National Infrastructure Protection Center NIPC Daily Open Source Report for 6 December 2002
Daily Overview . The Transportation Safety Administration reports that the Explosives Detection Canine Team Program will play an important role in helping it to meet the Dec. 31 deadline for screening all baggage for explosives. (See item 3) . CERT has released Vulnerability Note VU#683673 in which the Sun Solaris priocntl(2) function could allow a local attacker to execute arbitrary code with superuser privileges on a vulnerable system. (See item 11) . Microsoft has released "Security Bulletin MS02-067: E-mail header processing flaw could cause Outlook 2002 to fail (Moderate)," and recommends a patch be installed. (See item 12) . Houses in Clayton County, GA will be outfitted with a device to prevent contaminated water from entering the county's water system. (See item 7) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 4, Bloomberg News - Northeast U.S. electricity prices rise as cold spurs demand. Electricity prices in parts of the U.S. Northeast rose for a third day as freezing weather continued to increase demand for power to run heaters. Heating demand in the Northeast will be 22 percent above normal for this time of year tomorrow, said Weather Derivatives of Belton, Missouri. "The cold weather is driving prices higher than I expected," said Terreck Yennes, a trader at APB Energy in Louisville, Kentucky. Source: http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO CID=Bloomberg_2002_12_04_1039046959146&SMContentSet=0 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 2. December 3, Federal Reserve Board - The Federal Reserve Board announced revisions to its policy and procedures for sponsoring private-sector organizations under federal programs that provide priority telecommunications services to entities that are important to national security and emergency preparedness. The Board believes these programs, which are administered by the National Communications System (NCS), will help facilitate the operation and liquidity of banks and the stability of financial markets, particularly during periods of substantial operational disruptions. Source: http://www.federalreserve.gov/boarddocs/press/other/2002/20021203/defaul t.htm Notice: http://www.federalreserve.gov/boarddocs/press/other/2002/20021203/attach ment.pdf [return to top] Transportation Sector 3. December 5, Transportation Safety Administration - Canine teams to help TSA meet Dec. 31 deadline. The rapidly-expanding Explosives Detection Canine Team Program will play an important role in the Transportation Security Administration (TSA) being able to meet a Dec. 31 deadline for screening all baggage for explosives, TSA officials said today as they demonstrated the expertise of dogs and their handlers. The media demonstration was held at the TSA Explosives Detection Canine Handler Course at Lackland Air Force Base, San Antonio, TX, where each dog-handler team undergoes 11 weeks of intensive training. Transportation Secretary Norman Y. Mineta has specifically cited the use of explosives detection canine teams as one of the security screening methods that will be used in order to meet the Dec. 31 deadline mandated by Congress. The canine program was started in 1972 after a bomb-sniffing dog named Brandy found an explosive device on a plane that had been returned to John F. Kennedy International Airport in New York and was evacuated. The bomb was found just 12 minutes before it was to detonate. The TSA pays to train the dogs, primarily sporting breeds such as Labrador, Chesapeake Bay and Golden retrievers, trains the handlers, partially reimburses airports for the cost of maintaining the teams, and provides oversight and support to the program at each location. Source: http://www.tsa.dot.gov/public/display?theme=44&content=437 4. December 5, Washington Post - United's loan request rejected. The federal government yesterday denied United Airlines' application for a $1.8 billion loan guarantee, all but ensuring that the nation's second-largest airline will have to file for bankruptcy protection. The Air Transportation Stabilization Board ruled that United's business plan "was not financially sound" and would "pose an unacceptably high risk to U.S. taxpayers." After the Sept 11 attacks, Congress approved a $15 billion airline-industry assistance package, including $10 billion in loan guarantees. Still, the industry is expected to lose $8 billion this year -- with United accounting for an estimated $2.3 billion. Without the loan guarantee, sources close to United have said, the airline will have to file what would be the largest U.S. airline bankruptcy ever. United has 70,000 employees and 40 million frequent fliers and is the Washington, D.C. region's No. 1 carrier, with a hub at Dulles International Airport. United could resubmit a revised application for the board's review either in or out of bankruptcy, said Daniel Montgomery, the board's executive director. Source: http://www.washingtonpost.com/wp-dyn/articles/A11250-2002Dec4.html [return to top] Gas and Oil Sector 5. December 5, BBC News - Troops step into Venezuela strike. Venezuelan President Hugo Chavez has put the country's oil installations under military protection, on the fourth day of an opposition-led strike. He also ordered the navy to take over an oil tanker (the Pilin Leon) whose crew have joined the strike. Chavez made his first substantial response to the strike in a televised address on Thursday. He said he was using the military to keep the oil industry functioning normally, and warned that other tankers would suffer the same treatment as the Pilin Leon if their crews took similar action. He said the strikers were threatening "the heart of the country" by targeting the oil sector. Source: http://news.bbc.co.uk/2/hi/americas/2547025.stm [return to top] Telecommunications Sector 6. November 29, Sea Coast Online - Phone hackers discovered. A company has uncovered an unusual telephone-hacking scheme that could cost businesses a considerable amount when they get their phone bill. John Laurence, owner of Telephone Systems Consultation and Maintenance, said his company has discovered that hackers are breaking into business voice-mail systems to make long-distance calls and send numerical codes to the Philippines. Company technicians have spent the last few weeks helping businesses repair their voice-mail systems after they were hit. The phone systems being attacked are all the same brand. The problem was first discovered when Laurence's company, which sells and installs telephone and voice-mail systems for businesses across the country, began receiving calls from clients reporting that their voice mail wasn't working properly. Source. http://www.seacoastonline.com/news/rock/11292002/news/777.htm [return to top] Food Sector Nothing to report. [return to top] Water Sector 2. December 5, News Daily (Clayton, GA) - Clayton, GA Water Authority plans prevention. Over the next several months, nearly every house in Clayton County, GA will be outfitted with a device to prevent contaminated water from entering the county's water system. The $4.25-million backflow prevention program is an important upgrade to the county's water system, according to Wade Brannan, general manger of the CCWA. Backflow typically occurs when a change in pressure leads to water flowing out of the customer's pipes and back into the county's distribution system. If the water were contaminated, such as with a fertilizer or herbicide in a spray bottle connected to the hose, that pollutant will follow the water up the hose and into the pipes. "In addition, the devices could help prevent deliberate contamination of the water system through an act of terrorism or sabotage" said Paul Burks, the executive director of the Georgia Environmental Facilities Authority. Source: http://www.zwire.com/site/news.cfm?newsid=6280099&BRD=1099&PAG=461&dept_ id=99012&rfi=6 3. December 4, Detroit News (Michigan) - Feds to protect Selfridge Air National Guard Base water. The Mount Clemens, Michigan water treatment plant supplies drinking water for the Selfridge Air National Guard Base. As a result, it will be the first municipal water plant in metro Detroit to be equipped with rapid-fire pollution and chemical detection equipment, officials said Tuesday. Military officials are concerned that terrorists could poison the drinking water drawn from Lake St. Clair, so Mount Clemens has been chosen for the new sensor equipment, said Doug Martz, chairman of the Macomb Water Quality Board. Detection of chemicals and pollutants would be within seconds instead of the two or three day wait now, experts said. The equipment could be installed within nine months. Source: http://www.detnews.com/2002/metro/0212/05/e06-26879.htm [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector 4. December 5, Associated Press - Officials: anti-terrorism plan aiding New Mexico. About 200 city, state and federal law-enforcement officers in New Mexico now carry a "threat card" - a credit-card size reference tool that lists the indicators of potential terrorist activity and a toll-free number to call to speak with an agent or analyst from the New Mexico state Department of Public Safety's counterintelligence unit. The cards are being handed out as part of the Department's training program designed to help officers recognize terrorist acts before they happen, Secretary Thomas English said. Source: http://santafenewmexican.com/site/news.cfm?newsid=6284373&BRD=2144&PAG=4 61&dept_id=500281&rfi=6 [return to top] Government Operations Sector Nothing to report. [return to top] Information Technology Sector 5. December 3, Government Computer News - Texas health data at risk, audit finds. Texas state hospitals are failing to adequately protect electronic health records from tampering, according to a report from the Texas State Auditors Office. "System access and security control problems at some Texas academic medical institutions have the potential to place protected health information at risk," the auditors said. Unauthorized users both inside and outside the hospitals' and other institutions' networks could gain access to patient medical records, and read, copy, alter or delete information, said the report, Security Over Electronic Protected Health Information at Selected Texas Academic Medical Institutions. "Intruders also could disrupt the operations of systems that are critical in providing health care," the auditors said. Security problems expose the state to significant financial risk because of the legal consequences of system breaches, the report said. Source. http://www.gcn.com/vol1_no1/daily-updates/20580-1.html [return to top] Cyber Threats and Vulnerabilities 6. December 4, CERT/CC - Vulnerability Note VU#683673: Sun Solaris priocntl(2) does not adequately validate path to kernel modules that implement lightweight process (LWP) scheduling policy. The Sun Solaris priocntl(2) function does not adequately validate a memory structure that specifies the name of a kernel module. As a result, a local attacker could execute arbitrary code with superuser privileges on a vulnerable system. Sun states that "a final resolution is pending completion." Source. http://www.kb.cert.org/vuls/id/683673 7. December 4, Microsoft - Microsoft Security Bulletin MS02-067: E-mail header processing flaw could cause Outlook 2002 to fail (Moderate). Microsoft Outlook provides users with the ability to work with e-mail, contacts, tasks, and appointments. A vulnerability exists in Outlook 2002 