-----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 3/26/02 6:02 AM Subject: NIPC Daily Report for 26 March 2002 NIPC Daily Report 26 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Guards and security firm to withdraw from airports. National Guard troops are being phased out at the passenger checkpoints at O'Hare International Airport, and a security company involved in airport breaches nationwide will be gone from the airport by the end of the month, federal officials said on 21 March. The Guard troops that have been stationed at O'Hare and Midway Airports since the 11 September terrorist attacks are being shifted in phases to other duties. Their role is expected to be filled temporarily by local law?enforcement agencies. The redeployment, which began this month and will be completed by the end of May, is part of a move by the Transportation Security Administration to eventually replace private security screeners and military personnel at the nation's airports with an all?federal workforce. To bridge the gap as it scrambles to fill the jobs, the agency has relied on temporary measures, including expanding the use of the private security firms that have been staffing airport checkpoints. (Chicago Tribune, 22 Mar) Ridge says Redstone not a target. Tom Ridge, Director of Homeland Security, says residents of Huntsville, Alabama have no cause to be alarmed that the nearby Redstone Arsenal could be a terrorist target. Despite the arsenal's lead role in developing the Army's missile defenses, "there's not been any indication right now that that particular facility" is the subject of such a threat, Ridge said. Redstone Arsenal has been on security level Charlie, the second?highest military alert level, since 11 September, said Bob Hunt, spokesman for the Army's Aviation and Missile Command on Redstone. (Associated Press and Huntsville Times, 21 Mar) Congressman says nation's nuclear power plants susceptible to terrorists. Intelligence gathered by US agencies indicates that Usama bin Laden's al Qaeda network may be plotting a nuclear plant attack and Massachusetts Representative Edward Markey asserts that the Nuclear Regulatory Commission has not sufficiently improved security since the terrorist attacks. In his report, "Security Gap: A Hard Look at the Soft Spots in Our Civilian Nuclear Reactor Security," Markey takes aim at the vetting process nuclear plants use to screen employees' background, claiming that the NRC doesn't check workers for possible terrorist ties. He also raises concerns that nuclear plants are not adequately protected against an intentional direct hit from a hijacked aircraft, and that such a strike could cause substantial damage and result in multiple-failure events. Markey criticized the NRC for refusing to deploy military anti-aircraft installations around nuclear plants to shoot down threatening planes. (Associated Press, Reuters, Washington Post, 25 Mar) Terrorism fears push Md. toward wider police power. Maryland's House of Delegates is preparing to pass anti?terrorism legislation that would dramatically expand police ability to tap phones and eavesdrop on the e?mail and Internet activity of suspected criminals. Most of what is occurring involves a localized repackaging of federal anti?terrorism laws, passed by Congress in October as the USA?Patriot Act. Like the Patriot Act, proposals in Maryland permit law enforcement officials to get court orders to retrieve records of e?mails and other electronic communications, not just telephone records. Maryland's proposal would also expand police ability to tap phones by allowing investigators to plant a listening device indefinitely, not just 30 days. It would, for the first time, permit use of a "roving wire tap" to record a suspect's conversations on multiple phones with a single warrant. It would also allow a judge to seal search warrants for up to a year. (Washington Post, 25 Mar) OS X can bypass PDF security. Mac OS X's Preview application can bypass all the security settings in a PDF file. By opening an encrypted PDF in Preview, it is possible to re-save it as a new PDF but without the original security settings. A PDF file with original disabled permissions to copy, print, change or extract data from the file can be opened and saved via 'Print in Preview' and 'Save As File.' The problem lies not with PDF, but with Preview. Once the document has been opened and decrypted successfully, the viewer application has access to the entire contents of the document. (MacUser, 22 Mar) WWU Analytical Comment: This highlights a security problem that crosses all operating systems and applications. The combination of different operating systems, applications, and data types creates security vulnerabilities that are multiplied in nature. Example: A "single-vulnerability" application run across three "zero-vulnerability" operating systems, creates not just the one application weakness, but three separate security issues. Police slam Heathrow security after million dollar heists. On 20 March, thieves escaped with over NZ$7.5milliom in cash that had arrived on a South African Airways flight after hijacking a security van in a supposedly secure part of the airport. The raid mimicked a similar heist last month when robbers escaped with NZ$15.5 million in foreign currency after targeting a British Airways security van. In both cases the thieves would have needed special "airside" identification cards to have entered secure areas. In the past few months there have been a number of security failures exposed at international airports. On Wednesday a magazine reported that German police had smuggled guns and explosives past airport security in tests at continental Europe's busiest hub, Frankfurt International. (Reuters, 22 Mar) Cocaine found on jet food cart; discovery raises fears about security. Investigators found $4 million worth of cocaine in a food service cart that came off an American Airlines flight at Miami International Airport on last Thursday, exposing a vulnerable spot in airport security. The discovery points to flaws in the transportation security system: the easy access that food service operations and other support services provide to smugglers and terrorists. Currently, there is no security in place during food preparation, transportation of food, and loading of the food onto planes. (Sun-Sentinel, 22 Mar) Guns and knives got through airport. The Transportation Department Inspector General found airport security screeners on several dozen occasions failed to catch guns and simulated explosives. According to the IG's report, screeners missed knives 70 percent of the time, guns 30 percent of the time, and simulated explosives 60 percent of the time. The security system tests were conducted at 32 airports while screening checkpoints were still supervised by the airline industry with oversight by the Federal Aviation Administration. Former FAA security chief Billie Vincent said the report was not surprising, considering the checkpoints were staffed by the same low-paid, poorly trained screeners who were there before 11 September. (Associated Press, 25 Mar) WWU Analytical Comment: The three airport security articles above illustrate how the skill and motivation of low-paid security staff impact security. The high-profile concern of low-paying security positions has not been extended to include catering, custodial, or baggage handling services. Despite tougher security measures introduced since 11 September, planes remain vulnerable to terrorism because of human error and lax attitudes towards security in non-security occupations. The security at any domestic airport is at risk to the extent of vulnerabilities at any other airport worldwide. Russian university trains anti-hacking security experts. Russian counterintelligence agents say that there is a shortage of high-class computer security experts in the region. Special departments have been set up this year at two Omsk higher education establishments to train such experts. The length of study here is longer than the norm - six years. The students are getting unique knowledge in the area of cryptography, system programming and security-force secrets. Alexander Guts, head of the computer security department, Omsk State University; "The main thing for us is to train experts who are capable of protecting our information resources. At the same time, we must do everything to ensure that no hackers appear among our students." (BBC, Text of report by Russian Centre TV on 20 Mar) WWU Analytical Comment: This article illustrates three important concerns for computer security professionals. First, the continued existence and growing expertise of malicious programmers from Russia and the former Soviet Union. The increasing use of organized attacks and grid-computing create formidable challenges for system administrators. Second, the length of this course is unprecedented. The quantity and probable quality of a curriculum this long should produce extremely skilled personnel. That is the third area of concern. Despite the school's best intentions, at least part of the student body will be comprised of terrorist operatives or others willing to act as "cyber-mercenaries" for the highest bidder. To attain a sophisticated computer attack capability, terrorist organizations and hostile governments likely would be more than willing to invest in six years of training. Four Pakistanis missing after INS wrongly let them enter US. Federal officials are on the lookout for four Pakistani nationals who are in the US illegally after leaving a Malta-chartered freighter in Norfolk, Virginia. The ship was carrying a chemical commonly used in fertilizer, when it made port on 15 March. The INS screened the crew list the day before the ship arrived in Virginia. The names were also run through a joint CIA-FBI counter-terrorism database, an international criminal database, and a French criminal database. No matches came up. On 22 March, an INS inspector granted the four Pakistanis "shore leave visa waivers," which allowed them to come ashore even though they had not been granted visas for entry into the US. The men told the INS inspector that they did not have any family in the area and that they were veteran merchant mariners. On 24 March, the freighter captain reported to the INS inspector that the four Pakistanis had not returned to the ship. (Fox News, 23 Mar) WWU Analytical Comment: This article highlights the ease with which individuals can enter the US by way of cargo ship and even the shipping containers they carry (NIPC Daily Report 5 Feb 02). The Coast Guard, INS, and Customs have long struggled to counter this form of illegal entry. Unfortunately, this is not an isolated incident. Bioterrorism experts head to Atlanta. Hundreds of health officials descended on Atlanta this week for an annual conference on emerging infectious diseases and were warned that terrorists might try to spread deadly germs through the food supply. According to experts from the Centers for Disease Control and Prevention, terrorists could try to make the biological attack even more dangerous by taking down critical communications systems. To guard against attack, the CDC is distributing $918 million to state and local health departments later this year and next year. The CDC is encouraging them to give priority to upgrading labs and training health workers on how to recognize diseases like anthrax and smallpox. (Washington Post, 25 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:32 PDT