National Infrastructure Protection Center
NIPC Daily Open Source Report for 29 November 2002

Daily Overview

•       The L.A. Times reports that a suicide car bombing at a resort
hotel in Msumarini, Kenya killed at least 16 people Thursday at the same
time that two missiles narrowly missed an Israeli charter jet taking off
nearby.  (See item 15)

•       According to the BBC, Ohio State University scientists have
simulated attacks on key Internet hubs which illlustrate how vulnerable
the worldwide network is to disruption by disaster or terrorist action.
(See item 14)

•       According to the New York Times, the identity-theft case
announced this week is even more troubling because the threat came from
company insiders who were able to steal the same types of materials that
terrorists would aim to gather.  (See item 1)

•       According to Wired News, a report presented to the United
Nations on Monday states the security of wireless networks is of
“critical concern,” since wireless local area networks are more prone to
hacker attacks than fixed-line networks.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

Nothing to report.

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

1.      November 27, New York Times – Identity-theft case exposes
insider threat.  Many law enforcement and security experts say the
large-scale identity theft case announced this week simply provides a
startlingly large window onto a problem that not only threatens people's
sense of privacy and invulnerability, but also poses questions about the
priority many companies place on security.  Officials said there was no
evidence of a terrorist connection to the fraud.  But the case raises
the specter of terrorists' gaining what appears to have been cheap and
easy access to material that can be used to create false identities
within the United States, experts said.  Joanna P. Crane, the manager of
the Federal Trade Commission's identity theft program, which was created
in January 1999, said that the entire episode was troubling because what
was stolen was exactly the material that terrorists would aim to gather.
The case, many security experts say, also shows what they have long
contended: that insiders are a bigger threat than outside hackers,
because they have access to closely held passwords, and knowledge of the
systems they are seeking to manipulate.  Source: 

[return to top]

Transportation Sector

2.      November 27, New York Times – Airlines' official warns on
security costs. Carol B. Hallett, president of the Air Transport
Association, an airline trade association, said Tuesday that unless the
industry's problems are fixed soon, it might be necessary to nationalize
the airlines.  Hallett, speaking at an industry luncheon, said that such
a step would have costs that were “intolerable,” but that the burden of
security fees was destroying the airlines.  Fees that are supposedly
charged to passengers are essentially paid by the airlines, Hallett
contended, because the surcharge imposed by the federal government that
is supposed to pay for additional security prevents the airlines from
charging more for tickets and therefore cuts into airlines' revenue.
Failing to fix the root causes of the industry's dire situation could
mean that the nationalization of the industry becomes necessary, Hallett
said.  Source:

3.      November 27, New York Times – McGreevey pitches DMV plan as
vital to New Jersey's security.  Surrounding himself with law
enforcement officials and terrorism experts, New Jersey Gov. James E.
McGreevey Wednesday promoted his $200 million plan to overhaul the
state's Department of Motor Vehicles as a vital matter of security,
saying it would help prevent criminals and terrorists from obtaining
fraudulent state identification.  McGreevey said that under the plan,
surveillance cameras would be installed and additional police officers
assigned to the state's 45 motor vehicles offices, where internal
security staffing has dwindled during the past decade and dozens of
employees have been arrested on charges of document fraud.  Under the
proposal, in 2004 the state would begin issuing digitized licenses,
which would have fingerprints or electronic retina scans to discourage
counterfeiting.  Source:

4.      November 27, Associated Press – French arrest man in failed
hijack bid.  A man claiming to be an al-Qaida member and carrying what
he said was a bomb was arrested Wednesday after trying to hijack an
Alitalia jet over the Swiss Alps, police said.  The jet, flying from
Bologna, Italy, to Paris, France, was diverted to the southern French
city of Lyon.  It was unclear whether the alleged hijacker forced the
plane to land there or whether it was the pilot's decision.  There was
no bomb on board, police said.  The suspect was arrested by a French
paramilitary team at the Lyon airport.  He is Italian, said Loredana
Rosati, an official of the Enac civil aviation agency.  No further
details on his identity were immediately available.  Source:

