National Infrastructure Protection Center NIPC Daily Open Source Report for 27 December 2002
Daily Overview . Internet Security Systems has lowered its AlertCon Internet threat indicator to Level 1, recommending regular vigilance. (See Internet Alert Dashboard) . The Washington Times reports a paper published recently by the Center for Strategic and International Studies concludes that the threat from hackers on the nation's critical infrastructures has been overdone. (See item 14) . The Washington Post reports Canadian intelligence experts said al Qaeda "sleeper cells" in Canada and the United States have communicated with each other as recently as this month, probably to plan terrorist attacks in the United States. (See item 18) Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source Report will be aligned to cover the critical infrastructure sectors as identified in the National Strategy for Homeland Security. Currently covered sectors, which were set forth in Presidential Decision Directive 63, are included in the new format. The new Sector alignment will be as follows: Agriculture, Food, Water, Public Health, Emergency Services, Government, Defense Industrial Base, Information and Telecommunications, Energy (to include Electric Power, and Oil and Gas), Transportation, Banking and Finance, Chemical Industry and Postal and Shipping. Readers wishing to comment on the contents or suggest additional topics and sources should contact Melissa Conaty at 202-324-0354 or Kerry J. Butterfield at 202-324-1131. Requests for adding or dropping distribution to the NIPC Daily Open Source Report should be made through the Watch and Warning Unit at [EMAIL PROTECTED] NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 26, BBC - N. Korea nuclear moves alarm UN. The UN nuclear watchdog says North Korea has moved 1,000 nuclear fuel rods to a reactor that could produce weapons-grade plutonium - a situation it describes as "very worrying." Meanwhile, tensions between the two Koreas are rising. South Korea has said that more diplomatic efforts are needed to avert a crisis over North Korea's nuclear program. There is mounting international concern that North Korea could restart the Yongbyon reactor, which had been sealed up for eight years under a deal with the United States. The head of the International Atomic Energy Agency (IAEA), Mohamed El Baradei, said the plant "can be directly used to manufacture nuclear weapons - and there again we have no way to verify the nature of the activity". "The situation is very worrying," he told CNN television. The IAEA says the unsealed plant could be up and running again within two months. Source: http://news.bbc.co.uk/1/hi/world/asia-pacific/2607375.stm 2. December 26, CNN - Russia, Iran reach N-plant deal. Ignoring U.S. concerns, Russia has agreed to speed up construction of a nuclear reactor in Iran and is considering building another there, later. Moscow also has agreed to provide fuel for the Bushehr plant in southern Iran for 10 years, the official Islamic Republic News Agency reported. The United States has strongly urged Moscow to abandon the $800 million project. The Bush administration strongly opposes Iran's nuclear program, alleging the Islamic Republic is working to develop weapons of mass destruction. But Russia and Iran say the Bushehr project is for peaceful, civilian use only and would remain under international control. Washington, however, questions why Iran -- OPEC's second biggest oil producer, with the world's second biggest gas reserves -- needs nuclear power. Source: http://www.cnn.com/2002/WORLD/meast/12/26/iran.russia.nuclear/index.html 3. December 25, New York Times - Dredging plan stalls effort to lay cable under LI sound. A contested plan to transmit electricity between Long Island and Connecticut via a cable across Long Island Sound was dealt a blow this week, when Connecticut regulators rejected a plan to dredge parts of New Haven Harbor. In a letter on Monday, the Connecticut Department of Environmental Protection denied the Cross Sound Cable Company permission to dredge certain parts of the seabed using a different kind of technology than the company had originally proposed. The new method was necessary, the company had said, in areas with particularly resistant bedrock. The letter marked the latest snag for the project, which has been in the works for more than two years and which environmentalists and some Connecticut politicians continue to criticize, saying it could damage shellfish beds and raise electricity prices in Connecticut. The Long Island Power Authority, however, is counting on the 330-megawatt cable to meet its energy demands for next summer. A megawatt is enough to power about 1,000 average homes, and Long Island, which is isolated from energy supply lines but experiencing a growing appetite for electricity, needs every megawatt it can get, utility officials say. Source: http://www.nytimes.com/2002/12/25/nyregion/25CABL.html 4. December 25, Akron Beacon Journal - FirstEnergy sees no need to redesign Oak Harbor Nuclear Plant. The list of potential safety problems at the troubled Davis-Besse Ohio nuclear power plant has been whittled to 26 "potentially significant" issues, FirstEnergy Corp. said Monday. Those remaining issues should be resolved before February without the need to significantly redesign the plant or delay its anticipated restart by April, the company said. The remaining unanswered questions came about as part of new, higher standards adopted at Davis-Besse, company spokesman Todd Schneider said. "We have high confidence in the design of our systems," Schneider said. A third of the 26 safety issues have already been satisfactorily resolved, FirstEnergy officials told members of the Nuclear Regulatory Commission (NRC) on Monday. Officials of the Akron utility were at the NRC's regional office in Lisle, Ill., to update NRC members on the Davis-Besse safety systems. The 883-megawatt plant, in Oak Harbor on the Lake Erie shore, has been shut down since February because boric acid had severely pitted the reactor's vessel head. "We think the overall material condition of the plant is quite good," said Lew Myers, chief operating officer for FirstEnergy's nuclear operating company subsidiary that operates Davis-Besse. FirstEnergy needs to resolve all 26 issues before the plant will be allowed to restart, said NRC spokeswoman Viktoria Mitlyng. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3536090 5. December 21, Anchorage Daily News - Power company serving rural Alaska files for Chapter 11 bankruptcy protection. When Alaska Power & Telephone Co. (AP&T) bought an interest in paving company Summit Alaska Inc. last year, the move was supposed to provide stability through diversification. The strategy backfired painfully, undermining decades of expansion across rural Alaska. When AP&T filed for Chapter 11 bankruptcy reorganization Wednesday, the Port Townsend, Wash. utility company fingered Summit as the dead weight that dragged it down. Anchorage-based Summit filed for Chapter 7 liquidation in federal Bankruptcy Court last week. AP&T's main business is providing power and telephone services in rural Alaska. Now AP&T is focused on maintaining these core operations, said president Robert Grimm, and planning to pare away anything else. Power and telephone customers will not be affected by the filing, executives said. Grimm said the plan now is to rebuild AP&T around its still-healthy subsidiaries, which are excluded from the proceedings. Subsidiaries include Alaska Power Co., Alaska Telephone Co., Bettles Telephone Inc., North Country Telephone Inc., AP&T Long Distance Inc., AP&T Wireless Inc., and wholesalers BBL Hydro Inc. or Goat Lake Hydro Inc. They operate along a swath of Alaska from Hyder in Southeast to Bettles above the Arctic Circle. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3536118 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 6. December 24, Financial Crimes Enforcement Network (FinCEN), Department of the Treasury - Anti-money laundering requirements - correspondent accounts for foreign shell banks; recordkeeping and termination of correspondent accounts for foreign banks. FinCEN is issuing this final rule to extend the time by which certain financial institutions must obtain information from each foreign bank for which they maintain a correspondent account concerning the foreign bank's status as ``shell'' bank, whether the foreign bank provides banking services to foreign shell banks, certain owners of the foreign bank, and the identity of a person in the United States to accept service of legal process. This rule extends the time by which a covered financial institution must obtain the information required to satisfy the requirements of sections 313(a) and 319(b) from December 26, 2002, to March 31, 2003. Treasury and FinCEN do not anticipate granting a further extension beyond March 31 and expect that covered financial institutions will comply with the September 26, 2002, final rule with respect to correspondent accounts established for foreign banks that have not provided the required information by that date. This final rule is effective December 24, 2002. Source: http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo .gov/2002/02-32333.htm [return to top] Transportation Sector 7. December 24, Department of Transportation - Coast Guard declares safety zone around Chicago. The Coast Guard is establishing a temporary safety zone for the City of Chicago New Year's Celebration Fireworks in Monroe Harbor, Chicago, Illinois. This safety zone is necessary to protect vessels and spectators from potential airborne hazards during a planned fireworks display over Lake Michigan. The safety zone is intended to restrict vessels from a portion of Lake Michigan off Chicago, Illinois. This rule is effective from 11:55 p.m. (local), December 31, 2002 until 12:20 a.m. (local), January 1, 2003. Based on recent accidents that have occurred in other Captain of the Port zones, and the explosive hazard of fireworks, the Captain of the Port Chicago has determined firework launches in close proximity to watercraft pose significant risks to public safety and property. The likely combination of large numbers of recreational vessels, congested waterways, darkness punctuated by bright flashes of light, alcohol use, and debris falling into the water could easily result in serious injuries or fatalities. Establishing a safety zone to control vessel movement around the location of the launch platforms will help ensure the safety of persons and property at these events and help minimize the associated risks. Source: http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo .gov/2002/02-32408.htm [return to top] Gas and Oil Sector 8. December 25, New York Times - U.S. oil supplies rise; Venezuela's effect is seen on the horizon. Industry analysts say that the full brunt of that stoppage is just beginning to be felt in the United States. "I thought you would start to see the impact this week, but sometimes these things take a little while to work themselves through the system," said Thomas P. Bentz, senior energy analyst with BNP Paribas Commodity Futures. Crude oil stocks actually rose for the week ended Dec. 20 by 2.7 million barrels, to 286.63 million barrels. But the inventories were helped by a big jump in oil supplies on the West Coast, mainly California, analysts said, perhaps because crude oil shipments originally headed for Asia were diverted to the United States, where prices are higher. Supplies on the Gulf Coast, where most of the oil from Venezuela is refined, were down by 1.84 million barrels, according to the trade group. Source: http://www.nytimes.com/2002/12/25/business/worldbusiness/25REFI.html 9. December 26, Reuters - Foes of Venezuela's Chavez step up demands. Venezuela's opposition on Thursday intensified its drive to oust President Hugo Chavez by demanding that striking state oil employees keep their jobs as part of any accord to end the crisis in the world's No. 5 petroleum exporter. The opposition's tougher stance will complicate efforts by international mediators to break the deadlock between the leftist leader and his foes as Chavez has already fired dozens of striking executives at the state oil firm PDVSA. Striking PDVSA executives and managers on Thursday voted to continue to stay out until Chavez steps down. Many analysts believe Chavez is now settled in for a long battle. He still controls the government and appears to have the loyalty of top military commanders. Source: http://story.news.yahoo.com/news?tmpl=story&u=/nm/20021226/wl_nm/venezue la_dc_159 [return to top] Telecommunications Sector 10. December 25, Washington Post - D.C. overhauling out-of-date 911 system. The network infrastructure that the Washington D.C. emergency call center leases from Verizon Communications Inc. is expensive and out of date, D.C. officials say. In addition, Washington has only one emergency call center covering the entire District; most cities this size have two. On top of that, the call center's systems are not configured to trace the location of wireless 911 calls, making it harder to dispatch help. The District is trying to work on a comprehensive fix for most of call center's technology headaches. The project will revamp the entire emergency response system, starting with a $93 million fiber-optic network that will eventually connect 380 D.C. government operations, as well as police houses, libraries and schools. Construction on that network began in January and so far has connected nine of 10 key downtown government buildings. Source: http://www.washingtonpost.com/wp-dyn/articles/A35049-2002Dec24.html [return to top] Food Sector 11. December 26, Miami Herald (Florida) - Trained dogs may one day sniff out citrus canker. Though not harmful to humans, canker blemishes fruit, making it impossible to sell as fresh fruit in the supermarket. Researchers at the U.S. Department of Agriculture's Fort Pierce lab say it appears that canker has a distinctive enough aroma that dogs can be trained to alert others when smelling it on a tree. Their keen noses might reduce the amount of time it takes to survey the state's vast citrus acreage and maybe allow inspectors to catch the disease earlier. ''Dogs have shown that they do have an ability to detect xanthamonas,'' the agent that causes the disease, said Dr. Calvin Arnold, director of the lab. The next phase is to find whether dogs can distinguish between xanthamonas and other agents. Source: http://www.miami.com/mld/miamiherald/4814097.htm [return to top] Water Sector Nothing to report. [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector 12. December 26, Los Angeles Times - Trucker held in threat on White House. Norayr Avetisyan, 27, was arrested in Dayton on Monday after he was allegedly overheard telling a fellow trucker over a citizen's band radio that he was carrying explosives and was headed to the White House. Another trucker listening in on the conversation called 911. State police alerted officers in the surrounding area. A truck weigh station was opened in Preble County, Ohio, near the state line so Avetisyan would have to stop. Members of the FBI task force on terrorism and U.S. Secret Service agents participated in the arrest. No explosives were found and Avetisyan was turned over to U.S. Marshalls on Tuesday, police said. Reached at his Glendale apartment, a woman who said she was Avetisyan's sister said Tuesday that her brother's comments were not serious. Source: http://www.latimes.com/news/local/valley/la-me-threat25dec25,0,1097019.s tory?coll=la%2Deditions%2Dvalley [return to top] Government Operations Sector Nothing to report. [return to top] Information Technology Sector 13. December 26, Cincinnati Business Courier - Supermarket lets Texas shoppers pay by fingerprint. A large supermarket chain is experimenting with a new payment method in Texas: Finger imaging. Instead of credit or debit cards, customers put their index finger on a scanning machine, using their fingerprint to access their customer account. The voluntary program is being tested at three stores in Texas, according to Reuters. So far, about 10,000 customers have enrolled in the program. "Early indications are that it's being well received by the customer, the new technology is performing well and it is saving both time and money," said Gary Huddleston, manager of consumer affairs for the company's Southwest division. He said the chain has not yet made plans to roll out the finger-imaging program to additional stores. Source: http://cincinnati.bizjournals.com/cincinnati/stories/2002/12/23/daily21. html. [return to top] Cyber Threats and Vulnerabilities 14. December 26, The Washington Times - Hacker threat seen as overdone. A paper published recently by James Lewis of the Center for Strategic and International Studies concludes that the threat from hackers on the nation's critical infrastructures is "overblown." Mr. Lewis makes a distinction between computer networks in general and critical infrastructure. He says, "a brief review suggests that while many computer networks remain very vulnerable to attack, few critical infrastructures are equally vulnerable." To bring the country down even briefly, terrorists would have to do serious damage to critical systems, not just make nuisances of themselves. Lewis makes several points. One is that there is a difference between being a pest and causing strategically serious damage. Second, the American infrastructure is much more robust than terror mongers would have us think. Failure and disruption are already a routine fact of infrastructure life and cause no more than inconvenience. "An assumption I have noticed in disaster scenarios is that if a terrorist can disrupt a network's computers, the network is destroyed. Actually, computers fail frequently, whereupon the engineers reload from backups and life goes on." His conclusion: "The sky is not falling, and cyber-weapons seem to be of limited value in attacking national power or intimidating citizens." The CSIS study is available at http://www.csis.org/tech/0211_lewis.pdf. Source: http://www.washtimes.com/business/20021226-40779202.htm 15. December 26, MSNBC - Hacker turns to extortion. A criminal trying to turn stolen personal data into cash has apparently seized on a new, low-tech method - direct threats. A woman who had her identity stolen in early December managed to foil most of the bank account transfers attempted by the thief. So the criminal turned to personal extortion instead, saying he would leave her alone if she paid $400. The incident concerns online auction consumer advocate Rosalinda Baldwin, who sees it as an escalation of the kinds of tactics hackers might use to turn computer crime into cash. Extortion threats, which until now were normally reserved for hackers trying to wring money out of companies that had suffered security lapses, raise the stakes quite a bit for the criminal, Baldwin says. The big question for Baldwin is whether or not the woman's case is an aberration, or represents a new method computer criminals are using the profit from criminal computer activity. Source: http://www.msnbc.com/news/851175.asp?0si=-&cp1=1 Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 December 2002 Last Changed: 21 December 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 1433(ms-sql-s); 80 (http); 443(https); 445(microsoft-ds); 53(domain); 4662; 21(ftp); 27374(asp); 139(netbios-ssn) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 16. December 26, Gainesville Sun (Florida) - Education against terrorism. Seven Florida universities have created an education program concerning terrorism. Experts in such areas as weapons of mass destruction and biological defense will train health care providers and the public how to respond to any future act of terrorism. Officials will first focus on training the health care providers who are likely to be first-responders in the event of a bioterrorist attack then on educating the supervisory health practitioners who train others. Representatives of the state-funded Area Health Education Centers and the Florida Emergency Medical Foundation also are part of the alliance, which aims to have a completed curriculum by Aug. 30, 2003. To fund the project, the national Centers for Disease Control and Prevention has allocated $6.5 million to the Florida Department of Health, which in turn is contracting with the state universities to design and implement the training program. Source: http://gainesvillesun.com/apps/pbcs.dll/article?Site=GS&Date=20021226&Ca tegory=LOCAL&ArtNo=212260325&Ref=AR&Profile=1007 17. December 24, CNET News.com - A happy New Year for hacker Mitnick. The Federal Communications Commission (FCC) has released a decision that grants convicted hacker Kevin Mitnick his ham radio license renewal after a protracted battle. Ham radio has been a hobby for Mitnick since he was 13 years old. While he now uses it primarily to talk to friends, he credits the hobby with having led to his interest in computer hacking. "It's...how I first became intoxicated with technology, with figuring out how things worked," Mitnick said. Mitnick's license came up for renewal in 1999, when he was still serving a prison sentence for computer fraud, theft and other convictions. The FCC held up his application until recently, when it ruled that Mitnick was sufficiently rehabilitated to deserve the renewal. In its order, the FCC detailed Mitnick's various convictions and concluded that his rehabilitation was genuine and complete. Mitnick is looking forward to the January lifting of fairly severe probation restrictions he's had to observe since his release from prison on Jan. 21, 2000. Under the terms of a plea agreement, Mitnick has been unable to use a computer, access the Internet or act as a computer consultant without the permission of his probation officer. "In four weeks I'll be free to do whatever I want," Mitnick said. "Within the law of course." Source: http://news.com.com/2100-1023-978805.html?tag=fd_lede2_hed 18. December 25, Washington Post - Sleeper cell contacts are revealed by Canada. Al Qaeda "sleeper cells" in Canada and the United States have communicated with each other as recently as this month, probably to plan terrorist attacks in the United States, Canadian intelligence experts said yesterday. The disclosure came in the wake of the arrest last week of a pizza delivery man in Ottawa who is suspected of being associated with the terrorist network of Osama bin Laden. Canadian authorities decided to arrest Mohamed Harkat, 34, shortly after he made calls to suspected al Qaeda members in the United States, said Reid Morden, former director of the Canadian Security Intelligence Service (CSIS), who has been in contact with the Canadian spy agency on the matter. The CSIS alleged in a rare court filing that Harkat, 34, who was born in Algeria and has lived in Canada since 1995, is an associate of Abu Zubaida, one of Osama bin Laden's close associates. Zubaida, who was arrested in Pakistan in March and is in U.S. custody at an undisclosed location, identified Harkat to his interrogators, according to Canadian intelligence officials. Source: http://www.washingtonpost.com/wp-dyn/articles/A35347-2002Dec24.html 19. December 24, USA Today - Terrorism worries U.S. execs more than war. A war with Iraq doesn't worry some executives at U.S. companies as much as concerns about retaliatory terrorism, civil unrest and a host of spin-off uncertainties for which they can't plan. War alone, they say, may do little but raise the price of oil and has become lost in the noise of a nuclear North Korea and civil unrest in Venezuela. But planning is seen in many quarters as crystal ball management, especially at smaller companies. Feelings of helplessness aren't unique to small businesses. About half of Fortune 500 companies have crisis management in place. The others are taking the "head-in-the-sand approach," says Bruce Wimmer, a former Air Force anti-terrorism expert now working for Pinkerton Consulting & Investigations. Companies must imagine the worst, then decide what they would do, he says. Concerns at multinational companies include personnel evacuation, stockpiling inventory, switching manufacturing from one country to another and finding alternative shipping routes and ports. Source: http://www.usatoday.com/money/companies/2002-12-24-war-terror_x.htm [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk