National Infrastructure Protection Center NIPC Daily Open Source Report for 29 November 2002
Daily Overview • The L.A. Times reports that a suicide car bombing at a resort hotel in Msumarini, Kenya killed at least 16 people Thursday at the same time that two missiles narrowly missed an Israeli charter jet taking off nearby. (See item 15) • According to the BBC, Ohio State University scientists have simulated attacks on key Internet hubs which illlustrate how vulnerable the worldwide network is to disruption by disaster or terrorist action. (See item 14) • According to the New York Times, the identity-theft case announced this week is even more troubling because the threat came from company insiders who were able to steal the same types of materials that terrorists would aim to gather. (See item 1) • According to Wired News, a report presented to the United Nations on Monday states the security of wireless networks is of “critical concern,” since wireless local area networks are more prone to hacker attacks than fixed-line networks. (See item 7) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector Nothing to report. Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 1. November 27, New York Times – Identity-theft case exposes insider threat. Many law enforcement and security experts say the large-scale identity theft case announced this week simply provides a startlingly large window onto a problem that not only threatens people's sense of privacy and invulnerability, but also poses questions about the priority many companies place on security. Officials said there was no evidence of a terrorist connection to the fraud. But the case raises the specter of terrorists' gaining what appears to have been cheap and easy access to material that can be used to create false identities within the United States, experts said. Joanna P. Crane, the manager of the Federal Trade Commission's identity theft program, which was created in January 1999, said that the entire episode was troubling because what was stolen was exactly the material that terrorists would aim to gather. The case, many security experts say, also shows what they have long contended: that insiders are a bigger threat than outside hackers, because they have access to closely held passwords, and knowledge of the systems they are seeking to manipulate. Source: http://www.nytimes.com/2002/11/27/nyregion/27CRED.html [return to top] Transportation Sector 2. November 27, New York Times – Airlines' official warns on security costs. Carol B. Hallett, president of the Air Transport Association, an airline trade association, said Tuesday that unless the industry's problems are fixed soon, it might be necessary to nationalize the airlines. Hallett, speaking at an industry luncheon, said that such a step would have costs that were “intolerable,” but that the burden of security fees was destroying the airlines. Fees that are supposedly charged to passengers are essentially paid by the airlines, Hallett contended, because the surcharge imposed by the federal government that is supposed to pay for additional security prevents the airlines from charging more for tickets and therefore cuts into airlines' revenue. Failing to fix the root causes of the industry's dire situation could mean that the nationalization of the industry becomes necessary, Hallett said. Source: http://www.nytimes.com/2002/11/27/business/27ATA.html?ex=1039410686&ei=1 &en=2aeab3e5c35e31ae 3. November 27, New York Times – McGreevey pitches DMV plan as vital to New Jersey's security. Surrounding himself with law enforcement officials and terrorism experts, New Jersey Gov. James E. McGreevey Wednesday promoted his $200 million plan to overhaul the state's Department of Motor Vehicles as a vital matter of security, saying it would help prevent criminals and terrorists from obtaining fraudulent state identification. McGreevey said that under the plan, surveillance cameras would be installed and additional police officers assigned to the state's 45 motor vehicles offices, where internal security staffing has dwindled during the past decade and dozens of employees have been arrested on charges of document fraud. Under the proposal, in 2004 the state would begin issuing digitized licenses, which would have fingerprints or electronic retina scans to discourage counterfeiting. Source: http://www.nytimes.com/2002/11/27/nyregion/27MOTO.html?ex=1039411118&ei= 1&en=c0d0a74b7236f611 4. November 27, Associated Press – French arrest man in failed hijack bid. A man claiming to be an al-Qaida member and carrying what he said was a bomb was arrested Wednesday after trying to hijack an Alitalia jet over the Swiss Alps, police said. The jet, flying from Bologna, Italy, to Paris, France, was diverted to the southern French city of Lyon. It was unclear whether the alleged hijacker forced the plane to land there or whether it was the pilot's decision. There was no bomb on board, police said. The suspect was arrested by a French paramilitary team at the Lyon airport. He is Italian, said Loredana Rosati, an official of the Enac civil aviation agency. No further details on his identity were immediately available. Source: http://www.austin360.com/aas/news/ap/ap_story.html/Intl/AP.V5798.AP-Fran ce-Plane-Di.html [return to top] Gas and Oil Sector 5. November 27, Dow Jones Newswires – Four Russian companies plan Arctic port to speed oil to U.S. Four of Russia's biggest oil companies are planning to build an Arctic oil port that could eventually help ease U.S. reliance on Mideast oil by supplying as much as 10% of American crude imports, company officials said. Plans for the Russian port in the northwestern town of Murmansk are still at an early stage. The companies haven't yet arranged financing or conducted a feasibility study but signed a memorandum of under-standing declaring their intentions to pursue the project, company officials said. The project is expected to cost $3.4 billion to $4.5 billion, but the feasibility study will only be done in 2004. The transportation network should be ready in 2007. The 935-mile pipeline is expected to carry 80 million metric tons, or 584.4 million barrels of oil a year to be exported from the Barents Sea port of Murmansk to Western Europe and the U.S. Source: http://story.news.yahoo.com/news?tmpl=story&u=/dowjones/20021127/bs_dowj ones/200211270234000084 6. November 27, New York Times – After oil spill, Spain and France impose strict tanker inspections. In the aftermath of the Prestige oil spill, which has tarnished more than 250 miles of Spanish coastline, Spain and France have decided to impose rigorous inspections on tankers deemed dangerous and even to expel such ships from the waters they control. President Jacques Chirac of France and Prime Minister José María Aznar of Spain agreed today that beginning on Wednesday single-hulled tankers more than 15 years old that are carrying oil or tar through waters controlled by each country will be subject to stringent inspections. Under the new rules, tankers traveling through exclusive economic zones for each country, which stretch 200 miles out to sea, will have to provide information about their cargo, destination, flag and operators to French and Spanish authorities. Source: http://www.nytimes.com/2002/11/27/international/europe/27SHIP.html [return to top] Telecommunications Sector 7. November 27, Wired News – UN hears from wireless experts. The security of wireless networks is of “critical concern,” according to a report presented to the United Nations on Monday. A collaboration of computer experts from the wireless industry, government and academia, the report said wireless local area networks proliferating in homes, schools, parks, airports and coffee shops are more prone to hacker attacks than fixed-line networks. On regular networks, information travels through cables. But with wireless networks, hackers with enough time and programming skills can steal information “right out of the air,” said Eugene Spafford, an organizer of Purdue University's Wireless Security Forum, which helped draft the report. “As a hammer can be used both to build houses and to destroy treasured works of art, so can wireless technology be both beneficial and harmful,” Spafford told the Purdue News. Governments of many developing countries look at wireless technology as a way to enter the information age without having to invest in expensive infrastructure, the report said. But they should also monitor use of the technology and intervene “where appropriate and necessary” to prevent security breaches. Source. http://www.wired.com/news/print/0,1294,56594,00.html [return to top] Food Sector 8. November 26, Resource – Purdue researchers chip away at food contamination. Purdue University is researching safeguarding the nation's food through development of a tiny molecule-coated computer chip. The researchers designing the chips are focusing their efforts on Listeria monocytogenes, an organism that kills one out of five of its victims. The bacteria can be present in all types of food including ready-to-eat meats, dairy products, fruits and vegetables. The project is addressing the fundamental engineering and science required for development of microchip, bio-based assays that are transportable to the field and that can rapidly assess whether or not live, and therefore harmful, Listeria is present. The goal of the biochip research – cutting the time it takes to detect Listeria – is of prime importance. Currently it is normal for two to three days to elapse between when a food processor or producer extracts a food sample and when test results are available. By that time, tainted food may already be in warehouses and on grocery shelves. The ability of the chips to provide immediate information concerning tainted food and the devices' small size ultimately will allow their use in processing plants, farm fields, and grocery stores. Source: http://www.smalltimes.com/document_display.cfm?document_id=5121 [return to top] Water Sector Nothing to report. [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector 9. November 27, Boston Globe – Boston pushes for help in convention security. At Mayor Thomas M. Menino's request, Governor-elect Mitt Romney said he will ask that the 2004 Democratic National Convention be declared a national special security event, which would shift security oversight from Boston police to the U.S. Secret Service, along with some of the costs. The same designation was given to the 2002 Winter Olympics, which Romney chaired, and the federal government provided $250 million in security assistance for the three-week games. Because Boston is hosting the first national political convention since the Sept. 11, 2001, terrorist attacks, security analysts and a Democratic source close to the process said yesterday it is likely the designation will be granted to the convention, along with the Republican National Convention the following month. Source: http://www.boston.com/dailyglobe2/331/metro/Romney_to_seek_US_aid_for_04 _parley+.shtml 10. November 25, New York Times – Fire dept. tests radios in high-rise drill. The New York Fire Department tested new hand-held radios yesterday as part of a drill involving about 100 firefighters in a high-rise, 30 Rockefeller Plaza in Midtown. To test the radios, which operate on UHF, the department distributed them in Staten Island in August. They are believed to be better at penetrating buildings and are compatible with police radios. The department “will continue to test them as long as they can to make sure that in the future, if they are implemented, that there is no compromise of firefighters' safety,” said Firefighter Jim Long, a department spokesman. “They are still testing. They are not going to implement them citywide until they are satisfied with all tests,” he said. Source: http://www.nytimes.com/2002/11/25/nyregion/25RADI.html [return to top] Government Operations Sector 11. November 27, Associated Press – President signs bill to establish independent Sept. 11 probe, with Kissinger as its head. President Bush signed legislation creating a new independent commission to investigate the Sept. 11 attacks Wednesday and named former Secretary of State Henry Kissinger to lead the panel. The commission has a broad mandate, building on the limited joint inquiry conducted by the House and Senate intelligence committees. The independent panel will have 18 months to examine issues such as aviation security and border problems, along with intelligence. The commission's creation is part of a bill authorizing intelligence activities in the 2003 budget year. Though most details of the legislation remain secret, lawmakers say it provides the biggest-ever increase in intelligence spending in an attempt to fix some counterterrorism weaknesses — such as a lack of information-sharing, a shortage of experts in certain key languages and new attention to traditional, human spying. Source: http://www.usatoday.com/news/washington/2002-11-27-bush-sept11probe_x.ht m [return to top] Information Technology Sector 12. November 27, Government Computer News – FedCIRC plans centralized software patch distribution. The General Services Administration (GSA) is working to make it easy for agencies to stay up-to-date with software patches. GSA recently awarded a $10.8 million task order contract for a company to support the Federal Computer Incident Response Center (FedCIRC) in issuing alerts and distributing patches via the Web. GSA awarded the task order, which is for one year with four one-year options, through its Safeguard government-wide acquisition contract. The chosen firm will develop the Web portal by late December. The technology will notify federal IT managers and CIOs about the software patches, then authenticate and distribute the patches. The system will use commercial software to pinpoint in real time the computers that need software patches and provide CIOs and IT managers with alerts specific to the software used by their agencies. FedCIRC is one of the 22 entities being transferred to the new Homeland Security Department. Source. http://www.gcn.com/vol1_no1/daily-updates/20577-1.html [return to top] Cyber Threats and Vulnerabilities 13. November 27, Associated Press – Bush signs bill to boost cyber security. President Bush on Wednesday signed a bill authorizing $900 million in grants to spur federal agencies, industry and universities to devote more energy to cyber security research. The five-year program would require the National Science Foundation and the National Institute of Standards and Technology to bring industry and academic experts together to fund new research and to help attract top researchers to the field. It also would encourage efforts to recruit new students into cyber security programs. Source. http://www.washingtonpost.com/wp-dyn/articles/A46319-2002Nov27.html 14. November 26, BBC – Risk of Internet collapse is rising. Scientists say that simulated attacks on key Internet hubs have shown how vulnerable the worldwide network is to disruption by disaster or terrorist action. If an attack or disaster destroyed the major nodes of the Internet, the network itself could begin to unravel, warn the scientists who carried out the simulations. The virtual attacks showed that the net would keep going in major cities, but outlying areas and smaller towns would gradually be cut off. The researchers warn that the net has become more vulnerable as it has become more commercialized and key net cables are concentrated in the hands of fewer organizations. The simulations were carried out by a trio of scientists from Ohio State University led by Tony Grubesic, Assistant Professor of Geography at the University of Cincinnati. Dr Grubesic compared the net to U.S. air traffic system. In its early days the net was as decentralised as possible with multiple links between many of the nodes forming it. If one node disappeared, traffic could easily flow to other links and route traffic to all parts. However, said the researchers, the increasing commercialization of the net has seen the emergence of large hubs that act as key distribution points for some parts of the web. As a result, the net has become much more vulnerable to attack. Source. http://news.bbc.co.uk/2/hi/technology/2514651.stm Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 23 November 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_NIMDA.E (aka W32/Nimda.E@mm, PE_NIMDA.E-O, NIMDA.E Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 80(http); 1433(ms-sql-s); 21(ftp); 4665; 139 (netbios-ssn); 25(smtp); 6112; 22(ssh); 27374(asp); 43981 Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 15. November 29, L.A. Times – Car bombing kills 16; missiles threaten jet. A suicide car bombing at a resort hotel in Msumarini, Kenya killed at least 16 people Thursday amid reports that two missiles fired at the time narrowly missed harming an Israeli charter jet taking off nearby. Israeli officials said one of the missiles slightly damaged the tail of the Arkia Charter Co. jet with 271 passengers and crew members on board. The plane was able to land safely in Tel Aviv, Israel, a few hours later. The car bombing Thursday morning tore through the Paradise Mombasa hotel, which caters almost exclusive to Israeli tourists, and triggered a fire that damaged much of the building. At least 10 Kenyans, three Israelis and the three suicide bombers were among the dead, according to police at the scene. A previously unknown group calling itself Army of Palestine later claimed responsibility for the attacks in a fax to media, but government officials in Kenya and Israel along with terrorism experts said the operation bore the trademarks of Al Qaeda or an affiliated group." Although no one was killed or injured in the missile attack, it was the first time terrorists have used such a tactic, and it points to a previously overlooked area of vulnerability, potentially affecting tourist destinations all over the world. “It is hard to defend aircraft from such a strategic threat,” said Pini Schiff, deputy director general of the Israel's Airport Authority. An Israeli Foreign Ministry spokesman said two heat-seeking Russian-made missiles known as SA-7 strellas were launched at Arkia Flight 582, just a few minutes after it had taken off. A missile launcher was found later on the ground near the airport. Source: http://www.latimes.com/news/nationworld/world/la-fg-kenya29nov29.story 16. November 27, Associated Press – Philippines bans imports over anthrax fears. The Philippines has banned beef imports from Australia after anthrax was found on a farm in Victoria state, officials said Wednesday. “All beef imports from Australia are covered,” Philippine Agriculture Secretary Leonardo Montemayor told The Associated Press. Live cattle imports are not being halted, but Montemayor said the Philippines has asked Australia to quarantine animals for 20 days before they are shipped here. Twenty days is the incubation period for the disease that can kill humans, Montemayor said. Although the anthrax found in Australia appears to have been isolated, Philippine officials said that since they cannot tell specifically where beef has come from they considered the ban a necessary public health measure. Officials did not immediately say how long the ban would last, though they called it temporary. Source: http://thestar.com.my/news/story.asp?file=/2002/11/27/latest/9029Philipp ine&sec=latest 17. November 27, Associated Press – Bush readies plan for smallpox vaccine. The Bush administration plans to make the smallpox vaccine available to all Americans eventually, but officials will recommend that only those who are at greatest risk of encountering a patient get the shots. Under plans not yet final, the administration would recommend that emergency room workers and special smallpox response teams take the vaccine. The shot soon would be available to other health care workers and emergency responders, but states would have a say in which ones it would be recommended for, administration officials said. The general public eventually would be offered the shots but not encouraged to get them. Administration officials say a decision from President Bush is expected soon, possibly next week. Bush is also close to approving a plan for vaccinating U.S. military forces against the disease. Meanwhile, states are working on their own smallpox plans, due next week at the Department of Health and Human Services. Source: http://www.washingtonpost.com/wp-dyn/articles/A45076-2002Nov27.html [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights – The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely report IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk