National Infrastructure Protection Center
NIPC Daily Open Source Report for 10 December 2002

Daily Overview

.       CERT has released Vulnerability Note VU#961489 - "University of
Washington IMAP Server vulnerable to buffer overflow after login."  (See
item 15)

.       CBS News reports United Airlines on Monday asked a federal judge
to keep the carrier airborne, while it struggles to pay off mounting
debts in the largest airline bankruptcy in history.  (See item 4)

.       The Washington Post reports radioactive material that could
potentially be used to make so-called "dirty bombs" has been seized at
border posts in Central Asia in the past 12 months.  (See item 1)

.       The Associated Press reports that beginning today, the federal
government will open parking lots at the country's biggest airports that
have been off-limits since Sept. 11, 2001, because of worries about car
bombs.  (See item 5)

.       Events continue to unfold in the Venezuelan oil and gas workers
strike as troops take over gasoline distribution plants (See Item 7) as
the strike continues to halt the country's crude and product exports
(See item 8) 

Editor's Note: Yesterday's edition contained an item about an
Information Bulletin issued by NIPC last Friday.  The reference number
for that bulletin should have been 02-011 (rather than 01-011). The URL
for the bulletin is

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 9, Washington Post - U.S. concerned about nuke
smuggling in Central Asia.  Radioactive material that could potentially
be used to make so-called "dirty bombs" has been seized at border posts
in Central Asia in the past 12 months, a senior Defense Department
official said Monday.  The smuggled material, contaminated metals, was
confiscated at checkpoints along the Uzbekistan and Turkmenistan
borders, according to Harlan Strauss, director of International
Counterproliferation Programs at the Defense Department.  "It is
possible to be reprocessed and to be utilized in a way that radioactive
material can be used for a dispersal device or a small weapon to
contaminate an area," Strauss said.  Dirty bombs scatter radioactive
material using conventional explosive devices.  Over the past decade at
least 88 pounds (40 kg) of weapons-usable uranium and plutonium has been
stolen from poorly protected nuclear facilities in the former Soviet
Union, according to a report published by Stanford University's
Institute for International Studies earlier this year.  While most of
this material was subsequently retrieved, at least 4.4 pounds of highly
enriched uranium stolen from a reactor in Georgia remains missing.  The
United States has spent about $86 million to help about 30 countries,
mostly in the former Soviet Union and eastern Europe, combat the threat
of smuggling of nuclear and other metals that could be used in weapons
of mass destruction.  Source: 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

2.      December 8, Associated Press - Israeli police, aided by the FBI,
have arrested an Israeli suspected of hacking into computers of a
U.S.-based electronics company and stealing personal information,
including credit card numbers of some 80,000 customers, according to a
court document released Sunday.  David Sternberg, 24, of the port city
of Haifa, allegedly broke into the computers of a large U.S. company
that sells CD-ROMs and DVDs.  The court document did not mention the
company's name. Source: 

3.      December 6, Associated Press - Feds: insurance helps launder
drug money.  Colombian drug cartels conceived an elaborate scheme that
converted more than $80 million in cocaine profits to clean cash by
moving money through life insurance policies, authorities said.  The use
of life insurance purchases highlights gaps in international financial
regulations intended to cripple drug money laundering in legitimate
financial transactions.  Officials said the case underscores the need
for a greater focus on stronger oversight of insurance sales to prevent
abuse.  The United States has been tightening regulations to prevent
both terrorists and traffickers from laundering money.  Source:

[return to top]

Transportation Sector

4.      December 9, Reuters - Lufthansa may take equity stake in United.
United Airlines said on Monday its German partner Deutsche Lufthansa AG
may take an equity stake in the bankrupt U.S. carrier, while Lufthansa
said it was still studying ways to help its ailing peer.  In an
interview with Reuters in Chicago, United Chief Executive Glenn Tilton
said it was possible that Lufthansa, its partner in the airline network
Star Alliance, would take an equity stake in United.  United Airlines,
the world's second-largest airline and a unit of UAL Corp, became the
biggest air carrier ever to seek court protection on Monday when it
filed for Chapter 11 bankruptcy.  Lufthansa has said it is in talks with
United to find ways to help it out of its crisis.  Lufthansa Chief
Executive Juergen Weber said in a statement, he believed United would be
able to restructure successfully under Chapter 11."  United will
continue to fly under bankruptcy protection, which Lufthansa said meant
that 330 code-share flights continued to be at their clients' disposal.
Code sharing allows airlines to sell tickets on each other's planes.
CRBAEOCFEY?type=businessNews&storyI D=1876167  

5.      December 9, Associated Press - Airport parking lots to reopen.
Beginning today, the federal government will open parking lots at the
country's biggest airports that have been off-limits since Sept. 11,
2001, because of worries about car bombs.  Federal officials also will
change the way air travelers are screened after they pass through
security checkpoints over the next few weeks, checking them only at
randomly selected gates, said Robert Johnson, Transportation Security
Administration (TSA) spokesman.  New layers of airport security allow
the rules to be eased, Johnson said, listing a better-trained screener
workforce, federal air marshals, background checks of people who work
beyond airport security checkpoints and screening of checked baggage at
252 airports.  Johnson said the prohibition on unattended vehicles
parking within 300 feet of a terminal will be dropped today as long as
the terrorist threat level is at code yellow, or "elevated," the middle
of a five-point scale of risk developed after the terror attacks.  TSA
chief James M. Loy was scheduled to announce the change at an airport
security conference co-sponsored by the Airports Council
International-North America and the American Association of Airport
Executives.  The "300-foot rule" will be reimposed if the threat level
rises to orange or red, Johnson said.  Source:  

6.      December 9, CNNt - Cruise ship outbreak sickens 212.  The
Centers for Disease Control and Prevention (CDC) said Monday that 197
passengers and 15 crew members aboard the cruise ship Oceana have come
down with a gastrointestinal illness.  A CDC field team boarded the ship
Saturday in Barbados to gather more information on the outbreak.  "We
conducted interviews with passengers and crew members and gathered
samples," said CDC spokeswoman Susan McClure.  There are 1,859
passengers and 868 crew aboard, according to a statement released by the
CDC.  The Oceana left Fort Lauderdale, Florida, November 29 and is
scheduled to return December 13, said a spokeswoman for P&O Cruises, the
company that owns the ship.  Passengers and crew on four consecutive
cruises of Holland America's Amsterdam and two cruises of Disney's Magic
were sickened by a Norwalk-like virus. The virus can be transmitted
person-to-person or by consuming contaminated food or water.  A
Norwalk-like virus is also suspected in a recent outbreak aboard
Carnival's Fascination.  Source:

[return to top]

Gas and Oil Sector

7.      December 10ABS-CBN News  - CARACAS, Venezuela: Troops take
Venezuela fuel plants. National Guard troops took over Venezuelan
gasoline distribution plants on Monday (early Tuesday in Manila) as
President Hugo Chavez cracked down on an opposition strike that partly
shut the banking system and crippled oil operations in the world's fifth
largest exporter.  A general strike, started on December 2 to force the
leftist former paratrooper to quit or call early elections, has
disrupted refineries, cut oil output by more than half and paralyzed oil
exports -- the nation's economic lifeblood. Gen. Wilfredo Silva told
reporters that National Guard troops had entered the Guatire gasoline
distribution plant -- which supplies fuel for gas stations in Caracas --
to secure deliveries. Troops also took over the Yaguas plant in central
Carabobo state, workers said.  Source:
See following related story.

