The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 42

Tuesday 23 March 1993

Contents

o Her Majesty's Government's missing millions
Pete Mellor
o What a fragile, interconnected world we live in!
David Daniels
o Technological Manipulations in Political Advertising
David Daniels
o Conspiracy trial ends in `Surprise' acquittal
Jonathan Bowen
o RISKS of brain interference
Mich Kabay
o Interference on airplanes
John Sullivan
o Virus Catalog update/New VirusBase
Klaus Brunnstein
o Re: Buy IBM and get fired
Todd W. Arnold
Bennet S. Yee
o RISKS Backlog
PGN
o Eleventh Intrusion Detection Workshop
Teresa Lunt
o Info on RISKS (comp.risks)

Her Majesty's Government's missing millions

Pete Mellor <pm@cs.city.ac.uk>
Fri, 19 Mar 93 10:59:52 GMT
BBC Radio 4 news this morning (19th March 1993):

Sir John Bourne, head of the Government Audit office, stated that an audit of
the Social Fund had revealed that (pounds) 37 million could not be accounted
for.  It appeared that 16 million of this could be ascribed to the "usual"
errors in inputting data to the computer system. The other 21 million was
"lost" due to the incorrect operation of the computer system itself.

The Social Fund is used to make "one-of" payments to people receiving social
benefit, e.g., for the purchase of an essential item such as a cooker. The
failure occurs when such people move from one area to another: the system does
not transfer the record of the payment they have received to the new area, and
the money appears to have been "lost".  It is expected that it will be
possible to trace most of the money.

A Labour MP who chairs one of the Social Benefit committees (sorry, name
and committee not recorded) stated that this sort of problem is all too
frequent, and is due to computers having been introduced too rapidly into
government departments, and to the advice of the government's own computer
experts having been ignored.

[No further details available at present.]

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk


What a fragile, interconnected world we live in!

David Daniels <0004381897@mcimail.com>
Mon, 22 Mar 93 00:04 GMT
NY Times, 3/20 from Dallas, 3/19...

   The collapse of the snow-laden roof of a computer center in Clifton, NJ,
   last Saturday also brought down 5,000 ATM's nationwide, causing
   particularly serious problems in California and Illinois.  The situation
   has left the banking industry and its customers wondering about their
   growing reliance on such machines.

   Some of the questions concern the planning for such emergencies.  The
   computer center's crisis plan called for it to move to a backup site in
   North Bergen, NJ, operated by a company that supplies such
   disaster-recovery services.  That plan was thwarted because the center was
   filled with other computer operators who had been displaced from the World
   Trade Center by last month's bombing.


Technological Manipulations in Political Advertising

David Daniels <0004381897@mcimail.com>
Sun, 21 Mar 93 05:35 GMT
NSF Press Release 93-24, 8 March 1993, contact Mary Hanson (202) 357-9498

             RESEARCHERS UNCOVER "ETHICALLY SUSPECT"
       TECHNOLOGICAL MANIPULATIONS IN POLITICAL ADVERTISING

Most Americans are aware of the potential impact of political ads on their
voting behavior; but many may not realize that a significant percentage of ads
they see on television have been technologically manipulated to create a false
or misleading impression.  Researchers supported by the National Science
Foundation (NSF) analyzed 2,000 ads from the 1952 through the 1992 campaigns
-- primarily at the presidential level -- and found that nearly 15 percent of
them were deliberately distorted.

"We think we've identified a substantial problem that has implications for the
political process," said Lynda Lee Kaid, director of the Political
Communication Center at the University of Oklahoma, who is leading the pilot
project.  "The technology provides an opportunity for candidates to perhaps
abuse the trust that the voters have in our political process."

Along with a panel of ethics experts, Dr. Kaid has analyzed the ways in which
modern computer and audio-video technologies have been used to create
ethically suspect television spots in political campaigns.  Her analysis
uncovered a variety of manipulation techniques, including speeding-up or
slowing down an audio track to make a candidate's voice seem either God-like
or whiny, and distorting video images.  Such manipulations, Kaid said, were
more likely to appear in negative ads than in positive ones.

According to Kaid, distorting video images has become an increasingly popular
technique which she considers ethically "dangerous." "Many of these new
technological devices make it possible to alter images in a way that is not
perceptible to the human eye when they're viewed on television."  For example,
footage can be edited so that a candidate's comments are taken completely out
of context or are used with other footage to portray an entirely different
meaning than originally intended.  Kaid pointed out that, while manipulation
techniques are often used in many kinds of advertising, "we believe it's a
particular problem in political advertising because it has become the major
way in which candidates communicate with voters."

Kaid hopes her research will be used as a defense against unrecognized
manipulation of voter opinion. "We're trying to help voters and the public
recognize these techniques, so they can make better judgments and become
informed consumers of political ads." She plans to create an educational
videotape with her research findings.

In subsequent research phases, Kaid hopes to conduct experimental studies to
determine the extent to which voters are actually misled by manipulation
techniques, or whether they are capable of recognizing the distortions when
they see them.  "We'd like to develop a direct link between the technological
distortions and the actual voter decision-making process so that we can show
whether or not these techniques really do result in an abuse of the political
process."

According to Rachelle Hollander, NSF program director of Ethics and Values
Studies, the research findings point to the need to systematically examine the
impact of political ads on voter behavior, and thus on public policy-making.
"We need to start thinking about how new communications technologies can
influence and persuade...but also can mislead," she said.


Conspiracy trial ends in `Surprise' acquittal

<Jonathan.Bowen@prg.ox.ac.uk>
Fri, 19 Mar 93 18:19:51 GMT
The Thursday 18th March 1993 issue of The Independent newspaper covers the
acquittal of a teenage hacker in the UK in some depth. A front page article
includes the following:

  Conspiracy trial ends in `Surprise' acquittal
  Hacker penetrated MoD [UK Ministry of Defence]

  The teenage hacker acquitted yesterday of conspiracy charges under the
  Computer Misuse Act 1990 gained access to Ministry of Defence computers
  holding confidential information.  ...
  The print-outs show confidential telephone numbers and information about
  the US network and missile bases linked to the US Army.  ...
  Police officers involved said they were "surprised" by yesterday's
  verdict. The Computer Crimes Unit was eager to prosecute this first
  major trial under the new legislation. [sic]

Page 4 includes a full page article on the subject in which it is estimated
that the annual bill to British business of computer fraud is 1.1 billion
UK pounds (c. $1.5B).

A leading article on page 25 states:

  If Mr Bedworth's acquittal sets a prededent, it will make an ass of the
  Computer Misuse Act 1990. The Act was drafted specifically in order to
  close loopholes that had previously allowed people to do legally what he
  did.

Jonathan Bowen, Oxford University Computing Laboratory


RISKS of brain interference

"Mich Kabay / JINBU Corp." <75300.3232@compuserve.com>
19 Mar 93 10:57:25 EST
This morning the Globe and Mail (Canada) reported that Fujitsu of Japan is
working on a brain-wave interface for computers. According to The Times of
London, company spokesperson Michael Beirne said, "Our goal is to create an
intuitive computer that can pick up your thoughts even as you walk around a
room." The Globe and Mail summary claims that the researchers are currently
working on distinguishing thoughts of "up" from those of "down" to move a
cursor.

RISKS participants will easily think of some fascinating problems ahead of
the researchers and of society as this technique evolves. For example,
in the 1956(?) movie, "Forbidden Planet," space-farers approach an
unknown planet and are warned away by the lone inhabitants (an elderly man
and his--naturally--nubile and short-skirted daughter). He shows the
visitors the remains of the original people who had lived on the planet.
The Krell were masters of technology and even devised a mechanism for
giving life to the thoughts of sentient beings. Unfortunately they suddenly
disappeared without a trace shortly after this technology was introduced.
Some crewmembers try the device out and create little dancing women for
their amusement. Then disaster strikes: invisible monsters turn crewmen
into hamburger every night, leaving bent stairways and huge footprints.
Eventually, a dying man croaks out the clue: "Monsters," he says, "monsters
from the id."

So what will happen to the brain-wave sensitive user interface when the
ostensible desire to do productive work on a certain file for that nasty
boss is overridden by the subconscious desire to delete the file?

And if the R&D folk really are working on pattern recognition for mental
vocalization, will this lead to pattern recognition of unconscious
mentation? Are we headed for telepathy machines? Mind readers?

What fun! Expect an increase in the volume of email in RISKS-L.

Michel E. Kabay, Ph.D., Director of Education
National Computer Security Association


Interference on airplanes

<sullivan@geom.umn.edu>
Sat, 20 Mar 93 14:14:31 CST
The March 13th issue of The Economist has a short article on interference by
passengers' electronic devices on aircraft control systems.  It mentions "a
Boeing 747-400 that weaved from side to side until two laptops ... were turned
off" and Nintendos "confusing the automatic direction-finder" of a DC10.
Possible causes include plastic composites used in airplane construction, and
lower-voltage electronic systems.  Electronic devices used by passengers "near
the front of an aircraft appear to be most disruptive".  [Maybe we should
banish business class to the back of the plane.]  There are also reports of
interference "triggering anti-lock brake systems" in German cars, and causing
Japanese robots to "run amok".

[Another article in the same issue discusses the failure of the London
Stock Exchange's computer trading system, Taurus.]

-John Sullivan@geom.umn.edu


Virus Catalog update/New VirusBase

<brunnstein@rz.informatik.uni-hamburg.dbp.de>
Tue, 23 Mar 1993 17:29:37 +0100
The new version of Virus Test Center' *Computer Virus Catalog* is now available
for ftp (ftp.informatik.uni-hamburg.de). The following files may be downloaded:

       INDEX.ZIP              the new index file (INDEX.293), listing all
                              283 viruses in 5 platforms yet described
       AMIGAVIR.ZIP           the cumulative AMIGAVIR files, now describing
                              77 AMIGA viruses (15 new ones)
       MSDOSVIR.ZIP           the cumulative MSDOSVIR.files, now classifying
                              156 MSDOS viruses and trojans (32 new ones)
       MACVIR.ZIP             the cumulative MACVIR files; no update since
                              July 1992 (.792) as no new viruses were found
       ATARIVIR.ZIP           the old AtariVir files (20 viruses) not updated
                              as we have no new viruses for analysis.

The single UNIX virus (AT&T Attack) will be sent on request (on ftp soon).
In the new MSDOSVIR.293 file, the following new PC viruses are classified:

     10_past_3 (2), Adolf, Alabama, Chemnitz, Exe_Bug (2), Flip, Hey_You,
     Kampana=Spanish Telecom (2), Minimal (15), Techno, VOID_POEM, V-163
     and V-Sign/CANSU.

Moreover, characteristic features of viruses generated by the following
authoring packages are also classified:

     PS-MPC and VCL.

As announced last year, the new *machine readable CVC version* called CVBASE
is also available for downloading: cvbase-293.zip. CVBASE allows to display
all CVC entries (in total 288, on Amiga, Atari, Mac, MsDos and the single UNIX
virus), under option VIRUS, but also gives an OVERVIEW and STRAIN
relationship about All (about 2,200) viruses in the CARO/VTC collections
(using CARO naming scheme) as well as the VTC collection on Amiga (77), Atari
(20), Mac (35) and Unix (1). From STRAIN, one may read available CVC entries.

   *Any suggestions how to improve this version are welcome*

Klaus Brunnstein (U-Hamburg, Virus Test Center, March 22,1993)


Buy IBM and get fired - a response (Anderson, RISKS-14.41)

"Todd W. Arnold" <tarnold@vnet.IBM.COM>
Tue, 23 Mar 93 13:18:20 EST
In an earlier posting, Ross Anderson discusses the cancellation of the Taurus
project in the UK.  The information he presents, some from the UK media, is
misleading and in some cases incorrect.

This gave a rather unfair appraisal of IBM security products.  In fact, this
part of the system was finished, installed, and tested.  I've been asked to
post the following "official" description of the situation, so everyone knows
what really happened.

 "The overall Taurus project was managed by the London Stock Exchange with
  Coopers and Lybrand and other consultants in a number of key management
  positions; with a range of contractors involved in sub-projects modifying
  and enhancing the Stock Exchange systems.

  A US software house was meant to be providing a new custody application and
  IBM provided a market-leading security infrastructure.  The shelving of the
  overall TAURUS project is for reasons unconnected with IBM's role.

  IBM's involvement has been as subcontractor for the TAURUS Message Security
  system.  This leading-edge development exploited IBM ICRF host cryptography,
  OS/2, smart cards, and PS/2 cryptography and signature verification
  technology to deliver an outstandingly secure method of transferring data
  between member firms and the Stock Exchange.

  The development was successfully completed last summer, then rigorously
  acceptance-tested by the Stock Exchange.  IBM installed the system across
  200+ separate financial institutions, completing on time in February
  against an aggressive schedule."

I've been told that the massive complexity of the back-end settlement systems
was a major factor in the collapse, but I don't really know all the details.

(Note that the "signature verification technology" mentioned above is dynamic
signature verification, a biometric technology -- not public key digital
signatures.  RSA public key functions are also available in TSS, but that's
not what was used in Taurus.)

Todd W. Arnold, tarnold@vnet.ibm.com, IBM Cryptographic Facility Development,
Charlotte, NC

Disclaimer: This posting represents the poster's views, not those of IBM

   [I normally suppress all disclaimers and cover them blanket-wise in the
   masthead.  This one is intriguing, because the posting explicitly
   contains an "official" description, which would seem to disclaim the
   disclaimer!  PGN]


Re: Buy IBM and get fired (Anderson, RISKS-14.41)

<Bennet_Yee@PLAY.TRUST.CS.CMU.EDU>
Thu, 18 Mar 93 14:53:41 EST
We should not disparage physical security just because we can't sell our pet
methodologies.  Physical security is a necessary component of any security
system.  Private keys must be stored -- and _used_ -- in a secure environment
where there is no risk of exposure.  Formal methods and elliptic curves are
orthogonal to the need for steel boxes.

+Future systems however may well use public key algorithms, and maybe even
+electronic wallets which distribute the security processing entirely into
+smartcards.

Regardless of whether we use public key or private key, we still need the
ability to perform secure processing with the secret key.  Be it a computer
room with armed guards, a giant steel box, or other forms of tamper-proof
hardware, -some- of the bank's computation must be secure.  Whether we use
public key or private key is again orthogonal to physical security needs.

Smart cards may appear attractive for many applications, but they do not
suffice for handling the case of trying to ``distribute the security
processing entirely into'' them.  Even if we assume that they have sufficient
power to run public key cryptosystems, a problem remains: we still can't
always trust the balance on a smart card.  Today's smart cards don't provide
any physical security; their users do.  The implicit assumption is that users
of smart cards carry their smart cards with them at all times, and can keep
the secrets/data kept within their smart cards from being exposed/modified.
Malicious users, on the other hand, have plenty of opportunity to tamper with
their smart cards.  Keys may be exposed, balances may be changed -- there are
no privacy and integrity guarantees with malicious users.

Not being able to keep balance information in smart cards means that there
must be servers where such information is kept.  Central servers mean that our
electronic wallets do not really hold electronic currency but serves only as
an ID card.