[return to top]

Gas and Oil Sector

5.      November 27, Dow Jones Newswires – Four Russian companies plan
Arctic port to speed oil to U.S.  Four of Russia's biggest oil companies
are planning to build an Arctic oil port that could eventually help ease
U.S. reliance on Mideast oil by supplying as much as 10% of American
crude imports, company officials said.  Plans for the Russian port in
the northwestern town of Murmansk are still at an early stage. The
companies haven't yet arranged financing or conducted a feasibility
study but signed a memorandum of under-standing declaring their
intentions to pursue the project, company officials said.  The project
is expected to cost $3.4 billion to $4.5 billion, but the feasibility
study will only be done in 2004.  The transportation network should be
ready in 2007.  The 935-mile pipeline is expected to carry 80 million
metric tons, or 584.4 million barrels of oil a year to be exported from
the Barents Sea port of Murmansk to Western Europe and the U.S.  Source:

6.      November 27, New York Times – After oil spill, Spain and France
impose strict tanker inspections.  In the aftermath of the Prestige oil
spill, which has tarnished more than 250 miles of Spanish coastline,
Spain and France have decided to impose rigorous inspections on tankers
deemed dangerous and even to expel such ships from the waters they
control.  President Jacques Chirac of France and Prime Minister José
María Aznar of Spain agreed today that beginning on Wednesday
single-hulled tankers more than 15 years old that are carrying oil or
tar through waters controlled by each country will be subject to
stringent inspections.  Under the new rules, tankers traveling through
exclusive economic zones for each country, which stretch 200 miles out
to sea, will have to provide information about their cargo, destination,
flag and operators to French and Spanish authorities.  Source: 

[return to top]

Telecommunications Sector

7.      November 27, Wired News – UN hears from wireless experts.  The
security of wireless networks is of “critical concern,” according to a
report presented to the United Nations on Monday.  A collaboration of
computer experts from the wireless industry, government and academia,
the report said wireless local area networks proliferating in homes,
schools, parks, airports and coffee shops are more prone to hacker
attacks than fixed-line networks.  On regular networks, information
travels through cables.  But with wireless networks, hackers with enough
time and programming skills can steal information “right out of the
air,” said Eugene Spafford, an organizer of Purdue University's Wireless
Security Forum, which helped draft the report.  “As a hammer can be used
both to build houses and to destroy treasured works of art, so can
wireless technology be both beneficial and harmful,” Spafford told the
Purdue News.  Governments of many developing countries look at wireless
technology as a way to enter the information age without having to
invest in expensive infrastructure, the report said.  But they should
also monitor use of the technology and intervene “where appropriate and
necessary” to prevent security breaches.  Source.,1294,56594,00.html

[return to top]

Food Sector

8.      November 26, Resource – Purdue researchers chip away at food
contamination.  Purdue University is researching safeguarding the
nation's food through development of a tiny molecule-coated computer
chip.  The researchers designing the chips are focusing their efforts on
Listeria monocytogenes, an organism that kills one out of five of its
victims.  The bacteria can be present in all types of food including
ready-to-eat meats, dairy products, fruits and vegetables.  The project
is addressing the fundamental engineering and science required for
development of microchip, bio-based assays that are transportable to the
field and that can rapidly assess whether or not live, and therefore
harmful, Listeria is present.  The goal of the biochip research –
cutting the time it takes to detect Listeria – is of prime importance.
Currently it is normal for two to three days to elapse between when a
food processor or producer extracts a food sample and when test results
are available.  By that time, tainted food may already be in warehouses
and on grocery shelves.  The ability of the chips to provide immediate
information concerning tainted food and the devices' small size
ultimately will allow their use in processing plants, farm fields, and
grocery stores.  Source: 

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

9.      November 27, Boston Globe – Boston pushes for help in convention
security.  At Mayor Thomas M. Menino's request, Governor-elect Mitt
Romney said he will ask that the 2004 Democratic National Convention be
declared a national special security event, which would shift security
oversight from Boston police to the U.S. Secret Service, along with some
of the costs.  The same designation was given to the 2002 Winter
Olympics, which Romney chaired, and the federal government provided $250
million in security assistance for the three-week games.  Because Boston
is hosting the first national political convention since the Sept. 11,
2001, terrorist attacks, security analysts and a Democratic source close
to the process said yesterday it is likely the designation will be
granted to the convention, along with the Republican National Convention
the following month.  Source:

10.     November 25, New York Times – Fire dept. tests radios in
high-rise drill.  The New York Fire Department tested new hand-held
radios yesterday as part of a drill involving about 100 firefighters in
a high-rise, 30 Rockefeller Plaza in Midtown.  To test the radios, which
operate on UHF, the department distributed them in Staten Island in
August.  They are believed to be better at penetrating buildings and are
compatible with police radios.  The department “will continue to test
them as long as they can to make sure that in the future, if they are
implemented, that there is no compromise of firefighters' safety,” said
Firefighter Jim Long, a department spokesman.  “They are still testing.
They are not going to implement them citywide until they are satisfied
with all tests,” he said.  Source: 

[return to top]

Government Operations Sector

11.     November 27, Associated Press – President signs bill to
establish independent Sept. 11 probe, with Kissinger as its head.
President Bush signed legislation creating a new independent commission
to investigate the Sept. 11 attacks Wednesday and named former Secretary
of State Henry Kissinger to lead the panel.  The commission has a broad
mandate, building on the limited joint inquiry conducted by the House
and Senate intelligence committees.  The independent panel will have 18
months to examine issues such as aviation security and border problems,
along with intelligence.  The commission's creation is part of a bill
authorizing intelligence activities in the 2003 budget year.  Though
most details of the legislation remain secret, lawmakers say it provides
the biggest-ever increase in intelligence spending in an attempt to fix
some counterterrorism weaknesses — such as a lack of
information-sharing, a shortage of experts in certain key languages and
new attention to traditional, human spying.  Source:

[return to top]

Information Technology Sector

12.     November 27, Government Computer News – FedCIRC plans
centralized software patch distribution.  The General Services
Administration (GSA) is working to make it easy for agencies to stay
up-to-date with software patches.  GSA recently awarded a $10.8 million
task order contract for a company to support the Federal Computer
Incident Response Center (FedCIRC) in issuing alerts and distributing
patches via the Web.  GSA awarded the task order, which is for one year
with four one-year options, through its Safeguard government-wide
acquisition contract.  The chosen firm will develop the Web portal by
late December.  The technology will notify federal IT managers and CIOs
about the software patches, then authenticate and distribute the
patches.  The system will use commercial software to pinpoint in real
time the computers that need software patches and provide CIOs and IT
managers with alerts specific to the software used by their agencies.
FedCIRC is one of the 22 entities being transferred to the new Homeland
Security Department.  Source.

[return to top]

Cyber Threats and Vulnerabilities

13.     November 27, Associated Press – Bush signs bill to boost cyber
security.  President Bush on Wednesday signed a bill authorizing $900
million in grants to spur federal agencies, industry and universities to
devote more energy to cyber security research.  The five-year program
would require the National Science Foundation and the National Institute
of Standards and Technology to bring industry and academic experts
together to fund new research and to help attract top researchers to the
field.  It also would encourage efforts to recruit new students into
cyber security programs.  Source.

