National Infrastructure Protection Center NIPC Daily Open Source Report for 26 December 2002
Daily Overview . Internet Security Systems has raised its AlertCon Internet threat indicator to Level 2, in part due to ISS observations of multiple distributed denial of service (DDOS) attacks against commercial targets in Western Europe launched from the Dynamic Trojan Horse Network (DTHN). (See Internet Alert Dashboard) . ZDNet reports at least three commonly used open source software packages were altered by hackers to contain "Trojan horse" code this year, and in all of these cases, the unknown cracker gained entry to the relevant download sites and embedded the back door code in the installation packages. (See item 14) . The Norfolk Daily Press reports a Virginia shipping terminal is the first cargo port in the country installing a new security system that checks for radioactive bombs on containers as they head from the docks to the roadways. (See item 5) Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source Report will be aligned to cover the critical infrastructure sectors as identified in the National Strategy for Homeland Security. Currently covered sectors, which were set forth in Presidential Decision Directive 63, are included in the new format. The new Sector alignment will be as follows: Agriculture, Food, Water, Public Health, Emergency Services, Government, Defense Industrial Base, Information and Telecommunications, Energy (to include Electric Power, and Oil and Gas), Transportation, Banking and Finance, Chemical Industry and Postal and Shipping. Readers wishing to comment on the contents or suggest additional topics and sources should contact Melissa Conaty at 202-324-0354 or Kerry J. Butterfield at 202-324-1131. Requests for adding or dropping distribution to the NIPC Daily Open Source Report should be made through the Watch and Warning Unit at [EMAIL PROTECTED] NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 24, PalmBeachPost.com - Nuclear reactor study met with skepticism. An advocacy group is questioning a new electric industry report that shows nuclear reactors could withstand a crash from a commercial airliner. Edwin Lyman, president of the Washington-based Nuclear Control Institute, said he is skeptical about the study, released Monday, because industry officials won't release the full text of the report. "If they found that a plane could penetrate a containment building and cause a meltdown, would they say it?" Lyman said. But Florida Power & Light Co., which operates the St. Lucie Nuclear Plant on Hutchinson Island, said the study commissioned by the Nuclear Energy Institute trade group should put the public at ease. "It shows that the current design is more than adequate to protect the facilities," said Rachel Scott, a FPL spokeswoman. The Nuclear Energy Institute said in a summary of the study Monday that based on computer-engineered tests, the nation's 103 reactors could withstand a direct hit from a fully fueled Boeing 767-400. Source: http://www.gopbi.com/partners/pbpost/epaper/editions/today/business_e370 ee8b1456e13f00ba.html 2. December 23, KnoxNews.com - TVA's new power generation facility on Raccoon Mt. gets upgrade. TVA is in the midst of a $70 million upgrade to the four mammoth electrical generating units located deep inside Raccoon Mountain - a 38-floor elevator ride down. The plant employs 46 people but also is using contractors for the improvements. "I'd say it's the cleanest method to generate power," said Nick Willis, a contract pipefitter from Jasper, who works at the plant 18 miles west of Chattanooga. "It's a lot cleaner than coal. Here, all you do is pump water up and let it back down. It's not nuclear. It's clean." It's a facility that dumps water from a manmade lake carved out of the top of Raccoon Mountain and then sends it plummeting down through tunnels into the heart of the mountain to generate electricity. Then it reverses the pumps and pulls new water back to the mountaintop to refill the lake and begin the process all over again. Ray Blankenship, a senior operator from Ootlewah, said the plant helps provide a "balanced system" as part of TVA's power structure of coal, nuclear and hydro power. "It's a renewable source," Blankenship said. Source: http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO CID=knoxvillens_2002_12_23_eng-knoxvillens_eng-knoxvillens_001752_294393 83264399009&SMContentSet=0 3. December 20, Lexington Herald-Leader - Innovative power plant faces obstacles. A company that wants to build an innovative power plant in Clark County, KY has applied for a permit from a state siting board, but faces several obstacles. Kentucky Pioneer Energy LLC wants to build a 540-megawatt plant near Trapp that would be powered by pelletized garbage from New York and New Jersey, as well as coal. The plant will use steam and oxygen to convert the coal and garbage into a gas that will produce little pollution. The plant, however, has had several delays and may lose its main customer, East Kentucky Power Cooperative, if the financing isn't secured before Jan 31, 2003. The Pioneer plant, like a rash of other plants proposed for Kentucky after the hot summer of 1999, now faces a soft market for electricity. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3532652 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report. [return to top] Transportation Sector 4. December 23, U.S. Customs Service - U.S. Customs opens trade fastlanes. The joint U.S.-Canada Free and Secure Trade (FAST) initiative, announced on September 9, 2002, by President George W. Bush and Prime Minister Jean Chretien, is now operational at three major commercial crossing points. These crossings include Detroit, Michigan/Windsor, Ontario; Port Huron, Michigan/Sarnia, Ontario; and in Buffalo, New York/ Fort Erie, Ontario. FAST is expediting trade through these three locations responsible for processing over 20,000 thousand inbound and outbound commercial trucks per day--representing more than 40 percent of trade between the U.S. and Canada. In mid-January, 2003, the FAST lane program will be extended farther west along the U.S.-Canada border, to Blaine, Washington/Douglas, British Columbia, and to the east, at Champlain, New York/Lacolle, Quebec. FAST is a bilateral initiative between the United States and Canada designed to ensure security and safety while enhancing the economic prosperity of both countries. In developing this program, Canada and the United States have agreed to harmonize, to the maximum extent possible, their commercial processes for clearance of low-risk commercial shipments at the border. Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1223-00.htm 5. December 22, Daily Press - Norfolk, Virginia ports scan for bombs. A Virginia shipping terminal is the first cargo port in the country to install a new security system that checks for bombs on containers as they head from the docks to the roadways. The new system is part of a push by federal officials and the Virginia Port Authority's to prevent terrorists trying to sneak bombs into the country in cargo containers. Norfolk International Terminals is now scanning 5,000 container trucks a week for radiation just before they carry their goods out of the port. The system - which is an adaptation of an old technology used in steel mills to detect possible radiation there - will be installed at the VPA's Newport News Marine Terminal and Portsmouth Marine Terminal within 90 days, said Robert Merhige, the Virginia Port Authority's deputy executive director. "It should do the job," said Lawrence Weinstein, a professor at physics at Old Dominion University who is familiar with the technology. "It should be able to detect anything that's radioactive enough for us to worry about." Source: http://www.centredaily.com/mld/centredaily/news/4795756.htm 6. December 21, CNN - Airport security program expanded. The Transportation Security Administration (TSA) has expanded a pilot screening program to 42 airports ahead of the holiday rush. The agency announced Friday that security screening at these airports will be conducted at special checkpoints, where equipment and personnel can be consolidated, instead of at individual boarding gates. One of the major changes for passengers is that they will have to have their boarding passes to go through the checkpoint. The passes will no longer be issued at the gates, but will be available at ticket counters, skycap curbside stations and airline computer kiosks. The TSA said that the change will both improve security and be less inconvenient for passengers. In early trials of the program, the wait time was about the same for passengers who were screened as it was for those who were not, the TSA said. Source: http://www.cnn.com/2002/US/12/21/airport.security 7. December 25, FoxNews.com/Associated Press Citing security concerns, the Federal Aviation Administration has issued temporary flight restrictions over New York City and Pasadena, Calif., during the New Year's holiday. Restrictions for New York City will begin at 4 p.m. Dec. 31 and end at 4 a.m. Jan. 1, FAA spokeswoman Laura Brown said. Pilots will be allowed to fly no lower than 1,500 feet within a one-mile radius of the Statue of Liberty. Pilots will also be forbidden to fly below 2,000 feet over Manhattan between 23rd Street and 96th Street, the FAA said. The restrictions were established at the request of the New York Police Department. The restriction around Pasadena for New Year's Day will be from 6 a.m. to 1:30 p.m. during the Rose Bowl and Rose Parade. Restrictions will vary throughout the day, moving from 3,000 to 5,000 feet. The restriction is requested every year by the state of California. Source: http://www.foxnews.com/story/0,2933,73888,00.html [return to top] Gas and Oil Sector 8. December 24, Reuters - Venezuela strike and war fear push oil price to two-year high. Oil prices rose to their highest level in two years yesterday, as a freeze in supplies from strikebound Venezuela and the growing threat of war with Iraq deepened fears of a winter oil supply shortage. In New York, crude oil for February delivery rose $1.45 a barrel, or 4.8 percent, to $31.75. Prices rose further in after-hours trading to as much as $32 a barrel, its highest since January 2001. Oil prices have risen 60 percent this year, jumping $7 in the last month, increasing concern that higher energy costs could endanger a fragile economy. Oil supplies have already tightened for the winter in the Northern Hemisphere, as a 22-day general strike has hurt output from Venezuela, the world's fifth-largest exporter. Refinery operations in the United States have begun to feel the pinch of the lack of crude oil from Venezuela, which supplies about 14 percent of American crude and imports of refined products. Source: http://www.nytimes.com/2002/12/24/business/worldbusiness/24OIL.html [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 9. December 24, Christian Science Monitor - Risk of terrorism to nation's food supply. Experts say U.S. crops and livestock - a $193 billion industry - could easily be attacked by devastating diseases. "Biological agents that could be used to harm crops or livestock are widely available and pose a major threat to U.S. agriculture," says Harley Moon, professor of veterinary medicine at Iowa State University and chair of the National Research Council (NRC) committee that wrote a recent report on the subject. Plant viruses, fungi, and bacteria are easier to obtain than, say, weaponized anthrax aimed at people, and they're easier to spread via winds and carrier insects. "Although an attack with such agents is highly unlikely to result in famine or malnutrition, the possible damage includes major direct and indirect costs to agricultural and national economy, adverse public-health effects ... loss of public confidence in the food system and in public officials, and widespread public concern and confusion," the NRC report concluded recently after two years of studying the issue. Source: http://www.csmonitor.com/2002/1224/p02s01-usgn.html [return to top] Water Sector 10. December 23, Journal News (Westchester, NY) - Officials seek help watching NYC's watershed. Christopher O. Ward, Commissioner of New York City's Department of Environmental Protection (DEP), wants residents, recreational users, and organizations in the watershed to call a special hotline if they spot suspicious or unusual activity near water-supply facilities. The Water-Watch Hotline is meant to assist the city's watershed police force in protecting the water supply from possible acts of terrorism, crime, or pollution. The hotline is part of a growing trend among utilities to rely on the public for information about their infrastructure and property. The number is answered by the DEP police. Lynn Rasic, a spokeswoman for the state Office of Public Security, said her office and the DEP have worked together to develop a response protocol for terrorism-related tips. Source: http://www.nyjournalnews.com/newsroom/122302/A123watercop.html [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector Nothing to report. [return to top] Government Operations Sector 11. December 20, General Accounting Office - The General Accounting Office has issued a report entitled, "Homeland security: management challenges facing federal leadership," prepared for the U.S. Senate's Committee on Governmental Affairs. The report states that a new homeland security emphasis is underway, but remains incomplete. Agencies reported a new emphasis on homeland security activities, such as accelerated implementation of existing homeland security activities or increased coordination with other government agencies or the private sector. Agencies will be challenged in meeting dual or unrelated missions while maintaining and strengthening homeland security operations. Government organizational changes are also contributing to the new emphasis, including creation of the Office of Homeland Security, the Transportation Security Administration, and the integration of many homeland security functions into the new Department of Homeland Security. Although officials say that coordination efforts at all levels have increased, concerns remain particularly with state and local government and collaboration with the private sector needs greater emphasis. Source: http://www.gao.gov/highlights/d03260high.pdf Report: http://www.gao.gov/cgi-bin/getrpt?GAO-03-260 [return to top] Information Technology Sector 12. December 23, NewsFactor Network - The code that cuts both ways - the debate over full disclosure. The focus on computer security has never been more intense, and the debate over disclosure has never been hotter. On one hand, mailing lists like BugTraq can give vendors an incentive to fix security holes by making them public. But some vendors say full disclosure only helps crackers, so they urge security experts to wait before making information available. Should security experts publicize vulnerability information, especially when releasing that data could result in functional attacks on security holes before a patch is released? Cate Quirk, an analyst with AMR Research, told NewsFactor that lists like BugTraq are necessary. "It certainly gets people on the ball, that they do need to patch security holes," she said. But despite widespread agreement that public disclosure of security flaws is necessary, experts differ on how much information should be made available, or how quickly that information should be released. Many people who discover security holes are "white hats" -- hackers who want to find vulnerabilities and have them fixed before would-be attackers can exploit them to the detriment of computer users. But white hats face several practical and ethical issues in disclosing security problems. On the other hand, if a white hat chooses to remain silent, the vulnerability in question may go unreported and unrepaired -- but crackers may also discover it independently and exploit it in secret. Source: http://www.newsfactor.com/perl/story/20319.html 13. December 23, Wired News - IDC says that tech bucks and hack threats are up. In a series of predictions for the coming year, IDC analysts said the economy could expect a boost from an increase in corporate IT spending. Every year, IDC makes 10 predictions for the upcoming year. In the six years it has made such forecasts, it has usually gotten seven out of 10 predictions right, says IDC chief research officer John Gantz. IDC fears that a war with Iraq will galvanize hackers to use their skills, perhaps in a coordinated way, to create "economic disruptions" through denial-of-service attacks and even physical attacks on key networks. IDC went as far as to say that such an attack would bring the Internet "down to its knees" for a day or two. IDC based this prediction on an Oct. 22 DoS attack against 13 "root servers" that provide the primary roadmap for almost all Internet communications. Although investigators considered it the largest and most sophisticated attack ever against the Internet, users worldwide were largely unaffected. Still, IDC considered the attack a "blueprint" for events to come. Source: http://www.wired.com/news/infostructure/0,1377,56902,00.html [return to top] Cyber Threats and Vulnerabilities 14. December 24, ZDNet Australia - Trojan horses plague open source. At least three commonly used open source software packages were altered by black-hat hackers to contain "Trojan horse" code this year. The three most commonly used packages affected were Sendmail, OpenSSH and tcpdump/libpcap. Others to be modified included BitchX, a chat client, and Fragrouter, a network security tool. In all of these cases, the unknown cracker gained entry to the relevant download sites and embedded the back door code in the installation packages. Adam Pointon, a Melbourne, Australia based security consultant, says that most of these modifications were not noticed for several days. But Pointon says that using open source software is often less risky than using pre-compiled, or "closed source" software because users who download open source packages can very easily verify their authenticity through a mathematical process known as an md5 checksum. An md5 checksum is basically a fingerprint of a file. A mathematical operation is performed on the relevant file that will generate a unique 32-byte number. If a single bit is changed in that file, the number that the md5 utility spits out will be completely different. The motives for the Trojans are unclear. Some are speculating that a group black-hat hackers are using the Trojan technique to target high-profile security related sites. They might "get lucky" if the administrators of these sites installs a tainted package. Source: http://www.zdnet.com.au/newstech/enterprise/story/0,2000025001,20270855, 00.htm Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 2 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 24 December 2002 Last Changed: 21 December 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 1433(ms-sql-s); 80 (http); 445 (microsoft-ds); 443(https); 53 (domain); 4662; 27374(asp); 21 (ftp); 139(netbios-ssn) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 15. December 24, Associated Press - Researchers develop smallpox vaccine test. A laboratory test for the effectiveness of smallpox vaccines has been developed by a team of European researchers and it may be used as Americans start receiving shots against the disease. In a study appearing this week in the Proceedings of the National Academy of Sciences, scientists in Germany and France report they have discovered a test that can determine if a candidate smallpox vaccine can prompt protection against the disease in humans. The test also could be used to determine if a person actually develops defenses against smallpox after being vaccinated. The large majority will develop immunity, but not everyone. Dr. Bernard Moss at the National Institute of Allergy and Infectious Diseases, one of the National Institutes of Health, said the research is important because no scientist has ever identified in the human immune system the types of responses needed to protect against smallpox. Source: http://www.timesdaily.com/apps/pbcs.dll/article?Date=20021224&Category=A PA&ArtNo=212240657&Ref=AR [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk