National Infrastructure Protection Center
NIPC Daily Open Source Report for 6 December 2002

Daily Overview

.       The Transportation Safety Administration reports that the
Explosives Detection Canine Team Program will play an important role in
helping it to meet the Dec. 31 deadline for screening all baggage for
explosives.  (See item 3)

.       CERT has released Vulnerability Note VU#683673 in which the Sun
Solaris priocntl(2) function could allow a local attacker to execute
arbitrary code with superuser privileges on a vulnerable system.  (See
item 11)

.       Microsoft has released "Security Bulletin MS02-067: E-mail
header processing flaw could cause Outlook 2002 to fail (Moderate)," and
recommends a patch be installed.  (See item 12)

.       Houses in Clayton County, GA will be outfitted with a device to
prevent contaminated water from entering the county's water system.
(See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 4, Bloomberg News - Northeast U.S. electricity prices
rise as cold spurs demand.  Electricity prices in parts of the U.S.
Northeast rose for a third day as freezing weather continued to increase
demand for power to run heaters.  Heating demand in the Northeast will
be 22 percent above normal for this time of year tomorrow, said Weather
Derivatives of Belton, Missouri.  "The cold weather is driving prices
higher than I expected," said Terreck Yennes, a trader at APB Energy in
Louisville, Kentucky.  Source:

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

2.      December 3, Federal Reserve Board - The Federal Reserve Board
announced revisions to its policy and procedures for sponsoring
private-sector organizations under federal programs that provide
priority telecommunications services to entities that are important to
national security and emergency preparedness.  The Board believes these
programs, which are administered by the National Communications System
(NCS), will help facilitate the operation and liquidity of banks and the
stability of financial markets, particularly during periods of
substantial operational disruptions.  Source:
t.htm  Notice:

[return to top]

Transportation Sector

3.      December 5, Transportation Safety Administration - Canine teams
to help TSA meet Dec. 31 deadline.  The rapidly-expanding Explosives
Detection Canine Team Program will play an important role in the
Transportation Security Administration (TSA) being able to meet a Dec.
31 deadline for screening all baggage for explosives, TSA officials said
today as they demonstrated the expertise of dogs and their handlers.
The media demonstration was held at the TSA Explosives Detection Canine
Handler Course at Lackland Air Force Base, San Antonio, TX, where each
dog-handler team undergoes 11 weeks of intensive training.
Transportation Secretary Norman Y. Mineta has specifically cited the use
of explosives detection canine teams as one of the security screening
methods that will be used in order to meet the Dec. 31 deadline mandated
by Congress.  The canine program was started in 1972 after a
bomb-sniffing dog named Brandy found an explosive device on a plane that
had been returned to John F. Kennedy International Airport in New York
and was evacuated.  The bomb was found just 12 minutes before it was to
detonate.  The TSA pays to train the dogs, primarily sporting breeds
such as Labrador, Chesapeake Bay and Golden retrievers, trains the
handlers, partially reimburses airports for the cost of maintaining the
teams, and provides oversight and support to the program at each
location.  Source:  

4.      December 5, Washington Post - United's loan request rejected.
The federal government yesterday denied United Airlines' application for
a $1.8 billion loan guarantee, all but ensuring that the nation's
second-largest airline will have to file for bankruptcy protection.  The
Air Transportation Stabilization Board ruled that United's business plan
"was not financially sound" and would "pose an unacceptably high risk to
U.S. taxpayers."  After the Sept 11 attacks, Congress approved a $15
billion airline-industry assistance package, including $10 billion in
loan guarantees.  Still, the industry is expected to lose $8 billion
this year -- with United accounting for an estimated $2.3 billion.
Without the loan guarantee, sources close to United have said, the
airline will have to file what would be the largest U.S. airline
bankruptcy ever.  United has 70,000 employees and 40 million frequent
fliers and is the Washington, D.C. region's No. 1 carrier, with a hub at
Dulles International Airport.  United could resubmit a revised
application for the board's review either in or out of bankruptcy, said
Daniel Montgomery, the board's executive director.  Source: 

[return to top]

Gas and Oil Sector

5.      December 5, BBC News - Troops step into Venezuela strike.
Venezuelan President Hugo Chavez has put the country's oil installations
under military protection, on the fourth day of an opposition-led
strike.  He also ordered the navy to take over an oil tanker (the Pilin
Leon) whose crew have joined the strike.  Chavez made his first
substantial response to the strike in a televised address on Thursday.
He said he was using the military to keep the oil industry functioning
normally, and warned that other tankers would suffer the same treatment
as the Pilin Leon if their crews took similar action.  He said the
strikers were threatening "the heart of the country" by targeting the
oil sector.  Source: 

[return to top]

Telecommunications Sector

6.      November 29, Sea Coast Online - Phone hackers discovered.  A
company has uncovered an unusual telephone-hacking scheme that could
cost businesses a considerable amount when they get their phone bill.
John Laurence, owner of Telephone Systems Consultation and Maintenance,
said his company has discovered that hackers are breaking into business
voice-mail systems to make long-distance calls and send numerical codes
to the Philippines.  Company technicians have spent the last few weeks
helping businesses repair their voice-mail systems after they were hit.
The phone systems being attacked are all the same brand.  The problem
was first discovered when Laurence's company, which sells and installs
telephone and voice-mail systems for businesses across the country,
began receiving calls from clients reporting that their voice mail
wasn't working properly.  Source.

[return to top]

Food Sector

Nothing to report.

[return to top]

Water Sector

2.      December 5, News Daily (Clayton, GA) - Clayton, GA Water
Authority plans prevention.  Over the next several months, nearly every
house in Clayton County, GA will be outfitted with a device to prevent
contaminated water from entering the county's water system.  The
$4.25-million backflow prevention program is an important upgrade to the
county's water system, according to Wade Brannan, general manger of the
CCWA.  Backflow typically occurs when a change in pressure leads to
water flowing out of the customer's pipes and back into the county's
distribution system.  If the water were contaminated, such as with a
fertilizer or herbicide in a spray bottle connected to the hose, that
pollutant will follow the water up the hose and into the pipes.  "In
addition, the devices could help prevent deliberate contamination of the
water system through an act of terrorism or sabotage" said Paul Burks,
the executive director of the Georgia Environmental Facilities
Authority.  Source:

3.      December 4, Detroit News (Michigan) - Feds to protect Selfridge
Air National Guard Base water.  The Mount Clemens, Michigan water
treatment plant supplies drinking water for the Selfridge Air National
Guard Base.  As a result, it will be the first municipal water plant in
metro Detroit to be equipped with rapid-fire pollution and chemical
detection equipment, officials said Tuesday.  Military officials are
concerned that terrorists could poison the drinking water drawn from
Lake St. Clair, so Mount Clemens has been chosen for the new sensor
equipment, said Doug Martz, chairman of the Macomb Water Quality Board.
Detection of chemicals and pollutants would be within seconds instead of
the two or three day wait now, experts said.  The equipment could be
installed within nine months.  Source: 

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

4.      December 5, Associated Press - Officials: anti-terrorism plan
aiding New Mexico.  About 200 city, state and federal law-enforcement
officers in New Mexico now carry a "threat card" - a credit-card size
reference tool that lists the indicators of potential terrorist activity
and a toll-free number to call to speak with an agent or analyst from
the New Mexico state Department of Public Safety's counterintelligence
unit.  The cards are being handed out as part of the Department's
training program designed to help officers recognize terrorist acts
before they happen, Secretary Thomas English said.  Source:

[return to top]

Government Operations Sector

Nothing to report.

[return to top]

Information Technology Sector

5.      December 3, Government Computer News - Texas health data at
risk, audit finds.  Texas state hospitals are failing to adequately
protect electronic health records from tampering, according to a report
from the Texas State Auditors Office.  "System access and security
control problems at some Texas academic medical institutions have the
potential to place protected health information at risk," the auditors
said.  Unauthorized users both inside and outside the hospitals' and
other institutions' networks could gain access to patient medical
records, and read, copy, alter or delete information, said the report,
Security Over Electronic Protected Health Information at Selected Texas
Academic Medical Institutions.  "Intruders also could disrupt the
operations of systems that are critical in providing health care," the
auditors said.  Security problems expose the state to significant
financial risk because of the legal consequences of system breaches, the
report said.  Source.

[return to top]

Cyber Threats and Vulnerabilities

6.      December 4, CERT/CC - Vulnerability Note VU#683673: Sun Solaris
priocntl(2) does not adequately validate path to kernel modules that
implement lightweight process (LWP) scheduling policy.  The Sun Solaris
priocntl(2) function does not adequately validate a memory structure
that specifies the name of a kernel module.  As a result, a local
attacker could execute arbitrary code with superuser privileges on a
vulnerable system.  Sun states that "a final resolution is pending
completion."  Source.

7.      December 4, Microsoft - Microsoft Security Bulletin MS02-067:
E-mail header processing flaw could cause Outlook 2002 to fail
(Moderate).  Microsoft Outlook provides users with the ability to work
with e-mail, contacts, tasks, and appointments.  A vulnerability exists
in Outlook 2002 in its processing of e-mail header information.  An
attacker who successfully exploited the vulnerability could send a
specially malformed e-mail to a user of Outlook 2002 that would cause
the Outlook client to fail under certain circumstances.  The Outlook
2002 client would continue to fail so long as the specially malformed
e-mail message remained on the e-mail server.  Microsoft recommends that
customers consider installing the patch available on Microsoft's web
site.  The patch addresses the vulnerability by correcting the flaw and
causing Outlook 2002 to correctly process e-mails that contain the
invalid header information described above.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed: 26 November 2002  Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   PE_ELKERN.D
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s);
21(ftp); 25(smtp); 445(microsoft-ds); 139(netbios-ssn); 53(domain);
4665(edonkey); 4662
Source:; Internet Storm Center

[return to top]

General Information

8.      December 5, CNN - Freezing storm cuts power, travel.  An early
winter storm caused electricity outages on Thursday for more than 1.5
million residences and businesses in the Carolinas, the worst utility
damage in the area since 1989's Hurricane Hugo, a power company
spokesman said.  As the storm continued up the East Coast, traffic on
the ground and in the air was disrupted, and school and work schedules
slipped and slid along with drivers and pedestrians on the ice.  At
least 17 deaths, most from traffic accidents, have been blamed on the
storm, according to the Associated Press.  E.O. Ferrell, vice president
of Duke Power -- with 2.1 million customer accounts in North and South
Carolina said "we have approximately 1.2 million customers, half of our
total customer base, without power this morning."  Responding to the
widespread outages, officials in Mecklenburg County, which includes
Charlotte, NC, declared a state of emergency.  Thursday morning, snow in
Richmond, Virginia, changed to freezing rain as Washington, Baltimore,
New York, Philadelphia and Hartford, Connecticut, took sustained
snowfalls.  Meanwhile, snowfall in the Washington area caused a number
of delays and cancellations at area airports Thursday, but conditions
appear to be improving, said a spokesperson for the airports.  Further
north, delays and cancellations were reported for flights departing and
arriving at Philadelphia International Airport, and at all three New
York area airports, LaGuardia, John F. Kennedy International and Newark
(NJ) International.  Source: 

9.      December 5, CNN - CDC reports another sick ship.  The Centers
for Disease Control and Prevention (CDC) confirmed Thursday 114
passengers and three crew members aboard the cruise ship Oceana have
become sick with a gastrointestinal illness.  Most of the ill passengers
reportedly were on the same flight from England before boarding the
cruise ship in Fort Lauderdale, Florida, the CDC said in a written
statement, and all of the 1,859 passengers on the ship flew chartered
aircraft from Britain.  Norwalk-like virus has been the culprit in most
of the recently reported incidences of gastrointestinal illness aboard
cruise ships.  The virus can be transmitted person-to-person or by
consuming contaminated food or water.  Passengers and crew onboard four
consecutive cruises of Holland America's Amsterdam and on two cruises of
Disney's Magic were recently sickened by that virus.  Norwalk is
suspected in a recent outbreak aboard Carnival's Fascination as well.  A
ship-board lab determined that salmonella bacteria caused a recent
outbreak of stomach illness on the Seven Seas Mariner, but the CDC has
yet to confirm that finding.  Source: 

10.     December 5, Washington Post - Smallpox vaccine reactions jolt
experts.  Of 200 young adults who received the smallpox vaccine as part
of a recent government study, one-third missed at least one day of work
or school, 75 had high fevers, and several were put on antibiotics
because physicians worried that their blisters signaled a bacterial
infection.  Even for experts such as Kathy Edwards, the Vanderbilt
University physician overseeing the study, the side effects were
startling.  "I can read all day about it, but seeing it is quite
impressive," she said.  Smallpox is a live vaccine and causes a range of
reactions.  Within three to four days, a red itchy bump develops,
followed by a larger blister filled with pus.  In the second week, the
blister dries and turns into a scab that usually falls off in the third
week.  During the three weeks, many people experience flu-like symptoms.
The experiences in a half-dozen clinical trials offer an early look at
what military personnel, hospital workers, and other emergency workers
will likely encounter if Bush adopts the recommendations of his top
health advisers to vaccinate as many as 11 million people.  Source: 

11.     December 5, Wall Street Journal - After bomb threat, stores ask:
can shoppers be kept safe?  A bomb threat Wednesday at four IKEA outlets
in the Netherlands and two in Britain rattled shopping malls and
retailers worldwide into reviewing security procedures.  In the U.S.,
security of shopping centers is already a top priority of the new
Department of Homeland Security.  "Homeland Security is viewing malls as
part of the infrastructure of America," said Vicki Contavespi, a
spokesperson for the American Society for Industrial Security.  Most
U.S. malls and department stores employ their own security teams and
video cameras -- but mainly to prevent shoplifting.  Except in
high-crime neighborhoods, nearly anyone can walk into any store
unchecked.  That ease of access may soon be a thing of the past.  The
conundrum for retailers and shopping centers is to maintain tight
security without inconveniencing -- or offending -- customers.  Source:,,SB1039038651377063713,00.html 

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to