National Infrastructure Protection Center NIPC Daily Open Source Report for 30 December 2002
Daily Overview . SecuriTeam reports that certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. (See item 15) . CNN reports poultry farms in Southern California have been quarantined and 100,000 chickens destroyed after officials detected a fast-spreading poultry disease called Exotic Newcastle Disease. (See item 8) . MSNBC reports scientists are amazed by the scale and sweep of the ecological impact of West Nile virus; the effects on wildlife have been far worse than on humans. (See item 16) . CNN reports that Venezuela, the world's fifth largest oil producer, has begun importing gasoline from neighboring Brazil; the ongoing strike, coupled with fears of a war in the Middle East, has pushed oil prices above $30 a barrel. (See item 5). In related stories, US refinery and trucking interests are being effected by the oil workers strike in Venezuela. (See Items 6 and 7) . The Federal Bureau of Investigation is seeking the public's assistance in determining the whereabouts of five individuals believed to have entered the United States illegally on or about December 24, 2002. (See item 11) Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source Report will be aligned to cover the critical infrastructure sectors as identified in the National Strategy for Homeland Security. Currently covered sectors, which were set forth in Presidential Decision Directive 63, are included in the new format. The new Sector alignment will be as follows: Agriculture, Food, Water, Public Health, Emergency Services, Government, Defense Industrial Base, Information and Telecommunications, Energy (to include Electric Power, and Oil and Gas), Transportation, Banking and Finance, Chemical Industry and Postal and Shipping. Readers wishing to comment on the contents or suggest additional topics and sources should contact Melissa Conaty at 202-324-0354 or Kerry J. Butterfield at 202-324-1131. Requests for adding or dropping distribution to the NIPC Daily Open Source Report should be made through the Watch and Warning Unit at [EMAIL PROTECTED] NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 26, PRNewswire - Nine Mile Point Units One and Two back in service. In Oswego, NY, Nine Mile Point Nuclear Station Units One and Two were both returned to service yesterday. Unit One was placed back on the grid at 12:19 a.m. and is at full power. Unit Two returned to service at 10:30 p.m. and is proceeding toward a return to full power. Nine Mile One was taken out of service on December 5, 2002 for a planned outage in order to identify and make repairs to the Reactor Building Closed Loop Cooling System, a system which uses demineralized water to cool components such as pumps, motors and air coolers. Nine Mile Two automatically shut down on December 16, 2002 due to a problem with the temperature controller on the plant's generator. Additional maintenance was performed on both units while they were shut down. Constellation Energy Group (NYSE: CEG) owns 82 percent of Nine Mile Point Unit 2 and 100 percent of Unit 1. The electricity generated by the reactors is enough to meet the needs of more than a half-million homes in the Northeast United States. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3538628 2. December 26, Business Wire - ConEdison Solutions to donate 83,000 watts of wind power on New Year's Eve. Midnight on New Year's Eve, ConEdison Solutions, a leading energy service provider, will donate to the New York State power grid 83,000 watts of electricity generated by an upstate wind farm - an amount equal to the power used to light the New Year's Eve ball and 2003 numerals in Times Square. This electricity, equivalent to the wattage needed to power 10 large homes or 100 apartments, will be provided in partnership with Community Energy, Inc. and certified as Green-e compliant by the Center for Resource Solutions. The New Wind Energy is the product of Community Energy, Inc., and supplied by the recently dedicated 30-megawatt wind power farm in Fenner, NY, developed and owned by CHI Energy, Inc. Community Energy was founded in 1999 to expand the market for premium, clean energy, produced with no fuel or pollution. Source: http://hsweb01.screamingmedia.com/PMA/pma_newsarticle1_national.htm?SMDO CID=comtex_2002_12_26_bw_0000-1613-.industrytopstories.corp&SMContentSet =0 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report. [return to top] Transportation Sector 3. December 28, Associated Press - Philadelphia opens military seaport. The Port of Philadelphia made its debut Saturday as a military seaport which is expected to help the city compete for cargo business and federal funding. The port won the military seaport designation, which allows for military cargo to be shipped through the port, in October after three years of planning by port officials and the Delaware River Maritime Enterprise Council. The lack of military certification had long hurt the port, which is in competition with seaports in New York and Norfolk, VA, for cargo business and federal funds for port improvement. Source: http://www.washingtonpost.com/wp-dyn/articles/A48023-2002Dec28.html 4. December 27, Federal Register - Security zones for liquefied hazardous gas vessels proposed. The Federal Register published notice of proposed rulemaking Friday, which would establish Safety Zones around and under all liquefied hazardous gas (LHG) tank vessels located on San Pedro Bay, California, in and near the ports of Los Angeles and Long Beach, and separately around tanker ships in Puget Sound, WA. These proposed security zones are needed for national security reasons to protect the public and ports from potential subversive acts. Entry into these zones will be prohibited unless specifically authorized by the Captain of the Port. Sources: http://www.setonresourcecenter.com/register/2002/Dec/27/79014A.pdf and http://www.setonresourcecenter.com/register/2002/Dec/27/79017A.pdf [return to top] Gas and Oil Sector 5. December 29, CNN - Venezuela importing gas to ease oil strike. Opponents of embattled President Hugo Chavez planned another day of demonstrations Sunday as Venezuela, one of the world's largest oil producers, began importing gasoline to break an oil workers' strike. The first shipment arrived Saturday from neighboring Brazil. The strike has led to mile-long gas lines in Caracas, the capital of the world's fifth largest oil exporter, and other cities. Before the strike, Venezuela produced about 3 million barrels of oil a day. Since the walkout began, government officials said, production dropped to 200,000 barrels a day before climbing back up to its current rate of between 600,000 and 700,000 barrels per day. Government officials said the Puerto la Cruz refinery east of Caracas was running at about 70 percent of its capacity, but the refinery is one of Venezuela's smallest. Striking workers said the government lacks the manpower to resume normal production levels. Daily demonstrations aimed at forcing him to resign have paralyzed Venezuela's oil industry, which provides about 15 percent of U.S. oil imports. The general strike is costing Venezuela about $50 million a day in lost oil revenue. The strike, coupled with fears of a war in the Middle East, has pushed oil prices above $30 a barrel. Source: http://www.cnn.com/2002/WORLD/americas/12/29/venezuela.strike/index.html 6. December 27, Reuters - Murphy Oil Co. plans to cut production at its Meraux, Louisiana, refinery in January by about 15,000 barrels per day (bpd), Mike Hulse, president of refining and marketing, told Reuters on Friday. The cuts are being made at the 95,000 bpd refinery because it costs too much to replace oil the company had purchased but is not receiving from Venezuela's national oil company, "The reason we're cutting is not because we're not getting our purchases from Venezuela," Hulse said. "There is plenty of oil out there to replace it. It's too expensive to buy." Source: http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=1968180 7. December 28, Miami Herald - Truckers on edge as fuel costs surge. The crisis in Venezuela is reverberating with South Florida truckers, shippers and distributors as wholesale diesel prices hit a two-year high. Since Dec. 2, diesel prices have jumped 18 percent. The volatility in fuel prices hits in two ways. First, customers generally require a price quote days before fuel is delivered. Second, the rise in fuel prices leads to an increase in the amount of money owed customers. The price that distributors and others pay for diesel fuel has climbed to about 91 cents a gallon, up from a low of 48.59 cents in January. In the third quarter of 1999, when fuel prices were $1.17 a gallon, 340 trucking firms went under. A year later, with the price $1.506, 1,320 firms collapsed, according to association statistics. In this year's third quarter, with the price at $1.347 a gallon, 639 failed. Source: http://www.miami.com/mld/miamiherald/4826112.htm?template=contentModules /printstory.jsp [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 8. December 27, CNN - Poultry destroyed, quarantined in Southern California. Poultry farms in southern California have been quarantined and 100,000 chickens destroyed after officials detected a fast-spreading poultry disease. While the malady, called Exotic Newcastle Disease, isn't harmful to humans, it could be devastating to the poultry industry because it's deadly to birds. To prevent it from spreading, the California Department of Food and Agriculture (CDFA) euthanized 100,000 chickens at a farm in western Riverside County. A regional quarantine is in effect for Los Angeles County and western sections of Riverside and San Bernardino counties. "Finding it in a commercial flock is a first in California since 1974," U.S. Department of Agriculture spokesman Larry Hawkins told the AP. "It's not only serious because there is a direct threat to the poultry industry in California, but because it also brings about quarantines from our trading partners." In the 1970s, an outbreak in California prompted the destruction of nearly 12 million chickens, with nearly $56 million spent on eradication efforts. While most of California's poultry industry is in the Central Valley between Sacramento and Bakersfield, the California Poultry Federation says about 9 million egg-laying hens are in the quarantined area, or about 60 percent of the egg-laying chickens in the state. The state is the nation's No. 3 egg producer. Because the disease cannot be transmitted to humans, eggs are being sanitized and allowed to pass through the quarantine zone, the AP reports. Source: http://www.cnn.com/2002/US/West/12/27/poultry.outbreak/index.html 9. December 27, Associated Press - Canned kale, turnip greens recalled. A South Carolina company is recalling 300,000 cans of kale and turnip greens because they may be contaminated with salmonella or other bacteria. Recalled are the Glory Foods brand of kale and turnip greens sold in 27-ounce cans throughout the country but primarily along the East Coast, said manufacturer McCall Farms of Effingham, S.C. No illnesses have been reported from the contamination, which may include salmonella and staph bacteria, McCall Farms said. The contamination came to light when a major grocery chain spotted swollen cans in a warehouse and alerted the U.S. Food and Drug Administration. Source: http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/104098588 6190900.xml [return to top] Water Sector 10. December 27, Australian (Australia) - Dung beetle may clean water. Researchers believe a beetle that lives on cow dung is the key to preventing life-threatening contamination of water. Bubas Bison - a variety of dung beetle - can be used to cut down the levels of Cryptosporidium, a dangerous parasite easily washed into water supplies. Dung beetles eat fresh dung and also dig tunnels up to half a meter deep to bury dung balls in which they lay eggs. Experiments in Europe with other beetle species found Cryptosporidium spores were killed when eaten by beetles. Currently researchers in Australia are testing the efficacy of Dung beetles in Fleurieu Peninsula and Kangaroo Island where they have released 80,000 beetles in the past 12 months. Source: http://www.theaustralian.news.com.au/common/story_page/0,5744,5751246%25 5E421,00.html [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector 11. December 29, Federal Bureau of Investigation - The Federal Bureau of Investigation is seeking the public's assistance in determining the whereabouts of the following individuals: ABID NORAIZ ALI, DOB AUGUST 15, 1977;IFTIKHAR KHOZMAI ALI, DOB SEPTEMBER 20, 1981; MUSTAFA KHAN OWASI, DOB NOVEMBER 12, 1969; ADIL PERVEZ, DOB DECEMBER 12, 1983; AKBAR JAMAL, DOB NOVEMBER 1, 1974. These individuals, whose names and dates of birth may be fictitious, are believed to have entered the United States illegally on or about December 24, 2002. Although the FBI has no specific information that these individuals are connected to any potential terrorist activities, based upon information developed in the course of on-going investigations, the FBI would like to locate and question these persons. The FBI has been working with Homeland Security Agencies (U.S. Customs, INS, TSA) to locate these individuals. The above information has also been disseminated to the appropriate law enforcement agencies around the United States and throughout the world. Anyone with any information pertaining to these individuals is asked to contact their nearest FBI office. Photographs of these individuals can be found on the FBI's web site at www.FBI.gov. Source: http://www.fbi.gov/pressrel/pressrel02/122902press.htm [return to top] Government Operations Sector 12. December 27, New York Times - Meeting daily, U.S. nerve center prepares for terrorists. For up to an hour each day in what is blandly called "the commander's situational awareness meeting," Northern Command's General Eberhart asks representatives of each of the 14 agencies - a roster that also includes the State Department, the National Security Agency, NASA and the Federal Aviation Administration - for updates from their experts, and advice on what he should do if the worst happens. For now, officials say, the daily discussion is speculative: imagining and preparing for whatever terrorists might unleash within American borders. While it has few troops under its direct control, the command now has a staff of about 500 people, both military and civilian. The Command can draw on tens of thousands of troops in a matter of hours if there is a domestic emergency demanding the Pentagon's response. Source: http://www.nytimes.com/2002/12/27/national/27HOME.html 13. December 27, Washington Post - Help still wanted: Arabic linguists. What looked like a gusher of language assistance 15 months ago quickly slowed to a small but steady stream of new hires, government officials say. Hiring linguists qualified in Middle Eastern languages has taken time, especially for jobs that carry national security clearances and require extensive background investigations. The NSA has hired more than 800 people this year, but needs many more and hopes to bring in nearly twice as many in 2003. The FBI has hired nearly 300 linguists, with just over 100 of them being Arabic speakers. The bureau still has only a handful of agents who speak Arabic, probably fewer than 25, officials said. New hires who handle classified material must undergo a background investigation that can last six months to a year, creating a long lag time for bringing people into jobs. Source: http://www.washingtonpost.com/wp-dyn/articles/A41812-2002Dec26.html [return to top] Information