National Infrastructure Protection Center
NIPC Daily Open Source Report for 19 December 2002

Daily Overview

.       ZDNet reports several critical vulnerabilities have been found
in the MySQL database system, a light database package commonly used in
Linux environments but which runs also on other platforms.  (See item

.       The General Accounting Office has released its December 2002
study on mass transit, examining the challenges in security transit
systems, steps transit agencies have taken to improve safety and
security, and the federal role in transit safety and security.  (See
item 8)

.       The New York Stock Exchange has issued a memorandum underscoring
member firms' responsibilities to ensure the accuracy and integrity of
order-routing systems in order to protect against errors in orders sent
to the NYSE via electronic systems.  (See item 4)

.       The Associated Press reports the ongoing Venezuelan oil strike
has reduced Venezuela's oil output from nearly 3 million to 400,000
barrels per day, is sending the world price of crude oil above $30 a
barrel, and is depriving the country of $50 million daily in export
income.  (See item 10)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 18, MDJ - Pressure builds to curtail the
power of power companies.  The pressure continues to build for action by
the Georgia General Assembly to rein in the virtually unlimited power of
electric power companies to take private property for transmission lines
without any review by either state or local officials.  The latest move
came in Gwinnett County, Georgia yesterday when the seven members of the
Board of Commissioners unanimously approved a resolution calling for
legislation to provide for "the appropriate level of regulation by the
Georgia Public Service Commission regarding the construction of above
ground high-voltage electrical transmission lines and their attendant
systems."  A temporary moratorium was requested by residents concerned
about a planned high-voltage line that will run beside Simonton
Elementary School - whose PTA last week overwhelmingly approved a
resolution calling for a moratorium and swift legislative action.  A
growing number of Georgians are joining the movement to put some checks
and balances on the unrestrained eminent domain power of the electric
power industry.  It remains an open question whether this growing number
of citizens will be ignored by the 2003 General Assembly when it comes
time to vote on a bill to regulate the power of the power companies.

2.      December 18, Reuters - U.S. energy groups sign pact on business
standards.  Two U.S. energy industry groups said on Tuesday they have
signed an agreement to work together to clean up and standardize
business practices in the nation's scandle-plagued power sector.  In a
statement NERC (the North American Electric Reliability Council) a
non-profit whose members supply nearly all the power in North America,
and an energy industry standards board hastily assembled in January said
they signed a "memorandum of understanding (MOU)" to open communication
between the two groups in their standards-setting processes.  The pact
comes after a year of shrinking liquidity amid revelations that traders
at several companies routinely skewed power and natural gas price data
to trade publications that use the data to compile widely watched price
indices.  The indices, as industry benchmarks, are used in turn to value
contracts between energy suppliers, utilities, and industrial buyers.
New Jersey-based NERC said that under the MOU the two groups will also
establish a joint committee to vet all standards proposals they receive.
The committee will hold its first meeting in early January.  Earlier
this month, the Committee of Chief Risk Officers (CCRO), representing 31
energy companies, held a closed-door meeting in Houston to discuss ways
of ridding the market of sham trades and phony prices at the heart of
several federal investigations and shareholder lawsuits.  Source:

3.      December 17, Power Engineering - Ruling allows data collection
for largest renewable plant in U.S.  A federal judge has cleared the way
for a critical step in what could be a formidable process to gain
approval to construct the nation's largest renewable energy plant.
Denying a citizen group's motion for a preliminary injunction to block
Cape Wind Associates from placing a data collection tower off the shore
of Cape Cod, Judge Joseph L. Tauro said the plaintiffs failed to meet
any of the three criteria for an injunction: legal standing in court,
likelihood of success at trial, and irreparable harm.  Cape Wind hopes
to build a wind farm six miles off the cape composed of 170 wind
turbines with a total generating capacity of 420 MW.  Primary opponent
of the project is the Alliance to Protect Nantucket Sound, backed by
such organizations as the Ocean Conservancy, the Earth Institute, the
International Fund for Animals, and the International Wildlife
Coalition, all of whom say the structures will harm wildlife to some
degree.  They also fear that the windmills, positioned in rows, will be
ugly and depress real estate values.  Wind energy advocates point out
that any power generator comes with a price.  Gary Gallon, who writes a
newsletter for the Canadian Institute for Business and the Environment
said that it is impossible to oppose fossil fuels without providing an
alternative, and that his organization estimates that the Cape Wind
project, operating at full tilt, will replace enough fossil-fueled
generation annually to eliminate 4,600 tons of sulfur dioxide, 120 tons
of carbon monoxide, and 1,566 tons of nitrous oxide, thus reducing
greenhouse emissions by more than a million tons.  Source:

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

4.      December 18, New York Stock Exchange - NYSE emphasizes member
firms must ensure accuracy, integrity of order-routing systems.  The New
York Stock Exchange has issued a memorandum underscoring member firms'
responsibilities to protect against errors in orders sent to the NYSE
via electronic systems.  The memorandum follows several instances in
which firms sent orders that contained an incorrect quantity of shares
or inadvertently re-transmitted orders executed the previous day.  The
two primary causes of the mistakes were human error or defective
software.  Although the errors were caught quickly at the NYSE and no
customers were harmed, the Exchange emphasized the need for safeguards
to prevent errors from being transmitted in the first place.  "While
electronic order-entry systems can enhance members' or member
organizations' ability to route and execute orders, errors resulting
from their use can result in increased market volatility and significant
financial risk and exposure to members and member organizations," NYSE
Executive Vice President Salvatore Pallante said in the memo.  The memo
outlines five regulatory requirements and business practices that must
be adhered to when electronic order-entry systems are used.  Source:  Memo: 

5.      December 18, New York Times - Computer programmer faces U.S.
fraud charge in virus attack.  A former computer expert with UBS
PaineWebber was indicted today on federal charges of trying to
manipulate the stock price of the brokerage's parent company by
sabotaging its computer system last spring, the authorities said.  The
United States attorney for New Jersey, Christopher J. Christie, said the
suspect, Roger Duronio, 60, of Bogota, N.J., hoped to cash in on a
resulting drop in the stock value of the parent company, UBS  The
indictment said Duronio spent nearly $22,000 in February and March
buying a type of security known as a put option contract, which
increases in value as a company's stock price declines.  Christie said
the plan failed when a computer virus that Mr. Duronio personally
transmitted to 1,000 of the 1,500 computers used by PaineWebber brokers
across the country failed to disrupt work seriously or cause a sharp
change in the stock price.  Source: 

6.      December 18, Associated Press - Four arrested in Texas
anti-terror probe.  Four men, who are connected to a computer company
that did business in the Middle East, were arrested by federal
anti-terrorism agents early Wednesday on money-laundering charges.  The
four men worked at Infocom, a suburban Richardson computer company that
federal agents raided in September 2001.  Company Vice President Ghassan
Elashi, identified as one of the four arrested Wednesday, was also a
director of the Holy Land Foundation for Relief and Development, which
was shut down in December 2001 after the Treasury Department accused the
self-described charity of being a Hamas front and seized its assets.

7.      December 18, New York Times - Civic leader is charged in money
transfers.  Mohamed Albanna, 51, a leader and businessman in the
Yemeni-American community of Lackawanna, N.Y., and two of his relatives,
Ali A. Albanna, 29, and Ali Taher Elbaneh, 52, were indicted last night
in Federal District Court in Buffalo on charges of illegally
transmitting money out of the country.  Mr. Albanna is the uncle of
Jaber Elbaneh, who was identified in a criminal complaint against the
six young men in September as "uncharged co-conspirator B."  The nephew
is believed to be in Yemen, law enforcement officials said. Source: 

[return to top]

Transportation Sector

8.      December 18, General Accounting Office - Mass transit: federal
action could help transit agencies address security challenges.  On
December 18, the General Accounting Office (GAO) released its December
2002 study on mass transit.  In light of the history of terrorism
against mass transit and the terrorist attacks of September 11, GAO was
asked to examine challenges in security transit systems, steps transit
agencies have taken to improve safety and security, and the federal role
in transit safety and security.  To address these objectives, GAO
visited 10 transit agencies and surveyed a representative sample of
transit agencies.  They noted that transit agencies have taken a number
of steps to improve the security of their systems since September 11,
such as conducting vulnerability assessments, revising emergency plans,
and training employees.  Formidable challenges, however, remain in
securing transit systems.  Obtaining sufficient funding is the most
significant challenge in making transit systems as safe and secure as
possible, according to GAO survey results and interviews with transit
agency officials.  In addition to funding challenges, certain
characteristics of transit agencies make them both vulnerable to attack
and difficult to secure.  Based on its study, GAO recommended, among
other things, that the Secretary of Transportation consider seeking a
legislative change to allow all transit agencies to use federal
urbanized area formula funds for security-related operating expenses.

[return to top]

Gas and Oil Sector

9.      December 18, New York Times - Two refiners ask U.S. for oil from
strategic reserve.  At least two large oil refiners have begun talks
with the Energy Department to explore borrowing oil from the Strategic
Petroleum Reserve to make up for shortfalls in Venezuelan exports caused
by strikes, company representatives said yesterday.  Representatives for
the Amerada Hess Corporation and Citgo confirmed that they had
approached the Energy Department about the issue.  Both companies said
they had not yet received a response.  The Energy Department said it was
not considering lending oil from the 598-million-barrel reserve at this
point.  "Currently lending or exchanging oil from the S.P.R. is not an
active consideration," an Energy Department spokesman said.  Source: 

10.     December 18, Associated Press - Venezuela strike strangling oil
industry.  The strike - which entered its 17th day - has reduced
Venezuela's oil output from nearly 3 million to 400,000 barrels per day,
sending the world price of crude oil above $30 a barrel and depriving
the country of $50 million daily in export income.  While the lifeblood
of the nation's economy slowed to a trickle, hundreds of the President
Chavez's opponents formed lines across major highways and other roads in
Caracas, waving flags and blowing on whistles.  The president was dealt
a blow Tuesday when officials at the giant Hovensa refinery in the U.S.
Virgin Island of St. Croix said no gasoline shipments were headed to
Venezuela, which has a majority stake in the refinery.  Two of
Venezuela's largest refineries, including one producing gasoline for
Venezuela and the United States, already have shut down.  Oil executives
vowed to keep up the pressure.  Source:

11.     December 18, Associated Press - Bush signs pipeline safety bill.
President Bush signed legislation Tuesday that's aimed at improving
safety along the nation's 2.2 million miles of oil and natural gas
pipelines.  The bill would require pipeline inspections at least once in
the next 10 years and every seven years after that.  Some pipelines near
large cities would be inspected more frequently.  The bill also would
expand the public's right to know about pipeline hazards; set up
environmental reviews intended to enable more timely pipeline repairs;
and increase state oversight of safety activities.  Source:

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

12.     December 18, AgNews (Texas A&M University) - Surface treatments
could make ready-to-eat products safer.  Acidified calcium sulfate, an
organic acid calcium sulfate combination, is showing potential as a
product that not only kills Listeria on the surface of food products,
but also keeps it from coming back.  Acidified calcium sulfate could
give meat processors another method of intervention to increase the
safety of their products, said Dr. Jimmy Keeton, professor with the
department of animal science at Texas A&M University, and several
already want to test acidified calcium sulfate on their own products to
see how effective it is.  Source: 

13.     December 18, Irish Examiner (Ireland) - Scientists make
salmonella breakthrough.  Scientists working on a cure for salmonella
have made a major breakthrough in understanding how the food-poisoning
bacteria makes people ill.  Studies of the complete genome sequence of
the disease have identified which genes are activated during infection.
"This is the first time anyone has created a complete picture of gene
expression for any organism during infection.  "It exposes which genes
are the real killers.  This new technique can be applied to any
infectious disease," said Dr Jay Hinton, of the Institute of Food
Research.  Salmonella has become increasingly resistant to antibiotics
and now kills more people in the West than any other food-borne
pathogen.  Source: 

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

14.     December 17, U.S. Chemical Safety and Hazard Investigation Board
- General Dynamics plant evacuated by explosion.  On Tuesday, a chemical
explosion at the General Dynamics Armament and Technical Products in
Deland, FL forced the evacuation of the plant at 2000 Brunswick Lane.
Seventy-five to 100 employees were evacuated shortly after 5 p.m. when
nitric acid came into contact with another chemical, possibly ketone,
causing it to ignite, said DeLand Fire Captain Terry Griffiths.  No one
was injured.  The county's hazardous materials team was called in and
quarantined the laboratory until a contractor can clean the area.  The
plant produces devices for the U.S. Army that detect chemical and
biological agents.  Source: 

15.     December 17, U.S. Chemical Safety and Hazard Investigation Board
- Chemicals plant burns in northern Israel.  An explosion set off a
large fire in a compound of petrochemical plants in the northern port
city of Haifa on Tuesday sending a huge cloud of gray smoke over the
Mediterranean.  Tuesday's explosion went off at about 6:40 a.m. at a
fertilizer factory in Haifa Bay, and three warehouses quickly went up in
smoke.  The blaze broke out next to Oil Refineries Ltd.'s facility in
Haifa.  Firefighters from all over northern Israel rushed to the scene,
trying to keep the fire from spreading to nearby petrochemical plants
and oil refineries, police said.  "There was an explosion, that is the
first report we got," said the area's fire chief, Gershon Zalderman.  He
said that while investigators were not ruling out any explanations, they
believed the blast was caused by an accident.  The fire caused huge
morning rush hour traffic jams in Haifa, since the industrial compound
is close to the coastal road, the main thoroughfare.  Cyanide was the
main thing in the plant in the northern port city of Haifa, Moshe Mosco
said.  The facility also held monoammonium sulfide and other substances.
"Some of them are very dangerous,'' he added.  Two Haifa Chemicals
employees suffered smoke inhalation from the fire, which enveloped about
2,000 square meters, he said.  Source: 

16.     December 17, Umatilla Chemical Depot News - Umatilla officials
anxiously awaiting changes at depot.  The nation's chemical
demilitarization program is in flux as the new Homeland Security
Department's umbrella is opened.  And that's leaving people in charge of
public welfare for the Umatilla Chemical Depot (in Oregon) anxiously
watching the changes.  "Nothing is stable right now," said Dennis
Doherty, Umatilla County commissioner and chairman of the Governor's
Board for Chemical Stockpile Emergency Preparedness Program.  The
shifting landscape has left local officials who are responsible for
public safety "in the fog," said Ken Franz, director of emergency
services for Hermiston's Good Shepherd Medical Center.  Apprehension in
the chemical stockpile communities is increasing as the time to begin
burning chemical agents gets closer, said Beverlee Venell, director of
Oregon Emergency Management and a member of the governor's board for the
Umatilla depot.  The Army hopes to begin burning the 3,717 tons of
deadly nerve agent at Umatilla in July.  Under the new homeland security
mandate, protection for the Umatilla Chemical Depot should be one of the
state police's top priorities, said Oregon State Police Lt. Darin
Helman, supervisor for Umatilla and Morrow counties.  But given the
state's budget shortfall, Helman said he's going to be hard-pressed to
get the job done.  "We're no longer going to have 24-hour coverage.  Our
ability to respond to any incident at the depot is going to be affected.
We won't be doing business as we have in the past. We can't," Helman
said.  Source: 

[return to top]

Emergency Law Enforcement Sector

Nothing to report.

[return to top]

Government Operations Sector

17.     December 18, Government Executive - Budget battles could
jeopardize homeland security efforts.  The inability of Congress to
clear 11 of its 13 annual appropriations bills is impacting homeland
security efforts and could jeopardize some White House priorities for
next year, congressional experts said Monday at an Equity International
event.  Bill Hoagland, staff director for the Senate Budget Committee,
said the proposed fiscal 2003 homeland security budget, at $36 billion,
is less than 2 percent of the total budget of more than $2 trillion.  He
noted that $24 billion would go toward non-Defense Department
activities.  The budget for the Homeland Security Department will be
drawn from nine of the measures.  Hoagland divided security spending
into three categories: prevention, protection and minimization.
Prevention, which includes areas such as investigations, intelligence,
law enforcement and immigration, would get about 40 percent, an increase
of 60 percent.  Protection of the border, critical infrastructures like
telecommunications networks, and other areas also would get 40 percent,
a 50 percent jump.  Minimization of damage, involving groups such as
FEMA and the Centers for Disease Control and Prevention, would get the
remaining 20 percent, a quadrupling of funding.  Source: 

18.     December 18, Washington Post - Governor Ridge addresses workers
and begins dialogue for dept.  About 140 employees, from agencies
transferring to the department, have been lent to Ridge to help get the
department started.  Army Maj. Gen. Bruce M. Lawlor, who has served as
Ridge's senior director for protection and prevention, is expected to be
named chief of staff, sources said.  During the next 90 days, Ridge's
team wants to identify what the nation gains by consolidating the 22
agencies and what goals should be set.  The team wants to create a
common e-mail system or directory, launch an Internet site and make
decisions on a range of ordinary issues - from paychecks to letterheads.
The Bush administration hopes that Ridge and his deputy, Gordon England,
will be confirmed in January so they can be sworn in by Jan. 24, the day
the new department opens for business.  Source:

[return to top]

Information Technology Sector

19.     December 18, The State - Computer crime center opens in South
Carolina.  South Carolina's new computer-crime center signals greater
cooperation between federal and state police.  The $5.6 million center,
where more than a dozen state and federal agents will use the latest
technology, is the nation's first statewide cybercrime lab.  It also
will be used to fight terrorism.  Similar labs are in New York City, San
Diego and in metropolitan north Texas.  "We'll have resources from SLED,
the FBI, the Secret Service, the Customs Service, the Postal Service and
others, all in one computer lab,'' director Robert Mueller said.  "The
result will be a one-stop shop for investigating computer crimes."
Mueller said there are 170 million computers in the United States and
580 million worldwide.  Since July, agents at the center have worked 711
cases, said Lt. Chip Johnson, the SLED agent who runs the facility.
Last year, SLED's smaller computer lab worked 331 cases, he said.  Most
cases have been for child exploitation, Internet fraud and
identification theft.  The center's terminals can analyze in an hour
what used to take several hours, Johnson said, sorting quickly through
mountains of information and tracking key evidence from bank transfers,
to e-mails or phone calls.  Agents also have portable computers to copy
and read electronic evidence in the field.  Source.

[return to top]

Cyber Threats and Vulnerabilities

20.     December 16, ZDNet Australia - MySQL security flaws uncovered.
Several vulnerabilities have been found in the MySQL database system, a
light database package commonly used in Linux environments but which
runs also on Microsoft platforms, HP-Unix, Mac OS and more.  E-matters,
a German company, released a security advisory after discovering the
flaws.  They have rated the vulnerabilities as "Medium to Critical" in
severity.  The security flaws discovered range from Denial of Service
(DoS) problems to more serious issues.  "...[O]ne of the flaws can be
used to bypass the MySQL password check or to execute arbitrary code,"
the advisory said.  E-matters also found multiple vulnerabilities in the
MySQL client libraries, which "...could allow DoS attacks against or
arbitrary code execution within anything linked against libmysqlclient."
The vulnerabilities affect all versions prior to 3.23.53a and 4.0.5a.
MySQL have released an updated "version 3" (3.23.54) that is immune to
the security bugs.  It is not known when an updated "version 4" MySQL
will be released.  E-matters will not be releasing an exploit for the
vulnerability.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 2 out of 4

Last Changed:  26 November 2002 Last Changed: 17 December 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA: WORM_KLEZ.H
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s); 53
(domain); 445(microsoft-ds); 443(https); 3389(ms-term-serv); 4662;
25(smtp); 21 (ftp)
Source:; Internet Storm Center

[return to top]

General Information

21.     December 18, Washington Post - Two hospitals refuse to vaccinate
workers.  Two prominent teaching hospitals are refusing to vaccinate
their employees against smallpox.  Officials at Grady Memorial Hospital
in Atlanta and Virginia Commonwealth University in Richmond said
yesterday that the risk of dangerous side effects of the vaccine and
inadvertent transmission to patients outweigh the remote threat of an
attack.  The hospitals' decisions mark the first high-profile opposition
from the medical community to a plan announced on Friday, by President
Bush, to inoculate as many as 11 million Americans by late summer.
Three other large medical centers, Children's Hospital of Philadelphia,
Emory Medical Center in Atlanta, and the University of Iowa Hospitals
and Clinics are leaning against inoculating their staffs.  Source: 

22.     December 18, Washington Times - Terror cells on rise in South
America.  Terrorist training camps operated by Hezbollah continue to
flourish in a remote and lawless area along the shared borders of
Brazil, Argentina and Paraguay, according to law-enforcement officials
and a recent report by anti-terrorism authorities.  Known as the
"tri-border region,"the area is flanked by the freewheeling cities of
Puerto Iguazu in Argentina, Foz do Iguazu in Brazil and Ciudad del Este
in Paraguay, where terrorists meet for what the sources said were
high-level sessions to discuss future attacks on U.S. and Israeli
targets in North and South America.  Argentina's Secretariat of State
Intelli-gence first reported in 1999 that al Qaeda members were in the
region to coordinate terrorist training and to plan future attacks with
Hezbollah.  U.S. intelligence officials are concerned that an alliance
with Hezbollah would give al Qaeda a new base close to the United States
for attacks, the sources said.  Source: 

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to