Subject: RISKS DIGEST 15.59 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Saturday 26 February 1994 Volume 15 : Issue 59 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Microsoft Dinged for $120 Million Leaving intelligence to the experts: lie detectors, Clipper (John M. Sullivan) Janitor interrupts UPS (Lisa Balbes) Portuguese drug ring ensnared by pager technology (Fernando Pereira) Snag hits Reserve Bank of India's clearing operations (S. Ramani) "Wire Pirates" - article in March 1994 Scientific American (Martin Minow) Van Eck Radiation Helps Catch Spies (Winn Schwartau) Re: Software testing at Sizewell (Dave Parnas) Re: SimHealth (Bill Stewart) Re: The ultimate couch potato (Bear Giles) FLASH: FBI's Draft Digital Telephony Bill: EFF Summary and Analysis (Daniel J. Weitzner) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Sat, 26 Feb 94 15:18:08 PST From: "Peter G. Neumann" Subject: Microsoft Dinged for $120 Million A federal jury in Los Angeles found that Microsoft's MS-DOS 6.0 software infringed upon a Stac Electronics patent for data compression, and awarded Stac $120M in damages. [San Francisco Chronicle, Business Digest, 24 Feb 1994] ------------------------------ Date: Sat, 26 Feb 94 13:10:39 PST From: sullivan@msri.org (John M. Sullivan) Subject: Leaving intelligence to the experts: lie detectors and clipper I read this story in Robert Park's "What's New" from opa@aps.org, and am forwarding it because, though it came up in conjunction with the CIA spy, it seems relevant to the discussions of Clipper here. -> Recall the 1986 case of Larry Chin, a career CIA analyst and spy -> for China; he also fooled the polygraph. In 1983 I was waiting to -> testify before the House Security Subcommittee. OTA Director John -> Gibbons was summarizing a study of the scientific validity of the -> polygraph for the subcommittee. Loosely paraphrased, Gibbons was -> explaining that these things couldn't distinguish between a lie -> and the sex act. Seated next to me was General Richard Stillwell -> (ret.) of the CIA. He had no idea who I was, but he could contain -> himself no longer; leaning toward me, Stillwell muttered, "I wish -> these damn scientists would leave intelligence to the experts." ------------------------------ Date: Thu, 24 Feb 94 14:02:16 -0500 From: balbes@osiris.rti.org (Lisa Balbes) Subject: Janitor interrupts UPS SERVICE INTERRUPTION Cleanliness is not always the best policy. There was a short interruption to some ACS services on Thursday, February 24, 1994. The gopher server, postbox, and HomeNet services were offline for about 1 hour at the beginning of the day. A member of the custodial staff plugged his vacuum cleaner into a power strip attached to our uninterrupted power supply (UPS). Poooooof. Down went several computers and part of the network. Just when you think that you have solved the problem of power outages with a brand new UPS ....... ACS is working with the custodial services to remedy the problem and prevent future such occurrences. Lisa Balbes, Osiris Consultants Scientific Software/Technical Writing 2229B Hedgerow Rd, Columbus, OH 43220 balbes@osiris.rti.org 614-442-9850 ------------------------------ Date: Fri, 25 Feb 1994 23:57:26 -0500 From: Fernando Pereira Subject: Portuguese drug ring ensnared by pager technology This is 2nd hand from soc.culture.portuguese. Portuguese police found out that a drug traffic ring used pagers to receive orders from clients, and also to receive announcements of new bulk deliveries (This is a more recent practice in Portugal than in the US, given the relatively recent arrival of pageers there and the less serious drug problem). They arrested one of the drug sellers, took his pager, and started recording the arriving messages. Soon they figured out the code used by the ring, and they caught them all. Two lessons: 1. Physical access to a node is the best way to break into a network. 2. Old-fashioned police work can take advantage of the vulnerabilities in criminal activities created by the use of new technology. Even if all the links in that network had been securely encrypted, the method followed by the portuguese police would still work. Food for thought in relation to the current Clipper debate. Fernando Pereira, 2D-447, AT&T Bell Laboratories, 600 Mountain Ave, PO Box 636 Murray Hill, NJ 07974-0636 pereira@research.att.com ------------------------------ Date: Sat, 26 Feb 1994 23:50:05 +0530 From: "S. Ramani" Subject: Snag hits Reserve Bank of India's clearing operations By Business Times Staff, Bombay, 25 Feb 1994 Clearing of cheques at the Reserve Bank of India's national clearing cell (NCC) at Nariman Point came to a half on Wednesday night as a result of a "major fault" in the IBM mainframe computer handling the clearance of magnetic ink character recognition (MICR) cheques. The fault has crippled the reader-sorter machine. As a result of the breakdown, clearing and settlement of about 10 lakh (i. e. one million) cheques valued at Rs. 1,000 crores (i. e. Rs 10 thousand million, roughly equal to US$ 300 million) have been held up over the last two days. The disruption has sent corporate houses and the salaried class into a panic as salary payments were due this week. Sources in the RBI said the fault was yet to be located at the time of going to press today. Personnel from the RBI's Calcutta and Madras Offices and experts from Computer Maintenance Corporation, the maintenance agent of IBM, have been summoned. The breakdown, according to the sources, was unprecedented in recent times and "the experts are grappling" with the snag since yesterday. The NCC handles about six lakh cheques each day amounting to a total value of Rs. 1,000 crores. Clearance of high-value cheques (over Rs. 1 lakh) and inter-bank instruments, however, is being carried out unhampered. The worst hit were the public account cheques into which category fall salary cheques and other instruments. The NCC has been inundated with calls from commercial banks which wanted to find out when normalcy will be restored. As it happens, the snag that stopped the clearing of cheques came at the end of the month and many salaried employees have been left with no choice but to get their cheques discounted. The back-up programmes which the NCC had were of no avail and the experts had to be summoned. The RBI put up a notice at its Amar Building office and at the NCC yesterday about the snag and said: "Due to a problem with the computer system with the national clearing cell, processing of MICR presentations of yesterday evening (February 23) could not be completed. Member banks are advised that settlement of this clearing will not be accounted for today (February 24). A further communication will follow." Branches of commercial banks have been advised by their respective zonal offices that "outward MICR clearing could not be presented" yesterday and have been instructed not to release the credits of clearing presented on February 23 and thereafter until further notice. "The system will have to be rectified, its programme loaded, tested to see whether it can function to its usual capacity and then only the backlog can be cleared," the sources said. The would mean a delay of at least two more days, they added. Loading its programme, incidentally, takes a substantially long period. "We have made some progress since yesterday and hope to locate the problem by tonight. We expect the machine to start only by tomorrow evening," the sources added. The mainframe could not load the programme properly on Wednesday night and all efforts by the NCC staff came to naught. Personnel from RBI offices and the CMC had to be flown in yesterday. The RBI is also in touch with IBM personnel who designed the system. The RBI said in a statement the "computer system developed certain hardware and consequential software problems" on Wednesday. "The problems are being attended to on an emergency basis and the normal cheque clearing and settlement work is expected to resume shortly," the statement said. High-value cheques and inter-bank payments account for a very large proportion of the clearing settlement in terms of value, the RBI said. S. Ramani, National Centre for Software Technology, Gulmohar Cross Road No 9, Juhu, Bombay 400 049, India Ph: +91 (22) 620 0590 or 620 1606) ------------------------------ Date: Thu, 24 Feb 94 11:09:59 -0800 From: Martin Minow Subject: "Wire Pirates" - article in March 1994 Scientific American There is a long article on the "inhabitants of Cyberspace" who "may be villians, victims, or bystanders" in the March issue of Scientific American, written by Paul Wallich. While the content is probably well-known to Risks readers, the article gives a very good overview of the issues, and people involved. There are also photos of "Phiber Optik," Dorothy Denning, Donn Parker, and the illustrious editor of this esteemed journal. Of interest to historians might be the bibliography, listing information available only by FTP or e-mail as if this is the everyday way of locating information in a library. Martin Minow minow@apple.com ------------------------------ Date: Thu, 24 Feb 94 14:13:19 -0500 From: "Winn Schwartau" Subject: Van Eck Radiation Helps Catch Spies Van Eck in Action Over the last several years, I have discussed in great detail how the electromagnetic emissions from personal computers (and electronic gear in general) can be remotely detected without a hard connection and the information on the computers reconstructed. Electromagnetic eavesdropping is about insidious as you can get: the victim doesn't and can't know that anyone is 'listening' to his computer. To the eavesdropper, this provides an ideal means of surveillance: he can place his eavesdropping equipment a fair distance away to avoid detection and get a clear representation of what is being processed on the computer in question. (Please see previous issues of Security Insider Report for complete technical descriptions of the techniques.) The problem, though, is that too many so called security experts, (some prominent ones who really should know better) pooh-pooh the whole concept, maintaining they've never seen it work. Well, I'm sorry that none of them came to my demonstrations over the years, but Van Eck radiation IS real and does work. In fact, the recent headline grabbing spy case illuminates the point. Exploitation of Van Eck radiation appears to be responsible, at least in part, for the arrest of senior CIA intelligence officer Aldrich Hazen Ames on charges of being a Soviet/Russian mole. According to the Affidavit in support of Arrest Warrant, the FBI used "electronic surveillance of Ames' personal computer and software within his residence," in their search for evidence against him. On October 9, 1993, the FBI "placed an electronic monitor in his (Ames') computer," suggesting that a Van Eck receiver and transmitter was used to gather information on a real-time basis. Obviously, then, this is an ideal tool for criminal investigation - one that apparently works quite well. (From the Affidavit and from David Johnston, "Tailed Cars and Tapped Telephones: How US Drew Net on Spy Suspects," New York Times, February 24, 1994.) >From what we can gather at this point, the FBI black-bagged Ames' house and installed a number of surveillance devices. We have a high confidence factor that one of them was a small Van Eck detector which captured either CRT signals or keyboard strokes or both. The device would work like this: A small receiver operating in the 22MHz range (pixel frequency) would detect the video signals minus the horizontal and vertical sync signals. Since the device would be inside the computer itself, the signal strength would be more than adequate to provide a quality source. The little device would then retransmit the collected data in real-time to a remote surveillance vehicle or site where the video/keyboard data was stored on a video or digital storage medium. At a forensic laboratory, technicians would recreate the original screens and data that Mr. Ames entered into his computer. The technicians would add a vertical sync signal of about 59.94 Hz, and a horizontal sync signal of about 27KHz. This would stabilize the roll of the picture. In addition, the captured data would be subject to "cleansing" - meaning that the spurious noise in the signal would be stripped using Fast Fourier Transform techniques in either hardware or software. It is likely, though, that the FBI's device contained within it an FFT chip designed by the NSA a couple of years ago to make the laboratory process even easier. I spoke to the FBI and US Attorney's Office about the technology used for this, and none of them would confirm or deny the technology used "on an active case." Of course it is possible that the FBI did not place a monitoring device within the computer itself, but merely focused an external antenna at Mr. Ames' residence to "listen" to his computer from afar, but this presents additional complexities for law enforcement. 1. The farther from the source the detection equipment sits means that the detected information is "noisier" and requires additional forensic analysis to derive usable information. 2. Depending upon the electromagnetic sewage content of the immediate area around Mr. Ames' neighborhood, the FBI surveillance team would be limited as to what distances this technique would still be viable. Distance squared attenuation holds true. 3. The closer the surveillance team sits to the target, the more likely it is that their activities will be discovered. In either case, the technology is real and was apparently used in this investigation. But now, a few questions arise. 1. Does a court surveillance order include the right to remotely eavesdrop upon the unintentional emanations from a suspect's electronic equipment? Did the warrants specify this technique or were they shrouded under a more general surveillance authorization? Interesting question for the defense. 2. Is the information garnered in this manner admissible in court? I have read papers that claim defending against this method is illegal in the United States, but I have been unable to substantiate that supposition. 3. If this case goes to court, it would seem that the investigators would have to admit HOW they intercepted signals, and a smart lawyer (contradictory allegory :-) would attempt to pry out the relevant details. This is important because the techniques are generally classified within the intelligence community even though they are well understood and explained in open source materials. How will the veil of national security be dropped here? To the best of my knowledge, this is the first time that the Government had admitted the use of Van Eck (Tempest Busting etc.) in public. If anyone knows of any others, I would love to know about it. ------------------------------ Date: Thu, 24 Feb 94 8:54:34 PST From: "Peter G. Neumann" Subject: Re: Software testing at Sizewell (RISKS-15.58) [Dave Parnas asked me to post the following message from him. It is HIS, not MINE. PGN] The article in [Nuclear Engineering International, 12/93, p.10, reported by Bob Dolan contained the following assertion, "no other reactor protection system in the world, past or present, has received more attention than the PPS". Having read the report that was leaked to the BBC and later circulated by other organizations, I see no evidence to support that statement. For example, there have no reports of the software having been subject to a formal (mathematically based) inspection procedure such as the one used for the Nuclear Station at Darlington Ontario. The leaked report also showed that the authorities were quite prepared to accept a safety-critical software product that had FAILED the majority of its tests on the basis of vague and unsubstantiated claims that the failures were caused by the test harness not the program itself. The report did not indicate that there were any plans to rectify the problems in the test harness and carry out the test properly. There was no indication of how the test cases were selected and whether they were statistically meaningful. I know that in other nuclear plant situations, far more care was taken in the design of testing procedures. The Sizewellreport was kept secret and I have heard of no plans to have British software experts who are not part of the nuclear industry take part in the evaluation procedure. My experience suggests that, for whatever reasons, "inside experts" tend to be less rigorous and demanding than "outsiders". Organisations tend to pick the experts whom they expect to say what they want to be told. They aren't always right in their predictions, but I have never seen an industry knowingly engage a "loose cannon". In the Darlington case, reports were not kept secret, and the inspection process involved many outside consultants. Sizewell seems to me to provide ample evidence that outside scrutiny, openness, and an active press are essential when there are potential conflicts between short-term financial exigency and safety. Nobody who read that report could have much faith in the authorities who were prepared to accept such test results. Prof. David Lorge Parnas, Communications Research Laboratory Department of Electrical and Computer Engineering, McMaster University, Hamilton, Ontario Canada L8S 4K1 ------------------------------ Date: Wed, 23 Feb 94 20:16:35 EST From: wcs@anchor.ho.att.com Subject: Re: SimHealth With simulations, good modelling of the real situation and initial conditions is important. With simulation-based propaganda, however, it's also useful to know the biases of the game-writer and the desired conclusion you're supposed to come to :-) At the Knoxville World's Fair in ?1983, the Tennessee Valley Authority had a simulation game that put you in charge of their power system, letting you pull levers to choose how much power to get from what source, in order to keep enough power for the demand at the best price. The conclusion you were supposed to get was (surprise, surprise), "Use all the hydro power you can, then all the nukes you can, then coal&oil". As a resident of an area whose government gave electrical supply monopoly to the folks who own Three Mile Island and a few other old nuclear plants, I thought they should at *least* have the nuke plants go off-line every once in a while, spending money real fast when they're down :-) SimCity had a fairly strong bias toward City Planners telling people what to do and making decisions for them instead of letting them do what they want. Is SimHealth similarly biased toward single-decider systems? Bill Stewart ------------------------------ Date: 23 Feb 1994 23:27:03 GMT From: bear@cs.colorado.edu (Bear Giles) Subject: Re: The ultimate couch potato (Balden, RISKS-15.57) >... In his view, this would lead to birth of the ultimate couch potato. The solution is quite obvious, and even environmentally friendly! Take your standard electronic stationary bike (which uses an electrical generator to produce the current required to run the display) and replace the current display panel with an LCD display and waterproof keyboard. For even better performance, use logic devices that operate faster if more power is available, so someone really cranking on the pedals will get their job to compile faster than someone who's coasting... and hence get the fat bonus check! (The home version would determine the recharge period of your weapons (in games) by the amount of power supplied by the user.) Not only does this ensure that computer users will be among the fittest people on the planet (doing aerobic exercise for 8 hours a day), it would eliminate the need to use fossil fuels to power computer systems, monitors, etc. Of course, it would require waterproof printouts. But on the other hand, this ensures that long meetings of the programming staff would be a thing of the past.... Bear Giles bear@cs.colorado.edu/fsl.noaa.gov ------------------------------ Date: Wed, 23 Feb 1994 23:33:00 -0600 From: djw@eff.org (Daniel J. Weitzner) Subject: FLASH: FBI's Draft Digital Telephony Bill: EFF Summary and Analysis Electronic Frontier Foundation Statement on FBI Draft Digital Telephony Bill EFF has received a draft of the FBI's new, proposed "Digital Telephony" bill. After initial analysis, we strongly condemn bill, which would require all common carriers to construct their networks to deliver to law enforcement agencies, in real time, both the contents of all communications on their networks and the "signalling" or transactional information. In short, the bill lays the groundwork for turning the National Information Infrastructure into a nation-wide surveillance system, to be used by law enforcement with few technical or legal safeguards. This image is not hyperbole, but a real assessment of the power of the technology and inadequacy of current legal and technical privacy protections for users of communications networks. Although the FBI suggests that the bill is primarily designed to maintain status quo wiretap capability in the face of technological changes, in fact, it seeks vast new surveillance and monitoring tools. Among the new powers given to law enforcement are: 1. Real-time access to transactional information creates the ability to monitor individuals in real time. The bill would require common carrier network (telephone companies and anyone who plans to get into the telephone business, such as cable TV companies) to deliver, in real time, so called "call setup information." In the simplest case, call setup information is a list of phone numbers dialed by a given telephone currently under surveillance. As we all come to use electronic communications for more and more purposes, however, this simple call setup information could also reveal what movies we've order, which online information services we've connected to, which political bulletin boards we've dialed, etc. With increasing use of telecommunications, this simple transactional information reveals almost as much about our private lives as would be learned if someone literally followed us around on the street, watching our every move. We are all especially vulnerable to this kind of surveillance, because, unlike wiretapping the *content* of our communications, it is quite easy for law enforcement to get permission to obtain this transactional information. Whereas courts scrutinize wiretap requests very carefully, authorizations for access to call setup information are routinely granted with no substantive review. Some federal agencies, such as the IRS, even have the power to issue administrative subpoenas on their own, without appearing before a court. The real impact of the FBI proposal turns, in part, on the fact that it is easy to obtain court approval for seizing transactional data. The change from existing law contained in the FBI proposal is that carriers would have to deliver this call setup information *in real time*, directly to a remote listening post designated by law enforcement. Today, the government can obtain this information, but generally has to install a device (called a 'pen register') which is monitored manually at the telephone company switching office. 2. Access to communication and signalling information for any mobile communication, regardless of location allows tracking of an individual's movements. The bill requires that carriers be able to deliver either the contents or transactional information associated with any subscriber, even if that person is moving around from place to place with a cellular or PCS phone. It is conceivable that law enforcement could use the signalling information to identify that location of a target, whether that person is the subject of a wiretap order, or merely a subpoena for call setup information. This provision takes a major step beyond current law in that it allows for a tap and/or trace on a *person*, as opposed to mere surveillance of a telephone line. 3. Expanded access to electronic communications services, such as the Internet, online information services, and BBSs. The privacy of electronic communications services such as electronic mail is also put at grave risk. Today, a court order is required under the Electronic Communications Privacy Act to obtain the contents of electronic mail, for example. Those ECPA provisions would still apply for the contents of such messages, but the FBI bill suggests that common carriers might be responsible for delivering the addressing information associated with electronic mail and other electronic communications. For example, if a user connects to the Internet over local telephone lines, law enforcement might be able to demand from the telephone company information about where the user sent messages, and into which remote systems that user connects. All of this information could be obtained by law enforcement without every receiving a wiretap order. 4. The power to shut down non-compliant networks Finally, the bill proposes that the Attorney General have the power to shut down any common carrier service that fails to comply with all of these requirements. Some have already called this the "war powers" provision. Granting the Department of Justice such control over our nation's communications infrastructure is a serious threat to our First Amendment right to send and receive information, free from undue government intrusion. ******************************** The posting represents EFF's initial response to the new FBI proposal. Several documents, including the full text of the proposed bill and a more detailed section-by-section analysis are available by anonymous ftp on EFF's ftp site. This document is digtel94.announce . The documents can be located via ftp, gopher, or www, as follows: ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_bill.draft ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce for gopher, same but replace first part with: gopher://gopher.eff.org/00/EFF/... for WWW, same but replace first part with: http:/www.eff.org/ftp/EFF/... ************************************************************************** "I believe in markets doing what they do well, which is to develop technology, and letting citizens do what they ideally do well, which is to set policy." -Esther Dyson, President, EDventure Holdings, Inc. The Electronic Frontier Foundation is working to protect your privacy. To help stop Clipper and eliminate export controls on cryptography, support a bill introduced in the House of Representatives, HR 3627. To support the bill, send email to . Daniel J. Weitzner, Senior Staff Counsel, Electronic Frontier Foundation 1001 G St, NW Suite 950 East, Washington, DC 20001 202-347-5400 (v) 202-393-5509 (f) *** Send mail to membership@eff.org for information on EFF. *** ------------------------------ Date: ongoing From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact (Dennis Rears). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "FTP CRVAX.SRI.COMlogin anonymousYourName CD RISKS: GET RISKS-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 15.59 ************************