National Infrastructure Protection Center
NIPC Daily Open Source Report for 16 December 2002

Daily Overview

.       CNN reports President Bush announced Friday that he is ordering
500,000 military personnel and others in high-risk parts of the world
receive the smallpox vaccine.  (See item 14)

.       CERT has released Vulnerability Note VU#958321 - "Samba contains
a remotely exploitable stack buffer overflow."  (See item 17)

.       CERT has released Vulnerability Note VU#162097 - "Microsoft
Internet Explorer does not adequately validate references to cached
objects and methods."  (See item 18)

.       CNN reports the Pentagon has ordered another 27,000 Reserve and
National Guard troops to prepare for active duty; this includes cargo
specialists, port workers, military police, engineers, and supply
specialists.  (See item 20) 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 14, The Mercury (Australia) - Open the reactor, N.
Korea tells UN.  North Korea has demanded the United Nations' nuclear
watchdog remove surveillance cameras and seals from a nuclear power
plant it has vowed to reopen.  The reactor is in the same plant
suspected of developing nuclear arms before it was shut down eight years
ago.  North Korea yesterday called on the International Atomic Energy
Agency (IAEA) to remove its security seals from the Yongbyon plant,
saying its power generation capacity was needed after a decision by the
U.S., Japan and South Korea to suspend regular oil shipments.
"(Pyongyang) requests that the IAEA remove seals and monitoring cameras
on all of its nuclear facilities," North Korea's Atomic Energy
Department director-general Ri Je-son said in a letter to the agency.
IAEA director-general Mohamed El Baradei immediately warned Pyongyang
any unilateral move to remove the security seals or monitoring cameras
would contravene agreements between North Korea and the UN.  Pyongyang
did not clarify whether it would expel the international monitors at its
nuclear facilities or if it would unseal plutonium in a cooling pond at
Yongbyon -- a step that would give it nuclear capability.  Reactivating
the controversial nuclear plant and demanding it operate in secrecy
threatens to escalate security tensions on the Korean peninsula.

2.      December 13, The Wichita Eagle (Kansas) - Ensuring nuclear
safety: Wolf Creek shows off elevated security at first tour in 15
months.  The owners of the Wolf Creek nuclear power plant in Kansas have
spent about $2 million to increase security since the terrorist attacks
15 months ago.  More armed guards and concrete barriers around the plant
are just a few of the signs of tightened security.  The company will
continue to spend about $1 million a year on increased security
measures, Otto Maynard, head of the Wolf Creek Nuclear Operating Corp.,
said Thursday, during a media tour of the plant.  Next week, Maynard
said, the nuclear power industry plans to release a report saying Wolf
Creek and the nation's other 102 power plants could withstand a direct
hit from a Boeing jet, similar to those that crashed into the World
Trade Center and the Pentagon last year.  The engineering analysis, paid
for by the industry, was conducted in response to public anxiety and
statements made by the Nuclear Regulatory Commission earlier this year
that some critical parts of the plants may be vulnerable to an airplane
attack.  A plane crashing into the containment building, where the
nuclear reactor is housed, would damage the plant and cause it to shut
down for a long time, Maynard said.  But no radiation would be released,
and the nuclear fuel rods would not be damaged, Maynard said. The
building that houses spent nuclear fuel, he said, could also withstand
the impact of a jet.  Source: 

3.      December 12, Tribune Reporter - Big buy revs N.M. electric
giant.  Summit Electric Supply, the 10th-largest privately held company
in New Mexico, will nearly double in size with the acquisition announced
today of a Texas electrical distributor.  Summit President Victor Jury
Jr. said the company bought for $10.5 million most of the assets of
Warren Electric Group, a Houston-based supplier to the Gulf Coast
petrochemical industry.  Summit, headquartered in Albuquerque, is the
34th-largest electrical supply business in the nation.  The company,
founded 25 years ago by Jury, his father and another partner, employs
310 and had sales last year of $135 million.  It has centers in 10 other
cities in New Mexico, Texas and Arizona.  Source: 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

4.      December 13, Associated Press - Tracking terror funds in
Southeast Asia tougher than fighting money laundering, ADB official
says.  "Some recent incidents show that funds for terrorist financing
are not necessarily very huge," said Motoo Noguchi, an Asian Development
Bank adviser on anti-money laundering activities.  "Even US$10,000 can
trigger a tragic incident.  Size of the money doesn't matter."
Southeast Asia's developing nations, the ADB's main clients, suffer from
weak financial sectors and the existence of legal and illegal informal
financial transaction systems - sometimes known as "underground banking"
- which make the countries vulnerable to terrorists, Noguchi said.  Such
systems rarely provide transaction records or the identity of the
customer, he said.  Trading in cash or gold makes it harder to trace the
source of the money.  Source:

[return to top]

Transportation Sector

5.      December 11, Bernama (Malaysia) - Malaysia ready for the CSI.
Malaysia will give the United States its fullest cooperation in
implementing the Customs Security Initiative (CSI) at its ports, which
would involve the screening of containers with "high risk" goods,
Malaysian Transport Minister Datuk Seri Dr Ling Liong Sek said
Wednesday.  Dr Ling said Malaysia would cooperate with the U.S. Customs
to screen the boxes from its ports before shipment to the U.S. to ensure
that Malaysian ports are categorized as clean ports and trade flows to
the U.S. remain unimpeded.  He told a press conference at his office
Wednesday that several U.S. officials including its assistant secretary
for Market Access and Compliance, U.S. Department of Commerce, William
Lash III had visited him to discuss the CSI.  Dr Ling said that the U.S.
officials were also happy with security equipment, like scanning
machines, bought by the Malaysian government.  Using these scanners
would mean that very few boxes would need to be opened and trade would
not be delayed.  Source:

6.      December 10, Toronto Star - Canada's former Prime Minister
pushes security accord.  Canada should negotiate a NAFTA-style accord
with the United States and Mexico in order to forge a North American
security perimeter, former prime minister Brian Mulroney said Monday.
"Our internal borders will only be smart if our external perimeter is
secure," Mulroney said at a conference to celebrate the 10th anniversary
of the North American Free Trade Agreement, where he was flanked by
former U.S. president George H.W. Bush and former Mexican president
Carlos Salinas.  Mulroney said that instead of giving in to the
temptation to tighten scrutiny at the Canada-U.S. border, the focus
should be on creating a perimeter.  Source:

[return to top]

Gas and Oil Sector

7.      December 13, New York Times - Iraq cancels oil contract with
three Russian companies.  Iraq abruptly canceled a contract with
Russia's largest oil company and two other Russian companies to develop
a major Iraqi oil field.  The Russian firm Lukoil signed a $3.8 billion
contract to develop Iraq's West Qurna oil field in 1997 as part of a
consortium of Russian companies that includes Zarubezhneft and
Machinoimport.  Under the contract, Lukoil controlled 68.5 percent of
the stakes in the deal, with the rest divided between the two other
companies.  The deal, however, has remained largely symbolic since
significant work on the field - with an estimated potential of producing
half a million barrels of oil a day - has been stymied by the United
Nations sanctions imposed on Iraq following its invasion of Kuwait in
1990.  Source: 

8.      December 13, New York Times - OPEC raises quotas but calls for a
drop in actual output.  Facing a credibility problem and rampant
overproduction by members at a time when oil prices are expected to
slide, OPEC countries moved today to increase official export quotas
while demanding that members rein in their cheating.  OPEC said that it
would raise official export quotas to 23 million barrels a day from the
current 21.7 million barrels, while asking members to cut actual
production by 7 percent, or 1.7 million barrels a day.  OPEC's
credibility has eroded over the last few months because its members have
been pumping about three million barrels more a day than they agreed to.

9.      December 16, Boston Globe - Chavez troops storm oil tanker.
CARACAS - Venezuela. Army commandos stormed aboard an oil tanker
yesterday and arrested its striking crew, as President Hugo Chavez vowed
to break a two-week-old opposition strike that has crippled shipments by
the world's fifth-largest oil exporter. Rejecting intense pressure from
home and abroad to call early elections, the embattled left-wing
president told foreign nations not to meddle in his country's crisis.
Chavez, who survived a brief coup in April, remained defiant despite a
huge opposition march in Caracas Saturday in which more than a
half-million people clamored for his resignation.  Yesterday's military
takeover of the strike-bound Pilin Leon tanker in western Lake Maracaibo
was the latest attempt by the government to regain control of ships and
refineries halted by the opposition shutdown that has paralyzed the oil
industry. Source:

10.     December 13, Associated Press - Venezuela's president fires four
dissident executives. Using a tactic that has previously backfired,
President Hugo Chavez fired four dissident executives from Venezuela's
state oil monopoly yesterday, setting off a rowdy protest by oil workers
on the 11th day of a damaging general strike.  Chavez had fired the same
four executives and three others in April, triggering a general strike
that helped provoke a short-lived coup.  A conciliatory Chavez
reinstated the executives after he was restored to power.  But
yesterday's firings showed the president was determined to break a
strike that has shut down Venezuela's vital oil industry.  Source:

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

Nothing to report.

[return to top]

Water Sector

11.     December 13, Associated Press - Arsenic spilled into river in
South China.  A truck spilled arsenic into a southern Chinese river.
The problem began Wednesday afternoon when police in the Guangxi region
stopped a truck they believed was carrying an illegal substance,
according to the official China News Service.  Police determined the
material was arsenic and were escorting the truck to a nearby police
station when it slipped from a hillside road into the Jinxiu River, the
agency said.  Thirty-three barrels of arsenic spilled into the river,
China News Service said in online reports.  Hazardous materials teams
were called in, the barrels were removed and some 100 tons of lime were
used to purify the river water.  Source: 

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

12.     December 13, Associated Press - FEMA grants N.Y. $7.6M for
emergencies.  The Federal Emergency Management Agency said it would
grant $7.6 million to improve New York's procedures for responding to
acts of terrorism and other emergencies.  FEMA said $6.6 million of the
funds would be used to update state and local procedures for responding
to all hazards, including attacks with weapons of mass destruction.

[return to top]

Government Operations Sector

13.     December 13, Umatilla Chemical Depot News - Sarin vials spill at
depot.  Thirteen vials of diluted sarin nerve agent broke open and
spilled Dec. 2 when a lab worker dropped a tray at the Umatilla Chemical
Depot.  The Army confirmed the incident Thursday after being asked about
rumors of the spill.  The tray contained 18 vials of sarin highly
diluted with a concentrate of rubbing alcohol.  The Army and Oregon
state regulators said there never was any risk to the public.  The
incident occurred in a highly secure laboratory in K Block, the storage
area that contains 3,717 tons of nerve agent. The chemical depot is just
outside of Hermiston, Oregon.  Sue Oliver, interim project director for
the Oregon Department of Environmental Quality, said the state has not
received the Army's report on the incident, so she was not sure what
happened.  She said the Army followed proper procedures, and regulators
will not be issuing a notice of noncompliance.  There were no measurable
readings of chemical agent following the event, said Jim Hackett, Army
spokesman.  Carbon filters on the laboratory building would have
prevented any outside dispersion of nerve agent, he said.  But the event
raised concerns for environmentalists.  "The recent incident at Umatilla
involving sarin gas is one more example of a facility that is not safe
for workers or the public health," said Mari Margil, Sierra Club
spokeswoman.  Source: 

14.     December 13, CNN - Bush outlines smallpox vaccination plan.
President Bush announced Friday that he is ordering 500,000 military
personnel and others in high-risk parts of the world receive the
smallpox vaccine.  He said he will also receive the vaccine, which
carries the risk of severe side effects, including death.  "As
commander-in-chief, I do not believe I can ask others to accept this
risk unless I am willing to do the same," Bush said.  Medical
professionals, emergency personnel and emergency-response teams will be
able to get the vaccine on a voluntary basis, Bush said.  "Our
government has no information that a smallpox attack is imminent," Bush
said, "yet it is prudent to prepare for the possibility."  The president
said he has decided not to initiate a broader vaccination program for
all Americans.  Many officials fear terrorists might have obtained
samples of the virus for use as a biological weapon.  Because about half
of U.S. residents have never been vaccinated, and those who were
vaccinated are believed to now have limited immunity if any, the country
is an especially vulnerable target.  "We have a substantially non-immune
population, and that's a very risky situation if we face a malicious
bioterrorism dissemination of smallpox," said Dr. Bill Bicknell, with
the Boston University School of Public Health in Massachusetts.  Source:  

15.     December 13, New York Times - Nuclear commission chairman to
resign.  The Nuclear Regulatory Commission chairman, Richard A. Meserve,
said today that he would resign at the end of March, more than a year
before his term expires.  President Bush will nominate his replacement
on the five-member commission and name a new chairman.  The nomination
requires Senate confirmation.  Meserve, selected for the post and made
chairman by President Bill Clinton in 1999, said he would become
president of the Carnegie Institution, a prominent research center in
Washington.  Source: 

16.     December 11, Government Executive - Defense officials advocate
new classification system for information.  Homeland security officials
may have to develop a new classification system to let military and
civilian agencies at all levels of government share counterterrorism
information, several Pentagon officials said Tuesday during an E-Gov
conference.  Maj. Gen. Dale Meyerrose, chief information officer of the
U.S. Northern Command (NORTHCOM), noted that the Defense Department
classifies information on a "need to know" basis, while many law
enforcement agencies classify on a "need to prosecute."  "Neither a
need-to-know nor a need-to-prosecute [standard] serves our
information-exchange requirements," Meyerrose said, adding that NORTHCOM
will need to handle most homeland security information on a
"need-to-share" basis.  Source: 

[return to top]

Information Technology Sector

Nothing to report.

[return to top]

Cyber Threats and Vulnerabilities

17.     December 13, CERT/CC - Vulnerability Note VU#958321 -- Samba
contains a remotely exploitable stack buffer overflow.  Versions 2.2.2
through 2.2.6 of Samba contain a remotely exploitable stack buffer
overflow.  The Samba Team describes Samba as follows: The Samba software
suite is a collection of programs that implements the Server Message
Block (commonly abbreviated as SMB) protocol for UNIX systems.  This
protocol is sometimes also referred to as the Common Internet File
System (CIFS), LanManager or NetBIOS protocol. The Samba Team describes
the vulnerability as follows: There was a bug in the length checking for
encrypted password change requests from clients.  A client could
potentially send an encrypted password, which, when decrypted with the
old hashed password could be used as a buffer overrun attack on the
stack of smbd.  The attach would have to be crafted such that converting
a DOS codepage string to little endian UCS2 unicode would translate into
an executable block of code.  The solution involves the application of a
vendor provided patch.  Source.

18.     December 12, CERT/CC - Vulnerability Note VU#162097 -- Microsoft
Internet Explorer does not adequately validate references to cached
objects and methods.  Microsoft Internet Explorer features the ability
to process scripts contained in HTML documents.  This feature is known
as Active scripting, and Internet Explorer supports several scripting
languages, including VBScript and JScript.  JScript is similar to
Netscape's JavaScript and both languages played some part in the
development of ECMAScript (ECMA-262).  For security reasons, a script
loaded from one site should not be able to access resources on another
site, including the local client.  In JavaScript, the Same Origin Policy
protects clients by ensuring that "when loading a document from one
origin, a script loaded from a different origin cannot get or set
specific properties of specific browser and HTML objects in a window or
frame."  Internet Explorer implements a similar policy, adding the
restriction that scripts are not allowed to access properties or objects
across security zones.  As reported by GreyMagic Software, Internet
Explorer does not adequately validate references to certain cached
objects and methods across different domains and security zones.  A
script from a potentially malicious site executing in one domain and
security zone is able to access resources in another domain and zone,
including the Local Computer zone, via the Document Object Model (DOM)
interface.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed:  26 November 2002 Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   PE_FUNLOVE.4099
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s);
445(microsoft-ds); 21(ftp); 4662; 68(bootpc); 1080(socks); 113(auth);
Source:; Internet Storm Center

[return to top]

General Information

19.     December 15, CNN - Three held in Pakistan terror hunt.  Police
in Pakistan have arrested three men alleged to have been preparing a
suicide attack against two senior U.S. diplomats.  Police
Inspector-General Kamal Shah said the men, arrested in Karachi on
Saturday, were members of the radical Islamic group Harkat-e-Jihad
Islami.  He said they had trained in Afghanistan, although the ongoing
investigation had not linked them directly to Osama bin Laden's al-Qaeda
terror network.  Shah identified the men as Asif Zaheer, Sohail Noor and
Mohammad Yusuf.  During the Saturday arrests, police said they recovered
250 bags of ammonium nitrate and a Volkswagen packed with 10 kilograms
of the explosive material.  Shah said Zaheer planned to ram the
Volkswagen into the diplomats' car on Karachi's main road, according to
Reuters news service.  The trio is been questioned in connection with
several other attacks, including a May 8 car bombing outside a Karachi
hotel that killed 11 French engineers and three Pakistanis.  Source:

20.     December 14, CNN - U.S. calls up 27,000 reserve troops.  In a
fresh sign of preparation for possible war with Iraq, the United States
has ordered another 27,000 Reserve and National Guard troops to prepare
for active duty, defense officials said Saturday.  They said the alert
was issued by the Pentagon Friday night and that the services were
identifying units ranging from Navy port workers to Army engineers to be
prepared for a likely call to active duty early in the new year.
"Defense Secretary (Donald) Rumsfeld has not given a final call-up
order, but the troops are being alerted to get ready," one of the
officials, who asked not to be identified, told Reuters.  They said the
new call-up could go as high as 30,000 troops.  The New York Times
reported Saturday that Army units would include military police,
engineers and supply specialists and that the Navy was planning to
notify at least 1,000 ship cargo specialists and other port workers.
There are already more than 50,000 part-time U.S. reservists on active
duty from all U.S. services, part of a call-up sparked by the September
11, 2001, attacks on the United States.  Source: 

21.     December 14, CNN - Jordan: al-Qaeda killed diplomat.  The
Jordanian government said Saturday it had arrested two men in the
assassination of a U.S. diplomat in Amman six weeks ago and said the
operation "was planned and carried out by al-Qaeda."  Laurence Foley was
gunned down in front of his house in Amman on the morning of October 28
as he was walking to his car.  He was a senior administrative officer
with the U.S. Agency for International Development in Jordan.  U.S.
State Department spokesman Louis Fintor welcomed the Jordanian
announcement.  "We deeply appreciate the excellent support and
cooperation the Jordanian government has provided throughout this
investigation and we continue to consult closely with them regarding
these arrests," he said.  A statement from the Jordanian government said
the two men, identified as Salem Sa'ed Salem bin Suweid, a Libyan
national, and Yasser Fathi Ibraheem, a Jordanian, confessed to their
membership in al-Qaeda and that they received their orders from a senior
al Qaeda leader who has been accused of being an expert in chemical and
biological weapons.  According to the statement, "bin Suweid and
Ibraheem confessed that they are members of Osama bin Laden's al-Qaeda
Organization, and are affiliated with bin Laden's lieutenant, Ahmad
Fadeel Nazal Al-Khalayleh, known as Abu Musa'ab Al-Zarqawi."  Source: 

22.     December 13, BBC (United Kingdom) - Sharp rise in superbug
deaths.  The hospital superbug MRSA, methicillin-resistant
staphylococcus aureus, is responsible for an increasing number of
deaths, researchers have found.  The number of death certificates which
mentioned MRSA as the cause of death, increased from 13 in 1993 to 114
in 1998.  Researchers from the Public Health Laboratory Service (PHLS)
who examined the certificates say although the numbers are relatively
small, these were deaths which could have been prevented.  In the study,
public health researchers examined over 6,700 death certificates which
mentioned any form of the Staphylococcus aureus bug.  The proportion of
death certificates which mentioned as the underlying cause of death the
drug-resistant version, MRSA, which can cause fatal blood poisoning or
pneumonia, rose from 8% (13) in 1993 to 44% (114) in 1998.  The
proportion of certificates which mentioned MRSA at all rose from 7.5%
(47) in 1993 to 25% in 1998 (398).  Source: 

23.     December 13, Canadian News Wire - Pharmaceutical group awarded
defense department contract for enhancement of vaccines.  Coley
Pharmaceutical Group today announced that the U.S. Defense Advanced
Research Projects Agency (DARPA) has awarded $6 million to Coley to
support the development of Coley's CpG immunostimulatory
oligonucleotides (oligos) to enhance anthrax vaccines.  The current
anthrax vaccine requires six doses and 18 months to produce immunity.
Coley's CpG oligos, used together with vaccines, have the potential to
reduce the number of vaccine doses, induce protective antibody levels
more quickly, produce higher affinity antibodies directed against a
broader range of anthrax antigens, and to improve duration of
protection.  Source: 

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to