in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server. Microsoft recommends that customers consider installing the patch available on Microsoft's web site. The patch addresses the vulnerability by correcting the flaw and causing Outlook 2002 to correctly process e-mails that contain the invalid header information described above. Source. http://www.microsoft.com/technet/security/bulletin/MS02-067.asp Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 23 November 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_ELKERN.D Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 25(smtp); 445(microsoft-ds); 139(netbios-ssn); 53(domain); 4665(edonkey); 4662 Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 8. December 5, CNN - Freezing storm cuts power, travel. An early winter storm caused electricity outages on Thursday for more than 1.5 million residences and businesses in the Carolinas, the worst utility damage in the area since 1989's Hurricane Hugo, a power company spokesman said. As the storm continued up the East Coast, traffic on the ground and in the air was disrupted, and school and work schedules slipped and slid along with drivers and pedestrians on the ice. At least 17 deaths, most from traffic accidents, have been blamed on the storm, according to the Associated Press. E.O. Ferrell, vice president of Duke Power -- with 2.1 million customer accounts in North and South Carolina said "we have approximately 1.2 million customers, half of our total customer base, without power this morning." Responding to the widespread outages, officials in Mecklenburg County, which includes Charlotte, NC, declared a state of emergency. Thursday morning, snow in Richmond, Virginia, changed to freezing rain as Washington, Baltimore, New York, Philadelphia and Hartford, Connecticut, took sustained snowfalls. Meanwhile, snowfall in the Washington area caused a number of delays and cancellations at area airports Thursday, but conditions appear to be improving, said a spokesperson for the airports. Further north, delays and cancellations were reported for flights departing and arriving at Philadelphia International Airport, and at all three New York area airports, LaGuardia, John F. Kennedy International and Newark (NJ) International. Source: http://www.cnn.com/2002/WEATHER/12/05/wintry.storm/index.html 9. December 5, CNN - CDC reports another sick ship. The Centers for Disease Control and Prevention (CDC) confirmed Thursday 114 passengers and three crew members aboard the cruise ship Oceana have become sick with a gastrointestinal illness. Most of the ill passengers reportedly were on the same flight from England before boarding the cruise ship in Fort Lauderdale, Florida, the CDC said in a written statement, and all of the 1,859 passengers on the ship flew chartered aircraft from Britain. Norwalk-like virus has been the culprit in most of the recently reported incidences of gastrointestinal illness aboard cruise ships. The virus can be transmitted person-to-person or by consuming contaminated food or water. Passengers and crew onboard four consecutive cruises of Holland America's Amsterdam and on two cruises of Disney's Magic were recently sickened by that virus. Norwalk is suspected in a recent outbreak aboard Carnival's Fascination as well. A ship-board lab determined that salmonella bacteria caused a recent outbreak of stomach illness on the Seven Seas Mariner, but the CDC has yet to confirm that finding. Source: http://www.cnn.com/2002/TRAVEL/12/05/sick.ship.oceana/index.html 10. December 5, Washington Post - Smallpox vaccine reactions jolt experts. Of 200 young adults who received the smallpox vaccine as part of a recent government study, one-third missed at least one day of work or school, 75 had high fevers, and several were put on antibiotics because physicians worried that their blisters signaled a bacterial infection. Even for experts such as Kathy Edwards, the Vanderbilt University physician overseeing the study, the side effects were startling. "I can read all day about it, but seeing it is quite impressive," she said. Smallpox is a live vaccine and causes a range of reactions. Within three to four days, a red itchy bump develops, followed by a larger blister filled with pus. In the second week, the blister dries and turns into a scab that usually falls off in the third week. During the three weeks, many people experience flu-like symptoms. The experiences in a half-dozen clinical trials offer an early look at what military personnel, hospital workers, and other emergency workers will likely encounter if Bush adopts the recommendations of his top health advisers to vaccinate as many as 11 million people. Source: http://www.washingtonpost.com/wp-dyn/articles/A11192-2002Dec4.html 11. December 5, Wall Street Journal - After bomb threat, stores ask: can shoppers be kept safe? A bomb threat Wednesday at four IKEA outlets in the Netherlands and two in Britain rattled shopping malls and retailers worldwide into reviewing security procedures. In the U.S., security of shopping centers is already a top priority of the new Department of Homeland Security. "Homeland Security is viewing malls as part of the infrastructure of America," said Vicki Contavespi, a spokesperson for the American Society for Industrial Security. Most U.S. malls and department stores employ their own security teams and video cameras -- but mainly to prevent shoplifting. Except in high-crime neighborhoods, nearly anyone can walk into any store unchecked. That ease of access may soon be a thing of the past. The conundrum for retailers and shopping centers is to maintain tight security without inconveniencing -- or offending -- customers. Source: http://online.wsj.com/article/0,,SB1039038651377063713,00.html [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk