Subject: RISKS DIGEST 15.60 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 28 February 1994 Volume 15 : Issue 60 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: $1M deposited in bank error (PGN) Another Olympic E-mail Penetration (PGN) The dangers of electronic mail (Rob Hasker) Ex-employee arrested in computer-file theft (Lance Gatrell) How about bounties for inspecting safety-critical software? (Michael Chastain) Reloadable and Smart Cards en route to worldwide acceptance (Gordon Webster and Sree Kumar) FBI Digital Telephony Proposal and PCS mobile phone networks (M. Hedlund) Re: Van Eck Radiation ... (James H. Haynes, Fredrick B. Cohen, Vadim Antonov, Bob Brown, John R Levine, Bill Bolosky) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Mon, 28 Feb 94 18:08:00 PST From: "Peter G. Neumann" Subject: $1M deposited in bank error The Bank of Stockton (California) accidentally turned Mohammed Idrees Kussair's deposit of $100,000 into $1M. He assumed that a relative in Pakistan must have wired the money to him, and spent it to pay off rental properties and to take a trip to Pakistan. A San Joaquin County Superior judge ruled that he had not broken any laws, and cleared him of criminal charges. A spokesman for the bank said that the bank intends to sue him. [Source: An AP item in the San Francisco Chronicle, 11 Feb 1994] ------------------------------ Date: Mon, 28 Feb 94 10:02:04 PST From: "Peter G. Neumann" Subject: Another Olympic E-mail Penetration Misuse of the Olympic E-mail system continued, subsequent to the earlier case reported in RISKS-15.59. Someone masqueraded as Wayne Abbott, a Canadian TV employee, and sent a nasty E-mail message to Cathy Turner relating to her skating style. [Cathy was disqualified for contact with another skater, after apparently winning the gold in the 1,000-meter speedskate.] [San Francisco Chronicle, 27 Feb 1994, p. C-5] ------------------------------ Date: Fri, 25 Feb 1994 12:57:45 -0600 From: Rob Hasker Subject: The dangers of electronic mail Quoting from the Feb. 24 News-Gazette of Champaign-Urbana, Illinois: "UI student arrested for e-mail threat to Clinton" URBANA -- A University of Illinois student has been arrested for threatening the life of President Clinton, U.S. Attorney Frances Hulin announced today. Christopher James Reincke, 18, of Townsend Hall, Urbana, allegedly sent an electronic mail message to the White House on Dec. 4 threatening Clinton, Hulin stated in a press release. The message read: "I am curious, Bill, how would you feel about being the first president to be killed on the same day as his wife ... It would be best, I think, to not continue with your immediate plans. Perhaps a vacation. You will die soon. You can run, but you cannot hide." The message was signed "Overlord" and purported to be from "Allmighty@Never.Gonna.Catch.Me." Reincke appeared before U.S. District Judge Harold A. Baker in Danville today and was released on his own recognizance. Hulin said the charge resulted from an investigation by the Secret Service and the UI police. Investigators determined the message originated at the UI, and a computer trace identified Reincke as the apparent author, Hulin said. While being questioned by agents, Reincke admitted he had sent the message, according to the press release. (Local news reports suggest that the student intended this to be a practical joke. As I see it, the risk is in assuming that it doesn't really matter what you say by email.) Rob Hasker hasker@cs.uiuc.edu ------------------------------ Date: Mon, 28 Feb 94 09:30:50 MST From: gatrell@aragtap.den.mmc.com (Lance Gatrell) Subject: Ex-employee arrested in computer-file theft Denver Post, p. 1C, Feb. 25, 1994 A former employee of a Boulder [Colorado] computer software company was arrested yesterday for fraudulently transferring 122 computer files worth $915,000 just before leaving his ex-employer, the FBI said in Denver federal court documents. Liaosheng Wang, also known as Andrew Wang, of Westminster, was arrested by FBI agents for allegedly stealing the computer files, including important "source code files," from Ellery Systems Inc., where he worked as a design engineer from December 1990 until his resignation this month. In a complaint filed in U.S. District Court in Denver, FBI special agent John Gedney said Wang may have stolen the files after twice being denied promotions at the Boulder company late last month. ... Wang apparently transferred the files from his account at Ellery Systems to Internet, a global computer network, the complaint said. From Internet, Wang was able to communicate from his computer at Ellery Systems with a computer at Unidata Inc., a Denver company. [sic] The FBI is continuing its investigation to determine if Wang was trying to sabotage his former employer or transferred the information for a fee. "Everything that was transferred was confidential property," said Jeff Jordan, an Ellery vice president. "It was the source code for our product and we intend to get it back." [...] Geoffrey Shaw, Ellery Systems' chief executive officer, told the FBI that Wang had no authority to transfer the files to Unidata, particularly since they contained a proprietary program that had been copyrighted. If convicted of wire fraud, Wang could be sentenced to up to five years in prison and fined up to $250,000. ------------------------------ Date: Sun, 27 Feb 1994 00:14:22 -0800 From: Michael Edward Chastain Subject: How about bounties for inspecting safety-critical software? After reading a recent RSISKS article about validating the Sizewell B PPS software, I was struck by an idea: how about a bounty for inspecting safety-critical software? Here's the plan: the government organization which is purchasing the safety-critical software publishes the specification, the entire source code as delivered by private contractors, and technical documentation on the hardware environment. It then offers a bounty to any party anywhere who demonstrates a logical error in the software. The bounty would be funded by reductions in money paid to the original contractors. Finding a bug is much harder than demonstrating that one has found a bug. Bounty hunters would have an incentive to deploy whatever technology they found useful in finding errors. Michael Chastain mec@shell.portal.com ------------------------------ Date: Fri, 25 Feb 94 17:19:31 est From: pwajam!gordon@uunet.UU.NET (Gordon Webster) Subject: Reloadable and Smart Cards en route to worldwide acceptance Of late there have been quite a few articles in the RISK forum regarding Smart/Reloadable Cards and issues surrounding their incipient risks. The impression (whether right or wrong) is that most readers (or respondents) are not aware of the level of acceptance that this technology have outside of North America. While the potential risks of the cards are legion, I will not attempt to address them at this point, but merely attempt to touch the tip of iceberg and illustrate the impact having outside of North America. The kind of chargeable card described in John Gray's item in RISK issue #49 has been available in Japan and some other parts of Asia for at least a year. The cash the card is charged with can be spent at any retail outlet equipped with a simple PoS-type terminal; and the card can be "re-loaded" with cash at ATMs, by a simple transfer from a current or savings account held by the same holder. Both mag-stripe and embedded-chip versions of the card are in commercial use. The embedded-chip versions are usually multi-function cards (i.e., they can be used for other purposes as well as that of an electronic wallet). Countries in which reloadable card programs (or pilot programs) exist include: Singapore, Japan, France and South Africa. The cards used are mostly embedded-chip cards, not mag-stripe based. These cash cards are loaded electronically in machines similar to ATMs, by transfer from chequing or savings accounts. Cards can be used at any retailer with a reading device. The reading device deducts purchase price, issues a receipt, and shows the balance remaining on the card. Some of them (not all) are PIN-activated (RISK readers take note). When the balance on the card is exhausted the card is taken back to the issuing bank or a retail machine for replenishment. In Japan, the use of the cards apparently has been growing quickly, there is some political pressure to regulate the business, because it is seen as cutting into the Bank of Japan's sole right to issue bank-notes. There is talk of regulations to force issuers to deposit a specified percentage of the money circulating on such cards with the central bank, or to charge a consumption tax on such transactions, the money to go into a central fund which would reimburse card-holders in case the issuing institution went belly-up. The Japanese are fairly far along in terms of acceptance of the cards, some of the applications are as follows: - NTT (the Japanese equivalent of AT&T) is a large proponent of the use of the cards for making pay phone calls. They have found their usage quite profitable as they have found that callers using such cards talk 20-40% longer on the phone, maybe because they don't have to fumble for coins or replacement cards. - Other Japanese retailers who accept such cards include the railways, buses and taxis, car washes, highway toll booths, fast-food outlets and even video-game arcades. - One of the last bastions in Japan to hold out against such cards gave in not long ago. You can now use them at Buddhist temples, to make donations. An argument between religious and tax establishments now threatens. Temples have been tax-exempt so far, but the tax authorities do not want to exempt them from the consumption tax on the use of cards. Another country which has launched a smart card scheme is Guatemala, no less. The scheme in Guatemala is called Credisa, the card is called Elite, and the launching bank is a new retail bank called MultiBanco. The hardware and software are being provided by GemPlus, the same (French) vendor who provided the hardware for the French reloadable card pilot. In Guatemala, I believe the major incentive for smart cards is the poor telecomms infrastructure, which places limits on on-line authorization capability. Gordon Webster - Price Waterhouse Assoc. Jamaica - gordon@pwajam.uunet Sree Kumar - Price Waterhouse Assoc. Jamaica - sree@pwajam.uunet ------------------------------ Date: Mon, 28 Feb 1994 11:32:59 -0800 (PST) From: "M. Hedlund" Subject: FBI Digital Telephony Proposal and PCS mobile phone networks This article elaborates on part of the EFF statement issued last week concerning the FBI's proposed Digital Telephony wiretap bill. The EFF condemned the bill, which enlarges law enforcement powers of surveillance, granted by wiretap laws, by adding tracking ability. Addressed herein is point two of the EFF statement, concerning the surveillance of mobile communica- tors, such as cellular phones, Personal Communications Services (PCS) and laptop computers. PCS mobile phones create severe privacy risks for future phone users, especially under the FBI's proposal; and these risks strongly support the EFF's position. The FBI asserts that their proposal adapts existing wiretap laws to account for emerging communications technologies. Wiretap laws have not adequately covered mobile communications, and the FBI is correct to assume that some revisions will be necessary to adequately balance law enforcement needs with the privacy rights of mobile phone users. Their proposed revisions, however, do not simply provide for wiretap; instead, the FBI seeks to expand wiretap laws, allowing law enforcement officers to track the signalling information of mobile communications users. The EFF believes that the FBI proposal would create an enormous hole in the privacy rights of individuals suspected of crimes. Their statement notes: It is conceivable that law enforcement could use the signalling information to identify the location of a target.....This provision takes a major step beyond current law in that it allows for a tap and/or trace on a *person*, as opposed to mere surveillance of a phone line. This fear is completely realistic. It is not simply "conceivable" that the FBI's proposal would allow law enforcement to surveil the location of a target -- positioning technology is a planned part of PCS networks, one of the technological advances anticipated by the proposal. Similar positioning technology is planned for cellular phones, as well. PCS advances cellular phone technology by integrating mobile communications with other phone networks, and by expanding the services and quality mobile phones can offer. Most PCS proposals involve three forms of mobility: terminal mobility, the ability to make and receive calls at any location, and the ability of the phone network to track the location of the mobile phone; personal mobility, the ability of the user to be reachable by a single phone number at all times; and service mobility, the ability of the user to access CLASS(sm)-like features, such as Call Waiting and Caller ID, from any phone they use. The FBI proposal requires phone companies, when presented with a wiretap order, to transmit the content and the signalling, or "call setup information," from the tapped phone to law enforcement officers. With a wireline phone, such as a residence phone line, call setup information would comprise only the originating and dialled phone numbers, as well as billing information (such as the residence address) for the call. Because of the wireless aspect of PCS, however, call setup information for a PCS phone includes very detailed information on the location and movement of the caller. PCS mobile phones will connect with the phone network via "microcells," or very small receivers similar to those used for cellular phones. While a cellular network uses cells with up to an 8 to 10 mile radius, PCS networks will use microcells located on every street corner and in every building. The call setup information for a PCS call would include the microcell identifier -- a very specific means of locating the user. An order for a PCS wiretap would allow law enforcement officers to receive a detailed, verifiable, continuous record of the location and movement of a mobile phone user. These phones are also likely to "feature" automatic registration: whenever the PCS mobile phone is on (in use or able to receive calls), it will automatically register itself with the nearest microcell. Law enforcement agencies, able to track this registration, would have the equivalent of an automatic, free, instantaneous, and undetectable global positioning locator for anyone suspected of a crime. PCS tries to improve on cellular phone privacy and security by incorporating cryptographic techniques. Encryption could not only create a secure phone conversation, but could also (coupled with use of a PIN number) insure that only a valid subscriber could make calls on a particular phone, preventing fraudulent calls on stolen phones. An additional phone-to-network authentication could prevent fraudulent calling through a "masquerade" phone designed to simulate a user's registration. But the FBI proposal would require that such encryption be defeatable in wiretap circumstances. As the proposal stands, this form of weak encryption is distinguishable from the Clipper Chip because the phone companies, not a key escrow arrangement, enable law enforcement access; but it is entirely possible that the Clipper Chip could be used as the encrypting device. In either circumstance, PCS encryption could be compromised by careless or malicious law enforcement officials. Perhaps it is time for Phil Zimmerman and ViaCrypt to begin work on PGPCS -- and let us all hope we are so lucky. The cellular phone market is tremendous, and analysts believe that the PCS market, incorporating both voice and data communications, will be even larger. Coupled with the FBI's Digital Telephony proposal, PCS raises many privacy and security risks, making the EFF's condemnation of the FBI proposal all the more appropriate. CLASS is a service mark of Bell Communications Research (Bellcore). For more information: * Bellcore Special Report SR-INS-002301, "Feature Description and Functional Analysis of Personal Communications Services (PCS) Capabilities," Issue 1, April 1992. Order from Bellcore, (800) 521-CORE (2673), $55.00. * GAO report GAO/OSI-94-2, "Communications Privacy: Federal Policy and Actions," November 1993. Anonymous FTP to cu.nih.gov, in the directory "gao-reports". * EFF documents, available via anonymous FTP or gopher: ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony [*The New York Times* today has a front-page article by John Markoff, entitled "Price of Technology May Be Privacy". I first saw a version of it in today's *San Francisco Chronicle*, although as seems typical of the Chron they truncated it after 11 of its 34 paragraphs. At least they mentioned Markoff this time, which they frequently do not do! PGN] ------------------------------ Date: Mon, 28 Feb 1994 11:15:30 -0800 (PST) From: "James H. Haynes" Subject: Re: Van Eck Radiation and Clipper and Wiretapping It just struck my irony bone that we have the Feds on the one hand wanting to install leaks in encryption and communication switching; and we have the FCC regulating things like PCs so they don't radiate interfering signals. When will FCC be ordered to "get with the program" and _require_ that PCs and monitors radiate enough so the snoops can do their jobs? ------------------------------ Date: Sat, 26 Feb 94 22:26:48 PST From: Fredrick B. Cohen Subject: Van Eck Radiation (Schwartau, RISKS-15.59) The contention that this is a Van Eck device is ludicrous! You don't need to use radiated signals if you place a bugging device in the computer. You simply listen to the information and transmit it over a normal radio channel. > ... . The device would work like this: This is not how Van Eck's mechanism worked. It exploited the normal radiated signals, not those created by a bugging device. > I spoke to the FBI and US Attorney's Office about the technology used for > this, and none of them would confirm or deny the technology used "on an > active case." Now that's a journalistic confirmation if I ever heard one! > To the best of my knowledge, this is the first time that the Government had > admitted the use of Van Eck (Tempest Busting etc.) in public. ... Since when is a refusal to comment an admission? If the point of the article is to assert that there are radiated signals from video screens that can be used at a distance to observe the content of the screens, of course there is. If you want confirmation, why not go and buy the 100 dollars of equipment required to do it yourself? ------------------------------ Date: Sat, 26 Feb 1994 19:45:47 -0500 From: avg@titan.sprintlink.net (Vadim Antonov) Subject: Re: Van Eck monitoring First of all, reception of a signal from computer screen is much easier than it seems due to the fact that images are mostly static; i.e., the same pattern of radiation will be repeated many times allowing for digital accumulation of the signal (it works the same way for astronomers who are able to resolve very dim objects by collecting "random" photons for a long time). Interferometry (i.e., simultaneous reception of the signal from several distant points and multiplying the received signals delayed to compensate for the propagation delays) can also be a very useful tool to sort out weak signal coming from a single source with known location from random electromagnetic noise. Also, cleaning up the signal using spectral analysis (FT, etc.) should work great because the spectre of the source signal is discrete (i.e., all frequencies are derived from a single stable oscillator's frequency by dividing it by small integer numbers). Add directed antennae or (even better) phased antennae arrays and you got the picture... It's nothing more than methods very well known in optical and radio astronomy so the special services don't have to bother me :-) --vadim ------------------------------ Date: Sun, 27 Feb 94 10:41:47 EST From: bbrown@gmcf.org (Bob Brown) Subject: Van Eck Radiation Helps Catch Spies (?!?) Winn Schwartau [RISKS-15.59] headlined his message "Van Eck in Action" suggesting that the FBI used electromagnetic eavesdropping in developing their case against Aldrich Ames. Later Schwartau quotes the FBI's own affidavit as saying that 'the FBI "placed an electronic monitor in his (Ames's) computer," suggesting that a Van Eck receiver...' It's time for someone to shout "Occam's Razor!" If the FBI placed anything "in" Ames' computer, it needn't have been anything as complicated as a receiver that sucked keyboard strokes or video pixels out of the electronic chaos that's inside a computer case. A sophomore EE student could design a high-impedance device to pluck video and keyboard signals directly off their respective connectors and relay them onward. Such a gadget would be much simpler, and therefore more reliable than a Van Eck receiver. On the other hand, the FBI could have simply copied the contents of Ames' hard disk with something like LapLink. They're (understandably) not talking. ------------------------------ Date: Sun, 27 Feb 94 15:40 EST From: johnl@iecc.com (John R Levine) Subject: Re: Van Eck Radiation Helps Catch Spies, maybe not >On October 9, 1993, the FBI "placed an electronic monitor in his (Ames') >computer," suggesting that a Van Eck receiver and transmitter was used >to gather information on a real-time basis. I don't know about you, but if I were able to stick a bug inside the computer, I'd attach it directly to the keyboard and video ports. Why fool around trying to reconstruct a signal, when a wire containing the signal itself is half an inch away? Do we have here a risk of technophilia? Even if I couldn't get inside the house, it's quite possible that a conventional camera looking through a window could see enough of the the screen and keyboard to gather useful information. John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ Date: Mon, 28 Feb 94 13:44:28 TZ From: Bill Bolosky Subject: Re: Van Eck Radiation Helps Catch Spies A case recently came up in Washington State that is related to the question of the legality of using Van Eck radiation emitted from a residence as a survelience technique. In the incident in question, a person was suspected of growing marijuana in his home, using grow lights. However, there was insufficient evidence to get probable cause for a search warrant. So, without a warrant, the police stood in the street and used an IR detector on the house. They determined that the house was emitting radiation that was consistent with grow lights, and used this evidence as probable cause to get a search warrant. In the ensuing search, the house was found to contain marijuana and the homeowner was convicted. He appealed his conviction on the grounds that the use of the IR detector constituted a search of his home, for which a warrant was required; evidence from this illegal search could not be used as probable cause for a warrant. The Washington State Supreme court agreed with the defendant, ruled the search illegal and overturned his conviction. They said that non-visible radiation emanating from a home is not the same as, say, leaving a window open, and that a reasonable expectation of privacy existed for such radiation. I would imagine that this legal precident would also preclude the use of Van Eck radiation detectors in the state of Washington without a search warrant. Of course, in the Ames case such a warrant almost certainly had already been obtained based on other probable cause, and so this wouldn't be a valid defence for Ames. Bill Bolosky bolosky@microsoft.com ------------------------------ Date: ongoing From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact (Dennis Rears). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "FTP CRVAX.SRI.COMlogin anonymousYourName CD RISKS: GET RISKS-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 15.60 ************************