precedence: bulk Subject: RISKS DIGEST 19.39 RISKS-LIST: Risks-Forum Digest Monday 22 September 1997 Volume 19 : Issue 39 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: Eagle (the President) and the Eagle Beagle: pager intercepts (David Wagner) MFS Communications switch fails, with widespread effects (Steven Bellovin) AT&T database glitch caused '800' phone service outage (Robert J. Perillo) SSN used in "killing" victim electronically (Mich Kabay) Falsified reports -- human behavior: an ultimate risk (Chiaki Ishikawa) UK: Mobile-phone radiation causes short-term memory loss (Mich Kabay) Microsoft, PBS team up on interactive Barney Show (Edupage) Re: MS, PBS, Evil Dummies and Hungry Dolls (Mich Kabay) Quicken Quagmire (Lauren Weinstein) Re: FBI wants to ban the Bible ... (Ellen Spertus, Xcott Craver, Kenneth Albanowski) Re: @LARGE -- Spaf quote (J Chapman Flack, Andy Sparrow) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 19 Sep 1997 13:28:23 -0700 (PDT) From: David Wagner Subject: Eagle (the President) and the Eagle Beagle [Adapted from a cypherpunks item, with David's permission. PGN] An unidentified hacker announced on 19 Sep 1997 the interception of Pres. Clinton's pager messages (along with pager messages destined for staff, Secret Service agents, and other members of his entourage) during his recent trip to Philadelphia. This is coming as an embarrassment to the administration's policy on communications privacy and encryption. The lengthy transcript of pager messagers was published on the Internet to demonstrate that the pager infrastructure is highly unsecure. (Apparently the President's entourage relies a lot on pagers for communications. There are messages from Hillary and Chelsea; a Secret Service scare; late-breaking basketball scores for the Pres.; staffers exchanging romantic notes; and other amusements.) This comes at quite an embarrassing time for the administration, given their policy on encryption. Strong encryption is the one technology that could have protected Pres. Clinton's private pager messages, but the administration has been fighting against strong encryption. Top FBI officials have been giving many classified briefings to House members, asking them to ban all strong encryption in the US. These proposals are expected to reach the House floor soon, attached to the (originally pro-encryption) SAFE bill. An anonymous White House staffer was quoted as saying that it would be "an expensive and complicated proposition" to put encryption into pagers and cellphones. This quote is interesting, because it's the White House's crypto policies that have made it so complicated and expensive to add strong encryption -- the cellphone and pager industries have wanted to add strong encryption for privacy and security, but the administration has forcefully dissuaded them from doing so. Anyhow, the press release is at http://www.inch.com/~esoteric/pam_suggestion/formal.html The transcript of the pager messages (complete with basketball scores for the Pres, messages to call wifey, two phone calls from Chelsea -- who got put on hold, staff romances, a Secret Service scare, etc.) is at http://www.inch.com/~esoteric/pam_suggestion/output.html Feel free to get in touch by e-mail (daw@cs.berkeley.edu) or by phone (510-643-9435) with me if you'd like more information, quotes, or the like. -- David Wagner [ABC News apparently broke the story on the Evening News, Thursday 18 Sep. The transcript makes fascinating reading. David Wagner subsequently noted an article in http://www.tabloid.net/97/09/22/C1.html and also pointed me to a Reuters article http://www.reuters.com/rtrnews/stories/hackers.htm that includes a quote from Jim Bidzos of RSA Data Security, Inc.: "What an example! The Secret Service are victims themselves. This is the most sensitive communication of the Secret Service. What better argument could there be [for uncompromisible] encryption?" Once again, let me mention my Website, with lots of background on the crypto issues -- I've been getting lots of visitors, and would not want you to miss it: http://www.csl.sri.com/neumann/judiciary.html and /judiciary.ans on key-recovery crypto and related topics, and http://www.csl.sri.com/neumann/neumannSenate.html on risks in the computer-communication infrastructure. PGN] ------------------------------ Date: Wed, 10 Sep 1997 20:49:16 -0400 From: Steven Bellovin Subject: MFS Communications switch fails, with widespread effects Around 7pm on the evening of 8 Sep 1997, the main MFS Communications switch (MFS Switch One) failed, downing UK telecommunications links provided by MFS, Worldcom, and First Telecom. The outage also affected most of CompuServe's UK customers, whose access is typically via an MFS phone number. [PGN Stark Abstracting. Evening usage is not necessarily off-peak, because it is an excellent time to access computers in the U.S. No one yet has reported how long it took to restore service. PGN] ------------------------------ Date: Wed, 17 Sep 97 14:01 EDT From: Perillo@DOCKMASTER.NCSC.MIL Subject: AT&T database glitch caused '800' phone service outage AT&T's network of toll-free numbers (800) crashed Wednesday 03 Sep 1997, and thousands of callers were greeted with busy signals between 12:30pm and 2:00pm EDT. The network outage was the company's worst overall outage since [the long-distance slowdown of] 15 Jan 1990 [RISKS-9.61, ff.]. AT&T blamed human error of a technician for the crash. AT&T Corp. stated that it would compensate customers for their toll-free service disruption. Many customers have contracts that entitle them to compensation. The problem was caused when a technician uploaded to AT&T's Signaling System #7 (SS7) an incorrect set of translations for the routing of '800' phone calls. Calls using the new '888' prefix were not affected. '800/888' numbers have become increasingly popular for remote access and call centers, And may account for more than 40% of the volume on AT&T's domestic network. Loading incorrect Routing and Translation tables has been the cause of many recent network outages. These tables should be tested off-line, and automatically checked for format problems by a pre-processor. Preferably an automated "knowledge engineering" system should be used to create these tables. Since many of these problems have been blamed on a "technician's human error", increased training is in order. Before the changed Tables/Instructions are uploaded into the system, there should be a mandatory Quality Assurance review. [References: * AP, "AT&T to Compensate Customers", 04-Sep-1997. * Network World, "Database glitch KOs 800 lines", 08-Sep-1997. ] Robert J. Perillo, CCP, CNE, Principal Telecommunications Engineer Richmond, VA Perillo@dockmaster.ncsc.mil ------------------------------ Date: Wed, 17 Sep 1997 17:38:00 -0400 From: "Mich Kabay [NCSA]" Subject: SSN used in "killing" victim electronically Associated Press 97.09.11 via CompuServe's Executive News Service: > OVERLAND PARK, Kan. (AP) -- Bulletin to the Social Security > Administration: Kirsten Phillips is not only alive, she's hopping mad. > > Someone claiming to be a brother-in-law called the agency June 16 to > report Ms. Phillips had died. The government immediately stopped payments of $860 in benefits, took money directly out of her bank account (and made several cheques bounce), then arranged for her credit cards to be cancelled. One week later, her records were restored, but the damage caused hours of problems for the victim. According to the AP report, > A person who reports a death must provide only a name, address, > phone number and some specific information about the deceased, > as well as his relationship to the person. More questions could > be asked if there are doubts about the caller's truthfulness, > said Rick Conway, program specialist for Social Security in Kansas City." "Anybody can do harm with your Social Security number," Ms. Phillips said. "If somebody is mad at you and they're a real vengeful person and they're real creative, all they have to do is call up ... and have enough personal information on you that they can destroy your life." [Comment from MK: Operations which have expensive consequences need thorough investigation before they are implemented. Social Security Administration should change its policies so that notifications of death are _always_ verified using at least one _independent_ source of information. An obvious candidate: the person who is supposedly deceased.] M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education National Computer Security Association (Carlisle, PA) http://www.ncsa.com ------------------------------ Date: Thu, 18 Sep 1997 09:34:55 +0900 (JST) From: Chiaki Ishikawa Subject: Falsified reports -- human behavior: an ultimate risk I have in the past reported a few recent accident/incidents at a Japanese nuclear industry plant, fuel-processing factory, etc.. These have really tarnished the image of the Japanese nuclear industry very much. Recently, a nuclear-waste storage plat has been found to be lacking proper oversight and large drum barrels holding low-radiation materials were found rotting in a badly built storage house. This also caused a public uproar, at least in the major press. Now there is a new development that could really shatter the trust in the nuclear industry -- although the government agency and the companies involved are trying to downplay the importance: More than 150 cases of falsified reports concerning the post-processing of welded metal parts have been uncovered. Background: Hitachi built parts of several nuclear power plants in Japan. Its subsidiary, Hitachi Engineering Service produced and is the maintenance company of various parts used in the assembled system in the nuclear power plants. Because the primary and secondary coolant system as well as the steam generator and associated piping systems come into contact with heat and high-pressure, the metal assembly used needs special post-processing: they are heated and then annealed at a prescribed temperature-time curve to give them better endurance under the expected load. Hitachi Engineering Service apparently sub-contracted the annealing process to a small company called Shinko (seven employees according to the yesterday's Asahi-shimbun). The nuclear industry is bound by many safety regulations issued by government, and among it the requirement for record of the annealing process, and a graph for temperature vs. time is in the required report. Given the seriousness of a potential problem, I think it is proper for the government agency to request the record of such process to make sure that the parts are produced properly. Shinko employees, for whatever the reason, falsified the reports by - producing a completely falsified record based on the computer simulation of what the temperature reading at time intervals should be for a given type of assembly parts, - running two similar annealing processes for identical pipes, and took the reading off only one real process, falsifying the other report, etc. The reason cited by the president of the Shinko was that the employees seemed to have thought the real reading off the measurement instrument contained glitches caused by line noise (noise from fluorescent lamps were cited) was not pretty/clean enough to be accepted by the oversight agency, and beautified the report with false graphs and such. I had the gut feeling that at the subcontractor's level anything goes after watching the movie "China Syndrome" back in early 1979. (In the movie, the X-ray photos which check the welding conditions was doctored, and Jack Lemmon playing an engineer tried to bring the problem to the attention of the management.) This time, the falsification was made public by a letter to the president of Hitachi. Someone acted as a whistleblower. After the letter was received, Hitachi initiated the investigation, and Hitachi Engineering Service people went over the old records. According to the newspaper, at least 160 records seem to have been doctored. I have no idea how they figured out which record is likely to be doctored, and why they didn't catch it in the first place. The number can be higher if through investigation now conducted by Hitachi et al., and the government agencies involved are over. According a short comment issued by someone at the government agency, the problematic parts should still be OK (!?) because the Hitachi Engineering Service engineers accompanied the initial setup of each annealing process: essentially, the desired temperature change of the annealing process is typed into a control computer and the rest is automatic. The reasoning is that the process ought to have behaved according to the plan -- despite the falsified record. I have questions of my own: * The cited measurement instruments are rather largish boxes with a moving needle to indicate the temperature and at the same time records the reading on paper (I assume). Can they really be so easily susceptible to "line noise" caused by fluorescent lamps? The president cited "inverter noise", which I think means the high-frequency noise caused by the type of electronic circuits that changes the duty-cycle (on-off period) of AC. * The government agency and Hitachi seem to take the position "Don't worry. The parts are OK". Isn't this like saying that computer programs turn out to be found not going through prescribed testing, but since it is written according to the spec, it should be OK? (I think I am a little too harsh on this. Hardware such as metal welding, etc. probably works much more reliably and according to the spec than software parts. Also, the post-assembly annealing probably increases the endurance, but possibly the initial design itself is such that the parts will work under the load unbroken. Apparently Hitachi conducted some checks by putting the parts under over-the-spec condition to see if they withstand such load, etc..) Although, morality of engineers, how to instill such morality into the engineers, etc. came to my mind, such blatant falsification of reports and that they went unnoticed, coupled with the earlier problems in the nuclear industry, really shook my confidence in the Japanese nuclear industry. (Well, it was small to begin with.) I think people living near the affected power plants have real cause for worry given the many earthquakes Japan sees each year. Yes, the risk here is hardly related just to computers, but I feel that we should think of the risk analysis in a global picture, and if people involved can behave so badly, the computer can hardly play a worse role. This probably should be borne by everyone. I don't think anything could be done on the computer side to catch this type of stupid human behavior. (But, if Hitachi Engineering Service could catch the falsification after the whistleblower's letter, then maybe a computer program today could scan the submitted graphs and such and report anomalies. Just a thought.) Ishikawa, Chiaki Personal Media Corp., Shinagawa, Tokyo, Japan 142 ishikawa@personal-media.co.jp.NoSpam ------------------------------ Date: Mon, 22 Sep 1997 08:27:05 -0400 From: "Mich Kabay [NCSA]" Subject: UK: Mobile-phone radiation causes short-term memory loss > LONDON, Sept 20 AAP - Radiation emitted by mobile phones has been shown > for the first time to cause short-term memory loss and lapses in > concentration, The Sunday Times reported. [Australian Associated Press 20 > Sep 1997, via CompuServe's Executive News Service] It seems there is research at "Washington University" [UK?] with rats showing that "microwaves of the kind emitted by mobile phones" damaged the critters' ability to learn new tasks. Dr Henry Lai is working on the problem; the National Radiological Protection Board seems to accept the hypothesis that cell phone emissions interact directly with brain function. > The agency's deputy director, Dr John Stather said it has > decided to lead a Europe-wide research effort into the effects of > the radiation. Apparently these effects, if proven, "could explain why mobile phones are so often associated with road accidents." M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education National Computer Security Association (Carlisle, PA) http://www.ncsa.com ------------------------------ Date: Sun, 21 Sep 1997 12:39:28 -0400 From: Edupage Editors Subject: Microsoft, PBS team up on interactive Barney Show (Edupage) Microsoft and PBS are collaborating on a series of "Barney & Friends" that will include a specially encoded signal that activates an interactive Barney doll. The signal is picked up by a Microsoft-made set-top receiver called ActiMates, which then relays it to the doll. The doll can then interact both with the show and with the child watching it. The shows are scheduled for broadcast beginning Nov. 3. (*Investor's Business Daily*, 19 Sep 1997; Edupage, 21 Sep 1997) ------------------------------ Date: Mon, 22 Sep 1997 08:49:02 -0400 From: "Mich Kabay [NCSA]" Subject: Re: MS, PBS, Evil Dummies and Hungry Dolls I can see it now: a new genre of horror movie in which animated figures controlled by TV shows take on a sinister glamour and throttle, eviscerate and otherwise harm infants while under the control of the TV set. This development will rejuvenate the Evil Dummy theme and give succor to all the mind-control freaks who already think that TV is a nefarious plot to damage the collective intelligence of the human race. Come to think of it, they may have a point. On a more practical note, think about the damage caused by dolls that ate their little owner's hair -- and then think about _computer-controlled_ dolls -- and then think about _hacked_ computer-control programs for little robots being cuddled by infants. Be afraid. Be very afraid. Mua-ha-ha-ha. . . . [add reverb effect] M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education National Computer Security Association (Carlisle, PA) http://www.ncsa.com ------------------------------ Date: Wed, 17 Sep 97 18:48 PDT From: lauren@vortex.com (Lauren Weinstein) Subject: Quicken Quagmire Over the last few years, the acceptance of "Quicken" (a registered trademark of Intuit, Inc., and possibly Checkfree, Inc. which bought Intuit Services Corp.) has been widespread. Probably millions of persons have come to rely on Quicken for much of their banking information, often ignoring their paper statements in preference for the snazzy and handy Quicken displays. Banks around the U.S. have encouraged use of the package through free or cheap online banking services that tightly integrate with Quicken. Some users may have a problem though. If you don't use the package often enough--exactly how often is problematical--the balances Quicken presents may often be completely incorrect. Trying to find out who is at fault for this results in a complicated tirade of finger-pointing between Checkfree and member banks, but essentially the problem is so simple as to be almost funny. When triggered to collect online banking data, Quicken purports to run off, collect all the data since your last call, download it, and then allow you to add it automatically to your local account registers. However, if you haven't bothered to download your banking data for awhile (Busy? Out of town? Forgot?) you may very well find that banking transactions you actually made are not recorded in any manner by Quicken, and that your account balances from that point forward will be inaccurate. Furthermore, there is no warning of any kind to suggest that this might be the case--it is a completely silent and "invisible" corruption of all balances from then on unless manually corrected. It turns out that the banks who contract through Checkfree/Quicken have different policies for how long data is maintained. The exact period can vary widely, but tends to be between 30 and 90 days, with 45 days apparently being very common. If you haven't downloaded your account for a period exceeding that interval, transactions can be lost--poof--Quicken doesn't know that they ever existed. If you don't download for an ever *longer* period (again, the exact interval is unclear) your Quicken account may be "locked out" for "security" reasons, but at least this is an obvious event, not a silent dropping of banking transactions into the bit bucket. Now, it probably would be too much to expect banks/Quicken/Checkfree to maintain data indefinitely. However, it seems bizarre that such an extreme action as simply dropping data would occur without *some* sort of warning! At least the software could warn that you had exceeded the appropriate downloading interval for your bank, and that you had better check your physical statements for lost transactions. But it doesn't. Or at the *very* least the documentation could boldly warn of the risk of not frequently downloading your data. (According to the Quicken support folks the available Quicken docs don't seem to mention this problem at all.) When questioned about all this, Checkfree suggests that they "assume" people will download their data often enough that this won't be a problem. And besides, they say the bank sets the data purge interval. Bank representatives point back at Checkfree, claiming Checkfree is in charge of the data. They also suggest that people should of course always compare against their paper statements (but how many Quicken users might be naturally lax in this regard?) The bottom line seems to be that if you've *ever* exceeded your bank's data purge period between Quicken download runs, you may have any number of missing transactions, of any size, that have never been reflected in your Quicken registers or balances. So long as you've never gone an "extended" period without downloading your data you may be OK. But otherwise, if you depend on Quicken, some painstaking manual research over your banking records may be in order. Lauren Weinstein, Moderator, PRIVACY Forum, Host, PRIVACY Forum Radio http://www.vortex.com ------------------------------ Date: Wed, 17 Sep 1997 13:15:07 -0700 (PDT) From: ellens@ai.mit.edu (Ellen Spertus) Subject: Re: FBI wants to ban the Bible ... (Gleeson, RISKS-19.38) > The Risks of this go on and on: would information in languages that > the FBI can't translate also be illegal? It could be argued that > languages are elaborate "substitution codes". This question is not hypothetical. Prison officials have refused to relay prisoner letters in languages that they do not know. Also, Feynman wrote in his memoirs similar issues with military censors when he worked at Los Alamos during the War, including their objections to his including math in his letters. ------------------------------ Date: Wed, 17 Sep 1997 15:54:53 -0500 (CDT) From: Xcott Craver Subject: Re: FBI wants to ban the Bible ... Remember the vague wording of the Communications Decency Act? By a literal interpretation (disclaimer: I am not a lawyer), an online card catalog in a library is used to "publicly make available" material of a potentially indecent nature, uses a telecommunications device (indeed, many just telnet to a catalog at a remote university) and certainly doesn't discriminate between minors and adults. Just one more example of a blurry line, in this case the one between the internet and reality. By the way, remember Erann Gat's post to RISKS 16.87 ["The source of semantic content"], in which it was pointed out that it may one day be illegal to broadcast random strings via the Internet? I imagine that many will protest the FBI's stance by doing just that. -Xcott ------------------------------ Date: Wed, 17 Sep 1997 18:14:00 -0400 (EDT) From: Kenneth Albanowski Subject: Re: FBI wants to ban the Bible ... (Gleeson, RISKS-19.38) > It could be argued that languages are elaborate "substitution codes". Which implies that the people of remote (or dispossessed) tribes with languages that few people understand must be considered munitions, as must the few people in the world who can read Mayan, Linear-B, etc., and that Tolkien (and other folk who invented complete languages and scripts) must be considered munition manufacturers, as well as high-grade munitions themselves. Or, to apply another reductio ad absurbum: how, exactly, does one distinguish between random data (for scientific purposes) and random data (for a cryptographic one-time-pad)? Kenneth Albanowski (kjahds@kjahds.com, CIS: 70705,126) ------------------------------ Date: Fri, 19 Sep 1997 16:34:24 -0700 (PDT) From: flack@cs.purdue.edu (J Chapman Flack) Subject: Re: @LARGE -- Spaf quote (Spyker, RISKS-19.38) len spyker's alternative formulation: > Using encryption on the Internet is the equivalent of arranging a bike > courier to verbally deliver credit-card information from someone living in > a home or company fortress to someone in an expensive shop on Park Lane. Ah, but that contains the assumption that current operating systems and applications--the endpoints of network operations--can be even remotely, charitably, or whimsically thought of as fortresses. They can't, and that was exactly Spaf's point. To put it another way: Strong encryption methods are known and widely available (despite the efforts of a number of governments including the US). Properly used, they can make information very resistant to attack while in transit. Encryption affects an attacker's strategy: where without encryption it might be easiest to meddle with information in transit, in the presence of good encryption that strategy becomes less promising compared to a direct attack on the endpoints, where the information can be had in the clear. Fortunately (for the bad guys), our endpoints tend to be cardboard boxes and park benches. That said, len's final point (using the net without encryption likened to inviting muggers into the home) is well taken. -Chap Flack ------------------------------ Date: Fri, 19 Sep 1997 21:37:54 -0700 From: Andy Sparrow Subject: Re: @LARGE -- Spaf quote (Spyker, RISKS-19.38) [...] given that the USA is a country in which people only rarely look at the back of a credit card to check your signature, mere possession of the plastic being deemed ample, where ordering goods on the telephone and arranging for goods to be delivered elsewhere than the billing address raises not an eyebrow, can you imagine my astonishment at noting a web site (from a MAJOR bank, at that), which invited me to enter the following information into an HTML form for transmission in ASCII text form to a non-encrypted server: i) Social Security Number ({over}used as a kind of de facto Citizen ID/PIN number in the US) ii) Address, phone number, salary details iii) (Optional) Details of existing credit card accounts, with balances My gast, as they say, was flabbered... The issue is, if they have such a poor understanding of the issues that they simply ignore them like this, exactly what precautions do they take to safeguard such confidential information should one supply it in a more conventional fashion??? And this particular bank has a web page devoted to "Security" and credit card fraud... AS ------------------------------ Date: 1 Apr 1997 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.39 ************************