Computer virus hit at least 14 federal agencies

By JESSE J. HOLLAND The Associated Press 5/10/00 11:38 AM

WASHINGTON (AP) -- At least 14 federal agencies were penetrated last week by the "Love Bug" computer virus, a government technology expert testified today.

"Virtually all of the largest federal agencies have significant computer security weaknesses that place critical federal operations and assets at risk to computer-based attacks," said Keith Rhodes, director of the Office of Computer and Information Technology Assessment in Congress' General Accounting Office.

Among the agencies hit by the Love Bug virus were the Social Security Administration, the Energy Department, the Central Intelligence Agency, the National Aeronautic and Space Administration, the Immigration and Naturalization Service and the Defense Department, Rhodes told the House Science technology subcommittee.

The "Love Bug" virus, which has been called the fastest-spreading and most destructive computer virus ever, caused a flood of e-mails with the subject line "ILOVEYOU" to course through computer systems worldwide. When opened, the virus can destroy graphics and other saved files. Several variations appeared soon after.

The Love Bug also installs a password-stealing program, experts said.

"Some DOD (Defense Department) machines required complete software reloads to overcome the extent of the damage," Rhodes said. "The virus-slash-worm spread rapidly through the department, penetrating even some classified systems."

So far, anti-virus experts have detected 26 different versions of the Love Bug virus, said Sandra England, vice president of development for McAfee, a provider of anti-virus software. Lloyd's of London has estimated the damage caused by the Love Bug to be over $15 billion, said Rep. Constance Morella, R-Md, chairwoman of the subcommittee.

To stop future viruses, agencies have to improve their security planning and management, Rhodes said. "Clearly, it is difficult to sniff out a single virus attached to an e-mail but if 100 e-mails with the same configuration suddenly arrive, an alert should be sounded," he said.

The easiest way is to educate people about computer "hygiene," including not opening unexpected e-mail attachments, said Harris Miller, president of the computer group Information Technology Association of America.

"This bug was passed along because people were opening e-mail that they shouldn't," said Miller, who was among those testifying today. "Why, in a professional environment, would you open something that says `I love you?' Good common sense should tell you that if it's not coming from someone who should be saying `I love you,' then you shouldn't open it."

Agencies should also continually update their anti-virus protection, but hackers perpetually develop new viruses that the anti-virus software doesn't anticipate, he said. Young people, who comprise most hackers, also should be taught about the damage they cause by creating computer viruses, he said.

"But the key here is good computer hygiene," he said.

A Filipino bank employee was arrested Monday and called a primary suspect in creating the virus. He was released Tuesday, and his girlfriend was being sought for questioning

http://www.cleveland.com/newsflash/index.ssf?/cgi-free/getstory_ssf.cgi?a0575_PM_Congress-LoveBug&&news&newsflash-washington

-- Martin Thompson (mthom1927@aol.com), May 10, 2000