http://dailynews.yahoo.com/h/ap/20000510/tc/congress_love_bug_2.html

Wednesday May 10 11:41 AM ET

Congress Hears About Computer Virus

By JESSE J. HOLLAND, Associated Press Writer -

WASHINGTON (AP) - At least 14 federal agencies were penetrated last week by the ``Love Bug'' computer virus, a government technology expert testified today.

``Virtually all of the largest federal agencies have significant computer security weaknesses that place critical federal operations and assets at risk to computer-based attacks,'' said Keith Rhodes, director of the Office of Computer and Information Technology Assessment in Congress' General Accounting Office.

Among the agencies hit by the Love Bug virus were the Social Security Administration, the Energy Department, the Central Intelligence Agency, the National Aeronautic and Space Administration, the Immigration and Naturalization Service and the Defense Department, Rhodes told the House Science technology subcommittee.

The ``Love Bug'' virus, which has been called the fastest-spreading and most destructive computer virus ever, caused a flood of e-mails with the subject line ``ILOVEYOU'' to course through computer systems worldwide. When opened, the virus can destroy graphics and other saved files. Several variations appeared soon after.

The Love Bug also installs a password-stealing program, experts said.

``Some DOD (Defense Department) machines required complete software reloads to overcome the extent of the damage,'' Rhodes said. ``The virus-slash-worm spread rapidly through the department, penetrating even some classified systems.''

So far, anti-virus experts have detected 26 different versions of the Love Bug virus, said Sandra England, vice president of development for McAfee, a provider of anti-virus software. Lloyd's of London has estimated the damage caused by the Love Bug to be over $15 billion, said Rep. Constance Morella, R-Md, chairwoman of the subcommittee.

To stop future viruses, agencies have to improve their security planning and management, Rhodes said. ``Clearly, it is difficult to sniff out a single virus attached to an e-mail but if 100 e-mails with the same configuration suddenly arrive, an alert should be sounded,'' he said.

The easiest way is to educate people about computer ``hygiene,'' including not opening unexpected e-mail attachments, said Harris Miller, president of the computer group Information Technology Association of America.

``This bug was passed along because people were opening e-mail that they shouldn't,'' said Miller, who was among those testifying today. ``Why, in a professional environment, would you open something that says `I love you?' Good common sense should tell you that if it's not coming from someone who should be saying `I love you,' then you shouldn't open it.''

Agencies should also continually update their anti-virus protection, but hackers perpetually develop new viruses that the anti-virus software doesn't anticipate, he said. Young people, who comprise most hackers, also should be taught about the damage they cause by creating computer viruses, he said.

``But the key here is good computer hygiene,'' he said.

A Filipino bank employee was arrested Monday and called a primary suspect in creating the virus. He was released Tuesday, and his girlfriend was being sought for questioning. On the Net:

House Science subcommittee on technology:

http://www.house.gov/science/welcome.htm

-- (news@of.note), May 10, 2000

Answers

I wonder what the fine will be for 15 billion in damages?

If this problem continues to grow and get larger, more troublesome and more expensive, why should anyone trust using their computer to conduct business?

-- whatnext (00@123.org), May 10, 2000.