National Infrastructure Protection Center NIPC Daily Open Source Report for 2 December 2002
Daily Overview . CNN reports the U.S. Transportation Security Administration has warned airports to review their missile attack measures after Thursday's attempt to shoot down a passenger plane in Kenya. (See item 4) . The Sacramento Bee reports Lawrence Livermore National Laboratory is developing a process to measure substances normally occurring in the air to provide a control for systems that monitor biological agents. (See item 14) . The Huntsville Times reports Tanner, Alabama has a new water treatment plant that filters viruses, one of only 100 such facilities worldwide. (See item 8) . The GAO has published a report which recommends changes to the manner in which data regarding terrorism funding is collected and reported. (See item 9) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. November 29, Platts Energy News - Explosion at Germany's Brunsbuttel nuke generator. There was an explosion at the Brunsbuttel nuclear power plant in northern Germany on Wednesday evening, a spokesman for the energy ministry of Schleswig-Holstein said Friday. The 806MW reactor is currently offline following a safety incident last December. The explosion happened in a generator in the non-nuclear party of the plant. No one was injured. The extent of the damage is not yet known, but the spokesman said Brunsbuttel was likely to remain offline longer than anticipated as a result of the generator fault. The explosion happened when the explosive gases condensed and then exploded, and the BKA (German federal crime office) is investigating. Brunsbuttel has been offline since Feb 18, 2002, shut down in order to probe circumstances surrounding a radioactive leak on Dec 14, 2001. Source: http://www.platts.com/archives/94003.htm 2. November 26, Fortune Magazine - Power failure: massive debt burdens the energy industry. In the past several years of boom and expansion, power companies borrowed approximately $600 billion; some of which was used in speculative trading operations, but most went to buy other power companies or build natural-gas power plants. About $90 billion of this debt must be repaid or renegotiated by 2006. Few companies are able to repay this - the collapse of energy trading has put them in a cash crunch, and several are close to bankruptcy. In addition, the overbuilding has lowered cost of energy and the economic downturn has meant that the country is not using as much power as expected. As a result, power prices are severely depressed. Possible buyers, should bankruptcy occur, are buyout firms, financial investors, and European utilities. Also, various local utility companies, bought out in the 1990s, may opt to buy some of the assets. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3482610 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 3. November 27, Associated Press - New York bank pleads guilty to charges. Broadway National Bank pleaded guilty to three felony charges of not reporting suspicious banking activity between 1996 and 1998, and will pay a $4 million fine. Authorities said the case marked the first prosecution of a bank for failing to establish an anti-money laundering program and failing to file required "suspicious activity reports." U.S. Customs Special Agent Nelson Chen said $123 million was illegally moved through the bank - most of it the proceeds of drug trafficking - after some criminal organizations learned Broadway was not following proper procedures. Source: http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021127/ap_on_bi_ge/b ank_plea_3 [return to top] Transportation Sector 4. December 1, CNN - Airports asked to review missile attack measures. After Thursday's attempted missile attack on a passenger plane in Kenya, the U.S. Transportation Security Administration (TSA) asked officials at U.S. airports to review measures to protect against similar attacks. TSA spokesman Robert Johnson told CNN Saturday that the TSA notification went to all federal security directors (TSA employees who direct security at airports), who were then to notify security at individual airports. Unknown attackers launched two shoulder-fired missiles at an Israeli charter flight as the Boeing 757 was taking off from Mombasa airport. The missiles missed their target and authorities later found two launchers and two unused missiles near the runway. As CNN has previously reported, U.S. security officials met with airline executives earlier this month in Washington to discuss the possibility of shoulder-fired missiles being used against U.S. commercial airliners. It was one topic among many discussed at that meeting. The FBI and the TSA first warned U.S. airlines and local law enforcement in May that such an attack could happen. The warning came after an apparent attempt by al Qaeda to shoot down a U.S. military plane in Saudi Arabia with such a weapon. The TSA alert in May said, "there is no information indicating that al Qaeda is planning to use MANPADS [shoulder-fired missiles] against commercial aircraft," but it added, "the threat cannot be discounted." Source: http://www.cnn.com/2002/US/11/30/missile.attacks.warning/index.html 5. November 27, New York Times - Mexican trucks gain approval to haul cargo throughout the U.S. The U.S. government cleared the way yesterday for Mexican trucks to travel throughout the United States, beginning in the next few weeks. Until now, Washington has limited Mexican trucks to a 20-mile-wide commercial zone along the border. The new safety requirements demanded by Congress were adopted in legislation enacted a year ago. The law mandated more inspectors to monitor Mexican trucks and limited the number of hours that Mexican truckers could drive. Since then, Bush administration officials said. Mexican trucking companies have also tightened training for drivers and improved emissions controls. Under the new rules, Mexican trucking companies will be allowed to haul cargo to and from the United States, and Mexican bus companies will be permitted to schedule regular passenger service to and from points in Mexico and the United States. But those companies will not be allowed to provide service between points in the United States. Source: http://www.nytimes.com/2002/11/28/politics/28TRUC.html [return to top] Gas and Oil Sector 6. November 27, BBC News - Morocco floods hit oil plant. Oil tankers were swept away by a swollen river and Morocco's largest oil refinery has been closed following flash floods which have killed at least 37 people. The Samir plant in the town of Mohammedia - which processes up to 90% of the country's crude oil exports - was severely damaged after flash floods triggered a major blaze. Two people were killed in the fire, and three others were missing. Morocco has seen unusually heavy rain in the past 10 days after a four-year drought. Source: http://news.bbc.co.uk/1/hi/world/africa/2517945.stm [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 7. November 27, Associated Press - Audit finds North Carolina food safety system fragmented. North Carolina's food safety system is fragmented, understaffed, under-equipped, and has limited enforcement powers for violations, according to the state auditor in a report on Wednesday. The special performance review by North Carolina's state auditor's office was launched as part of a national effort in the wake of the September 11 terrorist attacks. The review suggested the state General Assembly may want to study the food safety system to identify improvements, review fee structures, and examine the effectiveness of safety programs. The review came after the U.S. General Accounting Office had asked federal, state, and local audit officials to review their food safety systems. The GAO particularly was interested in security changes made at food processing plants after the terrorist attacks. The original GAO objective could not be completed, but State Auditor Ralph Campbell said their preliminary work for the GAO raised significant questions about the safety of the state's food supply. "Traditionally, food safety was thought of as adulteration of our food by accident or by poor sanitation," he said. "But since 9-11, we've now introduced another component - the deliberate adulteration of our food supply" said David Smith, North Carolina Assistant Agriculture Commissioner. Source: http://www.charlotte.com/mld/observer/news/local/4619172.htm [return to top] Water Sector 8. November 28, Huntsville Times - New water treatment plant in Tanner, AL to filter viruses. The new plant has a filtration system used in only 100 other facilities worldwide. The new filtration system replaces coagulation and sand-filtering technology and requires no chlorine. Up to 4 million gallons of water a day will be pumped through 6-foot-tall, 8-inch pipes with a system of hollow fiber membranes made of cellulose acetate. The filters are flushed with citric acid to clean them, an alternative to the heavy chemicals used in current systems. The process is totally automated, except for the daily tests of water quality. Tests on the equipment will begin in January with the grand opening scheduled for May. Source: http://www.al.com/news/huntsvilletimes/index.ssf?/xml/story.ssf/html_sta ndard.xsl?/base/news/1038478799260520.xml [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector Nothing to report. [return to top] Government Operations Sector 9. November 27, General Accounting Office - Combating terrorism: funding data reported to Congress should be improved. The General Accounting Office (GAO) has calculated, on the basis of Office of Management & Budget's (OMB) data, that there was a 276-percent total increase in funds designated to combat terrorism during fiscal years 2001 and 2002 (as reported in OMB's annual reports to Congress for 2001 and 2002, respectively). This increase includes a 106-percent increase from the post-September 11 redefinition of combating terrorism to include homeland security activities such as aviation and transportation security, and a 170-percent increase due to funding increases. Difficulties in coordinating budgets to combat terrorism stem from the variety of missions involved and the fact that activities related to combating terrorism are often funded through budget accounts that also provide funding for other activities. Various approaches have been used to address these challenges. GAO is making recommendations to improve OMB's annual report, including collecting and reporting obligation data. It also recommends improvements to performance measures in strategies and performance plans related to combating terrorism. Source: http://www.gao.gov/highlights/d03170high.pdf Report: http://www.gao.gov/cgi-bin/getrpt?GAO-03-170 [return to top] Information Technology Sector 10. November 27, Global Security Newswire - Pentagon distributes software for modeling effects of attacks. The Defense Department has licensed to a few select non-governmental organizations previously unavailable software that can model the effects of releases of nuclear, chemical, biological or radiological weapons and materials. The Heritage Foundation, Natural Resources Defense Council, Stanford University and other institutions have recently gained access to the computer modeling programs. The goal is to educate political leaders and the public about the potential consequences of weapons of mass destruction whether they are used by terrorists or by a state in conflict with the United States. Furthermore, defense officials have said that they benefit from the independent analysis by non-governmental organizations. The modeling programs-the Hazard Prediction and Assessment Capability (HPAC) and the Consequences Assessment Tool Set (CATS)-are both capable of calculating the outcome of thousands of possible scenarios involving a variety of weapons and materials. The models can determine the human medical effects, toxicity levels, contaminated areas, population exposure, hazard areas and casualties should WMD materials be unleashed in an attack or dispersed in a military strike or by accident. Source. http://www.govexec.com/dailyfed/1102/112702gsn1.htm [return to top] Cyber Threats and Vulnerabilities 11. November 28, Internet Magazine - Jewish group tells of 'electronic Jihad' plan. Militant Islamic groups are urging their followers to conduct 'electronic Jihad' on Jewish websites, according to the Simon Wiesenthal Center. Rabbi Abraham Cooper, an associate dean at the Los Angeles-based Jewish organization, told Reuters that one of the center's researchers had come across two websites in Arabic referring to a three-day campaign of hacking into Jewish sites. The Simon Wiesenthal Center monitors extremist anti-Semitic publications and websites on a regular basis, but Cooper said the latest find this week was particularly alarming because one of the websites gave 'how to' tips to would-be hackers. Source. http://www.internet-magazine.com/news/view.asp?id=2951 Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 23 November 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 1433(ms-sql-s); 80(http); 21(ftp); 4662; 25(smtp); 445(microsoft-ds); 443(https); 139(netbios-ssn); 53(domain) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 12. November 30, CNN - Disney ship docks with 195 ill: next week's cruise canceled to sanitize vessel. The Disney cruise ship, Magic, just completed a cruise of the western Caribbean, during which 172 passengers and 23 crew members came down with what is believed to be the Norwalk virus. If the culprit is confirmed to be Norwalk, it would be the second such outbreak on the cruise ship in as many weeks. More than 300 people aboard the Magic fell ill last week with Norwalk virus. It can be transmitted person-to-person or by consuming contaminated food or water. Centers for Disease Control and Prevention (CDC) specialists made it clear last week how they think the virus is spreading. "We strongly feel this is predominantly person-to-person, spread through hand-to-mouth activity, and all this makes it a little more difficult to control," said Dave Forney, chief of CDC's vessel sanitation program. "The primary objective for the week," Jaronski said, "is to break the cycle by keeping passengers off the ship." That could be a key factor as another cruise line, Holland America, prepares to return the Amsterdam to service for its first cruise since spending the past week undergoing a similar disinfection and sanitizing process. More than 500 people fell victim to Norwalk virus on its most recent cruise. The CDC reports no illness among the crew staying aboard Amsterdam this past week. Source: http://www.cnn.com/2002/TRAVEL/11/30/disney.sick.cruise/index.html 13. November 29, BBC News - Bin Laden tape 'not genuine'. Researchers in Switzerland have questioned the authenticity of the recent audio recording attributed to Osama bin Laden. A team from the Lausanne-based Dalle Molle Institute for Perceptual Artificial Intelligence, Idiap, said it was 95% certain the tape does not feature the voice of the al-Qaeda leader. U.S. intelligence officials have said they believe the recording - broadcast on Arabic television earlier this month - was almost certainly that of Osama bin Laden. The review of the tape was commissioned by France-2 television and the findings were presented by the Institute's director, Professor Herve Bourlard. Source: http://news.bbc.co.uk/1/hi/world/middle_east/2526309.stm 14. November 29, Sacramento Bee - Project seeks to clear air on bugs we breathe. In the age of modern bioterrorism, scientists and engineers are busily inventing increasingly sensitive tools to detect the presence of suspicious germs on the spot. "That begs the question," Gary Andersen, a Lawrence Livermore National Laboratory microbiologist said, "What's the background (levels) of these organisms?" he asked. Gary Andersen began developing a system three years ago to monitor biological agents that naturally occur in the environment, but may also be used as bioterror agents. It was a low-profile project, until last year's anthrax mailings and the ensuing worry about bioterrorism. Now the federal government is giving Andersen and his team $1 million a year to measure bacteria and fungi in the air in locations across the country. The chief questions the researchers hope to answer include: what substances are normally in the air, do their presence and number vary seasonally, and what benign bugs out there are so genetically similar to pathogens that they'll trigger false positive readings? "We really need to know what's going to set signals off so we don't start evacuating people before we have to," Andersen said. Source: http://www.sacbee.com/content/news/science/story/5406449p-6393551c.html 15. November 28, Washington Post - State officials asked to speed smallpox plan. The timetable for vaccination of health workers has been cut in half and could begin soon. Federal health officials have directed the states and the District of Columbia to speed up plans to offer smallpox vaccinations to 500,000 hospital workers nationwide, urging that the task be completed within 30 days of an announcement that could come as soon as next week. The timetable, delivered Friday by the U.S. Centers for Disease Control and Prevention, has stirred public health and logistics concerns among state health officials. Most planned to immunize hospital workers in phases over a 60-day period to better track potentially severe side effects. The vaccine will require detailed education, screening, tracking and follow-up of a critical segment of health workers. Many states had planned to vaccinate 20 percent to 30 percent of hospital workers at a time to give clinicians more experience with side effects. States also sought time to train and vaccinate the vaccinators. The voluntary program is expected to start with health workers who would bear the brunt of a smallpox outbreak and would need to be protected in order to treat victims and prevent the health care system from collapsing. Source: http://www.washingtonpost.com/wp-dyn/articles/A45076-2002Nov27.html [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk