National Infrastructure Protection Center NIPC Daily Open Source Report for 19 December 2002
Daily Overview . ZDNet reports several critical vulnerabilities have been found in the MySQL database system, a light database package commonly used in Linux environments but which runs also on other platforms. (See item 20) . The General Accounting Office has released its December 2002 study on mass transit, examining the challenges in security transit systems, steps transit agencies have taken to improve safety and security, and the federal role in transit safety and security. (See item 8) . The New York Stock Exchange has issued a memorandum underscoring member firms' responsibilities to ensure the accuracy and integrity of order-routing systems in order to protect against errors in orders sent to the NYSE via electronic systems. (See item 4) . The Associated Press reports the ongoing Venezuelan oil strike has reduced Venezuela's oil output from nearly 3 million to 400,000 barrels per day, is sending the world price of crude oil above $30 a barrel, and is depriving the country of $50 million daily in export income. (See item 10) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 18, MDJ Online.com - Pressure builds to curtail the power of power companies. The pressure continues to build for action by the Georgia General Assembly to rein in the virtually unlimited power of electric power companies to take private property for transmission lines without any review by either state or local officials. The latest move came in Gwinnett County, Georgia yesterday when the seven members of the Board of Commissioners unanimously approved a resolution calling for legislation to provide for "the appropriate level of regulation by the Georgia Public Service Commission regarding the construction of above ground high-voltage electrical transmission lines and their attendant systems." A temporary moratorium was requested by residents concerned about a planned high-voltage line that will run beside Simonton Elementary School - whose PTA last week overwhelmingly approved a resolution calling for a moratorium and swift legislative action. A growing number of Georgians are joining the movement to put some checks and balances on the unrestrained eminent domain power of the electric power industry. It remains an open question whether this growing number of citizens will be ignored by the 2003 General Assembly when it comes time to vote on a bill to regulate the power of the power companies. Source: http://apt.mywebpal.com/news_tool_v2.cfm?pnpID=7&CategoryID=89&StoryID=1 0087718&show=localnews 2. December 18, Reuters - U.S. energy groups sign pact on business standards. Two U.S. energy industry groups said on Tuesday they have signed an agreement to work together to clean up and standardize business practices in the nation's scandle-plagued power sector. In a statement NERC (the North American Electric Reliability Council) a non-profit whose members supply nearly all the power in North America, and an energy industry standards board hastily assembled in January said they signed a "memorandum of understanding (MOU)" to open communication between the two groups in their standards-setting processes. The pact comes after a year of shrinking liquidity amid revelations that traders at several companies routinely skewed power and natural gas price data to trade publications that use the data to compile widely watched price indices. The indices, as industry benchmarks, are used in turn to value contracts between energy suppliers, utilities, and industrial buyers. New Jersey-based NERC said that under the MOU the two groups will also establish a joint committee to vet all standards proposals they receive. The committee will hold its first meeting in early January. Earlier this month, the Committee of Chief Risk Officers (CCRO), representing 31 energy companies, held a closed-door meeting in Houston to discuss ways of ridding the market of sham trades and phony prices at the heart of several federal investigations and shareholder lawsuits. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3524295 3. December 17, Power Engineering - Ruling allows data collection for largest renewable plant in U.S. A federal judge has cleared the way for a critical step in what could be a formidable process to gain approval to construct the nation's largest renewable energy plant. Denying a citizen group's motion for a preliminary injunction to block Cape Wind Associates from placing a data collection tower off the shore of Cape Cod, Judge Joseph L. Tauro said the plaintiffs failed to meet any of the three criteria for an injunction: legal standing in court, likelihood of success at trial, and irreparable harm. Cape Wind hopes to build a wind farm six miles off the cape composed of 170 wind turbines with a total generating capacity of 420 MW. Primary opponent of the project is the Alliance to Protect Nantucket Sound, backed by such organizations as the Ocean Conservancy, the Earth Institute, the International Fund for Animals, and the International Wildlife Coalition, all of whom say the structures will harm wildlife to some degree. They also fear that the windmills, positioned in rows, will be ugly and depress real estate values. Wind energy advocates point out that any power generator comes with a price. Gary Gallon, who writes a newsletter for the Canadian Institute for Business and the Environment said that it is impossible to oppose fossil fuels without providing an alternative, and that his organization estimates that the Cape Wind project, operating at full tilt, will replace enough fossil-fueled generation annually to eliminate 4,600 tons of sulfur dioxide, 120 tons of carbon monoxide, and 1,566 tons of nitrous oxide, thus reducing greenhouse emissions by more than a million tons. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3524315 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 4. December 18, New York Stock Exchange - NYSE emphasizes member firms must ensure accuracy, integrity of order-routing systems. The New York Stock Exchange has issued a memorandum underscoring member firms' responsibilities to protect against errors in orders sent to the NYSE via electronic systems. The memorandum follows several instances in which firms sent orders that contained an incorrect quantity of shares or inadvertently re-transmitted orders executed the previous day. The two primary causes of the mistakes were human error or defective software. Although the errors were caught quickly at the NYSE and no customers were harmed, the Exchange emphasized the need for safeguards to prevent errors from being transmitted in the first place. "While electronic order-entry systems can enhance members' or member organizations' ability to route and execute orders, errors resulting from their use can result in increased market volatility and significant financial risk and exposure to members and member organizations," NYSE Executive Vice President Salvatore Pallante said in the memo. The memo outlines five regulatory requirements and business practices that must be adhered to when electronic order-entry systems are used. Source: http://www.nyse.com/presshome.html?query=/press/NT0048B94A.html Memo: http://www.nyse.com/content/memos/NT000B2876.html 5. December 18, New York Times - Computer programmer faces U.S. fraud charge in virus attack. A former computer expert with UBS PaineWebber was indicted today on federal charges of trying to manipulate the stock price of the brokerage's parent company by sabotaging its computer system last spring, the authorities said. The United States attorney for New Jersey, Christopher J. Christie, said the suspect, Roger Duronio, 60, of Bogota, N.J., hoped to cash in on a resulting drop in the stock value of the parent company, UBS The indictment said Duronio spent nearly $22,000 in February and March buying a type of security known as a put option contract, which increases in value as a company's stock price declines. Christie said the plan failed when a computer virus that Mr. Duronio personally transmitted to 1,000 of the 1,500 computers used by PaineWebber brokers across the country failed to disrupt work seriously or cause a sharp change in the stock price. Source: http://www.nytimes.com/2002/12/18/technology/18SABO.html 6. December 18, Associated Press - Four arrested in Texas anti-terror probe. Four men, who are connected to a computer company that did business in the Middle East, were arrested by federal anti-terrorism agents early Wednesday on money-laundering charges. The four men worked at Infocom, a suburban Richardson computer company that federal agents raided in September 2001. Company Vice President Ghassan Elashi, identified as one of the four arrested Wednesday, was also a director of the Holy Land Foundation for Relief and Development, which was shut down in December 2001 after the Treasury Department accused the self-described charity of being a Hamas front and seized its assets. Source: http://story.news.yahoo.com/news?tmpl=story2&cid=514&ncid=514&e=2&u=/ap/ 20021218/ap_on_re_us/hamas_arrests_4 7. December 18, New York Times - Civic leader is charged in money transfers. Mohamed Albanna, 51, a leader and businessman in the Yemeni-American community of Lackawanna, N.Y., and two of his relatives, Ali A. Albanna, 29, and Ali Taher Elbaneh, 52, were indicted last night in Federal District Court in Buffalo on charges of illegally transmitting money out of the country. Mr. Albanna is the uncle of Jaber Elbaneh, who was identified in a criminal complaint against the six young men in September as "uncharged co-conspirator B." The nephew is believed to be in Yemen, law enforcement officials said. Source: http://www.nytimes.com/2002/12/18/nyregion/18LACK.html [return to top] Transportation Sector 8. December 18, General Accounting Office - Mass transit: federal action could help transit agencies address security challenges. On December 18, the General Accounting Office (GAO) released its December 2002 study on mass transit. In light of the history of terrorism against mass transit and the terrorist attacks of September 11, GAO was asked to examine challenges in security transit systems, steps transit agencies have taken to improve safety and security, and the federal role in transit safety and security. To address these objectives, GAO visited 10 transit agencies and surveyed a representative sample of transit agencies. They noted that transit agencies have taken a number of steps to improve the security of their systems since September 11, such as conducting vulnerability assessments, revising emergency plans, and training employees. Formidable challenges, however, remain in securing transit systems. Obtaining sufficient funding is the most significant challenge in making transit systems as safe and secure as possible, according to GAO survey results and interviews with transit agency officials. In addition to funding challenges, certain characteristics of transit agencies make them both vulnerable to attack and difficult to secure. Based on its study, GAO recommended, among other things, that the Secretary of Transportation consider seeking a legislative change to allow all transit agencies to use federal urbanized area formula funds for security-related operating expenses. Source: http://www.gao.gov/new.items/d03263.pdf [return to top] Gas and Oil Sector 9. December 18, New York Times - Two refiners ask U.S. for oil from strategic reserve. At least two large oil refiners have begun talks with the Energy Department to explore borrowing oil from the Strategic Petroleum Reserve to make up for shortfalls in Venezuelan exports caused by strikes, company representatives said yesterday. Representatives for the Amerada Hess Corporation and Citgo confirmed that they had approached the Energy Department about the issue. Both companies said they had not yet received a response. The Energy Department said it was not considering lending oil from the 598-million-barrel reserve at this point. "Currently lending or exchanging oil from the S.P.R. is not an active consideration," an Energy Department spokesman said. Source: http://www.nytimes.com/2002/12/18/business/18OIL.html 10. December 18, Associated Press - Venezuela strike strangling oil industry. The strike - which entered its 17th day - has reduced Venezuela's oil output from nearly 3 million to 400,000 barrels per day, sending the world price of crude oil above $30 a barrel and depriving the country of $50 million daily in export income. While the lifeblood of the nation's economy slowed to a trickle, hundreds of the President Chavez's opponents formed lines across major highways and other roads in Caracas, waving flags and blowing on whistles. The president was dealt a blow Tuesday when officials at the giant Hovensa refinery in the U.S. Virgin Island of St. Croix said no gasoline shipments were headed to Venezuela, which has a majority stake in the refinery. Two of Venezuela's largest refineries, including one producing gasoline for Venezuela and the United States, already have shut down. Oil executives vowed to keep up the pressure. Source: http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021218/ap_on_re_la_a m_ca/venezuela_strike_161 11. December 18, Associated Press - Bush signs pipeline safety bill. President Bush signed legislation Tuesday that's aimed at improving safety along the nation's 2.2 million miles of oil and natural gas pipelines. The bill would require pipeline inspections at least once in the next 10 years and every seven years after that. Some pipelines near large cities would be inspected more frequently. The bill also would expand the public's right to know about pipeline hazards; set up environmental reviews intended to enable more timely pipeline repairs; and increase state oversight of safety activities. Source: http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021217/ap_on_go_pr_w h/pipeline_safety_1 [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 12. December 18, AgNews (Texas A&M University) - Surface treatments could make ready-to-eat products safer. Acidified calcium sulfate, an organic acid calcium sulfate combination, is showing potential as a product that not only kills Listeria on the surface of food products, but also keeps it from coming back. Acidified calcium sulfate could give meat processors another method of intervention to increase the safety of their products, said Dr. Jimmy Keeton, professor with the department of animal science at Texas A&M University, and several already want to test acidified calcium sulfate on their own products to see how effective it is. Source: http://agnews.tamu.edu/dailynews/stories/ANSC/Dec1802a.htm 13. December 18, Irish Examiner (Ireland) - Scientists make salmonella breakthrough. Scientists working on a cure for salmonella have made a major breakthrough in understanding how the food-poisoning bacteria makes people ill. Studies of the complete genome sequence of the disease have identified which genes are activated during infection. "This is the first time anyone has created a complete picture of gene expression for any organism during infection. "It exposes which genes are the real killers. This new technique can be applied to any infectious disease," said Dr Jay Hinton, of the Institute of Food Research. Salmonella has become increasingly resistant to antibiotics and now kills more people in the West than any other food-borne pathogen. Source: http://breaking.examiner.ie/2002/12/18/story81270.html [return to top] Water Sector Nothing to report. [return to top] Chemical Sector 14. December 17, U.S. Chemical Safety and Hazard Investigation Board - General Dynamics plant evacuated by explosion. On Tuesday, a chemical explosion at the General Dynamics Armament and Technical Products in Deland, FL forced the evacuation of the plant at 2000 Brunswick Lane. Seventy-five to 100 employees were evacuated shortly after 5 p.m. when nitric acid came into contact with another chemical, possibly ketone, causing it to ignite, said DeLand Fire Captain Terry Griffiths. No one was injured. The county's hazardous materials team was called in and quarantined the laboratory until a contractor can clean the area. The plant produces devices for the U.S. Army that detect chemical and biological agents. Source: http://www.chemsafety.gov/circ/post.cfm?incident_id=6232 15. December 17, U.S. Chemical Safety and Hazard Investigation Board - Chemicals plant burns in northern Israel. An explosion set off a large fire in a compound of petrochemical plants in the northern port city of Haifa on Tuesday sending a huge cloud of gray smoke over the Mediterranean. Tuesday's explosion went off at about 6:40 a.m. at a fertilizer factory in Haifa Bay, and three warehouses quickly went up in smoke. The blaze broke out next to Oil Refineries Ltd.'s facility in Haifa. Firefighters from all over northern Israel rushed to the scene, trying to keep the fire from spreading to nearby petrochemical plants and oil refineries, police said. "There was an explosion, that is the first report we got," said the area's fire chief, Gershon Zalderman. He said that while investigators were not ruling out any explanations, they believed the blast was caused by an accident. The fire caused huge morning rush hour traffic jams in Haifa, since the industrial compound is close to the coastal road, the main thoroughfare. Cyanide was the main thing in the plant in the northern port city of Haifa, Moshe Mosco said. The facility also held monoammonium sulfide and other substances. "Some of them are very dangerous,'' he added. Two Haifa Chemicals employees suffered smoke inhalation from the fire, which enveloped about 2,000 square meters, he said. Source: http://www.chemsafety.gov/circ/post.cfm?incident_id=6225 16. December 17, Umatilla Chemical Depot News - Umatilla officials anxiously awaiting changes at depot. The nation's chemical demilitarization program is in flux as the new Homeland Security Department's umbrella is opened. And that's leaving people in charge of public welfare for the Umatilla Chemical Depot (in Oregon) anxiously watching the changes. "Nothing is stable right now," said Dennis Doherty, Umatilla County commissioner and chairman of the Governor's Board for Chemical Stockpile Emergency Preparedness Program. The shifting landscape has left local officials who are responsible for public safety "in the fog," said Ken Franz, director of emergency services for Hermiston's Good Shepherd Medical Center. Apprehension in the chemical stockpile communities is increasing as the time to begin burning chemical agents gets closer, said Beverlee Venell, director of Oregon Emergency Management and a member of the governor's board for the Umatilla depot. The Army hopes to begin burning the 3,717 tons of deadly nerve agent at Umatilla in July. Under the new homeland security mandate, protection for the Umatilla Chemical Depot should be one of the state police's top priorities, said Oregon State Police Lt. Darin Helman, supervisor for Umatilla and Morrow counties. But given the state's budget shortfall, Helman said he's going to be hard-pressed to get the job done. "We're no longer going to have 24-hour coverage. Our ability to respond to any incident at the depot is going to be affected. We won't be doing business as we have in the past. We can't," Helman said. Source: http://www.umatilladepotnews.com/2002/1217-1.html [return to top] Emergency Law Enforcement Sector Nothing to report. [return to top] Government Operations Sector 17. December 18, Government Executive - Budget battles could jeopardize homeland security efforts. The inability of Congress to clear 11 of its 13 annual appropriations bills is impacting homeland security efforts and could jeopardize some White House priorities for next year, congressional experts said Monday at an Equity International event. Bill Hoagland, staff director for the Senate Budget Committee, said the proposed fiscal 2003 homeland security budget, at $36 billion, is less than 2 percent of the total budget of more than $2 trillion. He noted that $24 billion would go toward non-Defense Department activities. The budget for the Homeland Security Department will be drawn from nine of the measures. Hoagland divided security spending into three categories: prevention, protection and minimization. Prevention, which includes areas such as investigations, intelligence, law enforcement and immigration, would get about 40 percent, an increase of 60 percent. Protection of the border, critical infrastructures like telecommunications networks, and other areas also would get 40 percent, a 50 percent jump. Minimization of damage, involving groups such as FEMA and the Centers for Disease Control and Prevention, would get the remaining 20 percent, a quadrupling of funding. Source: http://www.govexec.com/dailyfed/1202/121602td1.htm 18. December 18, Washington Post - Governor Ridge addresses workers and begins dialogue for dept. About 140 employees, from agencies transferring to the department, have been lent to Ridge to help get the department started. Army Maj. Gen. Bruce M. Lawlor, who has served as Ridge's senior director for protection and prevention, is expected to be named chief of staff, sources said. During the next 90 days, Ridge's team wants to identify what the nation gains by consolidating the 22 agencies and what goals should be set. The team wants to create a common e-mail system or directory, launch an Internet site and make decisions on a range of ordinary issues - from paychecks to letterheads. The Bush administration hopes that Ridge and his deputy, Gordon England, will be confirmed in January so they can be sworn in by Jan. 24, the day the new department opens for business. Source: http://www.washingtonpost.com/wp-dyn/articles/A3868-2002Dec17.html [return to top] Information Technology Sector 19. December 18, The State - Computer crime center opens in South Carolina. South Carolina's new computer-crime center signals greater cooperation between federal and state police. The $5.6 million center, where more than a dozen state and federal agents will use the latest technology, is the nation's first statewide cybercrime lab. It also will be used to fight terrorism. Similar labs are in New York City, San Diego and in metropolitan north Texas. "We'll have resources from SLED, the FBI, the Secret Service, the Customs Service, the Postal Service and others, all in one computer lab,'' director Robert Mueller said. "The result will be a one-stop shop for investigating computer crimes." Mueller said there are 170 million computers in the United States and 580 million worldwide. Since July, agents at the center have worked 711 cases, said Lt. Chip Johnson, the SLED agent who runs the facility. Last year, SLED's smaller computer lab worked 331 cases, he said. Most cases have been for child exploitation, Internet fraud and identification theft. The center's terminals can analyze in an hour what used to take several hours, Johnson said, sorting quickly through mountains of information and tracking key evidence from bank transfers, to e-mails or phone calls. Agents also have portable computers to copy and read electronic evidence in the field. Source. http://www.thestate.com/mld/thestate/news/local/4763628.htm?template=con tentModules/printstory.jsp [return to top] Cyber Threats and Vulnerabilities 20. December 16, ZDNet Australia - MySQL security flaws uncovered. Several vulnerabilities have been found in the MySQL database system, a light database package commonly used in Linux environments but which runs also on Microsoft platforms, HP-Unix, Mac OS and more. E-matters, a German company, released a security advisory after discovering the flaws. They have rated the vulnerabilities as "Medium to Critical" in severity. The security flaws discovered range from Denial of Service (DoS) problems to more serious issues. "...[O]ne of the flaws can be used to bypass the MySQL password check or to execute arbitrary code," the advisory said. E-matters also found multiple vulnerabilities in the MySQL client libraries, which "...could allow DoS attacks against or arbitrary code execution within anything linked against libmysqlclient." The vulnerabilities affect all versions prior to 3.23.53a and 4.0.5a. MySQL have released an updated "version 3" (3.23.54) that is immune to the security bugs. It is not known when an updated "version 4" MySQL will be released. E-matters will not be releasing an exploit for the vulnerability. Source. http://zdnet.com.com/2100-1104-977958.html Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 2 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 17 December 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 53 (domain); 445(microsoft-ds); 443(https); 3389(ms-term-serv); 4662; 25(smtp); 21 (ftp) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 21. December 18, Washington Post - Two hospitals refuse to vaccinate workers. Two prominent teaching hospitals are refusing to vaccinate their employees against smallpox. Officials at Grady Memorial Hospital in Atlanta and Virginia Commonwealth University in Richmond said yesterday that the risk of dangerous side effects of the vaccine and inadvertent transmission to patients outweigh the remote threat of an attack. The hospitals' decisions mark the first high-profile opposition from the medical community to a plan announced on Friday, by President Bush, to inoculate as many as 11 million Americans by late summer. Three other large medical centers, Children's Hospital of Philadelphia, Emory Medical Center in Atlanta, and the University of Iowa Hospitals and Clinics are leaning against inoculating their staffs. Source: http://www.washingtonpost.com/wp-dyn/articles/A4253-2002Dec17.html 22. December 18, Washington Times - Terror cells on rise in South America. Terrorist training camps operated by Hezbollah continue to flourish in a remote and lawless area along the shared borders of Brazil, Argentina and Paraguay, according to law-enforcement officials and a recent report by anti-terrorism authorities. Known as the "tri-border region,"the area is flanked by the freewheeling cities of Puerto Iguazu in Argentina, Foz do Iguazu in Brazil and Ciudad del Este in Paraguay, where terrorists meet for what the sources said were high-level sessions to discuss future attacks on U.S. and Israeli targets in North and South America. Argentina's Secretariat of State Intelli-gence first reported in 1999 that al Qaeda members were in the region to coordinate terrorist training and to plan future attacks with Hezbollah. U.S. intelligence officials are concerned that an alliance with Hezbollah would give al Qaeda a new base close to the United States for attacks, the sources said. Source: http://www.washingtontimes.com/national/20021218-83927168.htm [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk