RISKS-LIST: RISKS-FORUM Digest Sunday 8 May 1988 Volume 6 : Issue 80 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Yet another SSN risk (Tom Lord) Risks of banking (Ritchey Ruff) "Auftragstaktik" (Gary Chapman) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, ftp kl.sri.com, get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85). ---------------------------------------------------------------------- Date: Fri, 6 May 88 13:26:55 -0400 (EDT) From: Tom Lord Subject: yet another SSN risk Promises from your personel department are almost certainly not sufficient to protect your Social Security number. Such a promise presumes that the department will have good control over its own records and, at least here at CMU, this is not true. This morning on my way into the office a box of trash outside the machine room caught my eye. The box was full of course schedules listing each course, its classroom, its instructor, and the instructor's SSN. My guess is that something went wrong with the printer as the job was printing, and that the operators tossed the partial output and started over. -Tom ------------------------------ Date: Sat, 7 May 88 10:24:51 PDT From: Ritchey Ruff Subject: Risks of banking I belong to a credit union (which will remain unnamed for obvious reasons below) and got the following notice in my end of month statement. I'll refer to the credit union as when ever their name appears in the flier... I am typing it in verbatim because of the numerous RISKS issues bundled in this little flier, including: SSN's, manuals and instructions, misinformation, etc. The CAPS are to represent either bold or caps in the original. The format is as close as I could come to exactly the flier, and many of the typos are really in the flier (I proof read it 3 times to try to remove all MY typo's ;-). This should get some RISK dander up!!! ILLY 's Audio Teller * ILLY - Audio Teller "Illy" is 's AUDIO TELLER. You are "talking" directly to our computer system by simply pushing buttons on the keyboard of your Touch Tone phone! Every member has a personal security code. Your security code is the last four digits of your social security number. Only you and the computer know this number. If you need to change your number, you must request this in writing. No numbers will be changed by phone. * Available hours Financial transactions: 7:00 a.m. to 5:30 p.m. During this time you are able to perform your own FINANCIAL transactions. You can transfer funds, request a withdrawal check be mailed, or transfer a loan payment from your share account. Inquiry Transactions: 7:00 a.m. to 5:30 p.m. and 9:00 p.m. to 7:00 a.m. During this time you can check your share balance, inquire if a certain share draft-check has been paid, or inquire on your loan balance. * How to use ILLY 1) residence dial: (xxx) xxx-xxxx residence dial: (xxx) xxx-xxxx RESPONSE: You have dialed 's Audio Response System, please enter you account number. 2) Press the touch-tone keys on your telephone that correspond to your account number followed by the "#" sign. EXAMPLE: 188177# RESPONSE: Please enter your security code. 3) Press the keys on your telephone that correspond to the last four digits of your Social Security number followed by the "#" sign. EXAMPLE: 9000# RESPONSE: Please enter your transaction code. 4) Press the keys on your telephone that correspond to the appropriate code for the transaction you want to perform from the list below followed by the "#" sign. (Please see "List of Account Numbers" with special note to the asteriks preceding four accounts) RESPONSE: Please enter your share type. 5) Press the keys on your telephone that correspond to the share type listed below followed by the "#" sign. 00 = Regular Share Savings 01 = Share Draft-Checking 02 = Christmas Savings 03 = I.R.A. Account 04 = Mortgage/Escrow Shares EXAMPLE: Share Savings, Enter 00# RESPONSE: Please enter your Transaction code. Enter another Enter another transaction code, or the # sign to complete the call. * List of Transaction Codes 100 - Inquire Share Balance 101 - Inquire Last Deposit *102 - Inquire check (draft) cleared 190 - Inquire All Shares 120 - Inquire Loan Balance 192 - Inquire All Loans 122 - Inquire Loan Payment Amount and next due date **200 - Share to Share Transfer **201 - Share Withdrawal-Check issue **220 - Loan Payment from Shares SPECIAL NOTE * During this transaction, only a five digit number can be entered. If your Share Draft-check number has only 3 or 4 digits, then add zeros to the front of the number to make a five digit number. EXAMPLE: Draft number 271 = 00271# Draft number 1253 = 01253# ** During these transactions, you will need to know from what share type you are making your transaction. The computer will repeat your instructions, and then ask "Is this correct?", press the "Y" key (number 9) on your telephone followed by the # sign. RESPONSE: Transaction complete. IF YOU DO NOT HEAR THE RESPONSE "Transaction complete", NO TRANSACTION HAS BEEN MADE. If no transaction has been made, you will hear - Enter your transaction code - and you can re-enter your code HELPFUL HINTS * Have you instruction card handy before placing your call. * Know your security code. * For Financial Transactions enter dollar amounts in dollars and cents. DO NOT ENTER DECIMAL POINTS. EXAMPLE: $11.22 is entered as 1122# $150.00 is entered as 15000# * End each and every function with a "#" (pound) sign. QUESTIONS/ANSWERS QUESTION: Am I talking to a real person? ANSWER: No, you are communicating with 's In-House Computer system. QUESTION: What happens if I enter the wrong code? ANSWER: Nothing, the computer will ask you to re-enter a valid code. QUESTION: Am I really transferring money from my savings to my checking? ANSWER: Yes, you are. Now you can begin writing Share Draft-checks against your newly transferred funds. QUESTION: When I make a transfer, when are the funds available? ANSWER: Immediately. You control your money movement. QUESTION: Is this really safe? ANSWER: Absolutely. No one but you has access yo your security code. Without your security code matching up to your account number, the computer will not allow transactions. It is important to protect your security code and not publicize your number. QUESTION: When will my check be mailed? ANSWER: It will leave the Main Office the next business day. QUESTION: Can I transfer to someone elses account? ANSWER: NO. You can only transfer within your own accounts. Every account has its own security code. QUESTION: Is there a charge for this? ANSWER: No. ILLY is another convenient service provided by your Credit Union to make life easier. GROWING TO SERVE YOU BETTER! What do you RISKer think of this new bank service. I called and they said predictions are that within 5 years most people in the US with credit union accounts will have this type of service. I'm writing a letter to this particular CU warning of the RISKs, but over the phone I got the feeling they expect that Standard Security Measures for computer transactions will be enough (read---if nobody knows how the system works, it can be left wide open and be perfectly secure). Almost, ALMOST, tempts me to do some hacking (let me see, they claim they have 200,000 accounts and all accounts have a six digits, so I should have to try about 5 times to hit a valid account---assuming they are not sequencial---otherwise I KNOW what allot of them are---any number smaller than my account number. The security code is 4 digits, so several tries will get in here---autodialing is so nice. How much does this person have---hmmm, $50,000...I'll mail a check for $20,000 to that swiss bank account of mine...TRANSACTION COMPLETE...;-) If I see some good arguments I'll use them in my letter asking the CU to change this system. Seems like now is the time to deal with this, instead of waiting for it to spread nation-wide... A last note: the state where this credit union resides uses your SSN as the driver's license number. Thus if you cash a check you have just given someone all the important info to hack on your banking account... -- Ritchey Ruff ruffwork@cs.orst.edu -or- ...!hp-pcd!orstcs!ruffwork (Needless to say, my security code is NOT the default, although they didn't require a signature on the note to change the security code...sigh...) ------------------------------ Date: Fri, 6 May 88 10:10:00 PDT From: chapman@csli.stanford.edu (Gary Chapman) Subject: "Auftragstaktik" This is a follow-up to one of Henry Spencer's messages, the one about the German Army's emphasis on personal initiative among its military officers. However, this is on a different tack than Henry's message about "whistleblowing." There was a German term for giving a lot of personal initiative, responsibility, and autonomy to front-line commanders: the word is "Auftragstaktik." This was actually a product of the closing days of World War I, and then found its way into training of the German officers in the inter-war years. The two most outstanding practitioners and advocates of "Auftragstaktik" were Generals Guderian and Rommell, two of the more successful Wehrmacht commanders. What makes this term relevant and interesting today is that its precepts have been rediscovered by the American Army in the 1980's. The (relatively) new U.S. Army doctrine known as AirLand Battle doctrine is explicitly derived from the German blitzkrieg, and the authors of the new doctrine recognized how critical "Auftragstaktik" is to the success of the blitzkrieg. Consider the following statement from Colonel Huba Wass de Czege, one of the authors of the 1982 Field Manual 100-5 which instituted AirLand Battle doctrine: The second important realization was that the chaos of the next battlefield will make centralized control of subordinates always difficult, sometimes impossible. This led to the incorporation of a doctrine of command and control which features decentralization of decisions by the use of mission orders similar to that used by the Wehrmacht early in World War II. This style of leadership is called Auftragstaktik by the Germans. ("Army Doctrinal Reform," in Clark, Chiarelli, et al., eds., *The Defense Reform Debate: Issues and Analysis*, Johns Hopkins University Press, 1984, p. 107.) "Auftragstaktik" has been the subject of numerous articles in various military journals, most often in *Military Review*, the military's chief publication of scholarly writing, where it has been celebrated as a long overdue reform from the Army's traditional, set-piece, "engineer" model of the line combat officer. What makes this interesting in terms of computer technology is that so much of the computer development that has been undertaken in programs like DARPA's AirLand Battle Management System seems to run completely counter to this trend in the Army. The AirLand Battle Management System is meant to provide centralized control of combat operations at the corps level--a corps is the next larger unit above a division--and the original DARPA plans wanted electronic accountability down to the individual soldier and vehicle. The AirLand Battle Management System is supposed to be a huge expert system that analyzes a battle in progress, makes recommendations of tactics, issues orders to subunits, watches the battle in real time through vast sensor and satellite networks, and continues to update the corps commander with new information, recommendations, and so on. This is exactly the opposite of what "Auftragstaktik" entails. The other worrisome aspect of "Auftragstaktik" in American doctrine is the wide dispersion of nuclear devices in the U.S. Army in Europe. Once the INF Treaty pulls out Pershing 2s and GLCMs, the nuclear devices that will be left in the U.S. Army arsenal in Europe will all be short-range weapons like nuclear artillery shells and mines. A doctrine which gives the "commander on the spot" maximum authority for initiative and autonomy, combined with the availability of short-range nuclear weapons, is something that worries a lot of people, particularly the West Germans. Finally, one of the most interesting things to watch in the military establishment is the really severe conflict of interests between technophile civilian managers and planners (usually people from the defense industry or academic backgrounds) versus the traditional line military officers. When I give talks about autonomous weapons, automated command and control systems, AirLand Battle Management, etc., and there are line officers in the audience, their reaction is almost as viscerally angry as that of peace activists. On the other hand, my arguments against these systems (which are generally focused on their risk) are characteristically dismissed by civilian planners and managers as a smokescreen attempting to hide an agenda of "unilateral disarmament," with everything that allegedly entails. There is a lot of self-aware and well-developed antipathy to technical solutions on the part of the line officers, but not very much awareness of (or apparently even interest in) this antipathy on the part of civilian managers and planners. This gulf of communication and the disparity in interests are likely sources of a lot of confused policies in our military, and confused military policies bear a significant degree of risk all by themselves. As an aside, the material I have on the contradictions between AirLand Battle doctrine's "Auftragstaktik" and the trends in computer systems meant to support new military doctrine got cut out of *Computers in Battle* because it made my chapter too long. Most of the material can be found in my two-part article in the Fall 1985 and Winter 1986 issues of *The CPSR Newsletter*, "AirLand Battle Doctrine and the Strategic Computing Initiative." Gary Chapman, Executive Director, CPSR chapman@csli.stanford.edu ------------------------------ End of RISKS-FORUM Digest ************************