8.      December 9, Reuters - Strike Slams Venezuela Oil Production.
Venezuela's oil production was cut in half on Monday and under threat of
further falls as a strike by foes of President Hugo Chavez that has
halted the country's crude and product exports held strong into a second
week.  Peace talks between government and opposition negotiators have
failed to reach an accord on elections to end the crisis and union
leaders gave no indication they would call off the stoppage.
Negotiators were scheduled to sit down for talks again on Monday.  State
oil company PDVSA, which had to declare force majeure on exports last
week as tanker loadings were halted, chopped refinery runs across the
nation's 1.3-million-barrel-per-day (bpd) refining system to minimum
operating levels as unshipped products filled storage tanks.  Source:

9.      December 6, East Bay Business Times (San Francisco Area) -
Quakes are biggest threat to LNG plant.  Vallejo-area residents have
more to fear from earthquakes than equipment failure, human error or
terrorists attacking a huge energy complex proposed for Mare Island, two
experts told a citizens commission investigating the controversial
project.  An earthquake that could damage the plant, though, would cause
far more destruction throughout the city than a quake-induced leak or
fire at the Mare Island complex, the experts said.  The subcommittee is
to present its findings Dec. 17 to the Vallejo City Council, which must
decide whether to authorize a feasibility study by subsidiaries of
Bechtel Corp. and Royal Dutch/Shell Group.  The partners propose to
build the West Coast's first LNG (liquefied natural gas) terminal, which
could regassify 1.3 billion cubic feet of natural gas daily, supplying
17 percent of California's consumption, and a 600- to 900-megawatt power
plant.  Source:

[return to top]

Telecommunications Sector

10.     December 6, Federal Communications Commission - Communications
industry considers measures to protect nation's communications services
against attack.  Representatives from across the communications industry
came together to consider recommendations to protect and strengthen the
nation's communications infrastructure against terrorist attacks or
national disasters.  The measures were considered by the Network
Reliability and Interoperability Council (NRIC) VI which held its
quarterly meeting at the FCC.  NRIC is composed of representatives from
the telecommunications, cable, wireless, satellite and ISP industries.
The 56-member Council will review some 300 best practices - many of
which are currently being practiced by industry members - for widespread
adoption and implementation across the industry.  Best practices range
from increasing physical security at communications facilities to
process changes and training to increased protection of proprietary
information.  NRIC members have until December 20, 2002 to vote on
recommendations to the industry that these best practices voluntarily be
implemented.  Source.

[return to top]

Food Sector

11.     December 9, Wisconsin AG Connection - Michigan dairy herd may
have bovine TB.  Michigan state officials quarantined a dairy herd in
Alcona County after tests indicated the possible presence of bovine
tuberculosis in one of the cows.  Dr. Joan Arnoldi, veterinarian with
the Michigan Department of Agriculture, said tests likely indicate
bovine TB in a 5-year-old cow in the 200-plus animal herd.  Final test
results should be available by mid-January.  Officials say there is
additional concern because of considerable movement between the
quarantined herd and three other cattle herds in the area.  The state is
attempting to trace the various sales and herd movement.  Bovine TB was
discovered in the mid-1990s in Michigan and has devastated Michigan's
interstate cattle trade.  Source:  

12.     December 7, San Diego Union-Tribune (California) - Irradiated
burgers to appear at Dairy Queens.  Dairy Queen plans to use SureBeam
Corp.'s electron-based irradiation technology at some of its stores in
the southwestern and northeastern United States next year.  The decision
was made after a successful test-marketing campaign of the system in
Minnesota.  The irradiation beams use electricity as an energy source to
eradicate harmful bacteria like E. coli, listeria, and salmonella "much
like thermal pasteurization does to milk," said SureBeam spokesman Mark
Stephenson.  SureBeam said it expects irradiated food to soon become
commonplace in fast-food stores and supermarkets.  SureBeam operates
three irradiation service centers in Los Angeles, Chicago, and Sioux
City, Iowa, which will process 14 million to 15 million pounds of ground
beef this year.  "We expect that number to jump to 350 million pounds
next year," said Stephenson.  Source:

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

Nothing to report.

[return to top]

Government Operations Sector

13.     December 9, Reuters - Canada, U.S. set group to deal with future
attacks.  Canada said on Monday it had created a joint planning group
with the United States to help better respond to a militant attack or
natural disaster in North America but strongly denied that Ottawa was
ceding sovereignty to Washington.  The new group, headed by a Canadian
officer but based in the United States, will develop coordinated plans
to deal with a range of calamities.  It will also coordinate maritime
surveillance, intelligence sharing and emergency plans.  Although the
group's plans could one day see U.S. troops operating on Canadian soil,
government ministers stressed that Ottawa would remain in overall
control of events in Canada.  Source:

14.     December 8, New York Times - The Republican and Democratic
leaders of the Congressional investigation into the Sept. 11 attacks
plan to issue a final report next week calling for the appointment of a
new cabinet-level director of national intelligence who would outrank
the director of central intelligence, government officials say.  After
extended private negotiations this week, the four top lawmakers on the
joint inquiry agreed among themselves on the most important
recommendations to include in the final report.  They now tentatively
plan to present a draft to the full panel for a vote as early as
Tuesday.  Officials cautioned that it was unclear how their draft would
be received by the committee's other members, or whether it would be
revised as they sought a consensus.  If the committee votes on the
report on Tuesday, it may announce its final recommendations by
Wednesday.  Source: 

[Return to top]

Information Technology Sector

15.     December 5, Government Executive - Integrated IT network in new
agency worth expense.  Technology industry representatives who met
Thursday at a forum on technology's role in homeland security said the
benefits of creating an integrated homeland security network will far
outweigh the costs.  Getting an integrated IT network up and running
will be expensive, according to participant Christopher Baum, vice
president and research area director for Gartner Research, an
information technology consulting company.  But once an integrated
system is developed and implemented, it will actually help reduce IT
costs.  For instance, an integrated network would allow the department's
120,000 employees to communicate over long distances without having to
set up face-to-face meetings.  This would reduce travel expenses, save
employees time and allow workers to escape the risks inherent in travel.

[return to top]

Cyber Threats and Vulnerabilities

16.     December 9, CERT/CC - Vulnerability Note VU#961489 -- University
of Washington IMAP Server vulnerable to buffer overflow after login.  A
buffer overflow vulnerability exists in versions of the University of
Washington IMAP Server up to and including the imap-2002 release.  This
vulnerability may allow an authenticated attacker to execute arbitrary
code on the mail server with the privileges of the UID of the user
running imapd.  The University of Washington IMAP (UW IMAP) server is an
e-mail application that uses the Internet Message Access Protocol
(lMAP).  This vulnerability is fixed in the latest development snapshot
of the imap-2002a release.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed:  26 November 2002 Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   PE_FUNLOVE.4099
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s);
21(ftp); 25(smtp); 4662; 139(netbios-ssn); 445(microsoft-ds);
53(domain); 27374 (asp)
Source:; Internet Storm Center

[return to top]

General Information

17.     December 9, Wall Street Journal - Captured al Qaeda leader gives
U.S. insight into plans.  A senior al Qaeda leader captured last month
is disclosing valuable information that has enabled interrogators to
link him to more than a dozen terrorist operations against U.S. and
Western targets, U.S. intelligence officials say.  After weeks of
questioning Abd al-Rahim al-Nashiri, counterterrorism officials at the
CIA and other agencies believe they have disrupted his network of
supporters in Persian Gulf countries, his main area of operations.  The
officials wouldn't describe the attacks that Mr. Nashiri and his
supporters were believed to have been planning.  But they said almost
all involved attacks on ships or ports or other maritime targets.  "He
is talking about his maritime operations," said a U.S. intelligence
official.  Source:,,SB103939056991946553,00.html 

18.     December 7, IC Wales (United Kingdom) - Anti-terrorist smallpox
plan agreed upon.  Health ministers from around the world have agreed
upon an action plan to prepare for any deliberate release of the
smallpox virus by terrorists.  Global stocks of smallpox vaccines are to
be increased, to allow the World Health Organization to respond to
emergencies in any country.  An international smallpox emergency
exercise is to be held in June next year, to test the world's readiness
to deal with an outbreak of the disease.  A new Global Health Security
Laboratory Network is to be set up to co-ordinate health surveillance
and responses to disease outbreaks around the world.  The ministers have
also agreed to establish a working group to deal with the danger of a
possible influenza pandemic, jointly chaired by the UK and US.  Source:

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to