-- Betty McBreen 631-344-5111 Fax 631-344-1334 ----- Original Message ----- From: "BNL Media & Communications" <pubaf@bnl.gov> To: "BNL Labwide Broadcasts" <broadcast-l@bnl.gov> Sent: Friday, January 18, 2002 4:36 PM Subject: Cyber Security Emergency > NOTE: The following message is being sent from Connie Sadler, Chief > Cyber Security Officer. For more information, contact Sadler at > csadler@bnl.gov or Ext. 3155. > *** > > Cyber Security Emergency > > BNL is under serious cyber "attack" right now and has been for > several days. This coordinated attack appears to be an attempt to > take over and "own" the BNL Network. In order to keep the network up > and available to our user community, we are taking immediate actions. > > Actions: > - Enforce the ssh gateways prior to February 4 - turn them on > effective January 22. > - Turn off ssh on all machines still running sshv1. > - Turn off network connections for machines still running sshv1. > - Pull down the latest revisions of ssh from openssh.org. > - Call Ext. 4444 for an account on the ITD ssh gateway, if you need one. > - Compromised machines MUST be reported - not to do so is a violation of law. > - The FBI will image compromised machines, and we will support their > return to service as quickly as possible. > > Remediation: > ALL machines that have been proven or suspected compromised must be > disconnected from the network and rebuilt from scratch. Nothing on > the systems except for data files should be considered safe or > "clean." All system binaries and config files are considered suspect. > Department cyber security points of contact are asked to identify > machines with ssh that are not patched and remove them from the > network as soon as possible. > -- > *************************** > Media and Communications Office > Brookhaven National Laboratory > P.O. Box 5000 > Upton, NY 11973-5000 > PH: 631 344-5056 > FAX: 631 344-3368 > E-MAIL: pubaf@bnl.gov >
This archive was generated by hypermail 2b30 : Fri Jan 18 2002 - 16:53:46 EST