Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 14: Issue 31
Friday 5 February 1993
Contents
"Computer Blamed For Phone Jam" [Ohio Bell]- Joe Brownlee
- BNFL prosecuted for unauthorised software changes
- Martyn Thomas
- Residues in a surplus bank computer
- Fred Cohen
- Re: Educational computer game banned
- Guy K. Haas
- Re: Clever Tactics Against Piracy
- Gerd Meissner
- Anecdotes Wanted on the Risks of Information Security
- Dorothy Denning
- Re: The FBI and Lotus cc:Mail
- Isaac Rabinovitch
Roger D Binns
Bill Stewart
Dorothy Denning
Dorothy Denning
Dorothy Denning
Dick Joltes
Dick Joltes
Ray Ozzie via Peter Wayner - Anyone can get your U. of Illinois transcript
- Carl M. Kadie
- Phone Company Cleverness
- Jon Leech
- Info on RISKS (comp.risks)
"Computer Blamed For Phone Jam"
<joe@cbcosmos.att.com>
Fri, 29 Jan 93 7:42:40 EST
from the 1/28/93 Columbus (Ohio) "Dispatch" by Ron Lietzke and Bruce Cadwallader A three-minute computer failure at an Ohio Bell central office disrupted phone service for 42,000 telephone lines in the Downtown business district for about 45 minutes yesterday morning. The computer problem cleared after a few minutes, but the disruption snowballed when a surge of callers seeking dial tones caused a telephone traffic jam of sorts, Ohio Bell spokesman David Kandel said. Outgoing and incoming calls on 15 Downtown prefixes were disrupted by the problem, which started at 9:42 AM. The Columbus police, the Franklin County Sherrif's Department, Columbus Public Schools, and state offices were among those disrupted by the outage, Kandel said. Callers in the affected prefix areas who dialed 911 could not reach Columbus police or the Franklin County Sherrif's office for at least 3 minutes. However, those agencies reported that they did not receive any complaints after the dial tones returned. "It was starting to clear itself within minutes, but because you're looking at such a huge volume of calls Downtown, it took the system time to recover," Kandel said. "The system was delivering a very, very slow dial tone." Problems started when one of two computer processors failed. The other took over, but it took about three minutes for it to retrieve the information from the failed processor, Kandel said. Ohio Bell technicians were working with the equipment manufacturer yesterday to determine what caused the processor to fail. It still was not working late yesterday. [...] Columbus police dispatchers reported having problems for about 30 minutes. Chief Deputy Robert Taylor of the sheriff's department said this radio room used cellular phones until the problem cleared. Neither department knew of any emergencies missed because of the computer problem. Columbus firefighters said they were receiving 911 calls throughout the period of disruption. Two items of interest I note. One is that even a brief delay in grabbing data from the failed computer resulted in a large backlog. Perhaps the system was not designed to account for the large number of lines in downtown Columbus, which boomed during the 1980's. Phone systems tend to use less than state-of- the-art technology (to avoid many of the "bleeding edge" problems often noted here), but in this case, perhaps a faster processor or live mirroring of the data in question would have helped. As to my second point, twice the article points out that nobody knew of any emergency calls that were missed, with the implication that no harm was done. Dead men tell no tales? Joe Brownlee, Analysts International Corp. @ AT&T Network Systems 471 E Broad St, Suite 2001, Columbus, Ohio 43215 (614) 860-7461 joe@cbcosmos.att.com
BNFL prosecuted for unauthorised software changes
Martyn Thomas <mct@praxis.co.uk>
Thu, 4 Feb 93 15:48:16 GMT
According to Computing (4 Feb), British Nuclear Fuels Ltd is being
prosecuted for making alleged unauthorised software changes to a safety
mechanism on a shield door at Sellafield.
Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel: +44-225-444700. Email: mct@praxis.co.uk Fax: +44-225-465205
Residues in a surplus bank computer
Fred Cohen <fc@turing.duq.edu>
Wed, 3 Feb 93 18:35:52 -0500
This one goes in the `When will they ever learn?' category:
I just got a call from a person who recently purchased a Unix based PC
as junk from a bank, and low and behold, the computer was not cleaned before
sale. How hard is it to break in? Not too! All you have to do is boot from
a DOS floppy, run Norton Utilities or any similar tool, search for the `root:'
part of the password file, and change that line to look like `root::0:1::/:'.
Then you reboot from Unix and login as root with no password!
So that's too simple to be believed, but of course it works, and now
comes the real problem. I am not sure it's illegal to use that data however
you want! That's right, the computer crime laws don't cover computers that are
not attached to any networks, aren't part of the banking system, etc. This
system is no longer a banking computer, the data was sold along with the
system to the new owner by the bank with no stipulations or warnings (as-is),
and the new owner, as far as I can tell, has the right to use anything on the
computer as their own.
It's a little upsetting that the bank didn't bother to do a secure
deletion before giving all this data away (only about 120Mbytes worth of
information on customers, etc.). How about the privacy of the customers of
the bank? How about the EFT codes stored on-line! How about all the passwords
that can now be guessed and exploited to enter the bank as if you were an
employee? Oh well, anyone want to buy a used computer - no longer so cheap?
[Expletives deleted if there were expletives UNDELETED.
By the way, remember that the C2 Orange Book requirement is
for deletion prior to initial assignment and reallocation.
Somewhere there should be a requirement for deletion prior
to permanent deallocation as well. PGN]
Re: Educational computer game banned (Shaun, RISKS-14.30)
<ghaas@informix.com>
Thu, 4 Feb 93 07:43:33 PST
With all due respect to Christina Kirby, the "Wizards" game is NOT a computer game. It is a pencil-and-paper game, like other adventure simulations. The students gain points by achieving goals in spelling (and perhaps other language-related tasks), and translate these points into progress around a game board. It bears a superficial resemblance to "Dungeons and Dragons," with magicians, wizards, a winged dragon, a pit -- symbols that some (fundamentalist) Christians equate with Satanism and/or disregard for Biblical symbolism. The symbols were the basis of the argument made against the game. The teachers had two objections -- the issue of choice of instructional materials, and that of the way the District imposed the ban. One result of the uproar was a rewrite of the "Challenged Instructional Materials" policy. making the evaluation process much more accessible to the concerned public. Another was the motivation of a parent in the district who fought the ban to mount a (successful) run for a School Board seat last election, unseating an incumbent. --Guy K. Haas (active in the MUSD since 1987)
Re: Clever Tactics Against Piracy (RISKS-14.30)
Gerd Meissner <100064.3164@compuserve.com>
03 Feb 93 04:28:01 EST
It might be interesting for readers who want to know more about the "Clever Tactics Against Piracy" (RISKS 14.30) that the story, including some technical details, was first published in the German news magazine DER SPIEGEL (#36, 1992, August 31st), titled "Trojanisches Pferd" (Trojan Horse). The company used a 12-digit key that looked like the serial number of the "free-demonstration coupon", which had to be printed out and sent back, to identify the pirated copies found on the "customers" machine and some details about the computer it was found on. [Mark Brader just reminded me in a different context of always looking a Trojan horse in the mouth. PGN]
Anecdotes Wanted on the Risks of Information Security
Dorothy Denning <denning@cs.cosc.georgetown.edu>
Thu, 4 Feb 93 13:26:04 EST
I am seeking anecdotes of incidents where information security mechanisms or practices led to a problem (e.g., lost work or data, wasted time, down time, being locked out because of lost crypto keys or access tokens). I am also interested in descriptions of security features that are difficult to use and lead to problems. If you send me something, please indicate whether I can attribute it to you or you wish to remain anonymous. Thanks, Dorothy Denning denning@cs.georgetown.edu
Re: The FBI and Lotus cc:Mail (Joltes, RISKS-14.29)
Isaac Rabinovitch <ergo@netcom.com>
Sun, 31 Jan 1993 18:49:01 GMT
>Happily, the presenter said that Lotus refused to honor the FBI's request.
>Bravo!
Do not relax. So what if an official back door doesn't exist? Other federal
agencies are more discreet than the FBI, and would consider "their" back door
useless if any notice were taken of its existence. Furthermore, somebody is
bound to see the profit in covertly adding a back door to a product and
quietly selling it to individuals with a commercial interest in violation of
privacy.
I checked with Lt. Colonel North, Admiral Yamamoto, and especially Captain
Murphy, and they all agree: never assume a publically-accessible medium is
secure just because it's encrypted!
ergo@netcom.com Isaac Rabinovitch
{apple,amdahl,claris}!netcom!ergo Santa Cruz, CA
The FBI and Lotus cc:Mail (Joltes, RISKS-14.29)
Roger D Binns <cs89rdb@brunel.ac.uk>
Mon, 1 Feb 93 11:47:57 GMT
: Happily, the presenter said that Lotus refused to honor the FBI's request. Are you sure? Lotus could quite easily have honoured their request, and merely tell everyone they haven't. The FBI is happy, the consumer is happy. This brings to a mind a phrase 'ignorance is bliss'. Roger cs89rdb@brunel.ac.uk Roger Binns Brunel University - UK |
The FBI and Lotus cc:Mail
Bill Stewart +1-908-949-0705 <wcs@anchor.ho.att.com>
Tue, 2 Feb 93 12:52:36 EST
In RISKS 14.29, joltes@husc.harvard.edu reports that Lotus says that the FBI had asked them to place backdoors into Notes and cc:Mail, and they refused. Assuming that they told the truth, I'll second Dick's "Bravo!". But one RISK here is that, without *sources*, it's hard to tell - does Lotus provide sufficient documentation on file formats and encryption algorithms that users can verify that the program does what it claims? Bill Stewart, AT&T Bell Labs, Holmdel, NJ, wcs@anchor.att.com [Even WITH sources it can be hard to tell. Recall Ken Thompson's C-compiler Trojan horse in which there were no changes to the source code of either the C compiler or the UNIX login routine. PGN]
Re: The FBI and Lotus cc:Mail (Joltes, RISKS-14.29)
Dorothy Denning <denning@cs.cosc.georgetown.edu>
Fri, 29 Jan 93 13:34:41 EST
In RISKS-14.29, Dick Joltes said the following about a presentation he attended on Lotus Notes and the response of the Lotus representative to a question about how the encryption was done: The presenter said that the data was considered very secure, so much so that the FBI had approached Lotus to ask that a "back door" be left in the software in order to give the Bureau a method for infiltrating suspects' filesystems. She said they were specifically targeting "drug dealers and other bad people." Given this backdoor, what was to stop the Bureau from inspecting confidential materials on any system? The risks seem obvious. ... There are, in fact, very good controls to stop the FBI or any other law enforcement agency from doing this. They're called warrants. In order to execute a search and seizure on any system, the government needs to have a court order. To get a court order, they have to demonstrate that there is probable cause that a crime has been commited. Neither the FBI nor any other law enforcement agency is allowed to "infiltrate" someone's system and poke around to see what's there. The "obvious" risk here is not from the government. If the government is unable to break through the crypto or get the key, they may be unable to obtain evidence needed to prosecute someone who has commited a crime. This is potentially a very serious problem, especially as records become more heavily computerized. Happily, the presenter said that Lotus refused to honor the FBI's request. Bravo! Encryption of files and communications is going to make it much more difficult, and in some cases impossible, for law enforcers to get evidence needed for conviction. Unless we want a society with greater crime, we need to find some way of meeting both our needs for information security and our needs for law enforcement. Then we can cheer. Dorothy Denning Professor & Chair, Computer Science, Georgetown University
Re: The FBI and Lotus cc:Mail
<joltes@husc.harvard.edu>
Mon, 1 Feb 93 14:16:33 EST
Dorothy Denning, responding to my posting regarding cc:Mail, says: > There are, in fact, very good controls to stop the FBI or any other law > enforcement agency from doing this. They're called warrants. In order ... > the FBI nor any other law enforcement agency is allowed to "infiltrate" > someone's system and poke around to see what's there. The key word here is "allowed." As we've seen with such scandals as Watergate and Iran-Contra, what is allowed by law and what is actually done sometimes are two different things. What is to stop an agency from conducting an initial covert search of a person or corporation's records, then requesting the warrant after they find questionable or illegal material? Dorothy's comments presuppose that all operatives within all governmental bodies are completely honest. While I would say that a majority of these workers are honest, the risk that some are not makes the presence of known back doors in supposedly "secure" software a highly questionable situation. > The "obvious" risk here is not from the government. If the government > is unable to break through the crypto or get the key, they may be > unable to obtain evidence needed to prosecute someone who has commited > a crime. This is potentially a very serious problem, especially as > records become more heavily computerized. Certainly it is. However, we must evaluate whether the risks to the public at large outweigh the advantage of having such back doors available to legitimate authorities. What if the codekey sequence used to activate the alternative access method became known due to a security leak (disgruntled Lotus employee or government agent, espionage, etc)? Lotus would then need to issue a binary patch to change the codekey (at their expense, no doubt). Customer confidence in the product would sag and businesses would begin to question the security of their own supposedly encrypted software. If I were running a business and knew that a product I was evaluating had a built-in back door, it would end my interest in the product. > Encryption of files and communications is going to make it much more > difficult, and in some cases impossible, for law enforcers to get > evidence needed for conviction. Unless we want a society with greater > crime, we need to find some way of meeting both our needs for > information security and our needs for law enforcement. Then we can > cheer. My cheer was in regard to Lotus' refusal (well, they *said* they refused) to blindly install a security hole in their most successful product simply because a government agency said "please do it." Knowing that acquiescence to such a demand was a violation of the trust placed in Lotus products by their customers, they did the "right thing" and said "no." I agree that some balance needs to be stuck, but the scales must not be tilted to the needs of law enforcement at the expense of the public. Given some recent incidents (such as "Operation Sun Devil," which nearly put a legitimate business into bankruptcy due to the actions of paranoid and uninformed agents) it seems obvious to me that few Federal agencies currently possess the basic skills needed to differentiate between criminals and "fringe groups" such as gamers and hackers whose participation in society is outside the "norm" of American experience. The subject of "Computing and the Law" is one that is just beginning to make an impact on society, and both the public and the government need to feel through the tangle of issues that surround it. We must not make the mistake of infringing on privacy simply to deter crime, since this will establish legal precedents that could easily become Draconian in their use if unchecked. Dick Joltes, Harvard University Science Center joltes@husc.harvard.edu Hardware & Networking Manager, Computer Services joltes@husc.bitnet
Re: The FBI and Lotus cc:Mail
Dorothy Denning <denning@cs.cosc.georgetown.edu>
Wed, 3 Feb 93 12:03:53 EST
Dick Jotes, responding to my response to his post on cc:Mail, says:
The key word here is "allowed." As we've seen with such
scandals as Watergate and Iran-Contra, what is allowed by law
and what is actually done sometimes are two different things.
What is to stop an agency from conducting an initial covert
search of a person or corporation's records, then requesting
the warrant after they find questionable or illegal material?
Dorothy's comments presuppose that all operatives within all
governmental bodies are completely honest. While I would say
I do not assume that everyone in government is totally honest. Rather,
I acknowledge that the American system of government has extensive
mechanisms to protect against abuses, including the illegality of
breaking into someone's system or conducting a search without a
warrant, Congressional oversight committees and hearings, and the use
of the media to expose abuses.
What if the codekey sequence used to activate the alternative
access method became known due to a security leak (disgruntled
Lotus employee or government agent, espionage, etc)? Lotus
would then need to issue a binary patch to change the codekey
(at their expense, no doubt). Customer confidence in the
product would sag and businesses would begin to question the
security of their own supposedly encrypted software.
Customer confidence is an important concern, but since we don't know
exactly what the FBI requested of Lotus, we don't know what
vulnerabilities might exist and whether businesses would accept
whatever risks might be present.
I agree that some balance needs to be stuck, but the scales
must not be tilted to the needs of law enforcement at the
expense of the public. Given some recent incidents (such as
The public needs law enforcement. This is not the public vs. law enforcement.
"Operation Sun Devil," which nearly put a legitimate business
into bankruptcy due to the actions of paranoid and uninformed
If you're referring to Steve Jackson Games, it was not part of the Sun Devil
investigation (which was about toll fraud and credit card fraud).
agents) it seems obvious to me that few Federal agencies
currently possess the basic skills needed to differentiate
between criminals and "fringe groups" such as gamers and
hackers whose participation in society is outside the "norm" of
American experience.
Please don't make such sweeping generalizations based on one case or
even a few. There have been hundreds (probably thousands) of cases
that have been handled extremely well.
The subject of "Computing and the Law" is one that is just
beginning to make an impact on society, and both the public and
the government need to feel through the tangle of issues that
surround it. We must not make the mistake of infringing on
privacy simply to deter crime, since this will establish legal
precedents that could easily become Draconian in their use if
unchecked.
I agree that this is a difficult issue that needs to be sorted out. I also
argue that we need to find ways to satisfy both our need to control crime and
our need for privacy & security. None of these needs will be or indeed can be
satisfied in an absolute way. The challenge is to find ways that keep the
risks at acceptable levels.
Dorothy Denning
Re: The FBI and Lotus cc:Mail
Dorothy Denning <denning@cs.cosc.georgetown.edu>
Thu, 4 Feb 93 16:39:43 EST
I talked with a knowledgeable person in FBI Headquarters whom I know and trust about the claim that they asked Lotus to put a "back door" into the encryption system of Notes. He was confident that Headquarters had not made any such request of Lotus and was surprised to hear about it. He did not know if someone in one of the field offices might have asked Lotus for help in conjunction with a specific investigation. Dorothy Denning
Re: The FBI and Lotus cc:Mail
<joltes@husc.harvard.edu>
Fri, 5 Feb 93 9:16:39 EST
There should be additional information on its way to RISKS about this subject (from another source). Employees of Lotus were involved in meetings with the FBI held under the auspices of the EFF over the past 18 months. Several proposed bills were discussed and tabled. We have it from one of the employees who was actually involved. It is not surprising that Dorothy's source knew nothing (if true) of the contacts. Stratification and compartmentalization within federal organizations is not uncommon, with the result that groups within the same agency do not know of the activities of others. Dick Joltes joltes@husc.harvard.edu
With Regard to Lotus Notes and the FBI...
Peter Wayner <pcw@access.digex.com>
Tue, 2 Feb 1993 23:36:50 -0500
{This is the text of a letter to me from Ray Ozzie, one of the developers of
Lotus Notes. He said it was okay to forward this to comp.risks to clarify the
recent posting about the FBI's involvement with Lotus. I believe that the
details of the interaction are much less ominous in this rendition and more
importantly it comes from the head developer's mouth. -PCW}
The message entitled "The FBI and Lotus cc:Mail" is not entirely correct,
although it is correct "in spirit".
As one of the developers of Notes, I have represented Lotus twice regarding
FBI proposals. In the first (about 18 months ago), the FBI was trying to
persuade Congress to pass a law requiring communication service providers to
deliver the original plain text of messages entering their systems, in
essence requiring us to install a back door. Lotus was not approached by the
FBI - rather, the EFF learned of the bill and asked me to participate in a
round-table discussion with lawmakers and others from the telecommunications
and computer industries. The bill was tabled shortly thereafter.
Last year, we again participated in several discussions with the FBI related
to a new proposal that would have required manufacturers of communication
equipment and services to modify their products (in this case, Lotus Notes)
to be able to, on demand and in a timely fashion and from a single access
point, grant the FBI access to communications. This new law would not
require us to install a backdoor, that is, they took the issue of encryption
off the table, but would instead require us to install logic into our message
routers to disable dynamic adaptive least-cost path routing and also to
disable code that breaks messages into packets for transmission on different
virtual circuits. It would also require us to put logic into the message
routers to deliver copies of messages to a central monitoring point from
anywhere in the network. This FBI plan has also been tabled.
If it weren't for the Electronic Frontier Foundation, we never would have had
a chance to participate. EFF and the CPSR are providing a great service for
our industry, which has a pitifully small lobbying presence in Washington.
Neither Lotus nor Lotus Notes was singled out by the FBI, rather, I
represented Lotus voluntarily in order to defend Lotus' commercial
interests. Additionally, I was compelled to attend because I believe very,
very strongly in my right to privacy as a US citizen.
On the other hand, the FBI has a very difficult job to do, and with the
onslaught of technology, it fears that it may soon lose its longstanding
authority to carry out court-ordered wiretaps. Valid wiretaps - ones that
you would probably agree with. From their perspective, why can't a technical
solution be found to what appears to be a technical problem?
From my perspective, though, the cat's out of the bag. It's already very
easy for the average joe to do effectively unbreakable end-to-end encryption
of messages on standard PC hardware. Passing laws won't stop bad guys from
using encryption, so these laws will just have the effect of increasing the
cost of every mail system, every PBX, every LAN router, every cellular phone,
and so on. Not to say what the laws will do to your privacy.
Think about it. And then call the EFF.
Anyone can get your U. of Illinois transcript
Carl M. Kadie <kadie@cs.uiuc.edu>
Sun, 24 Jan 1993 17:47:45 GMT
If you are a student at U. of Illinois, you should know that anyone who knows your social security number and birthday can now see your official transcript. To add insult to injury, if someone does looks at your transcript, *you* will be charged a $5 transcript fee. The administration building, room 100, now has three computer terminals. Anyone can walk up to one and type 1) a social security number 2) a birthday 3) an address If the social security number and birthday match a current student, that student's transcript will be send to the address and that student's account will be charged $5. At the very least, check your university bill. It seems that your only protection is your ability to track down the destination address of an improperly send transcript (assuming the university keeps a record of these addresses). - Carl Kadie = kadie@cs.uiuc.edu =
Phone Company Cleverness
Jon Leech <leech@cs.unc.edu>
25 Jan 1993 21:00:58 GMT
Seen on page 2 (e.g. the part most people throw out) of this month's bill
from Southern Bell:
"Call RightTouch(R) service [to do various things such as
disconnecting your phone or ordering extra-cost services]
....
Please protect your access code: ####"
^ actual 4-digit code printed here
Report problems with the web pages to the maintainer