From ComputerWorld Australia:

2 August, 1999

FBI: Beware outside Y2K workers

By Patrick Thibodeau

Year 2000

WASHINGTON, DC - Private companies that have used outside organisations to complete year 2000 repair work are running the risk that their systems have been compromised, a top Federal Bureau of Investigation official warned a congressional committee last week. Michael Vatis, a deputy assistant director at the FBI and director of the National Infrastructure Protection Centre, said he is concerned that Y2K contractors, both foreign and domestic, have used the Y2K remediation process to install malicious code.

Vatis said the FBI doesn't have "concrete indications" that any group is planning to "to engage in unlawful intrusions" at the New Year. But the FBI is nonetheless expecting trouble, he said in testimony prepared for last week's hearing by the US Senate's Special Committee on the Year 2000 Technology Problem.

Y2K contractors could compromise systems by installing trap doors, obtaining root access, implanting malicious code or mapping systems with the intent of selling information to economic competitors or foreign intelligence agencies.

Those with the motives and the means to compromise systems include foreign governments for information warfare purposes, as well as those engaged in industrial espionage, terrorism or organised crime, Vatis said.

The FBI expects to see increased and possibly violent activities among certain domestic groups. For instance, the coming of the millennium requires Christian Identity adherents to prepare for the "Second Coming of Christ" by taking violent action against their enemies. That kind of activity raises the possibility there could also be an increase in activity in the cyberworld, Vatis said in his testimony.

Given "the vulnerabilities [that] could be implanted in critical systems," Vatis said, "it is imperative that the client companies do as much as possible to check the background of the companies doing their remediation work, oversee the remediation process closely, and review new code as closely as possible and remove any extraneous code."

Moreover, Vatis advised companies to create "red teams" to try to crack their software and determine if trap doors exist.

Copyright 1999 ComputerWorld.

-- Gayla (privacy@please.com), August 02, 1999

Answers

Oh, the goverment is running scared? And they thought us programmmers were the basket cases for complaining in the first place.

Dont belive anything until it is officially denied.

I SAW Vatis on CNN, what a pointless apppearance! Sen. Dodd was obviously frustrated, he got about as much information as talking to ken starr. If Vatis cant answer some "general" questions in public, dont expect him to be of much use to General Corporation Inc. either. You'll get better info from the private internet bug/virus watchers.

Oxymoron of the week: Government Security

-- h (Q@B.com), August 02, 1999.

The GROUNDWORK is being laid !!

Ray

-- Ray (ray@totacc.com), August 02, 1999.

Oh no! Somebody should require licenses and background checks and polygraphs and blood tests. Oh, who will even consent to step in and regulate us?

Keep your...

-- eyes_open (best@wishes.net), August 02, 1999.

This really bothers me.I got a really weird feeling the first time I read about this new concern for cyber-terrorism,and it has only gotten stronger since I read Vatis's statements.No proof,only an expectation that if so-called remediated software starts going screwy,a malicious programmer somewhere put in bad code to mess things up. Guess what group of people might get blamed if so-called remediated software fails as a whole? Thats right,the people who worked 7 days a week,14 hours a day,for the past 1-2 years on it!

-- Stanley Lucas (StanleyLucas@WebTv.net), August 03, 1999.