Technology Sector 14. December 27, CNET News.com - Online sales raise hopes. A strong season for Web stores is expected to bode well for the coming year in e-commerce, say U.S. on-line retailers and analysts, even as off-line retailers weather their worst holiday sales in decades. From Nov. 25 to Christmas Day, shoppers spent $7.9 billion (U.S.), up 23 per cent from the comparable period last year, BizRate.com reported Thursday. Spending on the last weekend before Christmas Day was $297.6--million, up by 92 per cent, compared with the same weekend last year. "There are more people online than ever before, and more of those people are spending money online," said Lisa Strand, director and chief analyst with Nielsen/NetRatings. "The sheer number of people buying online this year was extraordinary," said Dan Hess, vice president of comScore Networks. Increasing broadband penetration would also contribute to an e-commerce rebound, with 27 per cent of home Internet users connecting with a high-speed connection, said Hess. Source: http://www.globeandmail.com/servlet/ArticleNews/front/RTGAM/20021227/gts hop/Front/homeBN/breakingnews [return to top] Cyber Threats and Vulnerabilities 15. December 26, SecuriTeam - Cisco Vulnerable to SSH Malformed Packet Vulnerabilities. Certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. The vulnerability can be exploited to make an affected product unavailable for several minutes while the device reloads. Once it has resumed normal processing, the device is still vulnerable and can be forced to reload repeatedly. A table listing all the versions being affected, and their available fixes can be found at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml#Softwar e. Upgrades may be obtained through Cisco's website at http://www.cisco.com/tacpage/sw-center/. Workarounds consist of disabling the SSH server, removing SSH as a remote access method, permitting only trusted hosts to connect to the server, and blocking SSH traffic to the device completely via external mechanisms. Source: http://www.securiteam.com Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 December 2002 Last Changed: 21 December 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80 (http); 1433(ms-sql-s); 445(microsoft-ds); 21(ftp); 443(https); 53(domain); 4662; 139(netbios-ssn); 1524(ingreslock) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 16. December 28, MSNBC - Widening toll of the West Nile virus. Now scientists are beginning to take stock of West Nile virus's North American invasion, and they are taken aback by the scale and sweep of its ecological impact. While the human toll dominated the nation's attention this year - the virus killed at least 241 people and infected many thousands more - the effects on wildlife were far worse. The virus swept westward with alarming rapidity this year, appearing in almost every state in the nation - an astonishing expansion for a bug that had never been seen in the Western Hemisphere until three years ago. Equally unexpected, nearly 200 species of birds, reptiles and mammals fell ill from West Nile this year, including rabbits and reindeer, pelicans and bats, even a few dogs and cats. The virus also slammed dozens of exotic species in about 100 U.S. zoos, killing cockatiels, emus, seals, flamingos and penguins. Florida alligator farms lost more than 200 of the reptiles. "In my years of working, I've never seen a mosquito-borne virus spread so quickly," said Robert G. McLean with the Agriculture Department's National Wildlife Research Center in Fort Collins, Colo. Source: http://www.msnbc.com/news/852470.asp?cp1=1 17. December 27, Manchester Online (United Kingdom) - Creutzfeldt-Jakob Disease (CJD) test developed. Manchester Royal Infirmary has developed a 10-minute test that can detect the human version of mad cow disease (CJD) up to five years before symptoms develop. The test already appears to work in cattle by detecting subtle changes in the heart rate linked to breathing, and a leading professor has called for everyone in the UK to be tested. If cleared by the government it could prove an easy and effective way of screening large number of patients. CJD has killed 117 people, in the UK, since 1995. Some experts believe the death toll could reach 100,000. Source: http://www.manchesteronline.co.uk/news/stories/Detail_LinkStory=47950.ht ml 18. December 27, Washington Post - 46 reported killed as car bombs hit Chechen capital. Suicide bombers today crashed two vehicles loaded with more than a ton and a half of explosives into the courtyard of the Russian government headquarters in the Chechen capital of Grozny, killing 46 people and wounding at least 76. At least 200 people were inside the new four-story building in Grozny's center when a truck and a car loaded with about 1.5 tons of TNT rammed through the fence that surrounds it. Two explosions reduced the government's headquarters-which Russian officials had called a symbol of the peace taking hold in Chechnya-to a windowless hulk indistinguishable from the rest of the structures in the ruined city of an estimated 500,000 people. Source: http://www.washingtonpost.com/wp-dyn/articles/A43075-2002Dec27.html [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk