The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 74

Tuesday 6 July 1993

Contents

o Major New York Telephone outage: cable cut in Mount Vernon
John Hawkinson
o Another mobile phone RISK hits "Sunset Boulevard"
Jonathan I. Kamens
o German Bundestag microphones STILL not working
Debora Weber-Wulff
o Strasbourg A320 crash: "Pilot Error" - Official!
Pete Mellor
o The great bancard network breakdown
Bertrand Meyer
o UK National Savings "computer problem"
Jonathan Bowen
o An extreme risk of poor computer security
Ross Anderson
o 2 Men Arrested in Bogus Connecticut ATM Fraud
PGN
o Digital Signature Patents
Noah Friedman
o Info on RISKS (comp.risks)

Major New York Telephone outage: cable cut in Mount Vernon

John Hawkinson <jhawk@Panix.Com>
1 Jul 1993 00:06:21 -0400
According to New York Telephone, there has been a cut trunk (cable) in Mount
Vernon, NY, causing a major service disruption. The estimated time for
completion of repair is 5:00pm Friday! The disruption has the following
effects:

*   A large number (all?) of 914 (Westchester, including Yonkers,
    White Plains, etc.)  numbers are unreachable from 212 (and
    perhaps other places). You get an ``all circuits busy'' message.

*   A large number (all?) of 212 numbers are unreachable
    from most of 914. You just get a fast busy.

*   At least some 914 numbers are unreachable from 914. Again, just
    a fast busy. This might be dependent on your switch (my switch,
    which covers 914-969 and some others, is a 1AESS).

*   Many phone services are unreachable from 914 (for me, at least),
    such as 411 and 555-1212 (directory assistance), 0 (the local
    operator), 211 (automated/manual credit), and in some instances,
    611 (repair). I was successful getting through to repair via
    890-6611, once, and via 611 once.

As I said above, New York Telephone's latest estimate is that the problem will
be repaired by 5:00pm Friday. Apparently a construction firm cut a trunk
(perhaps more than one) to cause this problem.

To go around the problem, you should be able to route your calls through AT&T,
MCI, Sprint, or another long distance company, by dialing

    10XXX-1-nnn-mmm-mmmm

Where 10XXX is a carrier access code, like:

    10288 for AT&T
    10333 for Sprint
    10222 for MCI
and 10698 for NYTelephone (ha, ha)

nnn is the area code (might not be necessary if you're in the same area code
as the number you're trying to reach), and mmm-mmmm is the phone number
(exchange and unit #).

Followups to ny.general, please.

John Hawkinson, jhawk@panix.com


Another mobile phone RISK hits "Sunset Boulevard"

"Jonathan I. Kamens" <jik@gza.com>
Fri, 2 Jul 93 16:35:44 -0400
(Quoted from the "Names & Faces" column, by Michael Blowen, in the
Friday, July 2, 1993 edition of The Boston Globe.  I believe this is a
short enough excerpt to constitute "fair use.")

Moving sets a musical mystery

The British opening of Andrew Lloyd Webber's $5 million musical, "Sunset
Boulevard," was delayed 13 days because the scenery was mysteriously shifting
on its own, as if -- dare we say it? -- there was a Phantom of the Theater.
Webber discovered the glitch when he visited the theater.  "I made a call on
my mobile phone and the set moved," he told The New York Times.  "I made a
second call and it moved again."  Hydraulic valves powering the sets were
apparently touched off the the transmissions.

     [The RISKS Archives include a performance of A Chorus Line attended
     by President Ford that was plunged into darkness by a Secret Service
     walkie-talkie, wiping out the lighting board CMOS memory.  PGN]

(Although it's not exactly a RISK, the following tidbit appears right before
the one given above, and is perhaps worth mentioning because many RISKS
readers will probably find it amusing:

Making a ruckus about silence

IBM wants a little credit for a room of quiet.  The computer giant has applied
to the Guinness Book of Records to get its echoless test chamber that
eliminates 99.99 percent of noise listed as the quietest place on Earth.
"With the door closed, this place is quieter than a morgue," said Bob Waters,
an IBM acoustical engineer.  Sound-absorbing fiberglass wedges cover the
room's concrete walls, door and ceiling.  IBM uses its chamber in Boca Raton
for testing computer equipment.  The "dead room" at Bell Telephone System
laboratory in Murray Hill, N.J., holds the quietest-room record, according to
the 1992 Guinness book.  It eliminates 99.98 percent of noise.

Jonathan Kamens         Geer Zolot Associates           jik@GZA.COM


German Bundestag microphones still not working [RISKS-14.19]

Debora Weber-Wulff <dww@math.fu-berlin.de>
Thu, 24 Jun 1993 07:15:24 GMT
Hopes that the new chamber for the German parliament, the Bundestag, would be
ready before the summer break have not been fulfilled. The computer controlled
microphone system did not work as expected. The Tagespiegel in Berlin
gleefully printed a picture this morning of the current testing in progress:
to simulate a "full house" the company has put empty cardboard boxes at each
place. [Can we deduce from this that if they now get it to work, the
parliamentarians are analogous to empty boxes :-) ? -dww] It seems a major
problem in the previous system was that it was only tested in the empty
chamber.

Debora Weber-Wulff, Professorin fuer Softwaretechnik, Technische
Fachhochschule Berlin, FB Informatik, Luxemburgerstr. 10, 13353 Berlin,


Strasbourg A320 crash: "Pilot Error" - Official!

Pete Mellor <pm@csr.city.ac.uk>
Mon, 28 Jun 93 12:16:47 BST
In France-Soir of Monday 10th May (which was recently sent to me by a friend)
there is a report that the Commission of Enquiry into the crash of an A320
near Strasbourg on 20th January 1992 is about to deliver its final report.
(Given the date of the report, it has probably already done so.)

The conclusion on the cause of the accident is "pilot error".

The main error was the confusion of the "flight-path angle" (FPA) and
"vertical speed" (V/S) modes of descent, selected on the Flight Management and
Guidance System (FMGS) console. The pilots were inadvertently in V/S when they
should have been in FPA mode.

The error was not noticed on the console itself, due to the similarity
of the number format display in the two modes. The other cues on the
Primary Flight Display (PFD) screen and elsewhere (e.g., altitude and
vertical speed indicator) were not noticed since the pilots were
overloaded following a last-minute change of flight plan, and presumably
were concentrating on the Navigational Display.

The actions of the ATC did not help the situation.

The result was that the aircraft descended at a vertical speed of
1100 metres/minute when it was only 1500 metres above the terrain.

Following the accident, the rescue teams took 2 hours to find the crash
site, which probably led to the deaths of between 6 and 20 passengers who
had survived the impact, and could have been saved by prompt attention.

This in turn was partly due to chaotic organisation, plus the fact that the
emergency radio beacon was destroyed on impact.

Further details when I have had time to translate the report properly, or
get hold of a copy of the final report.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@csr.city.ac.uk


The great bancard network breakdown

Bertrand Meyer <bertrand@eiffel.com>
Wed, 30 Jun 1993 11:22:28 -0700
The following is excerpted from Le Monde dated Tuesday, 29 June 1993,
page 18. Translation and ellipses by Bertrand Meyer.

        A Black Week-End for Automatic Teller Machines

            THE GREAT BANKCARD NETWORK BREAKDOWN

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Background (from the end of the article)

  [All bankcards issued in France, but in France only, now have
  a built-in chip.] The famous [bankcard chip] has suffered many
  infantile problems. And for several months the Anglo-Saxon press
  has criticized French merchants, who sometimes reject foreign
  bankcards under the pretext that they don't have a chip.

    [Note by BM: I have a ``foreign'' card but have not
    encountered such a problem.]
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now for the recent incident:

  Last week-end was tough for many of the 21 million French people who
  have a bankcard. They had the unpleasant surprise of being almost
  unable to use it on Saturday the 26th and Sunday the 27th, whether
  to withdraw money from ATMs or to pay merchants. All because the
  computers in charge of authorizing payments to close to 40% of
  current cards were down for almost thirty hours. The loss to
  businesses, already hurt by the recession, is hard to evaluate; but
  the French bankcard system, touted as a little marvel of technology
  and safety, has just shown its limits.

  [...] The collapse was caused by a breakdown of the Sligos company's
  computers, which manage withdrawal and payment authorizations for
  close to half of the cards.

  Banks such as BNP and Societe Generale, which have their own computer
  servers for bankcard processing, were not affected.

  [Several paragraphs describe how various businesses tried to cope
  with the problem, with examples from Air France, Eurodisney etc.]

  On an average day transactions amount to five million operations
  amounting to 2 billion francs.

  The bankcard system has been presented as a symbol of the edge that
  French banks have acquired. What characterizes it in principle is
  both safety, thanks to the built-in chip, and flexibility,
  thanks to the ability for cardholders to withdraw money from
  17,400 ATMs and buy from 520,000 merchants. But the system
  had already shown worrying signs of fragility. Last autumn [...]
  some operations were charged twice.

  The history of bankcards in France goes back to the beginning
  of the seventies with the creation of the GIE [consortium]
  ``Carte Bleue'', followed in 1984 by another GIE called Carte
  Bancaire [Bank Card]. [...] In ten years of constant investments
  amounting to several billion francs, the little plastic card
  has acquired a hologram and a chip and [...] has become indispensable.

  It seems incredible, then, that safety and relay mechanisms, as
  present in all sensitive computer systems, were not able to prevent
  last weekend's giant breakdown. Aside from a few isolated cases
  [DETAILS PLEASE! BM] the 30-hour service interruption has not had
  any really tragic consequences; it could have if the system's
  functioning had been interrupted for a longer period. One
  may indeed wonder whether the forced-march development of electronic
  money, ``monetics'', does not put a country's economy at the mercy
  of a breakdown. Last year more than two billion operations were
  performed in France with bankcards, for a total amount of 718 billion
  francs, 475 billion for payments and 243 billion for withdrawals.


UK National Savings "computer problem"

<Jonathan.Bowen@prg.ox.ac.uk>
Thu, 24 Jun 93 15:55:22 BST
Yesterday I received a printed letter from the UK government National
Savings Deposit Bonds centre:

  Dear Customer,

  I am sorry to tell you that the  most recent Anniversary Certificate
  you received for this bond is incorrect.

  The Deposit Bond interest rate changed from 8% to 7% on 26 December
  1992.  But because of a computer problem this change was not
  reflected on your certificate. So the amount of interest and the bond
  value shown are higher than they should be.

  I enclose a replacement certificate ...

I suspect this letter and replacement certificates must have been sent to a
great many people. As usual the computer rather than the programmer is blamed
for the error.  It's a hard life with not much redress being a computer!

Jonathan Bowen, Oxford University


An extreme risk of poor computer security

<Ross.Anderson@cl.cam.ac.uk>
Tue, 22 Jun 1993 16:11:19 +0100
A couple of weeks ago, Michelle and Lisa Taylor were acquitted (on appeal) of
the murder of Alison Shaughnessy. This judgment freed them from serving life
imprisonment.

An automatic teller machine transaction (since believed to have been a fraud
or a processing error) placed the sisters near the scene of this murder. The
police did the rest; the appeal court found that they had framed the sisters,
and had deliberately suppressed a witness statement which cleared them (this
witness had stated that one of the two suspects seen leaving the scene of the
crime was black, while the Taylors are white). Thus Michelle and Lisa ended
up being convicted of murder in the lower court.

During the appeal, their counsel did not raise the issue of the bogus ATM
transaction which caused the trouble, as he was already accusing the police of
lying about the evidence and did not want to complicate matters by accusing
the banking industry of lying too.

Nonetheless the story is now out, and it shows that the risk of poor computer
security at your bank is not just a financial one.

Ross Anderson, University Computer Laboratory
Pembroke Street, Cambridge CB2 3QG, England  rja14@cl.cam.ac.uk


2 Men Arrested in Bogus Connecticut ATM Fraud (RISKS-14.59 et seq.)

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 6 Jul 93 11:34:29 PDT
Alan Scott Pace, 30, and Gerald Harvey Greenfield, 50, were arrested on
charges of credit card fraud, wire fraud, interstate transportation of stolen
property, and conspiracy to commit a felony.  Mr. Greenfield was also charged
with bank fraud.  (The planting of a bogus ATM in the Buckland Hills Mall in
Manchester, Connecticut, was reported in RISKS-14.59.)  Their arrest on 29
June was based on routine films of their having used genuine ATMs from which
they allegedly withdrew more than $100,000, from the accounts whose numbers
and PINs their Trojan-horse ATM had captured.  Also seized were software,
three handguns, bank-network stickers, a police scanner, and equipment to make
phony bank cards, credit cards and passports.  [Source: Article by Ari L.
Goldman, N.Y. Times, 30 June 1993, B6.]

New Hampshire subsequently informed Connecticut that Pace was wanted in New
Hampshire for a string of nine jewelry scams in 1987.  He had been under
indictment in 1989 for running a fake jewelry store, but never showed up for
arraignment.  [From an AP item in the Boston Globe, 2 Jul 1993, p. 19.]


Digital Signature Scandal

Noah Friedman <friedman@gnu.ai.mit.edu>
Mon, 28 Jun 1993 07:48:33 GMT
[The following is an official announcement from the League for Programming
Freedom.  Please redistribute this as widely as possible.  [NF]]

   [Taking Noah at his word, several of you forwarded Noah's message to RISKS,
   including Paul Robinson <TDARCOS@MCIMAIL.COM>,
   Roland B Roberts <ROBERTS@curie.nsrl.rochester.edu>,  and
   Sarah_M._Elkins.Wbst139@xerox.com. PGN]


                   Digital Signature Scandal

Digital signature is a technique whereby one person (call her J. R. Gensym)
can produce a specially encrypted number which anyone can verify could only
have been produced by her.  (Typically a particular signature number encodes
additional information such as a date and time or a legal document being
signed.)  Anyone can decrypt the number because that can be done with
information that is published; but producing such a number uses a "key" (a
password) that J. R. Gensym does not tell to anyone else.

Several years ago, Congress directed the NIST (National Institute of Standards
and Technology, formerly the National Bureau of Standards) to choose a single
digital signature algorithm as a standard for the US.

In 1992, two algorithms were under consideration.  One had been
developed by NIST with advice from the NSA (National Security Agency),
which engages in electronic spying and decoding.  There was widespread
suspicion that this algorithm had been designed to facilitate some
sort of trickery.

The fact that NIST had applied for a patent on this algorithm engendered
additional suspicion; despite their assurances that this would not be used to
interfere with use of the technique, people could imagine no harmless motive
for patenting it.

The other algorithm was proposed by a company called PKP, Inc., which not
coincidentally has patents covering its use.  This alternative had a
disadvantage that was not just speculation: if this algorithm were adopted as
the standard, everyone using the standard would have to pay PKP.

(The same patents cover the broader field of public key cryptography,
a technique whose use in the US has been mostly inhibited for a decade
by PKP's assiduous enforcement of these patents.  The patents were
licensed exclusively to PKP by the Massachusetts Institute of
Technology and Stanford University, and derive from taxpayer-funded
research.)

PKP, Inc. made much of the suspect nature of the NIST algorithm and
portrayed itself as warning the public about this.

On June 8, NIST published a new plan which combines the worst of both
worlds: to adopt the suspect NIST algorithm, and give PKP, Inc. an
*exclusive* license to the patent for it.  This plan places digital
signature use under the control of PKP through the year 2010.

By agreeing to this arrangement, PKP, Inc. shows that its concern to protect
the public from possible trickery was a sham.  Its real desire was, as one
might have guessed, to own an official national standard.  Meanwhile, NIST has
justified past suspicion about its patent application by proposing to give
that patent (in effect) to a private entity.

Instead of making a gift to PKP, Inc., of the work all of us have paid for,
NIST and Congress ought to protect our access to it--by pursuing all possible
means, judicial and legislative, to invalidate or annul the PKP patents.  If
that fails, even taking them by eminent domain is better (and cheaper in the
long run!) than the current plan.

You can write to NIST to object to this giveaway.  Write to:

Michael R. Rubin
Active Chief Counsel for Technology
Room A-1111, Administration Building,
National Institute of Standards and Technology
Gaithersburg, Maryland 20899
(301) 975-2803.

The deadline for arrival of letters is around August 4.

Please send a copy of your letter to:

League for Programming Freedom
1 Kendall Square #143
P.O.Box 9171
Cambridge, Massachusetts 02139

(The League for Programming Freedom is an organization which defends
the freedom to write software, and opposes monopolies such as patented
algorithms and copyrighted languages.  It advocates returning to the
former legal system under which if you write the program, you are free
to use it.  Please write to the League if you want more information.)

Sending copies to the League will enable us to show them to elected
officials if that is useful.


This text was transcribed from a fax and may have transcription
errors.  We believe the text to be correct but some of the numbers
may be incorrect or incomplete.

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 ** The following notice was published in the Federal Register, Vol.
           58, No. 108, dated June 8, 1993 under Notices **

National Institute of Standards and Technology

Notice of Proposal for Grant of Exclusive Patent License

This is to notify the public that the National Institute of Standards and
Technology (NIST) intends to grant an exclusive world-wide license to Public
Key Partners of Sunnyvale, California to practice the Invention embodied in
U.S. Patent Application No.  07/738.431 and entitled "Digital Signature
Algorithm."  A PCT application has been filed.  The rights in the invention
have been assigned to the United States of America.

The prospective license is a cross-license which would resolve a patent
dispute with Public Key Partners and includes the right to sublicense.  Notice
of availability of this invention for licensing was waived because it was
determined that expeditious granting of such license will best serve the
interest of the Federal Government and the public.  Public Key Partners has
provided NIST with the materials contained in Appendix A as part of their
proposal to NIST.

Inquiries, comments, and other materials relating to the prospective license
shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology,
Room A-1111, Administration Building, National Institute of Standards and
Technology, Gaithersburg, Maryland 20899.  His telephone number is (301)
975-2803.  Applications for a license filed in response to this notice will be
treated as objections to the grant of the prospective license.  Only written
comments and/or applications for a license which are received by NIST within
sixty (60) days for the publication of this notice will be considered.

The prospective license will be granted unless, within sixty (60) days of this
notice, NIST receives written evidence and argument which established that the
grant of the license would not be consistent with the requirements of 35
U.S.C. 209 and 37 CFR 404.7.

  Dated:  June 2, 1993.

Raymond G. Kammer
Acting Director, National Institute Standards and Technology.

Appendix "A"

The National Institute for Standards and Technology ("NIST") has announced its
intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's
pending patent application on the Digital Signature Algorithm ("DSA").

Subject to NIST's grant of this license, PKP is pleased to declare its support
for the proposed Federal Information Processing Standard for Digital
Signatures (the "DSS") and the pending availability of licenses to practice
the DSA.  In addition to the DSA, licenses to practice digital signatures will
be offered by PKP under the following patents:

          Cryptographic Apparatus and Method ("Diffie-Hellman")
                No. 4,200,770
          Public Key Cryptographic Apparatus and Method
                ("Hellman-Merkle")   No. 4,315,552
          Exponential Cryptographic Apparatus and Method
                ("Hellman-Pohlig")   No. 4,434,414
          Method For Identifying Subscribers And For Generating
                And Verifying Electronic Signatures In A Data Exchange
                System ("Schnorr")   No. 4,995,082

It is PKP's intent to make practice of the DSA royalty free for personal,
noncommercial and U.S. Federal, state and local government use.  As explained
below, only those parties who enjoy commercial benefit from making or selling
products, or certifying digital signatures, will be required to pay royalties
to practice the DSA.

PKP will also grant a license to practice key management, at no additional
fee, for the integrated circuits which will implement both the DSA and the
anticipated Federal Information Processing Standard for the "key escrow"
system announced by President Clinton on April 16, 1993.

Having stated these intentions, PKP now takes this opportunity to publish its
guidelines for granting uniform licenses to all parties having a commercial
interest in practicing this technology:

First, no party will be denied a license for any reason other that the
following:
          (i)    Failure to meet its payment obligations,
          (ii)   Outstanding claims of infringement, or
          (iii)  Previous termination due to material breach.

Second, licenses will be granted for any embodiment sold by the licensee or
made for its use, whether for final products software, or components such as
integrated circuits and boards, and regardless of the licensee's channel of
distribution.  Provided the requisite royalties have been paid by the seller
on the enabling component(s), no further royalties will be owned by the buyer
for making or selling the final product which incorporates such components.

Third, the practice of digital signatures in accordance with the DSS may be
licensed separately from any other technical art covered by PKP's patents.

Fourth, PKP's royalty rates for the right to make or sell products, subject to
uniform minimum fees, will be no more than 2 1/2% for hardware products and 5%
for software, with the royalty rate further declining to 1% on any portion of
the product price exceeding $1,000.  These royalty rates apply only to
noninfringing parties and will be uniform without regard to whether the
licensed product creates digital signatures, verifies digital signatures or
performs both.

Fifth, for the next three (3) years, all commercial services which certify a
signature's authenticity for a fee may be operated royalty free.  Thereafter,
all providers of such commercial certification services shall pay a royalty to
PKP of $1.00 per certificate for each year the certificate is valid.

Sixth, provided the foregoing royalties are paid on such products or services,
all other practice of the DSA shall be royalty free.

Seventh, PKP invites all of its existing licensees, at their option, to
exchange their current licenses for the standard license offered for DSA.

Finally, PKP will mediate the concerns of any party regarding the availability
of PKP's licenses for the DSA with designated representatives of NIST and PKP.
For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief
Counsel for Technology, NIST, or Public Key Partners.

  Dated:  June 2, 1993.

Robert B. Fougner, Esq.,
Director of Licensing, Public Key Partners,
310 North Mary Avenue, Sunnyvale, CA  94033

[FR Doc. 93-13473 Filed 8-7-93; 8:45 am]

Please report problems with the web pages to the maintainer

Top