessment, despite widely publicized reports of cyber-skirmishes between Chinese and American hackers earlier this year after a U.S. military spy plane accidentally caused a Chinese fighter jet to crash, killing its pilot.

A spokesperson from China's Computer Virus Treatment Center told news sources that the agency has not received any calls regarding Code Red, nor has the virus had any effect on Chinese servers.

An IT technical support manager employed at a Chinese-based antivirus corporation concurred, adding that the Code Red worm did not evince any Chinese-language characters or any signs of defacement commonly associated with Chinese hackers.

The manager said that Code Red has had a much greater effect in the U.S. and in Europe than in China -- all the more reason to doubt that a Chinese hacker would have launched it.

But Ryan Russell of told NewsFactor: "I don't agree with [the Chinese assessment of why Code Red couldn't have been created by a Chinese hacker]. Had Code Red been created by a Chinese person acting out of a sense of nationalistic pride, they would want it to avoid Chinese servers."

Many Potential Creators

Ben Venzke, CEO of security research firm IntelCenter, told NewsFactor Network that anyone could have created the Code Red worm.

"It could have been anyone from a bored teenager trying to show off his or her skills to someone with a more malicious intent," Venzke told NewsFactor. "There are intelligent coders all around the world, including in China, irrespective of [those] officials' comments."

Venzke also pointed out that Code Red only targets systems that have "US English" selected as the default language. This type of targeting would obviously limit the number of systems impacted in China.

"[It] provides a much clearer explanation [for the virus being Chinese-based] than suggesting an organized plan to avoid Chinese systems," Venzke said.

"In addition, in every analysis I've seen, the worm randomly selects the [Internet provider] addresses of the computers that it's targeting, with no special exclusionary rule for Chinese systems," he added.

Code Red Aptly Named

Venzke said that although Code Red will probably not bring down the Internet, it is nonetheless significant, both for its immediate impact and for the greater security problems it illustrates.

"The environment in cyberspace is different from what we are used to in the physical world, where for the most part a bullet is still a bullet and a car bomb is still a car bomb," Venzke said in a prepared statement earlier on Tuesday. He said the "evolutionary pace" is faster than ever and has global impact, requiring constant vigilance.

Venzke said that the challenge for the security community is to develop proactive measures, rather than just reacting to threats.

Chinese Government Closes 2,000 Cyber Cafes

By Robyn Weisman

NewsFactor Network

July 20, 2001

Experts believe that China's decision to close a number of Internet cafes stems from its inability to effectively monitor the content that patrons view.

Making good on assertions vocalized last spring, the Chinese government has shuttered approximately 2,000 cyber cafes, according to state news source reports published Friday.

In addition to the closures, the government also forced another 6,000 cafes across China to halt their services until they have proven that their policies are in line with those of the many state agencies overseeing issues of culture, dispersal of information, and national security.

The government's official concern was that the cafes were having a pernicious effect on the country's teenagers. State newspapers have made numerous reports that an increasing number of parents were distressed at the amount of time their teenage children were spending at these cafes, claiming the children did not return home for days at a time.

Earlier this month, Chinese president Jiang Zemin was adamant that the government strengthen laws protecting teenagers from online material perceived as pornographic or violent.

Tough to Monitor

Experts believe that China's crackdown on these Internet cafes stems from the government's inability to effectively monitor the content that patrons view. Despite legislation prohibiting pornography and other information deemed to harm the social fabric, people have been popularizing these cafes because their online presence can remain anonymous.

Chinese officials have conceded that monitoring and filtering out undesirable content is nearly unachievable.

And to compound matters, Internet usage has proliferated astronomically just in the last few years. More than 26.5 million Chinese citizens make use of the Internet -- a four-million-person rise since the beginning of this year, and a 300 percent jump from 8.9 million in 1999.

According to sources, Internet cafes have become so popular that they have been found not only at bookstores, but at butcher stores as well.

Tracking Surfers

Chinese authorities seem especially concerned that citizens are able to access information on such state-sanctioned no-nos as the Falun Gong, Taiwan, Tibet, and Web sites advocating such anti-communist notions as free speech.

The cleanup includes installing monitoring software enabling local authorities to track what Web sites have been downloaded on public computers, preventing cafes from opening near schools, and imposing stricter licensing policies.

The changes are imperative, the government has indicated, given that most Chinese, even those in metropolitan areas, access the Web publicly. According to statistics, fewer than 30 percent of Chinese families living in urban areas own their own computers, and the percentage dips even more precipitously in rural portions of the country.

'Online Heroin'

In April, a Web site published opinions expressed by Communist Party leaders that excoriated the effects of "online heroin" on its masses, particularly on its youth.

The consensus among party leaders was that such evils as online pornography and games were mushrooming on Chinese computers and that the cafes had so brainwashed the minds of Chinese teenagers that they were in danger of being corrupted.

Chinese Hackers Elusive Wires

Wednesday, May 2, 2001

WASHINGTON (UPI) - A wave of attacks against U.S. Internet sites does not appear to be connected to the Chinese regime, a White House security official claimed Tuesday, but some experts outside the government think Beijing is allowing the attacks to go ahead.

Chinese and American hackers continued assaults against Web sites in both countries. The FBI's National Infrastructure Protection Center warned that the level of attacks could escalate.

The official said system administrators throughout the U.S. government have been advised of the attacks and are taking steps to counter them.

"These threats and these attacks don't appear to be part of an organized campaign, and we don't see any links to the Chinese government," the official told United Press International on behalf of the administration.

Though the number is difficult to determine, one digital security firm, Vigilinx, said hackers apparently from China have hit about 82 U.S. sites since the weekend. According to, a Web site on hackers, U.S. hackers have hit about 60 Chinese sites.

China's state-run Xinhua News Agency said hackers had hit sites belonging to the provincial governments of Beijing, Yichun, Xiajun, a police force and two universities.

The official cautioned against jumping to conclusions. "The original source of the attacks and threats [against U.S. Web sites] is really undetermined," he said.

Some private sector experts, however, have a different opinion.

"What's surprising is the level of organization we're seeing. This is not just a casual attack done on a whim. We believe that the [Chinese] government is tolerating this action," said Jerry Freese, director of intelligence for Vigilinx.

"Right now the Chinese government has more than enough tools to censor the Internet and monitor it, including police in Internet cafes trying to suppress any open dissent," said Mike Jendrzejczyk of Human Rights Watch in Washington, echoing Freese's theory. "The government will continue to censor messages it finds threatening and will open floodgates to the messages they support, as happened after the NATO bombing" of the Chinese embassy in Belgrade.

Experts said the damage to Web sites was not severe in any case.

"I equate what's happening to overpass tagging by teen-agers," said Chuck Adams, formerly of the Air Force Information War Center in San Antonio, Texas. "It is a nuisance and it could effect the reputation and trust of the company hit, but it has no financial bearing other than recovery costs."

NIPC issued a "soft" advisory on the attacks Thursday saying "malicious hackers" in chat rooms have cited recent tensions between the United States and China, and "have escalated Web page defacements over the Internet."

NIPC said the target period appeared to extend to next Monday.

"Chinese hackers have publicly discussed increasing their activity during this period, which coincides with dates of historic significance in the [People's Republic of China]: May 1 is May Day; May 4 is Youth Day, and May 7 will be the anniversary of the accidental bombing of the Chinese Embassy in Belgrade."

Hackers have defaced a number of U.S. Web sites, replacing "content with pro-Chinese or anti-U.S. rhetoric."

One of the victims was, which was defaced early Monday but quickly repaired.

Thursday's NIPC advisory contained a warning of possibly more serious action than defacement.

"NIPC previously reported on an Internet worm named 'Lion' that is infecting computers and installing Distributed Denial Of Service tools on various systems," it said. "Analysis of the Lion worm's source code reveals that when illegally exploited, it sends password files from the victim site to an e-mail address located in China."

NIPC backed up that warning with a more ominous advisory Monday, though it did not relate the latest message to China.

The center said it has "reliable information indicating a very significant increase in attempts to exploit known weaknesses in ... Unix-based operating systems. These probes and attempted exploitations currently number in the millions and the activity is ongoing."

The advisory said the exploitation of those vulnerabilities has been linked in the past with the use of DDOS tools.

DDOS attacks last February crippled many of the biggest e-commerce sites on the Internet.

Copyright 2001 by United Press International.

All rights reserved.

Monday April 30, 2001 4:58 pm Eastern Time

Press Release

Chinese Hackers Target U.S. Web Sites-- TruSecure Expert Available for Comment On This New Breed of Terrorism

Web Sites Run by the White House Historical Society and Departments of Labor and Health and Human Services Have Already Been Hit

RESTON, Va.--(BUSINESS WIRE)--April 30, 2001-- Last week, the FBI's cybercrime unit warned that Chinese hackers could be planning a heightened offensive on U.S. Web sites from April 30 to May 7. This new breed of politically-motivated cyber terrorist attacks prompted The National Infrastructure Protection Center to issue a warning to network administrators about denial of service attacks as well as email viruses or worms. Dr. Peter S. Tippett, chief technologist of TruSecure®, is an internationally renowned security expert and has been consulted by the FBI on this very issue. Dr. Tippett is available to discuss what threat these hackers pose to U.S. Web sites today and in the future.

Dr. Tippett has more than 15 years experience in information security and is an expert on both the theoretical and practical aspects of corporate computer security. As an organization, TruSecure has helped U.S. law enforcement agencies collar the culprits in numerous virus and hacker cases including those parties responsible for the Melissa, Love Bug and Anna Kournakova viruses.

It is speculated that political attacks carried out over the Internet are likely to become more prevalent. This threat demands a greater level of attention to an organization's security.

Please contact Susan Lee of TruSecure (703-453-0578,, or Beth Grupp or Sherry Moskowitz of Schwartz Communications at 781-684-0770 or email at to set up an interview with Dr. Tippett.

About the Expert

Peter S. Tippett is the Vice Chairman and Chief Technologist of TruSecure Corporation. Dr. Tippett has led the computer security industry for more than 15 years, both as a vendor of security products and as a key strategist. Dr. Tippett was founder of Certus International, a developer of security, anti-virus and systems management software, before its merger with Symantec Corporation in 1992. Before joining as CEO in 1995, Dr. Tippett directed the Security and Enterprise Products division of the Peter Norton Group at Symantec.

Tippett is an expert on both the theoretical and practical aspects of corporate computer security. He is a leader in risk-based corporate security strategies and has authored several studies and security cost models. Dr. Tippett is a frequent speaker on computer and Internet security, privacy and security ethics issues. He is the Ernst & Young 1998 Entrepreneur of the Year and led to prominence on the 1998 INC 500 list.

About TruSecure Corporation

TruSecure provides global 10,000 companies with comprehensive enterprise risk management programs that assure the ongoing security of their critical systems and information. By integrating disparate security products and processes into a comprehensive risk management program, TruSecure helps hundreds of companies achieve greater risk reduction at lower cost. TruSecure's ICSA Labs is the security industry's central authority for product standards and testing, and today certifies more than 95% of the market's anti-virus software, network firewalls, cryptography and IPSec products. Based in Reston, VA, TruSecure Corporation is privately-held with investors including J. & W. Seligman & Co., J.P. Morgan Partners, Weston Presidio Capital, Greylock and WaldenVC.

For more information about TruSecure please visit


TruSecure Corporation Schwartz Communications, Inc.
Susan Lee Beth Grupp/Sherry Moskowitz
(703) 453-0578 (781) 684-0770

Copyright © 2001 Business Wire. All rights reserved.

Date: Mon Sep 18 2000 -

Next message: InfoSec News: "[ISN] Cracker vows to continue defacement campaign"

[September 15, 2000 -- BEIJING] A number of well-known Chinese hackers announced at an Internet security symposium held in Beijing recently that they are going legit as "Internet security professionals" to clean up the "hacker" name.

They also announced that they have found security loopholes in the top 10 Chinese Web sites, as ranked by the China Internet Network Information Center.

Speakers at the symposium revealed that the biggest hacker organization,, has split up into two Internet security companies, the Shanghai Internet Security Base and the Beijing Zhonglian Internet Security Base, according to the Sept. 5 Beijing Wanbao (Beijing Evening News).

The symposium revealed that the domestic Internet security industry is changing. First, the skill level of Chinese hackers has risen significantly. For example, Chinese hackers have found flaws with Microsoft software and forced Microsoft to devise patches.

Second, a large number of professional Internet security companies have been springing up in China. In the first half of this year, 12 listed companies invested in the Internet security industry in a single month.

The Internet security market is expected to grow to 100 billion renminbi (US$12.1 billion) next year.

Third, the public has begun to distinguish between hackers and those who maliciously attack Internet sites.

That top Chinese Web sites have security flaws comes as a surprise, the article said.

Regarding the recent high-profile "HiSense firewall" incident, HiSense Group invited hackers to try to alter the servers Web page or obtain designated documents protected by the firewall and then announced that the firewall had successfully endured over 2.21 million attacks. Most hackers believed it was merely a commercial promotion.

Discussing news reports on "hacker attacks," they said that the Web sites are trying to put the blame on hackers instead of accepting responsibility for providing basic security protection.

Symposium participants called on the public not to confuse hackers with real criminals, the article noted.

25 August 2001

Chinese hackers turn to identity theft

By Thomas C. Greene in Washington

Organised Chinese fraud rings on the mainland and overseas are more likely to hack databases to compromise credit and identity details than ply the more traditional avenues of bribing bank employees favoured by their Nigerian counterparts, a federal investigator claims. "The Chinese gangs have moved into the electronic age where they're using hacking techniques and Internet theft," US Secret Service Special Agent Gregory Regan explained in testimony before the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information Tuesday. Identity theft is an increasingly easy scam now that so much information is available on line, Regan warned. "The Internet makes it unnecessary for criminals to obtain identity documents," he said. The Net is creating a "faceless society" where it's easy for an identity fraudster, even one overseas, to open a credit account on line, sometimes with nothing but his victim's name and social security number, Regan observed. There were 1,147 cases of identity theft resulting in 644 convictions reported in the US during 1999 alone. The US Social Security Administration reports that over 81 percent of social security number misuse involves ID theft. Most incidents are part of some larger, organised criminal enterprise. Committee Chairman Jon Kyl (Republican, Arizona) sponsored the Identity Theft and Assumption Deterrence Act, which became law in 1998. He convened Tuesday's hearing to review the act's success and seek suggestions for its improvement. The act requires the Federal Trade Commission to assist ID theft victims, which it now does, in part, via a Web page here. In spite of recent efforts to address the problem, victims often find that recovering their identity is immensely more difficult than losing it. Witness Maureen Mitchell recalled a seemingly endless series of difficulties in sorting out her records after being victimized by fraudsters who ran up US $110,000 in bogus charges in her and her husband's name. Her suggestion for amending the bill would require merchants and credit agencies to develop a single, unified protocol for victim notification. "We had to submit handwriting samples to twenty different merchants; we had to submit notarized documents and affidavits. It's like filling out your tax return twenty times with twenty different sets of instructions," she observed dryly. Having considerable personal experience with filling out American tax returns, we can say without hesitation that the victim is being punished quite severely here, and can only offer our hope that the criminals might suffer half as much. ®

Thursday, February 10, 2000

Web in modern age is arena for activism, terrorism, even war

By Jon G. Auerbach and William M. Bulkeley

The Wall Street Journal

Winston Churchill called the rise of electronic warfare in World War II the "Wizard War."

Half a century later, the Wizard War has moved to the Internet.

As governments and companies string together ever-larger computer networks, the Internet has emerged as the favorite venue of attack for cyberterrorists, political activists and hackers — and even governments themselves.

"Hacktivists," as computer hackers with political and social agendas are dubbed, have vandalized federal-government Web sites, including ones run by the Federal Bureau of Investigation and the United States Army. Cybervandals have repeatedly broken into political and social Internet sites in recent years, altering information and spreading dogma.

Last summer, Taiwanese and mainland Chinese partisans attacked each others' computer networks as military tensions rose. Activists thought to be connected to the Serbian side in the Balkan conflict have bombarded NATO Web sites with e-mails and scrawled antiwar messages on government Internet sites around the world.

There isn't any evidence linking this week's attacks on Web sites run by Yahoo! Inc., eBay Inc. and others to hacktivism or cyberterrorism. But industry experts say such illegal activities are sure to rise in coming years. In this way, the computer outages represent a glimpse of the future.

Stanton McCandlish, of the San Francisco privacy and civil liberties group Electronic Frontier Foundation, predicts computer networks will increasingly be the main battleground for armies and terrorists. Computers are the roads and bridges of the information age, he says, the most important targets for people or organizations bent on disabling communications. "It's a basic military tenet," he says. "Try to shut down your enemy's infrastructure."

In 1998, the Department of Justice and the FBI formed a new unit, called the National Infrastructure Protection Center, to strengthen the nation's defenses from cyberterrorism and other electronic threats. Last year, an outside consultant's report prepared for a government-sponsored conference on computer-security breaches said, "attacks on critical infrastructures could disrupt directly — or indirectly through cascading effects — the performance of national functions, or indicate malicious intent on the part of foreign states or terrorists."

"Could you mount a structured attack through cyberspace and have an impact? Is it possible to develop true strategic capabilities as opposed to duck bites?" says Roger Molander, a senior researcher at Rand Corp. who has studied cyberterrorism and cyberwarfare. "Nobody knows for sure."

For the United States, one of the most wired countries in the world, Internet advances have proved to be a double-edged sword. The global computer network has fueled an economic boom and made it easier for companies and individuals to communicate and do business. But the network economy also makes the U.S. especially vulnerable to cyberthreats.

This week's cyberattacks are sure to increase pressure on President Clinton to increase the government's police powers over the Internet. The White House announced last month that it was requesting $2 billion from Congress to pay for a system for protecting telecommunications and other critical infrastructure. But critics, including many in Congress, say the plan would do little to protect the private sector from cyberintrusions.

The issue of hackers came up in several hearings on Capitol Hill Wednesday, as congressmen quizzed Treasury Secretary Lawrence Summers and Defense Secretary William Cohen on the topic. Industry officials, meanwhile, say pressure is growing for the president to appoint a national cybersecurity czar to guide federal Internet-security policy.

"This whole area is now ripe for policy making," said Steven Aftergood, a specialist with the Federation of American Scientists in Washington. "If is not open for a few hours, they lose a good chunk of money. People argue that an increasingly large part of the economy is now vulnerable to outside interference, and that something must be done."

This week's Web shutdowns were caused by what are called "denial of service" attacks, which overwhelm a computer's ability to handle incoming message. Such attacks were believed to be responsible for the temporary shutdown of NATO computers during the Kosovo conflict.

Two Chinese Army colonels recently published a military book in China called "Unrestricted War," in which they argued that China needs to develop new and unconventional ways to fight a powerful country such as the U.S., including using computer terrorism.

Last year, several international Web sites belonging to the Chinese spiritual group Falun Dafa came under electronic attack with e-mail bombs and other digital weapons meant to overload an e-mail inbox and code that blocked access to the sites. The Chinese government, which was in the midst of a crackdown on Falun Dafa, was widely seen as a likely culprit.

British detectives investigating a break-in at a Falun Dafa site based in Britain tracked electronic identifying tags on the site back to something called XinAn Information Service Center in Beijing. Later, the telephone number belonging to that agency was said to belong to the Chinese Ministry of Public Security. At the time, ministry officials denied the service was theirs.

In August, several Taiwan sites, including government pages, were planted with messages opposing Taiwan's independence and its government. Later, hackers from Taiwan broke into a several Chinese sites and posted pro-Taiwan messages and the island's national anthem.

Rand Corp.'s Mr. Molander says for the United States, cyberattacks are "a maturing national-security concern at an early stage of evolution." Hard to maintain, they are at this point "more likely to cause delay or inconvenience than disaster," he says.

In the Age of Information, Can the Great Wall Stand?

China faces a conflict between the modern and the outmoded: how to balance the country's information-related needs with the government's authoritarian policies. During a RAND seminar in September, China expert Nina Hachigian reported trends in that country's attempt to juggle both.

Nina Hachigian, right, discusses the rise of the Internet in China. At left is Rachel Swanger, acting director of RAND's Center for Asia-Pacific Policy.

According to Hachigian, a Council on Foreign Relations fellow at the Los Angeles-based Pacific Council on International Policy, 17 million Chinese citizens use the Internet. The typical user tends to be urban, male, single, educated, and young. This year in China, 27,000 new web sites have been created, and about 2 million telephone lines are added every month. The Chinese government cautiously supports expansion of the Internet for economic growth by sponsoring online contests and offering tax breaks to information technology companies.

Still, Hachigian described potential problems that the Internet poses to Chinese authority. For example, dissident material is regularly distributed via e-mail. Although state control over the Internet is diminishing, the Chinese government still attempts to exert control by blocking sites and enforcing censorship regulations.

The government has also shut down several pro-democracy web sites. It recognizes that the Internet has created a shift in communication, allowing people to speak en masse, which could potentially foster hostility toward the government.

Most likely, anything the United States might do to influence the Internet in China would be considered imperialism, said Hachigian. She suggested that an effective vehicle for developing China's Internet along international standards would be the creation of an international nongovernmental forum where China's regulation of the Internet could be discussed.

APRIL 30, 2001

By Mike France

Red Alert over Digital Warfare on the Net

Never mind missile-defense shields. What America needs right now is protection against attacks from cyberspace

Call it cyberterrorism. Over the past few days, Chinese hackers have been infiltrating American government Web sites to express their anger about April's spy-plane incident. At a site run by the Labor Dept., for instance, invaders posted a tribute to Wang Wei, the Chinese pilot who apparently died when his plane collided with the U.S. EP3 surveillance aircraft. Similar attacks have targeted sites run by the Health & Human Services Dept.

None of these incidents has attracted much attention. Nor did any do much damage. But they're part of a larger pattern. Chinese hackers have also been targeting Taiwanese Web sites for years. Whenever tensions between India and Pakistan rise, programmers from the two countries trade blows. And in the Middle East, a full-scale cyberwar is under way between Israelis and Palestinians. Already, it has disrupted life for a wide range of companies, government agencies, nonprofit groups, and private citizens.

The hit list includes NetVision, Israel's largest Internet service provider; Amman's, the Arab world's largest ISP; Lucent Technologies, which has close ties to Israel's high-tech sector; and dozens of other Israeli outfits, including high-tech holding company Elbit and international phone-service provider Internet Golden Lines Ltd.

STATE SPONSORS? In each of these cases, there have been accusations that governments are backing the cyberterrorism. While these claims haven't been verified, American computer-security experts fully expect state-sponsored hacking to become a tool of international warfare one day, so they've been watching the confrontations closely for insight into how to guard against digital terrorism. Cyberterrorism is "the type of thing our military people have been worrying about for some time," says one senior Bush Administration official.

Corporate America is also paying close attention to the emerging digital battleground. In January, a coalition of 19 technology companies, including Cisco, Microsoft, Oracle, and IBM, banded together to form the Information Technology Sharing & Analysis Center (IT-ISAC). Members of the group plan to share information about computer security threats and develop joint defenses.

One key goal: to develop shields against cyberterrorism. "We're starting to get state-sponsored terrorists involved in cybercrime," says Harris Miller, president of the Information Technology Association of America, which is helping to manage IT-ISAC. "Given the significance of information technology for our finance industry, for our telecommunications industry, for electricity, and other critical infrastructures, [cyberterrorism] is potentially a way to exploit a vulnerability. In the future, if a country wants to attack another country's power grid, rather than dropping physical bombs it may do it through electronic bombs."

FRIENDLY FIRE. With the Internet, it's possible to launch such attacks from anywhere in the world, even friendly countries. Israel has determined that many of the Web raids originated in Belgium, Britain, Germany, Italy, and the U.S. "There are thousands of Arab students outside the Middle East, and they quickly joined the call to arms," says Nissim Barel, president of Comsec Group, a Tel Aviv network-security consulting firm.

No doubt about it, the Internet is a powerful tool for terrorism. That's a big reason why those small shots from Chinese hackers this week could portend bigger fireworks down the road.

Copyright 2001 , by The McGraw-Hill Companies Inc. All rights reserved.

World Report 7/13/98

Terrorism at the touch of a keyboard

Possible targets: anything run by computers


Not long ago, if a terrorist wanted to cause a blackout in, say, New York, it would have taken some work. He might have packed a truck with explosives and sent it careening into a power plant. Or he might have sought a job as a utility worker so he could sabotage the electrical system. But now, intelligence experts say, it's possible for a trained computer hacker to darken Gotham from the comfort of home. Worse, his home might be as far away as Tehran, Iran. Worse yet, warned CIA director George Tenet recently, he may enjoy the full backing and technical support of a foreign government.

In a closed briefing to Congress, the CIA chief said at least a dozen countries, some hostile to America, are developing programs to attack other nations' information and computer systems. China, Libya, Russia, Iraq, and Iran are among those deemed a threat, sources later said. Reflecting official thinking, no doubt, the People's Liberation Daily in China notes that a foe of the United States "only has to mess up the computer systems of its banks by hi-tech means. This would disrupt and destroy the U.S. economy." While the specifics are classified, a new National Intelligence Estimate reports at least one instance to date of active cybertargeting of the United States by a foreign nation.

Officials are worried because so much of America's infrastructure is either driven or connected by computers. Computers run financial networks, regulate the flow of oil and gas through pipelines, control water reservoirs and sewage treatment plants, power air traffic control systems, and sustain telecommunications networks, emergency services, and power grids. All are vulnerable. "An adversary capable of implanting the right virus or accessing the right terminal," Tenet said, "can cause massive damage."

Two years ago, a Swedish hacker wormed his way through cyberspace from London to Atlanta to Florida, where he rerouted and tied up telephone lines to 11 counties, put 911 emergency service systems out of commission, and impeded the emergency responses of police, fire, and ambulance services. There have been many domestic cyberattacks as well. The number of pending FBI cases involving computer crimes--a category that includes computer infrastructure attacks and financial crimes--increased from 128 in 1996 to about 550 today.

Too many 911s. Last year, intelligence officials got a glimpse of what's possible during an information-warfare exercise named Eligible Receiver. The secret war game began with a set of written scenarios in which energy and telecommunications utilities were disrupted by computer attacks. In one scenario, the attackers targeted the 911 emergency phone system by telling Internet users there was a problem with the system. The scenario posited that people, driven by curiosity, would phone 911 and overwhelm the system.

Eligible Receiver culminated when three two-person "red teams" from the National Security Agency actually used hacker techniques that can be learned on the Internet to penetrate Department of Defense computers. After gaining access to the military's electronic message systems, the teams were poised to intercept, delete, and modify all messages on the networks. Ultimately, the hackers achieved access to the DOD's classified network and, if they had wished, could have denied the Pentagon the ability to deploy forces. In another exercise, the DOD found that 63 percent of test attacks on its own systems went undetected.

In February, the FBI raided the homes of two California high school sophomores. Their hacker assaults on the Pentagon, NASA, and a U.S. nuclear weapons research lab were described by a deputy defense secretary as "the most organized and systematic attack" on U.S. computers ever discovered. To make the Pentagon attack hard to trace, the hackers routed it through the United Arab Emirates. They were directed by a teenage hacker in Israel.

To help industries fend off hacker attacks, both foreign and domestic, the government has created the National Infrastructure Protection Center, to be staffed by 125 people from the FBI, other agencies, and industry. Recent events make clear that tighter defenses are needed. A year ago, a boy only 14 with a home computer disabled control-tower communications at a Worcester, Mass., airport for six hours. Jim Trainor, executive director of security at Bell Atlantic, says the loopholes the teenager exploited have been closed. But no computer environment is totally secure. Preventing hacker attacks is "like a never-ending journey," Trainor says. "You will never get there."


