National Infrastructure Protection Center
NIPC Daily Open Source Report for 27 December 2002

Daily Overview

.       Internet Security Systems has lowered its AlertCon Internet
threat indicator to Level 1, recommending regular vigilance.  (See
Internet Alert Dashboard)

.       The Washington Times reports a paper published recently by the
Center for Strategic and International Studies concludes that the threat
from hackers on the nation's critical infrastructures has been overdone.
(See item 14)

.       The Washington Post reports Canadian intelligence experts said
al Qaeda "sleeper cells" in Canada and the United States have
communicated with each other as recently as this month, probably to plan
terrorist attacks in the United States.  (See item 18)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  Readers
wishing to comment on the contents or suggest additional topics and
sources should contact Melissa Conaty at 202-324-0354 or Kerry J.
Butterfield at 202-324-1131.  Requests for adding or dropping
distribution to the NIPC Daily Open Source Report should be made through
the Watch and Warning Unit at [EMAIL PROTECTED] 

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 26, BBC - N. Korea nuclear moves alarm UN.  The UN
nuclear watchdog says North Korea has moved 1,000 nuclear fuel rods to a
reactor that could produce weapons-grade plutonium - a situation it
describes as "very worrying."  Meanwhile, tensions between the two
Koreas are rising.  South Korea has said that more diplomatic efforts
are needed to avert a crisis over North Korea's nuclear program.  There
is mounting international concern that North Korea could restart the
Yongbyon reactor, which had been sealed up for eight years under a deal
with the United States.  The head of the International Atomic Energy
Agency (IAEA), Mohamed El Baradei, said the plant "can be directly used
to manufacture nuclear weapons - and there again we have no way to
verify the nature of the activity".  "The situation is very worrying,"
he told CNN television.  The IAEA says the unsealed plant could be up
and running again within two months.  Source: 

2.      December 26, CNN  - Russia, Iran reach N-plant deal.  Ignoring
U.S. concerns, Russia has agreed to speed up construction of a nuclear
reactor in Iran and is considering building another there, later.
Moscow also has agreed to provide fuel for the Bushehr plant in southern
Iran for 10 years, the official Islamic Republic News Agency reported.
The United States has strongly urged Moscow to abandon the $800 million
project.  The Bush administration strongly opposes Iran's nuclear
program, alleging the Islamic Republic is working to develop weapons of
mass destruction.  But Russia and Iran say the Bushehr project is for
peaceful, civilian use only and would remain under international
control.  Washington, however, questions why Iran -- OPEC's second
biggest oil producer, with the world's second biggest gas reserves --
needs nuclear power.  Source:

3.      December 25, New York Times - Dredging plan stalls effort to lay
cable under LI sound.  A contested plan to transmit electricity between
Long Island and Connecticut via a cable across Long Island Sound was
dealt a blow this week, when Connecticut regulators rejected a plan to
dredge parts of New Haven Harbor.  In a letter on Monday, the
Connecticut Department of Environmental Protection denied the Cross
Sound Cable Company permission to dredge certain parts of the seabed
using a different kind of technology than the company had originally
proposed.  The new method was necessary, the company had said, in areas
with particularly resistant bedrock.  The letter marked the latest snag
for the project, which has been in the works for more than two years and
which environmentalists and some Connecticut politicians continue to
criticize, saying it could damage shellfish beds and raise electricity
prices in Connecticut.  The Long Island Power Authority, however, is
counting on the 330-megawatt cable to meet its energy demands for next
summer.  A megawatt is enough to power about 1,000 average homes, and
Long Island, which is isolated from energy supply lines but experiencing
a growing appetite for electricity, needs every megawatt it can get,
utility officials say.  Source: 

4.      December 25, Akron Beacon Journal - FirstEnergy sees no need to
redesign Oak Harbor Nuclear Plant.  The list of potential safety
problems at the troubled Davis-Besse Ohio nuclear power plant has been
whittled to 26 "potentially significant" issues, FirstEnergy Corp. said
Monday.  Those remaining issues should be resolved before February
without the need to significantly redesign the plant or delay its
anticipated restart by April, the company said.  The remaining
unanswered questions came about as part of new, higher standards adopted
at Davis-Besse, company spokesman Todd Schneider said.  "We have high
confidence in the design of our systems," Schneider said.  A third of
the 26 safety issues have already been satisfactorily resolved,
FirstEnergy officials told members of the Nuclear Regulatory Commission
(NRC) on Monday.  Officials of the Akron utility were at the NRC's
regional office in Lisle, Ill., to update NRC members on the Davis-Besse
safety systems.  The 883-megawatt plant, in Oak Harbor on the Lake Erie
shore, has been shut down since February because boric acid had severely
pitted the reactor's vessel head.  "We think the overall material
condition of the plant is quite good," said Lew Myers, chief operating
officer for FirstEnergy's nuclear operating company subsidiary that
operates Davis-Besse.  FirstEnergy needs to resolve all 26 issues before
the plant will be allowed to restart, said NRC spokeswoman Viktoria
Mitlyng.  Source:

5.      December 21, Anchorage Daily News - Power company serving rural
Alaska files for Chapter 11 bankruptcy protection.  When Alaska Power &
Telephone Co. (AP&T) bought an interest in paving company Summit Alaska
Inc. last year, the move was supposed to provide stability through
diversification.  The strategy backfired painfully, undermining decades
of expansion across rural Alaska.  When AP&T filed for Chapter 11
bankruptcy reorganization Wednesday, the Port Townsend, Wash. utility
company fingered Summit as the dead weight that dragged it down.
Anchorage-based Summit filed for Chapter 7 liquidation in federal
Bankruptcy Court last week.  AP&T's main business is providing power and
telephone services in rural Alaska.  Now AP&T is focused on maintaining
these core operations, said president Robert Grimm, and planning to pare
away anything else.  Power and telephone customers will not be affected
by the filing, executives said.  Grimm said the plan now is to rebuild
AP&T around its still-healthy subsidiaries, which are excluded from the
proceedings.  Subsidiaries include Alaska Power Co., Alaska Telephone
Co., Bettles Telephone Inc., North Country Telephone Inc., AP&T Long
Distance Inc., AP&T Wireless Inc., and wholesalers BBL Hydro Inc. or
Goat Lake Hydro Inc.  They operate along a swath of Alaska from Hyder in
Southeast to Bettles above the Arctic Circle.  Source:

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

6.      December 24, Financial Crimes Enforcement Network (FinCEN),
Department of the Treasury - Anti-money laundering requirements -
correspondent accounts for foreign shell banks; recordkeeping and
termination of correspondent accounts for foreign banks.  FinCEN is
issuing this final rule to extend the time by which certain financial
institutions must obtain information from each foreign bank for which
they maintain a correspondent account concerning the foreign bank's
status as ``shell'' bank, whether the foreign bank provides banking
services to foreign shell banks, certain owners of the foreign bank, and
the identity of a person in the United States to accept service of legal
process.  This rule extends the time by which a covered financial
institution must obtain the information required to satisfy the
requirements of sections 313(a) and 319(b) from December 26, 2002, to
March 31, 2003.  Treasury and FinCEN do not anticipate granting a
further extension beyond March 31 and expect that covered financial
institutions will comply with the September 26, 2002, final rule with
respect to correspondent accounts established for foreign banks that
have not provided the required information by that date.  This final
rule is effective December 24, 2002.  Source:

[return to top]

Transportation Sector

7.      December 24, Department of Transportation - Coast Guard declares
safety zone around Chicago.  The Coast Guard is establishing a temporary
safety zone for the City of Chicago New Year's Celebration Fireworks in
Monroe Harbor, Chicago, Illinois.  This safety zone is necessary to
protect vessels and spectators from potential airborne hazards during a
planned fireworks display over Lake Michigan.  The safety zone is
intended to restrict vessels from a portion of Lake Michigan off
Chicago, Illinois.  This rule is effective from 11:55 p.m. (local),
December 31, 2002 until 12:20 a.m. (local), January 1, 2003.  Based on
recent accidents that have occurred in other Captain of the Port zones,
and the explosive hazard of fireworks, the Captain of the Port Chicago
has determined firework launches in close proximity to watercraft pose
significant risks to public safety and property.  The likely combination
of large numbers of recreational vessels, congested waterways, darkness
punctuated by bright flashes of light, alcohol use, and debris falling
into the water could easily result in serious injuries or fatalities.
Establishing a safety zone to control vessel movement around the
location of the launch platforms will help ensure the safety of persons
and property at these events and help minimize the associated risks.

[return to top]

Gas and Oil Sector

8.      December 25, New York Times - U.S. oil supplies rise;
Venezuela's effect is seen on the horizon.  Industry analysts say that
the full brunt of that stoppage is just beginning to be felt in the
United States.  "I thought you would start to see the impact this week,
but sometimes these things take a little while to work themselves
through the system," said Thomas P. Bentz, senior energy analyst with
BNP Paribas Commodity Futures.  Crude oil stocks actually rose for the
week ended Dec. 20 by 2.7 million barrels, to 286.63 million barrels.
But the inventories were helped by a big jump in oil supplies on the
West Coast, mainly California, analysts said, perhaps because crude oil
shipments originally headed for Asia were diverted to the United States,
where prices are higher.  Supplies on the Gulf Coast, where most of the
oil from Venezuela is refined, were down by 1.84 million barrels,
according to the trade group.  Source: 

9.      December 26, Reuters - Foes of Venezuela's Chavez step up
demands.  Venezuela's opposition on Thursday intensified its drive to
oust President Hugo Chavez by demanding that striking state oil
employees keep their jobs as part of any accord to end the crisis in the
world's No. 5 petroleum exporter.  The opposition's tougher stance will
complicate efforts by international mediators to break the deadlock
between the leftist leader and his foes as Chavez has already fired
dozens of striking executives at the state oil firm PDVSA.  Striking
PDVSA executives and managers on Thursday voted to continue to stay out
until Chavez steps down.  Many analysts believe Chavez is now settled in
for a long battle.  He still controls the government and appears to have
the loyalty of top military commanders.  Source:

[return to top]

Telecommunications Sector

10.     December 25, Washington Post - D.C. overhauling out-of-date 911
system.  The network infrastructure that the Washington D.C. emergency
call center leases from Verizon Communications Inc. is expensive and out
of date, D.C. officials say.  In addition, Washington has only one
emergency call center covering the entire District; most cities this
size have two.  On top of that, the call center's systems are not
configured to trace the location of wireless 911 calls, making it harder
to dispatch help.  The District is trying to work on a comprehensive fix
for most of call center's technology headaches.  The project will revamp
the entire emergency response system, starting with a $93 million
fiber-optic network that will eventually connect 380 D.C. government
operations, as well as police houses, libraries and schools.
Construction on that network began in January and so far has connected
nine of 10 key downtown government buildings.  Source: 

[return to top]

Food Sector

11.     December 26, Miami Herald (Florida) - Trained dogs may one day
sniff out citrus canker.  Though not harmful to humans, canker blemishes
fruit, making it impossible to sell as fresh fruit in the supermarket.
Researchers at the U.S. Department of Agriculture's Fort Pierce lab say
it appears that canker has a distinctive enough aroma that dogs can be
trained to alert others when smelling it on a tree.  Their keen noses
might reduce the amount of time it takes to survey the state's vast
citrus acreage and maybe allow inspectors to catch the disease earlier.
''Dogs have shown that they do have an ability to detect xanthamonas,''
the agent that causes the disease, said Dr. Calvin Arnold, director of
the lab.  The next phase is to find whether dogs can distinguish between
xanthamonas and other agents.  Source: 

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

12.     December 26, Los Angeles Times - Trucker held in threat on White
House.  Norayr Avetisyan, 27, was arrested in Dayton on Monday after he
was allegedly overheard telling a fellow trucker over a citizen's band
radio that he was carrying explosives and was headed to the White House.
Another trucker listening in on the conversation called 911.  State
police alerted officers in the surrounding area.  A truck weigh station
was opened in Preble County, Ohio, near the state line so Avetisyan
would have to stop.  Members of the FBI task force on terrorism and U.S.
Secret Service agents participated in the arrest.  No explosives were
found and Avetisyan was turned over to U.S. Marshalls on Tuesday, police
said.  Reached at his Glendale apartment, a woman who said she was
Avetisyan's sister said Tuesday that her brother's comments were not
serious.  Source:,0,1097019.s

[return to top]

Government Operations Sector

Nothing to report.

[return to top]

Information Technology Sector

13.     December 26, Cincinnati Business Courier - Supermarket lets
Texas shoppers pay by fingerprint.  A large supermarket chain is
experimenting with a new payment method in Texas: Finger imaging.
Instead of credit or debit cards, customers put their index finger on a
scanning machine, using their fingerprint to access their customer
account.  The voluntary program is being tested at three stores in
Texas, according to Reuters.  So far, about 10,000 customers have
enrolled in the program.  "Early indications are that it's being well
received by the customer, the new technology is performing well and it
is saving both time and money," said Gary Huddleston, manager of
consumer affairs for the company's Southwest division.  He said the
chain has not yet made plans to roll out the finger-imaging program to
additional stores.  Source:

[return to top]

Cyber Threats and Vulnerabilities

14.     December 26, The Washington Times - Hacker threat seen as
overdone.  A paper published recently by James Lewis of the Center for
Strategic and International Studies concludes that the threat from
hackers on the nation's critical infrastructures is "overblown."  Mr.
Lewis makes a distinction between computer networks in general and
critical infrastructure.  He says, "a brief review suggests that while
many computer networks remain very vulnerable to attack, few critical
infrastructures are equally vulnerable."  To bring the country down even
briefly, terrorists would have to do serious damage to critical systems,
not just make nuisances of themselves.  Lewis makes several points.  One
is that there is a difference between being a pest and causing
strategically serious damage.  Second, the American infrastructure is
much more robust than terror mongers would have us think.  Failure and
disruption are already a routine fact of infrastructure life and cause
no more than inconvenience.  "An assumption I have noticed in disaster
scenarios is that if a terrorist can disrupt a network's computers, the
network is destroyed.  Actually, computers fail frequently, whereupon
the engineers reload from backups and life goes on."  His conclusion:
"The sky is not falling, and cyber-weapons seem to be of limited value
in attacking national power or intimidating citizens."  The CSIS study
is available at  Source: 

15.     December 26, MSNBC - Hacker turns to extortion.  A criminal
trying to turn stolen personal data into cash has apparently seized on a
new, low-tech method - direct threats.  A woman who had her identity
stolen in early December managed to foil most of the bank account
transfers attempted by the thief.  So the criminal turned to personal
extortion instead, saying he would leave her alone if she paid $400.
The incident concerns online auction consumer advocate Rosalinda
Baldwin, who sees it as an escalation of the kinds of tactics hackers
might use to turn computer crime into cash.  Extortion threats, which
until now were normally reserved for hackers trying to wring money out
of companies that had suffered security lapses, raise the stakes quite a
bit for the criminal, Baldwin says.  The big question for Baldwin is
whether or not the woman's case is an aberration, or represents a new
method computer criminals are using the profit from criminal computer
activity. Source: 

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed:  26 December 2002 Last Changed: 21 December 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   WORM_KLEZ.H
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 1433(ms-sql-s);  80 (http);
443(https); 445(microsoft-ds); 53(domain); 4662; 21(ftp); 27374(asp);
Source:; Internet Storm Center

[return to top]

General Information

16.     December 26, Gainesville Sun (Florida) - Education against
terrorism.  Seven Florida universities have created an education program
concerning terrorism.  Experts in such areas as weapons of mass
destruction and biological defense will train health care providers and
the public how to respond to any future act of terrorism.  Officials
will first focus on training the health care providers who are likely to
be first-responders in the event of a bioterrorist attack then on
educating the supervisory health practitioners who train others.
Representatives of the state-funded Area Health Education Centers and
the Florida Emergency Medical Foundation also are part of the alliance,
which aims to have a completed curriculum by Aug. 30, 2003.  To fund the
project, the national Centers for Disease Control and Prevention has
allocated $6.5 million to the Florida Department of Health, which in
turn is contracting with the state universities to design and implement
the training program.  Source:

17.     December 24, CNET - A happy New Year for hacker
Mitnick.  The Federal Communications Commission (FCC) has released a
decision that grants convicted hacker Kevin Mitnick his ham radio
license renewal after a protracted battle.  Ham radio has been a hobby
for Mitnick since he was 13 years old. While he now uses it primarily to
talk to friends, he credits the hobby with having led to his interest in
computer hacking.  "It' I first became intoxicated with
technology, with figuring out how things worked," Mitnick said.
Mitnick's license came up for renewal in 1999, when he was still serving
a prison sentence for computer fraud, theft and other convictions. The
FCC held up his application until recently, when it ruled that Mitnick
was sufficiently rehabilitated to deserve the renewal.  In its order,
the FCC detailed Mitnick's various convictions and concluded that his
rehabilitation was genuine and complete.  Mitnick is looking forward to
the January lifting of fairly severe probation restrictions he's had to
observe since his release from prison on Jan. 21, 2000.  Under the terms
of a plea agreement, Mitnick has been unable to use a computer, access
the Internet or act as a computer consultant without the permission of
his probation officer.  "In four weeks I'll be free to do whatever I
want," Mitnick said. "Within the law of course."  Source:

18.     December 25, Washington Post - Sleeper cell contacts are
revealed by Canada.  Al Qaeda "sleeper cells" in Canada and the United
States have communicated with each other as recently as this month,
probably to plan terrorist attacks in the United States, Canadian
intelligence experts said yesterday.  The disclosure came in the wake of
the arrest last week of a pizza delivery man in Ottawa who is suspected
of being associated with the terrorist network of Osama bin Laden.
Canadian authorities decided to arrest Mohamed Harkat, 34, shortly after
he made calls to suspected al Qaeda members in the United States, said
Reid Morden, former director of the Canadian Security Intelligence
Service (CSIS), who has been in contact with the Canadian spy agency on
the matter.  The CSIS alleged in a rare court filing that Harkat, 34,
who was born in Algeria and has lived in Canada since 1995, is an
associate of Abu Zubaida, one of Osama bin Laden's close associates.
Zubaida, who was arrested in Pakistan in March and is in U.S. custody at
an undisclosed location, identified Harkat to his interrogators,
according to Canadian intelligence officials.  Source: 

19.     December 24, USA Today - Terrorism worries U.S. execs more than
war.  A war with Iraq doesn't worry some executives at U.S. companies as
much as concerns about retaliatory terrorism, civil unrest and a host of
spin-off uncertainties for which they can't plan.  War alone, they say,
may do little but raise the price of oil and has become lost in the
noise of a nuclear North Korea and civil unrest in Venezuela.  But
planning is seen in many quarters as crystal ball management, especially
at smaller companies.  Feelings of helplessness aren't unique to small
businesses.  About half of Fortune 500 companies have crisis management
in place.  The others are taking the "head-in-the-sand approach," says
Bruce Wimmer, a former Air Force anti-terrorism expert now working for
Pinkerton Consulting & Investigations.  Companies must imagine the
worst, then decide what they would do, he says.  Concerns at
multinational companies include personnel evacuation, stockpiling
inventory, switching manufacturing from one country to another and
finding alternative shipping routes and ports.  Source: 

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to