National Infrastructure Protection Center
NIPC Daily Open Source Report for 26 December 2002

Daily Overview

.       Internet Security Systems has raised its AlertCon Internet
threat indicator to Level 2, in part due to ISS observations of multiple
distributed denial of service (DDOS) attacks against commercial targets
in Western Europe launched from the Dynamic Trojan Horse Network (DTHN).
(See Internet Alert Dashboard)

.       ZDNet reports at least three commonly used open source software
packages were altered by hackers to contain "Trojan horse" code this
year, and in all of these cases, the unknown cracker gained entry to the
relevant download sites and embedded the back door code in the
installation packages.  (See item 14)

.       The Norfolk Daily Press reports a Virginia shipping terminal is
the first cargo port in the country installing a new security system
that checks for radioactive bombs on containers as they head from the
docks to the roadways.  (See item 5)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  Readers
wishing to comment on the contents or suggest additional topics and
sources should contact Melissa Conaty at 202-324-0354 or Kerry J.
Butterfield at 202-324-1131.  Requests for adding or dropping
distribution to the NIPC Daily Open Source Report should be made through
the Watch and Warning Unit at [EMAIL PROTECTED] 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 24, - Nuclear reactor study met with
skepticism.  An advocacy group is questioning a new electric industry
report that shows nuclear reactors could withstand a crash from a
commercial airliner.  Edwin Lyman, president of the Washington-based
Nuclear Control Institute, said he is skeptical about the study,
released Monday, because industry officials won't release the full text
of the report.  "If they found that a plane could penetrate a
containment building and cause a meltdown, would they say it?" Lyman
said.  But Florida Power & Light Co., which operates the St. Lucie
Nuclear Plant on Hutchinson Island, said the study commissioned by the
Nuclear Energy Institute trade group should put the public at ease.  "It
shows that the current design is more than adequate to protect the
facilities," said Rachel Scott, a FPL spokeswoman.  The Nuclear Energy
Institute said in a summary of the study Monday that based on
computer-engineered tests, the nation's 103 reactors could withstand a
direct hit from a fully fueled Boeing 767-400.  Source:

2.      December 23, - TVA's new power generation facility
on Raccoon Mt. gets upgrade.  TVA is in the midst of a $70 million
upgrade to the four mammoth electrical generating units located deep
inside Raccoon Mountain - a 38-floor elevator ride down.  The plant
employs 46 people but also is using contractors for the improvements.
"I'd say it's the cleanest method to generate power," said Nick Willis,
a contract pipefitter from Jasper, who works at the plant 18 miles west
of Chattanooga.  "It's a lot cleaner than coal.  Here, all you do is
pump water up and let it back down.  It's not nuclear.  It's clean."
It's a facility that dumps water from a manmade lake carved out of the
top of Raccoon Mountain and then sends it plummeting down through
tunnels into the heart of the mountain to generate electricity.  Then it
reverses the pumps and pulls new water back to the mountaintop to refill
the lake and begin the process all over again.  Ray Blankenship, a
senior operator from Ootlewah, said the plant helps provide a "balanced
system" as part of TVA's power structure of coal, nuclear and hydro
power.  "It's a renewable source," Blankenship said.  Source:

3.      December 20, Lexington Herald-Leader - Innovative power plant
faces obstacles.  A company that wants to build an innovative power
plant in Clark County, KY has applied for a permit from a state siting
board, but faces several obstacles.  Kentucky Pioneer Energy LLC wants
to build a 540-megawatt plant near Trapp that would be powered by
pelletized garbage from New York and New Jersey, as well as coal.  The
plant will use steam and oxygen to convert the coal and garbage into a
gas that will produce little pollution.  The plant, however, has had
several delays and may lose its main customer, East Kentucky Power
Cooperative, if the financing isn't secured before Jan 31, 2003.  The
Pioneer plant, like a rash of other plants proposed for Kentucky after
the hot summer of 1999, now faces a soft market for electricity.

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

4.      December 23, U.S. Customs Service - U.S. Customs opens trade
fastlanes.  The joint U.S.-Canada Free and Secure Trade (FAST)
initiative, announced on September 9, 2002, by President George W. Bush
and Prime Minister Jean Chretien, is now operational at three major
commercial crossing points.  These crossings include Detroit,
Michigan/Windsor, Ontario; Port Huron, Michigan/Sarnia, Ontario; and in
Buffalo, New York/ Fort Erie, Ontario.  FAST is expediting trade through
these three locations responsible for processing over 20,000 thousand
inbound and outbound commercial trucks per day--representing more than
40 percent of trade between the U.S. and Canada.  In mid-January, 2003,
the FAST lane program will be extended farther west along the
U.S.-Canada border, to Blaine, Washington/Douglas, British Columbia, and
to the east, at Champlain, New York/Lacolle, Quebec.  FAST is a
bilateral initiative between the United States and Canada designed to
ensure security and safety while enhancing the economic prosperity of
both countries.  In developing this program, Canada and the United
States have agreed to harmonize, to the maximum extent possible, their
commercial processes for clearance of low-risk commercial shipments at
the border.  Source: 

5.      December 22, Daily Press - Norfolk, Virginia ports scan for
bombs.  A Virginia shipping terminal is the first cargo port in the
country to install a new security system that checks for bombs on
containers as they head from the docks to the roadways.  The new system
is part of a push by federal officials and the Virginia Port Authority's
to prevent terrorists trying to sneak bombs into the country in cargo
containers.  Norfolk International Terminals is now scanning 5,000
container trucks a week for radiation just before they carry their goods
out of the port.  The system - which is an adaptation of an old
technology used in steel mills to detect possible radiation there - will
be installed at the VPA's Newport News Marine Terminal and Portsmouth
Marine Terminal within 90 days, said Robert Merhige, the Virginia Port
Authority's deputy executive director.  "It should do the job," said
Lawrence Weinstein, a professor at physics at Old Dominion University
who is familiar with the technology.  "It should be able to detect
anything that's radioactive enough for us to worry about."  Source: 

6.      December 21, CNN - Airport security program expanded.  The
Transportation Security Administration (TSA) has expanded a pilot
screening program to 42 airports ahead of the holiday rush.  The agency
announced Friday that security screening at these airports will be
conducted at special checkpoints, where equipment and personnel can be
consolidated, instead of at individual boarding gates.  One of the major
changes for passengers is that they will have to have their boarding
passes to go through the checkpoint.  The passes will no longer be
issued at the gates, but will be available at ticket counters, skycap
curbside stations and airline computer kiosks.  The TSA said that the
change will both improve security and be less inconvenient for
passengers.  In early trials of the program, the wait time was about the
same for passengers who were screened as it was for those who were not,
the TSA said.  Source:

7.      December 25, Press   Citing security
concerns, the Federal Aviation Administration has issued temporary
flight restrictions over New York City and Pasadena, Calif., during the
New Year's holiday.  Restrictions for New York City will begin at 4 p.m.
Dec. 31 and end at 4 a.m. Jan. 1, FAA spokeswoman Laura Brown said.
Pilots will be allowed to fly no lower than 1,500 feet within a one-mile
radius of the Statue of Liberty.  Pilots will also be forbidden to fly
below 2,000 feet over Manhattan between 23rd Street and 96th Street, the
FAA said.  The restrictions were established at the request of the New
York Police Department.  The restriction around Pasadena for New Year's
Day will be from 6 a.m. to 1:30 p.m. during the Rose Bowl and Rose
Parade. Restrictions will vary throughout the day, moving from 3,000 to
5,000 feet. The restriction is requested every year by the state of
California.  Source:,2933,73888,00.html

[return to top]

Gas and Oil Sector

8.      December 24, Reuters - Venezuela strike and war fear push oil
price to two-year high.  Oil prices rose to their highest level in two
years yesterday, as a freeze in supplies from strikebound Venezuela and
the growing threat of war with Iraq deepened fears of a winter oil
supply shortage.  In New York, crude oil for February delivery rose
$1.45 a barrel, or 4.8 percent, to $31.75. Prices rose further in
after-hours trading to as much as $32 a barrel, its highest since
January 2001.  Oil prices have risen 60 percent this year, jumping $7 in
the last month, increasing concern that higher energy costs could
endanger a fragile economy.  Oil supplies have already tightened for the
winter in the Northern Hemisphere, as a 22-day general strike has hurt
output from Venezuela, the world's fifth-largest exporter.  Refinery
operations in the United States have begun to feel the pinch of the lack
of crude oil from Venezuela, which supplies about 14 percent of American
crude and imports of refined products.  Source: 

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

9.      December 24, Christian Science Monitor - Risk of terrorism to
nation's food supply.  Experts say U.S. crops and livestock - a $193
billion industry - could easily be attacked by devastating diseases.
"Biological agents that could be used to harm crops or livestock are
widely available and pose a major threat to U.S. agriculture," says
Harley Moon, professor of veterinary medicine at Iowa State University
and chair of the National Research Council (NRC) committee that wrote a
recent report on the subject.  Plant viruses, fungi, and bacteria are
easier to obtain than, say, weaponized anthrax aimed at people, and
they're easier to spread via winds and carrier insects.  "Although an
attack with such agents is highly unlikely to result in famine or
malnutrition, the possible damage includes major direct and indirect
costs to agricultural and national economy, adverse public-health
effects ... loss of public confidence in the food system and in public
officials, and widespread public concern and confusion," the NRC report
concluded recently after two years of studying the issue.  Source: 

[return to top]

Water Sector

10.     December 23, Journal News (Westchester, NY) - Officials seek
help watching NYC's watershed.  Christopher O. Ward, Commissioner of New
York City's Department of Environmental Protection (DEP), wants
residents, recreational users, and organizations in the watershed to
call a special hotline if they spot suspicious or unusual activity near
water-supply facilities.  The Water-Watch Hotline is meant to assist the
city's watershed police force in protecting the water supply from
possible acts of terrorism, crime, or pollution.  The hotline is part of
a growing trend among utilities to rely on the public for information
about their infrastructure and property.  The number is answered by the
DEP police.  Lynn Rasic, a spokeswoman for the state Office of Public
Security, said her office and the DEP have worked together to develop a
response protocol for terrorism-related tips.  Source: 

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

Nothing to report.

[return to top]

Government Operations Sector

11.     December 20, General Accounting Office - The General Accounting
Office has issued a report entitled, "Homeland security: management
challenges facing federal leadership," prepared for the U.S. Senate's
Committee on Governmental Affairs.  The report states that a new
homeland security emphasis is underway, but remains incomplete.
Agencies reported a new emphasis on homeland security activities, such
as accelerated implementation of existing homeland security activities
or increased coordination with other government agencies or the private
sector.  Agencies will be challenged in meeting dual or unrelated
missions while maintaining and strengthening homeland security
operations.  Government organizational changes are also contributing to
the new emphasis, including creation of the Office of Homeland Security,
the Transportation Security Administration, and the integration of many
homeland security functions into the new Department of Homeland
Security.  Although officials say that coordination efforts at all
levels have increased, concerns remain particularly with state and local
government and collaboration with the private sector needs greater
emphasis.  Source:  Report:

[return to top]

Information Technology Sector

12.     December 23, NewsFactor Network  - The code that cuts both ways
- the debate over full disclosure.  The focus on computer security has
never been more intense, and the debate over disclosure has never been
hotter.  On one hand, mailing lists like BugTraq can give vendors an
incentive to fix security holes by making them public.  But some vendors
say full disclosure only helps crackers, so they urge security experts
to wait before making information available.  Should security experts
publicize vulnerability information, especially when releasing that data
could result in functional attacks on security holes before a patch is
released?  Cate Quirk, an analyst with AMR Research, told NewsFactor
that lists like BugTraq are necessary.  "It certainly gets people on the
ball, that they do need to patch security holes," she said.  But despite
widespread agreement that public disclosure of security flaws is
necessary, experts differ on how much information should be made
available, or how quickly that information should be released.  Many
people who discover security holes are "white hats" -- hackers who want
to find vulnerabilities and have them fixed before would-be attackers
can exploit them to the detriment of computer users.  But white hats
face several practical and ethical issues in disclosing security
problems.  On the other hand, if a white hat chooses to remain silent,
the vulnerability in question may go unreported and unrepaired -- but
crackers may also discover it independently and exploit it in secret.

13.     December 23, Wired News - IDC says that tech bucks and hack
threats are up.  In a series of predictions for the coming year, IDC
analysts said the economy could expect a boost from an increase in
corporate IT spending.  Every year, IDC makes 10 predictions for the
upcoming year.  In the six years it has made such forecasts, it has
usually gotten seven out of 10 predictions right, says IDC chief
research officer John Gantz.  IDC fears that a war with Iraq will
galvanize hackers to use their skills, perhaps in a coordinated way, to
create "economic disruptions" through denial-of-service attacks and even
physical attacks on key networks.  IDC went as far as to say that such
an attack would bring the Internet "down to its knees" for a day or two.
IDC based this prediction on an Oct. 22 DoS attack against 13 "root
servers" that provide the primary roadmap for almost all Internet
communications.  Although investigators considered it the largest and
most sophisticated attack ever against the Internet, users worldwide
were largely unaffected.  Still, IDC considered the attack a "blueprint"
for events to come.  Source:,1377,56902,00.html 

[return to top]

Cyber Threats and Vulnerabilities

14.     December 24, ZDNet Australia - Trojan horses plague open source.
At least three commonly used open source software packages were altered
by black-hat hackers to contain "Trojan horse" code this year.  The
three most commonly used packages affected were Sendmail, OpenSSH and
tcpdump/libpcap.  Others to be modified included BitchX, a chat client,
and Fragrouter, a network security tool.  In all of these cases, the
unknown cracker gained entry to the relevant download sites and embedded
the back door code in the installation packages.  Adam Pointon, a
Melbourne, Australia based security consultant, says that most of these
modifications were not noticed for several days.  But Pointon says that
using open source software is often less risky than using pre-compiled,
or "closed source" software because users who download open source
packages can very easily verify their authenticity through a
mathematical process known as an md5 checksum.  An md5 checksum is
basically a fingerprint of a file.  A mathematical operation is
performed on the relevant file that will generate a unique 32-byte
number.  If a single bit is changed in that file, the number that the
md5 utility spits out will be completely different.  The motives for the
Trojans are unclear.  Some are speculating that a group black-hat
hackers are using the Trojan technique to target high-profile security
related sites.  They might "get lucky" if the administrators of these
sites installs a tainted package.  Source:,2000025001,20270855,

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 2 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed:  24 December 2002 Last Changed: 21 December 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   WORM_KLEZ.H
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 1433(ms-sql-s);  80 (http); 445
(microsoft-ds); 443(https); 53 (domain); 4662; 27374(asp); 21 (ftp);
Source:; Internet Storm Center

[return to top]

General Information

15.     December 24, Associated Press - Researchers develop smallpox
vaccine test.  A laboratory test for the effectiveness of smallpox
vaccines has been developed by a team of European researchers and it may
be used as Americans start receiving shots against the disease.  In a
study appearing this week in the Proceedings of the National Academy of
Sciences, scientists in Germany and France report they have discovered a
test that can determine if a candidate smallpox vaccine can prompt
protection against the disease in humans.  The test also could be used
to determine if a person actually develops defenses against smallpox
after being vaccinated.  The large majority will develop immunity, but
not everyone.  Dr. Bernard Moss at the National Institute of Allergy and
Infectious Diseases, one of the National Institutes of Health, said the
research is important because no scientist has ever identified in the
human immune system the types of responses needed to protect against
smallpox.  Source:

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to