Subject: RISKS DIGEST 14.56 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 29 April 1993 Volume 14 : Issue 56 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: 747 autopilot faults? (Stephen L Nicoud) Human vs. computer in space [Apollo 8] (Pete Mellor) Spanish Computer Crime Research Association (Miguel Gallardo) Crypto-Schemes and Mobile Digital Services (Roger Clarke via Lance J. Hoffman) How to rob a bank the cashcard way (Lord Wodehouse) Re: Too much electricity (Mark Shanks, Jim Griffith, Jim Huggins, Dave Bakken, Randall Gray, Edwin Culver, Kevin Paul Herbert) Can Wiretaps Remain Cost-Effective? (Robin Hanson) CLIPPING CLIPPER (PGN) EICAR'93 Call for Papers (Klaus Brunnstein) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 27 Apr 93 11:32:47 PDT From: Stephen L Nicoud Subject: 747 autopilot faults? An item from a Boeing News Digest: Washington, D.C. Office Morning Report - Volume 19 Number 81 April 26, 1993 1. WALL STREET JOURNAL - After an incident in which an Evergreen International Airlines 747 went into a slow roll, lost lift and went into a dive, dropping from 31,000 feet to 19,000 feet, the Federal Aviation Administration began an investigation. It found 30 similar incidents the FAA believes were caused by a broad variety of autopilot faults. The incidents, both fast and slow rolls, showed up on 747s at several airlines over a 22-year period. Many occurred in daylight with a horizon visible, enabling pilots to regain control more quickly -- and postponing the day when the seriousness of the problem would be widely recognized. Among carriers whose 747 autopilots went into rolls are British Airways, TWA, Air Canada and Lufthansa. Boeing, the airlines and aviation regulators are in a quandary. After more than a year of intense investigation following Evergreen's near-disaster, engineers can't agree on whether the fault lies in the autopilot or elsewhere, or on what the remedy should be. Boeing says pilots should pay close attention to their job so they can quickly right the plane should the autopilot throw it into a roll. Autopilots "are designed to assist and supplement the pilot's capabilities and not replace them," a company statement says. "This means our airplanes are designed so pilots are the final control authority and it means that a well trained crew is the first line of safety." Stephen L Nicoud bcstec!bcsaic!stephen Boeing Computer Services Research and Technology, Bellevue, Washington USA [Also noted by dhartung@chinet.com (Dan Hartung).] ------------------------------ Date: Tue, 27 Apr 93 19:14:13 BST From: Pete Mellor Subject: Human vs. computer in space From The Guardian, Friday April 16th 1993, tabloid supplement, p3, article: ``Down to Earth with a bump'', by Tim Radford:- ------------------Begin extract---------------------- [Astronaut Mike] Collins once compared Apollo's flight to a half a million mile daisy chain, draped round the Moon. A Nasa safety engineer on an earlier voyage put it more graphically. ``Apollo 8 has 5,600,000 moving parts. Even if all functioned with 99.9 per cent reliability, we could expect 5,600 defects.'' On Apollo 11 something did go wrong, but no one now remembers it. When Armstrong and Aldrin climbed back into the module and began the checklist in preparation for blast-off, they discovered that a plastic pin which acted as a circuit breaker for the launch engine had snapped off. They decided it was because a backpack must have bumped it as they left the tiny lunar module. For a few appalling moments it must have seemed as though the nightmare had begun: marooned on the Moon, with only a day's oxygen and no way home. Aldrin poked around, and found a felt-tipped pen, and shoved it in the slot. It worked. A charge of electricity could then start the launch engine. Man had a proper place in the scheme after all. ``Where else,'' said one test pilot in the programme, ``would you get a non-linear computer weighing only 160lbs, having a billion binary decision elements, that can be mass-produced by unskilled labour?'' The classic argument of the what's-the-point lobby, which includes space administrators and big business as well as governments and scientists, and for which Lewis Mumford spoke so eloquently, is that humans in space can't do without computers, but computers can do without humans. This is almost but not quite true, and Aldrin's felt-tipped pen has written one tiny answer to that, and the same point will be made again and again: the history of unmanned space is a history of of technical flaws as well as technical triumphs. Man may not be going to Mars just yet, but he'll get there. He'll be wanted on the voyage. But that isn't quite the point either. A manned Mars mission would be an awfully big adventure, and not just for the men who set out on it. Does anyone now think the pyramids were really a waste of money? ------------------End extract---------------------- Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk ------------------------------ Date: Tue, 27 Apr 1993 0:14:03 UTC+0200 From: "(Miguel Gallardo)" Subject: Spanish Computer Crime Research Association (APEDANICA) During 1991 and 1992, many things happened in Spain related with computer risks. Some of them went to the Court, and many others remain in an unhealthy silence. Data stolen from banks, cryptology used by terrorist organizations, hacking, piracy, personal dossiers and blackmailing have been studied by the police, lawyers, journalists and professional technicians. Moreover, a deep crisis in Spanish economy does not help to recover any investment in data processing. There are too many unpaid bills and half performed projects in computing. At the same time, politicians at the Parliament approved a new Law on Data Protection, and a Data Protection Agency, a Computer Police that is not clear enough who can control and how can it work. Computer victimization is very high in Spain due to knowledge lack and technical dependency from equipment and service sellers. In an increasingly complex and critical environments, there is almost no local technology industry, and multinationals are very disconcerted because lack of expertise, expensive commercial nets, counter-productive promotional efforts, and political corruption on almost every local big business. Since December 1992, there is an Association, APEDANICA, that can help to discover sensible troubles related with computers and communications, and its markets. Members of this non-profitable organization acts like expert witness, cryptologist, lawyers, and even as Sherlock Holmes in computer environments. APEDANICA (ASOCIACION PARA LA PREVENCION Y ESTUDIO DE DELITOS ABUSOS Y NEGLIGENCIAS EN INFORMATICA Y COMUNICACIONES AVANZADAS), Spanish Legal Advanced Communications and Computer Crime Association, is very interested in developing relationships with any other organization with similar goals, all over the World. Miguel A. Gallardo Ortiz, P.O. Box 17083 - E-28080 Madrid (Spain) Tel: (341) 474 38 09 - FAX: 473 81 97 E-mail: gallardo@batman.fi.upm.es President of APEDANICA-Spanish Legal Computer Crime Research Association ------------------------------ Date: Wed, 28 Apr 93 6:30:36 EDT From: "Lance J. Hoffman" Subject: Crypto-Schemes and Mobile Digital Services (fwd) Forwarded message: Date: Wed, 28 Apr 93 13:03:57 EST From: Roger.Clarke@anu.edu.au Subject: Crypto-Schemes and Mobile Digital Services At CFP'93, there was considerable debate about whether cryptographic schemes should be designed to be 'crackable' by national security and law enforcement agencies. The Australian situation is that the licences issued for mobile digital telephone services all require the cryptography to be crackable. Now read on ... New digital phones on line despite objections By BERNARD LAGAN and ANNE DAVIES The Sydney Morning Herald, Wednesday 28 April, 1993 CANBERRA: The Federal government has over-ridden the objections of law enforcement agencies and allowed Telecom and Optus to start new digital mobile phone networks which are so secure that conversations can escape officially authorised telephone bugging. While law enforcement agencies can still intercept calls from mobile phones to an ordinary phone, calls from one digital mobile phone to another cannot be tapped. The Government agreed to waive the bugging requirement, originally a condition of Telecom and Optus's mobile phone network licences, late last week after strong pressure from both carriers to begin their services without providing technology to allow law enforcement agencies to listen into conversations. The changes to the system to allow official bugging will take up to two years to complete and will cost more than $25 million, a cost which the Government has agreed to bear. The Government's waiving of the bugging requirement was made despite strong opposition from law enforcement agencies, who wanted the start of the new digital mobile phone networks delayed until there was technology available to allow conversations conducted on these networks to be intercepted. The law enforcement agencies argued that once criminals and others who had reason to avoid officially authorised interceptions of their telephone conversations became aware of the loopholes in the new system, they would exploit it. The exemption was given by the Minister for Communications, Mr Beddall after talks held last week with the acting Attorney-General, Mr Kerr. It enabled Telecom to launch the country's first digital mobile phone network yesterday. The Federal Government is reticent about the decision to let the new network go ahead. A spokesman would only say that the Attorney-General was "satisfied" with the operational aspects of the new system. A spokesman for Minister for Communications, Mr Beddall, said that "the matter had been resolved", and any further queries should be addressed to Telecom and Optus. General manager of Telecom, MobileNet, Mr John Dearn, refused to confirm or deny that calls made from the new GSM (General System Mobile),mobile phones to other GSM mobile phones could not be intercepted, or that an exemption had been sought from the Government to allow the new GSM service to begin. "We have an agreement with the Department of Communications that we will not discuss the licence conditions," he said. Referring to the fact that most mobile phone calls are to fixed phones attached to the ordinary telephone network, Optus chief operating officer, Mr Ian Boatman said that most calls carried on Optus's GSM network would be interceptable by the security agencies. Optus is understood to have met with the Attorney General last Thursday, and has been given similar exemptions to its licence conditions. A third licensed operator is Vodaphone. Managing director, Mr Phillip Cornish, said: "These are Government and security matters and Vodaphone had no comment". Vodaphone is not likely to begin its service until late this year. The three mobile licensees Telecom MobileNet, Optus and Vodaphone Australia - are 'required by their licences to introduce the new digital mobile system, or GSM, as soon as the standard is available. However it became clear that the formula used to encode the new service, known as the A5 algorithm, was so secure that not even the police or security agencies could listen in. The dilemma for the Government was that having insisted on the the early introduction of GSM, it faced the prospect of substantial delays if it did not waive the licence condition. Because the standard was so secure, nobody anticipated the difficulty of re-coding and re-encrypting the algorithm to give access to law enforcement agencies. The Telecom system, costing in excess of $10O million to establish, covers more than 55 per cent of Australian consumers in Sydney, Melbourne, Canberra, Brisbane, Perth, Adelaide, the Gold Coast, Newcastle, Geelong and the Mornington Peninsula, Victoria. Its high security - compared to the existing 018 mobile telephone network - together with greater clarity is being used by Telecom to attract new customers. Under the 018 radio phone network, people using sophisticated scanners could pick up private conversations. But the digital technology ensures the telephone transmissions are scrambled and cannot be understood by people with scanners. Posted by: Roger Clarke, Reader in Information Systems, Dept. of Commerce, Australian National University Roger.Clarke@anu.edu.au +61 6 249 3666/3664 ------------------------------ Date: 28 Apr 93 12:11:00 BST From: Lord Wodehouse Subject: How to rob a bank the cashcard way An article in the UK Sunday Telegrapph on 25 Apr 1993, p. 5, by Barbara Lewis, deals with the current argument that banks in the UK deny that "phantom" withdrawals happen, and all such things from ATMs are because the cashcard owner has let the PIN be revealed. The card used was a free gift from a Total garage (Total - a French petrol company), for use in a money saving offer. The PIN belonged to someone's account. By bringing the two together, and programming the card with a genuine account number taken from a discarded till receipt, Mr Clough was able to fool the machine into paying out. The requirements included specialised computer knowledge and basic technology. A magnetic card reader and programmer costing as little as 500 pounds (750 dollars) which is capable of turning worthless blanks into cashcards. By using the details of the discard receipt, which contained the full account number, plus the details off a valid card, they were able to "break" the system. They used a machine which could not check the validity of the card with the banks central computer, and so forced validation by the information of the card itself. From the article, the area of danger is the number of printouts with numbers of cards on them and the ability to find ATMs which are not on-line to the banks computer. They also demonstrated that a careful watcher of users of ATMs can "see" what PIN is used, pick up a receipt discarded by the same person who they watched, and then can make a usable card. The particular ATM still prints all the account number, and not all UK ATMs may work the way this banks one did, but they believe that it is a major loophole. The banks deny that they are finding lots of "white" cards, and a spokesman for the Association for Payment Clearing Services (APCS) insisted that hat was done was impossible. It seems as usual that the banks are hiding their collective heads in the sand. Lord John - The Programming Peer w0400@ggr.co.uk fax - +44 81 423 4070 ------------------------------ Date: Tue, 27 Apr 93 14:58:40 MST From: shanks@saifr00.cfsat.honeywell.com (Mark Shanks) Subject: Re: Too much electricity (Miller, RISKS-14.55) I will substantiate the article by J. Phillip Miller. The same circumstances occurred in Holt, Michigan, last year (1992) in the house next to my parents' (address and date available upon request): a search warrant was issued because of higher-than-neighborhood-average electric bills, a sweep by helicopter with infrared camera confirmed thermal hot spots, search of the house turned up marijuana cultivation. Evidently this is a known routine for the electric utilities, but I don't know if there is a chi-square or similar statistic they use to determine what is "substantially" higher usage. Mark S. Shanks shanks@saifr00.cfsat.honeywel.com ------------------------------ Date: Tue, 27 Apr 93 14:09:16 PDT From: griffith@fx.com (Jim Griffith) Subject: Re: Risk of using too much electricity A similar situation occurred locally a few months back. From memory, the local police (don't remember which city) had reason to believe that an individual was cultivating marijuana in his basement, but they had insufficient grounds for a search warrant. I believe what happened is that they got a PG&E guy to read the suspect's meter, which told them that he was using a *lot* of energy. And that got them a search warrant. The issue that arises, of course, was the legality of the procedure, because the PG&E guy was technically acting as a law enforcement agent, and therefore he violated "unlawful search and seizure" laws. Again, I'm fuzzy on the details, so take this with a grain of salt. Jim Jim Griffith griffith@dweeb.fx.com ------------------------------ Date: Wed, 28 Apr 1993 15:42:17 -0400 From: Jim Huggins Subject: Risk of using too much electricity [Miller, RISKS-14.55] This is purely speculative, but I would imagine that many utilities now may have routines which flag any unusually high billing amounts and request human confirmation of the accuracy of the figures. We've all heard the stories of Mr. & Mrs. John Q. Public who received an electrical/gas/etc. bill for a couple hundred thousand dollars for their two-bedroom home and had to fight tooth-and-nail with the utility company to get them to realize that they had made a mistake. Such publicity is probably embarrassing enough for is probably embarrassing enough for the company to make a simple double-check routine worth the effort. Jim Huggins (huggins@eecs.umich.edu) ------------------------------ Date: Wed, 28 Apr 1993 13:24:28 MST From: "Dave Bakken" Subject: Re: Risk of using too much electricity (RISKS DIGEST 14.55) I knew someone who this happened to in the late 70s. He seemed to think that such monitoring of electricity was not uncommon; he was, however, not taken to court, since the police or prosecutor apparently was worried that their search was not legal. They made a verbal agreement with him that he would just stop growing pot in his house and they wouldn't press the matter. He did mention another interesting variation on this theme. He said that in winter if the police notice that part of your roof (e.g., the attic) has no snow on it then they can (and will) legally search your house, presumably after getting a warrant. I would think that this would hold up in court. I'm not sure how RISKy this whole subject is, however, unless the electricity monitoring was done by computer... Dave Bakken ------------------------------ Date: Fri, 30 Apr 93 08:27:08 EST From: Randall Gray Subject: Risk of using too much electricity The *important* risk here is to the "old-timers" ... I suspect one PDP-8 is worth a fair number of grow-lamps ;-) I can't imagine *what* the newspapers would make of it. Randall Gray, CSIRO Division of Fisheries, Pelagic Fisheries CSIRO Marine Laboratories, Castray Esplanade, GPO Box 1538, Hobart, Tasmania 7001 AUSTRALIA ------------------------------ Date: Wed, 28 Apr 93 11:20:53 EDT From: culver@cse.bridgeport.edu (Edwin Culver) Subject: Utility monitoring of "Unusual use" In RISKS-14.55, J. Philip Miller (phil@wubios.wustl.edu) wondered if utilities detect "unusual" customers. I know the water company for New Haven, Connecticut asked my mother-in-law why her water usage trebled from one billing period to the next. I think that utility companies are generally expected to monitor "average" or "normal" use for when somebody protests that $1000.00 dollar gas/electric/phone/water bill. I would be surprised if the St. Louis police could get a warrant just on the basis of high electricity use and an "unusually warm" attic. These may have been used to support statements made by an informant--say a neighbor wondering why this guy had so many visitors at 3:00am. Or the warrant may have been instigated by concerns for violations of local building codes or zoning ordinances. If the fire marshall saw marijuana plants growing in the attic while executing a warrant searching for potential fire code violations would another warrant be needed to arrest the occupant for drug violations? Edwin M. Culver culver@cse.bridgeport.com (203) 468-1803 ------------------------------ Date: Tue, 27 Apr 1993 11:58:00 -0700 From: Kevin Paul Herbert Subject: Re: Risk of using too much electricity (Miller, RISKS-14.55) In California, PG&E (the electric utility in many parts of Northern California) issues press releases which indicate that they do this. Your power company may be quite willing to tell you if they do this, if you call a public affairs office. Kevin ------------------------------ Date: Thu, 29 Apr 93 15:32:40 PDT From: Robin Hanson Subject: Can Wiretaps Remain Cost-Effective? U.S. Phone companies spend more than 4000 times as much running the phone system ($126b) as police spend on legal domestic phone wiretaps ($31m), to listen to phone conversations without the consent of either party. So if wiretaps are worth at most a few times what police spend on them, we can justify only the slightest modification of our phone system to accommodate wiretaps. Yet the new wiretap chip, and last year's FBI digital telephony bill, both threaten to raise our phone bills by far more than they reduce our taxes for police. Dorothy Denning claims that wiretaps are worth "billions of dollars per year", based on amounts fined, recovered, etc. But this is just the wrong way to estimate the value of police services, according to standard texts on law enforcement economics. Instead, the value of each wiretap should be not far from how much police would be willing to pay extra for that wiretap. Given alternatives to use hidden microphones, informants, offer immunity, investigate someone else, or to raise the punishment for some crimes, it seems hard to imagine that most wiretaps would still be done if they cost police four times as much as they do now. And even if wiretaps were on average worth four times what police now pay, the option to wiretap the average phone line would be worth only six cents a month. Yet phone companies must even now perceive substantial costs to supporting wiretaps, even relative to wanting to stay on the good side of police; why else would police be complaining about lack of support? Government policies attempting to preserve wiretaps in the face of technological change would discourage a full global market for phone systems, while government decree would displace marketplace evolution of standards for representing, encrypting, and exchanging voice. Do you think these factors would raise the average $76 monthly phone bill by more than six cents? Even the wiretap chip itself, sold for $30 each while private chips without wiretap support sell for $10, would cost people who buy a new phone every five years an extra 30 cents per month. The central question is this: would police agencies still be willing to pay for each wiretap, if each wiretapping agency were charged its share of the full cost, to phone users, of forcing phones to support wiretaps? And why not let the market decide the answer? Currently, police must pay phone company "expenses" to support wiretaps. Let us interpret this to mean that phone companies may sell to police the option to perform legal wiretaps on given sets of phone lines, at whatever price the two parties can negotiate. Phone companies could then offer discounts to customers who use phones with wiretap chips, and each person could decide if the extra cost and risk of privacy invasion was worth the price to make life easier for the police. If it turns out wiretaps aren't worth their cost, so be it; no big deal. Less than one part in a thousand of police budgets is spent on wiretaps, and wiretaps weren't even legal before 1968. [For references and a more detailed discussion of these issues, ask me for my longer paper with the same title.] Robin Hanson, MS-269-2, NASA Ames Research Center, Moffett Field, CA 94035 415-604-3361 hanson@ptolemy.arc.nasa.gov ------------------------------ Date: Thu, 29 Apr 93 19:28:22 PDT From: RISKS Forum Subject: CLIPPING CLIPPER There is an enormous amount of pending mail on the Clipper Chip. However, much of it is now third- or fourth-order incrementalism. Please excuse me if I arbitrarily cut off the discussion rather than try to cull through everything looking for a few gems. I am delighted that this issue raised such a response, and hope that the discussion in RISKS has been helpful. The last words have obviously not yet been said, but it seems silly to continue a discussion that includes considerable misinterpretations of already misleading comments. If you have something really important to add, please make it incremental to the previous discussion, and make it salient. Thanks. PGN ------------------------------ Date: Thu, 29 Apr 1993 18:24:36 +0200 From: brunnstein@rz.informatik.uni-hamburg.dbp.de Subject: EICAR'93 Call for Papers CALL FOR CONFERENCE PAPERS AND PARTICIPATION eicar CONFERENCE '93 When? December, 1st - 3rd 1993 Where? St. Albans, Hertfordshire, England The Occasion: 4th Annual Eicar Conference Submission Deadline: 31st May 1993 Following a successful event in Munich last year, the European Institute for Computer Anti-Virus Research (eicar), is holding its 1993 Conference on 1st - 3rd December. Eicar is an independent organisation supporting and co-ordinating European activities in the areas of research, control and prevention of computer viruses and related security compromising sabotage software. The conference will bring together users of computers and the world's leading experts and authorities in the anti-virus field along with the writers of anti-virus products that you are using such as Fridrik Skulason of Frisk - F-Prot, Joe Wells of Symantec - Norton Anti-Virus and Alan Solomon of S&S International - Dr Solomon's Anti-Virus Toolkit. The conference covers all aspects of computer viruses and other malicious software including the following:- - virus trends - anti-virus technology - infection recovery tools - anti-virus product selection - network security - system security - backup measures - risk assessment - corporate strategies - disaster recovery plans - case studies - educational tasks - impact on technology - epidemiology - forensic procedures - legal aspects - social implications - ethics Tutorial Day - an optional tutorial on computer viruses and similar SW threats Day One - will carry two tracks covering state-of-the-art information Day Two - continues the two tracks and concludes with a panel discussion Call for Exhibitors Whether or not you are considering speaking at the conference, you should at least be investigating the sales and marketing opportunities available at the exhibition. For further information on exhibiting at the conference, please contact Rebecca Pitt at the address below. Submissions of draft papers and panel proposals should be received by Friday, 31st May 1993. Please send your conference papers in ascii or Word for Windows, to the following address:- Miss Alison Sweeney, Conference Manager, S&S International Limited Berkley Court, Mill Street, Berkhamsted, Herts, HP2 4HW, England Tel: +44 442 877877 Fax: +44 442 877882 Sands@cix.compulink.co.uk ------------------------------ End of RISKS-FORUM Digest 14.56 ************************