14.     November 26, BBC – Risk of Internet collapse is rising.
Scientists say that simulated attacks on key Internet hubs have shown
how vulnerable the worldwide network is to disruption by disaster or
terrorist action.  If an attack or disaster destroyed the major nodes of
the Internet, the network itself could begin to unravel, warn the
scientists who carried out the simulations.  The virtual attacks showed
that the net would keep going in major cities, but outlying areas and
smaller towns would gradually be cut off.  The researchers warn that the
net has become more vulnerable as it has become more commercialized and
key net cables are concentrated in the hands of fewer organizations.
The simulations were carried out by a trio of scientists from Ohio State
University led by Tony Grubesic, Assistant Professor of Geography at the
University of Cincinnati.  Dr Grubesic compared the net to U.S. air
traffic system.  In its early days the net was as decentralised as
possible with multiple links between many of the nodes forming it.  If
one node disappeared, traffic could easily flow to other links and route
traffic to all parts.  However, said the researchers, the increasing
commercialization of the net has seen the emergence of large hubs that
act as key distribution points for some parts of the web.  As a result,
the net has become much more vulnerable to attack.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed: 26 November 2002  Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   PE_NIMDA.E (aka W32/Nimda.E@mm, PE_NIMDA.E-O,
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     80(http); 1433(ms-sql-s); 21(ftp); 4665; 139
(netbios-ssn); 25(smtp); 6112; 22(ssh); 27374(asp); 43981
Source:; Internet Storm Center

[return to top]

General Information

15.     November 29, L.A. Times – Car bombing kills 16; missiles
threaten jet.  A suicide car bombing at a resort hotel in Msumarini,
Kenya killed at least 16 people Thursday amid reports that two missiles
fired at the time narrowly missed harming an Israeli charter jet taking
off nearby.  Israeli officials said one of the missiles slightly damaged
the tail of the Arkia Charter Co. jet with 271 passengers and crew
members on board.  The plane was able to land safely in Tel Aviv,
Israel, a few hours later.  The car bombing Thursday morning tore
through the Paradise Mombasa hotel, which caters almost exclusive to
Israeli tourists, and triggered a fire that damaged much of the
building.  At least 10 Kenyans, three Israelis and the three suicide
bombers were among the dead, according to police at the scene.  A
previously unknown group calling itself Army of Palestine later claimed
responsibility for the attacks in a fax to media, but government
officials in Kenya and Israel along with terrorism experts said the
operation bore the trademarks of Al Qaeda or an affiliated group."
Although no one was killed or injured in the missile attack, it was the
first time terrorists have used such a tactic, and it points to a
previously overlooked area of vulnerability, potentially affecting
tourist destinations all over the world.  “It is hard to defend aircraft
from such a strategic threat,” said Pini Schiff, deputy director general
of the Israel's Airport Authority.  An Israeli Foreign Ministry
spokesman said two heat-seeking Russian-made missiles known as SA-7
strellas were launched at Arkia Flight 582, just a few minutes after it
had taken off.  A missile launcher was found later on the ground near
the airport.  Source:

16.     November 27, Associated Press – Philippines bans imports over
anthrax fears.  The Philippines has banned beef imports from Australia
after anthrax was found on a farm in Victoria state, officials said
Wednesday.  “All beef imports from Australia are covered,” Philippine
Agriculture Secretary Leonardo Montemayor told The Associated Press.
Live cattle imports are not being halted, but Montemayor said the
Philippines has asked Australia to quarantine animals for 20 days before
they are shipped here.  Twenty days is the incubation period for the
disease that can kill humans, Montemayor said.  Although the anthrax
found in Australia appears to have been isolated, Philippine officials
said that since they cannot tell specifically where beef has come from
they considered the ban a necessary public health measure.  Officials
did not immediately say how long the ban would last, though they called
it temporary.  Source:

17.     November 27, Associated Press – Bush readies plan for smallpox
vaccine.  The Bush administration plans to make the smallpox vaccine
available to all Americans eventually, but officials will recommend that
only those who are at greatest risk of encountering a patient get the
shots.  Under plans not yet final, the administration would recommend
that emergency room workers and special smallpox response teams take the
vaccine.  The shot soon would be available to other health care workers
and emergency responders, but states would have a say in which ones it
would be recommended for, administration officials said.  The general
public eventually would be offered the shots but not encouraged to get
them.  Administration officials say a decision from President Bush is
expected soon, possibly next week.  Bush is also close to approving a
plan for vaccinating U.S. military forces against the disease.
Meanwhile, states are working on their own smallpox plans, due next week
at the Department of Health and Human Services.  Source: 

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights – The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely report

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to