By John Markoff and John Schwartz

New York Times / Mercury News
December 19, 2002

The Bush administration is planning to propose requiring Internet service providers to help build a centralized system to enable broad monitoring of the Internet and, potentially, surveillance of its users.

The proposal is part of a final version of a report, ``The National Strategy to Secure Cyberspace,'' set for release early next year, according to several people who have been briefed on the report. It is a component of the effort to increase national security after the Sept. 11, 2001, attacks.

The president's Critical Infrastructure Protection Board is preparing the report, and it is intended to create public and private cooperation to regulate and defend the national computer networks, not only from everyday hazards such as viruses but also from terrorist attack.

Ultimately, the report is intended to provide an Internet strategy for the new Department of Homeland Security.

Such a proposal, which would be subject to congressional and regulatory approval, would be a technical challenge because the Internet has thousands of independent service providers, from garage operations to giant corporations such as America Online, AT&T, Microsoft and WorldCom.

The report does not detail specific operational requirements, locations for the centralized system or costs, people who were briefed on the document said.

While the proposal is meant to gauge the overall state of the worldwide network, some officials of Internet companies who have been briefed on the proposal say they worry that such a system could be used to cross the indistinct border between broad monitoring and wiretap.

Stewart Baker, a Washington lawyer who represents some of the nation's largest ISPs, said, ``Internet service providers are concerned about the privacy implications of this as well as liability,'' since providing access to live feeds of network activity could be interpreted as a wiretap or as the ``pen register'' and ``trap and trace'' systems used on phones without a judicial order.

Baker said the issue would need to be resolved before the proposal could move forward.

Tiffany Olson, the deputy chief of staff for the president's Critical Infrastructure Protection Board, said Thursday that the proposal, which includes a national network operations center, was still in flux. She said the proposed methods do not necessarily require gathering data that would allow monitoring at an individual user level.

But the need for a large-scale operations center is real, Olson said, because Internet service providers and security companies and other online  companies only have a view of the part of the Internet that is under their control.

``We don't have anybody that is able to look at the entire picture,'' she said. ``When something is happening, we don't know it's happening until it's too late.''

The government report was first released in draft form in September, and described the monitoring center, but it suggested it would likely be controlled by industry. The current draft sets the stage for the government to have a leadership role.

The new proposal is labeled in the report as an ``early-warning center'' that the board says is required to offer early detection of Internet-based attacks as well as defense against viruses and worms.

But Internet service providers argue that its data-monitoring functions could be used to track the activities of individuals using the network.

An official with a major data services company who has been briefed on several aspects of the government's plans said it was hard to see how such capabilities could be provided to government without the potential for real-time monitoring, even of individuals.

``Part of monitoring the Internet and doing real-time analysis is to be able to track incidents while they are occurring,'' the official said.

The official compared the system to Carnivore, the Internet wiretap system used by the FBI, saying: ``Am I analogizing this to Carnivore? Absolutely. But in fact, it's 10 times worse. Carnivore was working on much smaller feeds and could not scale. This is looking at the whole Internet.''

Terrorist Activities on the Internet

G7 Prepares to Crack Down on Internet Terrorism

Terrorism and the White House

Internet terrorism escalates the new info-war

Internet Terrorism Escalates The New Info-War


Facts About Terrorism

Virtual World of Terrorism

Targeting Terrorism - Global Issues

The Terrorism Research Center - Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy

Terrorism Research Links

What You Should Know About CESNUR



Information and Publications

Terrorism Links


Law Enforcement and Investigation

Private Agencies

Disaster Planning and Emergency Services

International Terrorism & Crime

Military and Defense

Regional Information

Other online resources



Chemical , Biological, and Nuclear Terrorism/Warfare

Emergency Response to Chemical/Biological Terrorist Incidents




Lost and Stolen Nuclear Materials in the United States








Hit or Miss? An Update on David Wilcock's Aug. 17 Bombing Prediction