The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 33

Thursday 18 February 1993

Contents

o Cable freeloaders
Tony Scandora
o Esperanto from a computer error
Philip Brewer
o A "Handy" Risk for AirTravel?
Klaus Brunnstein
o Released GSA Docs Slam FBI Wiretap Proposal
A. Padgett Peterson
o Re: Tapping phones
Fred Cohen
o Re: Joltes Vs Denning
Gary Preckshot
o Mobile phones: "too secure"?
Marc Horowitz
o PLCs : Request for information
Pete Mellor
o User interface at the checkout stand
Rob Slade
o Where's the fire?
Jim Carroll
o Info on RISKS (comp.risks)

Cable freeloaders

Tony Scandora 708-252-7541 <SCANDORA@cmt.anl.gov>
Mon, 8 Feb 1993 12:43:14 -0600 (CST)
Continental Cablevision of Hartford broadcast a special offer of a free
T-shirt during last fall's Holyfield/Bowe fight (14Nov92).  Unlike most pay-
per-view broadcasting, this one did not show up through legitimate decoders.
The ad and its 800 number only showed up when watched through illegal
decoders.  140 freeloaders called the 800 number within minutes of the ad's
broadcast.  Continental sent the T-shirts by certified, return receipt mail,
and then sent them a followup letter reminding them of the federal law (fines
up to $10,000) and demanding a $2000 fine.  [Chicago Tribune, 3 Feb 1993]

Tony Scandora, Argonne National Lab, 708-252-7541
scandora@cmt.anl.gov or scandora@anlcmt.bitnet

    [Also noted by abg@beowulf.EPM.ORNL.GOV (Alex L. Bangs) in
    Newsweek, Feb 15, 1993 ("A Technical Knockout" -- Periscope) and
    mcclella@yertle.Colorado.EDU (Gary McClelland).  Sorry for the
    long delay in getting this issue out.  It was unavoidable.  PGN]


Esperanto from a computer error

Philip Brewer <pbrewer@urbana.mcd.mot.com>
Mon, 08 Feb 93 08:36:36 CST
The following appeared in the November issue of _Esperanto_, the publication
of the Universal Esperanto Association.  (This is my translation from the
original Esperanto.)

> Portugal:  Esperanto from a computer error

> Hans Jankowski (German) was pleasantly surprised when a money-changing
> machine from the bank "Totta and Acores" in the Lisbon airport gave
> him his receipt in Esperanto.  Because the Portuguese Esperanto
> Association was also surprised, Antonio Martins decided to explore.
> It seems that this was probably an error in setting up the computer:
> on installation of the ten-language system, someone mistakenly
> programmed Esp-eranto instead of the Spanish (esp-anol).  So, no one
> congratulate the bank: they would be able to repair the "mistake"!

Their guess as to the origin of the situation certainly sounds plausible to
me, although they apparently did not contact the bank to find out for sure.

Philip Brewer                   pbrewer@urbana.mcd.mot.com
Motorola Urbana Design Center   ...!uiucuxc!udc!pbrewer   Ho mia korv'


A "Handy" Risk for AirTravel?

<brunnstein@rz.informatik.uni-hamburg.dbp.de>
Sat, 6 Feb 1993 15:42:07 +0100
German newspapers report broadly on risks of hand-held telephones used in
flight. Following a report of a new German weekly magazine FOCUS (some sort of
Anti-Spiegel published since mid-January 1993, with some remarkably
well-investigated articles on IT InSecurities), Germany's federal airtransport
authority (Luftfahrt-Bundesamt, LBA in Braunschweig) admitted that major
problems with passengers telephoning with "handy" mobile hend-held telephones
have recently been experienced in some German airplanes.

Newspapers report that hand-held telephones have influenced flight instruments
(e.g. indicating velocity) even in landing approach. An LBA manager
responsible for analysis of flight systems' security mentioned a B737
approaching Hamburg airport under IFR conditions when slope indicator suddenly
began to jump; the pilot interrupted descent and made another (successful)
approach. In som. The LBA manager was quoted to say that if velocity
indicators be adversely affected by some influence of such a "handy"
telephone, the pilot may be tempted to diminish the velocity below the
critical value, with catastrophic influence on the plane.

When contacted by me, this LBA manager refused some overdrawn citations but
admitted that LBA sees serious problems and had warned carriers several times.
Meanwhile, passenger instruction concerning emergency exits etc now also
mentions risk of hand-held telephones which (according to some old German law)
are not allowed to use in-flight. According to him, wires in planes are
traditionally "hardened" against some electromagnetic induction; but the order
of magnitude of such protection (about 3 Volt/meter) is, according to recent
measurements of MBB (part of German Airbus, DASA) significantly lower than the
30 Volt/m which some hand-helds induce. Signal induction may even be worse as
effects of reflections and resonances (which may develop in edges and channels
below the cabin) may well enlarge the effect in a way hardly to measure.

In public debates, such new facts add to the criticism that some overly
computerized systems (e.g. Electronic Flight Management Systems, Fly-by-Wire)
may enlarge in-flight risks. But at least one more advanced technology may
reduce the risk of electromagnetic radiation: German Airbus is preparing to
replace one (of 3) wires for some part of A340 communication (at least
experimentally) by Fly-by-Light connection; in such a system, risk will remain
with opticouplers between electromagnetic and optic parts as well as with
traditional non-optical computers but the lines near the passengers parts will
become immune against electromagnetic effects.

Klaus Brunnstein (Univ Hamburg, February 6,1993)

PS: this year, some of you may have missed my traditional report from Chaos
Conference. Luckily, I was unable to participate, because several participants
independently informed me that NOTHING worthwhile to report happened.
Participation was said to be significantly lower than ever before, and even
some journalists which are CCC's good friends did not report this year.
Moreover, due to very chaotic organisation, CCCs usual electronic articles
were not available for FTP. "Downsizing" CCC seems to be in interesting
contrast to US hackers (2600) which become more active, as visible from the
Pentagon raids.


Released GSA Docs Slam FBI Wiretap Proposal (Banisar, RISKS-14.28)

A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Wed, 20 Jan 93 08:25:20 -0500
We knew there was some intelligence in Washington (contrary to popular
belief), I have encountered many dedicated civil servants who actually
understand the issues despite the pseudo-random efforts of transitory
appointees. The excerpts I have seen of the GSA thoughts demonstrate this.

Actually, on reflection such a law might be a *good thing*. At the moment
the country is in an economic slump and numerous encryption technology
companies are struggling. Think of the benefits to them !

For the 1974 automotive model year the government passed the seatbelt
interlock law that mandated fastening of the seatbelts in occupied front seats
before the automobile could be started. This provided a windfall for a number
of people: those who made the millions of new interlock devices and wiring as
well as those who were paid to disconnect them.

Fortunately some cars were constructed in such a way that a simple connector
disconnect under the seat would allow starting in any condition. Such
forethought !

The simple fact is that such a law is unenforceable and will not have the
desired effect (not that that has ever stopped Washington before), it is simply
too easy to bypass by anyone who cares. We have had plenty of examples of
how-to in both RISKS and PRIVACY (exercise is left to the student).

Not that a few miscreants won't be caught, stupidity is not confined to the
law-abiding, but all such a law does is serve notice that conversations may
be monitored (as they may be now) and a new industry will be born. Those in
on the ground floor will make a few more millions from both sides and business
will continue as usual.

One universal truth in the USA is that *every* new law, good or bad, needed or
unnecessary means another piece of the pork barrel for someone. The line has
undoubtedly already formed.
                        Padgett


Re: Tapping phones

Fred Cohen <fc@turing.duq.edu>
Sat, 6 Feb 93 10:15:46 -0500
    I must strongly disagree that the government needs special
capabilities for tapping phones, decoding transmissions, etc. built into these
systems by the manufacturers.  But perhaps my reasons are very different than
the ones recently stated regarding CC:mail.

    Everyone seems to be arguing the issue from a standpoint of the
government's need to crack down on crime vs.  the civil liberties of the
citizens.  I personally fall heavily on the civil liberties side, but I also
think that historically, we give up civil liberties to fight crime and provide
security.  I find it very hard to understand why cryptography should be an
illegal weapon while hand guns are legal, but then I can't understand how
cigarettes and alcohol can be legal when marijuana and cocaine and penicillin
and RU248 (238?) are illegal.  The point, I guess, is that it is political
power that determines legality and not rationality.  Which brings me to my
point.

    I am concerned that the government acts unfairly toward some companies
and against others based on their size, market share, political affiliations,
etc.  If the government approaches Lotus and not me to make a back door for
them, I think they are unfairly supporting Lotus in favor of me.  It is an
implicit endorsement of Lotus! I want the FBI to offer me hard cash and
government contracts in exchange for putting back doors in my software for
them.  In fact, I think we should require fairness to the extent that if the
FBI wants back doors in any product, they have to make the same deal for all
other products.

    This is not a privacy issue, it is a business issue.  We have the CSPR
and the SPA and other such groups that essentially provide better business
connections for people and support the positions of their constituents.  If
their constituents want to allow a 40 bit RSA to be claimed as `secure', they
support it, even though technically speaking, this is trivial to break - in a
matter of minutes - on a PC!  None of these companies are working for our
privacy, they are working for their profits.  They don't provide secure
encryption because there is no profit in it.  If the FBI can't read these
codes, it's probably not for lack of a back door - it's probably because of a
lack of technical expertise and funding.

    I am eager to hear some of you tell me that there is profit in
security.  What a bunch of malarkey! There may be a little profit in good
security for a few select organizations, but the vast majority of the profit
from security is from the perception and not the reality.  I often hear
companies tell me their cryptosystem is really good because it was approved by
the NSA - they don't mention the words `for export'.  People commonly buy
wordperfect because of it's encryption capability, but this has never been
secure in any way.  In fact, they are buying the wordperfect cracking program
from QUT to read files encrypted by employees who have since left.  PKware
sells authenticated PKzip capability, and people buy it because they want the
perception of integrity, but it is easy to crack, an forged virus-infected zip
files under their newest algorithm have already been shown after only a few
weeks in widespread distribution.

    Now about Lotus.  In my limited personal experience with Lotus, I have
found them to be sincere about providing the best protection they can in their
products, subject to the time constraints placed on them by the market which
values performance over almost everything else.  I think they did the right
thing by claiming to have refused to put in a back door, at least from a
business standpoint.  I also think that if the government offered enough money
in exchange for the back door, Lotus would put it in.  This is not a moral
issue, it is a business issue.

SEMI-HUMOROUS-SEMI-SINCERE-REMARKS-ON

    So if you are a private citizen who wishes to maintain privacy, or a
criminal who wishes not to be caught, there are at least three lessons to be
learned:

    1 - Buy from a small sincere company (like mine) that will (for the
right amount of money) provide source code, and then get that source code
vetted by a different small sincere company (like mine) that will certify the
algorithm, its implementation, and report on its adequacy.  Small companies do
this better because you probably need a real expert for the whole process, and
only the right small company will likely provide this to you.  The second
similar company provides you with the redundancy required for high integrity.

    2 - Security costs time and money.  If you aren't willing to suffer
the consequences, you don't want security! Most people say they want the best
security for the price and performance, but as most real experts know, you
don't get much security unless you get a lot of security.  The average high
school level cracker can break almost every commercial security product in a
matter of a few hours - most in minutes.

    3 - The best encryption in the world won't make you very safe if you
dial into CompuServe (NOTE I AM NOT CITING COMPUSERVE AS AN ACTUAL PERPETRATOR
BUT RATHER AS A CONVENIENT NAME-RECOGNITION IDENTIFIER FOR THE LARGER CLASS OF
SUCH SERVICES) from your PC to send the information.  The FBI could easily
provide the back door in the communications service to enter your PC from your
remote connection and extract your keys, the plaintext of your message, or
maybe even place the back door in your encryption package.  Before you laugh
at the suggestion, note that when a recently introduced communications service
first came on the market, it `accidentally' transmitted private information
from subscribers over the wire.  If it happens accidentally, you know we can
do it on purpose.

SEMI-HUMOROUS-SEMI-SINCERE-REMARKS-OFF

US+412-422-4134     Protection Experts         US+907-344-5164
    FAX US+412-422-4135 -OR- 907-344-3069 24 hours - 7 days


Re: Joltes Vs Denning

"Gary Preckshot" <Gary_Preckshot@lccmail.ocf.llnl.gov>
9 Feb 1993 12:50:46 U
For all the fur that's in the air, the participants in this discussion give
naive trust to the assumption that "there's all this crime the FBI has to stop"
without ever considering whether you could reduce the amount of crime by
changing the law.  It's a classic risk, and it has been exploited by Hitler,
Mussolini, Bismark, Saddam Hussein, and Torquemada, to name a few.  You state
it thus, filling in the blanks to suit your particular needs:

"Our cause is just, therefore we must ......"

Nonsense.  Damn little deserves this kind of credulity, certainly not the
performance of the FBI, the DEA, and the Federal Government.  The
Joltes-Denning twain argue nits about how to stem a legal trickle while we are
inundated by breaches of reason.

Gary


Mobile phones: "too secure"?

Marc Horowitz <marc@Athena.MIT.EDU>
Sun, 07 Feb 93 01:14:11 EST
`The Sunday Times',  31 January 1993.   Main section, p. 12.  (Home News)

SPYMASTERS ORDER REDESIGN OF `TOO SECURE' MOBILE PHONES  by Christopher Lloyd

[Cartoon of a ridiculous mobile handset with various antennaea and dishes
protruding.  It is being held by a dismayed, purple-suited, man whilst a
sign reads: "New! GCHQ-approved mobile phone".]

  The next generation of mobile telephones has proved so secure against
tapping that it is to be made less safe on the advice of the intelligence
services.  The phones, based on coded digital technology, will have their
technology modified so that spies can continue to eavesdrop on private
conversations.

  The changes, ordered by a European Community (EC) telecommunications
committee in Brussels, are being made at the insistence of European
governments, including Britain's.  They fear that surveillance operations
against drug barons, the criminal underworld and foreign powers could be
undermined.

  Digital mobiles phones, based on a system called GSM, are already
replacing standard analogue networks across the world. They are equipped
with a sophisticated scrambling code called A5, offering protection from
interception equivalent to many military systems.

  It is this code that is to be replaced by one called A5X, to allow
undercover eavesdropping to continue.

  Last week a Department of Trade and Industry spokesman confirmed changes
were being introduced to make it easier for security agencies - ranging
from GCHQ, the British government's listening post near Cheltenham, to the
FBI in America - to eavesdrop.

  "Alternative coding is being developed for the reasons you have outlined,"
he said.  "There is a general desire for this among the governments of
Europe."

  The department, which issues export licenses for the phones, is
particularly concerned that the original A5 technology should not be sold
to countries that may adapt it for military applications.

  In America, the FBI has voiced similar concern.  Nestor Michnyak,
spokesman for the FBI headquarters in Washington, said that digital
technology was advancing so fast that counter-surveillance was in danger
of being undermined.

  "We are trying to get companies and manufacturers to work with us to allow
us to maintain the surveillance operations we have undertaken since the late
1960s," he said.  "All we are asking is to be able to continue to do what we
are currently doing and we want the same access we are having now."

  Manufacturers of GSM mobile phones will be forced to adapt products to
work with the new codes.  Motorola, one of the leading makers of the
digital mobile handsets, complained that costs may rise as a result.

  "We are flying blind here," said Larry Conlee, the assistant general
manager of Motorola's European cellular division.  "The GSM system has
ended up more secure than it should have been for the commercial market
and now we're trying to recover from it."

  Vodafone, Britain's largest analogue mobile phone company, which has
already installed 250 GSM base stations covering 50% of the UK population,
said its network will need to be adapted to accept the new codes.

  "Government authorities have made it known that they don't want this
high level of encoding," said Mike Caldwell, the spokesman for Vodafone.

  Caldwell said the problem with the original system was that it would
take security services weeks rather than minutes to decode the
conversations they wanted to bug.  Despite the changes, it will be still
virtually impossible for any amateur eavesdropper to intercept calls made
on the digital mobile phones.

===============

        Transcript of an article in New Scientist, 30 Jan 1993

Spymasters fear bug-proof cellphones
(Barry Fox, Bahrain)

One of the jewels of Europe's electronics industry, the new all-digital
cellular phone system GSM, may be blocked from export to other countries
around the world by Britain's Department of Trade and Industry. The DTI
objects to the exports because it believes the encryption system that GSM uses
to code its messages is too good.  Sources say this is because the security
services and military establishment in Britain and the US fear they will no
longer be able [to] eavesdrop on telephone conversations. Few people believe
GSM needs such powerful encryption, but the makers of GSM complain that the
DTI has woken to the problem five years too late.

At MECOM 93, a conference on developing Arab communications held in Bahrain
last week, many Gulf and Middle Eastern countries sought tenders for GSM
systems, but the companies selling them could not agree terms without the
go-ahead of the DTI. Qatar and the United Arab Emirates want to be first with
GSM in the Gulf, with Bahrain next. GSM manufacturers are worried that the
business will be lost to rival digital systems already on offer from the US
and Japan.

The Finnish electronics company Nokia, which is tendering for Bahrain's GSM
contract, says "There is no logic. We don't know what is happening or why." A
DTI spokeswoman would only say that exports outside Europe would need a
licence and each case would be treated on its own merits.

The GSM system was developed in the mid-1980s by the Groupe Special Mobile, a
consortium of European manufacturers and telecommunications authorities. The
technology was supported by European Commission and the GSM standard has now
been agreed officially by 27 operators in 18 European countries.

GSM was designed to allow business travellers to use the same portable phone
anywhere in Europe and be billed back home. This is impossible with the
existing cellphone services because different countries use different analogue
technology.

The plan was for GSM to be in use across Europe by 1991, but the existing
analogue services have been too successful. No cellphone operator wants to
invest in a second network when the first is still making profits. So GSM
manufacturers have been offering the technology for export.

Whereas all existing cellular phone systems transmit speech as analogue waves,
GSM converts speech into digital code. Foreseeing that users would want secure
communications, the GSM designers built an encryption system called A5 into
the standard; it is similar to the US government's Data Encryption Standard.
British Telecom was involved in developing A5, so the British government has
special rights to control its use.

To crack the DES and A5 codes needs huge amounts of computer power.  This is
what alarmed the FBI in the US, which wants to be able to listen in to
criminals who are using mobile phones. It also alarmed GCHQ, the British
government's listening post at Cheltenham which monitors radio traffic round
the world using satellites and sensitive ground-based receivers.

The DTI has now asked for the GSM standard to be changed, either by watering
down the encryption system, or by removing encryption altogether. This means
that GSM manufacturers must redesign their microchips. But they cannot start
until a new standard is set and the earliest hope of that is May.

Any change will inevitably lead to two different GSM standards, so robbing GSM
of its major selling point -- freedom to roam between countries with the same
phone. Manufacturing costs will also rise as new chips are put into
production.


PLCs : Request for information

Pete Mellor <pm@cs.city.ac.uk>
Sat, 6 Feb 93 19:00:50 GMT
As part of a research project, I would like to find out about Programmable
Logic Controllers (PLCs), of the sort frequently used for real-time control
of industrial plant.

I require information about the hardware and software, any fault-tolerant
architectural features, methods of program development, reports on their
use, etc.

Information would be particularly welcome from anyone who has worked with
PLCs, but any odd stories or references would be useful.

The result will probably be a project report (or two) on the application of
PLCs in the control of safety-critical systems. This report will be in the
public domain, but if requested I will treat sources as confidential and
not attribute the information in the report.

Many thanks. Please address any responses to me personally, not to RISKS.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk


User interface at the checkout stand

"Rob Slade, DECrypt Editor, 604-984-4067" <roberts@decus.arc.ab.ca>
6 Feb 93 20:13 -0600
About two months ago I was permitted to accompany my wife on an expedition to
the fabric store.  Our final transaction, involving a credit card, was a
source of no small confusion to the clerk at the till.  He punched all the
requisite buttons, but was unhappy with the result.  Finally, though, he
punched the transmit button.  Apparently he was no happier with this new
result, since he (mentally) ran over the process again before again punching
the transmit button.

Still unhappy, he asked help from a co-worker, who quizzed him on the process.
Satisfied that he had no, in fact, made an error, *she* punched the transmit
button, and was no happier than he with the result.  The manager, was brought
in, and was still not any happier after she (the manager) had punched transmit.
The situation was resolved when someone remembered to turn on the printer
attached to the "swipe" unit.

I was reminded of this yesterday. Why?  The credit card statement came with,
you guessed it, four copies of the same billing.

Risks?  The unit apparently was indicating an error, but did not give any
indication as to what that error was.  The procedure had a "fault", but was
allowed to proceed without a vital component.  (The printed receipt, signed
by the customer, is, in fact, the only legal proof of the transaction.  yes,
I do know that the existence of the credit card record is a "presumption of
evidence" of the transaction.)  Finally, even though the transaction was only
entered once, the unit still submitted four confirmed "billings", with only
the transmit key being hit again.  I find it odd that the transaction, having
been transmitted, would not be cleared from the "till-side" unit in order
to prevent such accidental duplicates.


Where's the fire?

Jim Carroll <jcarroll@jacc.com>
Mon, 8 Feb 1993 08:22:14 -0500
On the evening of Feb. 2nd my wife and I were woken up by sounds out on the
street. My wife struggled out of bed, looked through the venetian blinds, and
screamed at me to put on my glasses and come to the window.

The house across the street was on fire. This was no, small, contained fire :
the entire, complete structure was up in flames. I was quoted in the press
days later as saying that the flames were over fifty feet high; I still don't
think this is an exaggeration.

It was a stunning and disturbing site : so much so, that we have slept only
fitfully since then. The house was completely destroyed. Fortunately, the
owner escaped.

What makes it all the worse is that it quickly became apparent that the fire
department was not responding! For what seemed like an eternity, the fire
burned out of control, with only a lone police officer on the scene.
Eventually, the fire department arrived and began to do their work. As the
neighbours congregated in shock outside, the story began to circulate that 'it
took the fire department 22 minutes to get here', and that 'they went to the
wrong address'.

It turns out that when the operator at 911 received the call, Birchwood was
punched into the computer. The system listed Birchwood Heights Drive first, a
street a good 5 miles away! from our location. Tragically, the operator
selected that location, and a full response team of 6 pumpers and trucks was
sent. Meanwhile, the fire on Birchwood Drive continued to rage out of control.

My neighbour across the street called three times, since it became evident
that something was wrong when the fire department was not there within five
minutes (being only about 1 mile away.) They realized their mistake within
10-12 minutes, after the third call (and after obviously seeing that there was
no fire on Birchwood Heights Drive!)

The Mississauga Fire Department has apologized to the owner of the destroyed
property (estimates of loss are $1/2million or higher), and has promised to
review it's dispatch procedures.

Surely the system can be programmed to provide a second confirmation for
streets that are phonetically similar? Surely something can be done with the
system configuration to avoid this easy but tragic mistake?

Jim Carroll, J.A. Carroll Consulting, Mississauga, Ontario, Canada
             jcarroll@jacc.com       +1.416.855.2950

Please report problems with the web pages to the maintainer

Top