SirCam hits FBI cyber-protection unit

On the eve of a Senate investigation into FBI problems, a researcher activated SirCam on his system, sending out at least one 'official use only' document.

WASHINGTON--A researcher in the Federal Bureau of Investigation's cyber-protection unit unleashed a fast-spreading Internet virus that e-mailed private FBI documents to outsiders--all on the eve of a Senate hearing into troubles at the unit.

Although the Sircam virus didn't spread to other computers at the FBI's National Infrastructure Protection Center, it did send at least eight documents to a number of outsiders. One, about the investigation into an unrelated virus, was marked "official use only." The Sircam virus has infected thousands of computers since its discovery last week.

FBI spokeswoman Deb Weierman said that no sensitive or classified information about continuing investigations was disclosed Tuesday. The "official use" designation protects documents from disclosure under the U.S. Freedom of Information Act.

It isn't uncommon for virus researchers to accidentally infect their own computers, but the mistake was particularly embarrassing because it occurred ahead of a Senate Judiciary panel's oversight hearing about the FBI cyber unit's effectiveness. Lawmakers were expected to focus on other agencies' failure to cooperate fully with the FBI center, and on a perceived lack of trust between the FBI and private-sector groups.

The unit generally gets high remarks for its criminal investigations, and even critics say the unit is more effective than it was a year ago. "The effort here is not to embarrass anybody but to stress that a lot of work has to be done," said Republican Sen. Jon Kyl of Arizona.

Meanwhile, the White House has begun organizing a new early-warning network for Internet threats. But unlike the current system, it will be coordinated by the Pentagon, not the FBI. The mechanism for warning all U.S. military and civilian agencies--and ultimately corporations--will be dubbed the Cyber-Warning and Information Network, or "c-win." Organizers envision dozens of computer centers that could sound an alert when a threat is identified.

The network is expected to begin operating in October. The FBI unit, which currently relays these warnings, came under sharp criticism from congressional auditors for issuing tardy alerts. Ms. Weierman, the FBI spokeswoman, called the new network a "useful mechanism" to offer the government a "technical capability that doesn't currently exist." The FBI, she said, wasn't concerned it would lose its warning responsibilities.

Tuesday, at least three people said they received some of the FBI documents, including a 23-year-old Internet-security expert in Belgium, Niels Heinen. He operates a Web site that reports on Internet break-ins and speculated that the analyst, Vince Rowe, visited the site on the infected computer. Rowe didn't respond to a request for comment.