Chaum's digicash fixes some of the tampering problems by using cryptography,
but it really is not much better than a checking system -- receivers of the
digicash must contact a centralized server to verify that the digicash hasn't
been previously spent before committing a transaction, or otherwise risk the
digicash ``bouncing''; digicash is not really transferable except through
centralized servers, since the need to trace its transfer path for duplication
detection diametrically opposes the need for anonymity.

What are the risks?  Mainly that of attitudes that we as
scientists/professionals should avoid.  We shouldn't jump on technological
bandwagons.  Public key cryptosystems, electronic wallets and smart cards,
formal methods, etc, are powerful, useful tools, but they are no panacea.  We
must be careful in evaluating exactly how much can be done with them.  Just
because DES-in-steel-boxes may seem old and ``clunky'', there were good
reasons for using it, and we had better think things through before we start
dreaming about (or ``selling'') alternative technologies for the future.

Bennet S. Yee       Phone: +1 412 268-7571      Email: bsy+@cs.cmu.edu
School of CS, Carnegie Mellon, 5000 Forbes Ave, Pittsburgh, PA 15213-3891


RISKS Backlog

RISKS Forum <risks@csl.sri.com>
Tue, 23 Mar 93 17:04:47 PST
Thanks to all of you who diligently respond to RISKS topics.  There is a big
backlog of items at the moment, particularly on garage door burglaries and
computer controlled parachutes!  Some of these items are drifting in relevance
or otherwise requiring a little extra thought on whether to include them.
Contributors must be patient.  You may also note that I cannot reply to every
message.  I try to take care of all REQUEST mail and new topics, but
occasionally the load of incremental comments on already marginal material
becomes overwhelming.  Thank you for your patience.  The Management [PGN]


Eleventh Intrusion Detection Workshop

Teresa Lunt <lunt@csl.sri.com>
Tue, 23 Mar 93 16:08:59 -0800
                ELEVENTH INTRUSION DETECTION WORKSHOP
                       CALL FOR PARTICIPATION

A two-day workshop on intrusion detection will be held at SRI International in
Menlo Park, California on May 27-28, 1993, the Thursday and Friday following
the 1993 IEEE Symposium on Research in Security and Privacy in Oakland,
California.  This will be the eleventh in a series of twice-yearly
intrusion-detection workshops.  The workshop will run from 9am until 5pm on
Thursday, and 9am until 2pm on Friday.

The workshop will consist of several short presentations as well as discussion
periods.  If you have any progress to report on an intrusion-detection project
or some related work that would be appropriate for a short presentation,
please indicate the title and a paragraph describing your proposed talk on the
form below.  You can also indicate there your suggestions for discussion
topics.  Of course, you do not have to make a presentation to attend; all are
welcome!

If you and/or your colleagues wish to attend, please RSVP using the form
below.  You may email the completed form to Liz Luntzel at
luntzel@csl.sri.com, or send it by post.  There is a $100 charge for the
workshop.  This fee includes lunches in SRI's International Dining Room.
Please make your check out to SRI International and mail it to Liz Luntzel,
SRI International EL-248, 333 Ravenswood Ave, Menlo Park CA 94025 USA.  For
other questions, please call Liz at 415-859-3285 or send her a fax at
415-859-2844 or email at luntzel@csl.sri.com.

SRI is located at 333 Ravenswood Avenue in Menlo Park.  The workshop
will be held in room IS109, which is in the International Building.
If you wish instructions on how to get there, indicate that below.

    -------------CUT HERE AND RETURN TO LUNTZEL@CSL.SRI.COM-------------

                   ELEVENTH INTRUSION DETECTION WORKSHOP

Yes! I will attend the Intrusion-Detection Workshop May 27-28 at SRI.

[Please complete the following:]

Name:

Title:

Affiliation:

Address:

                                                                   _
PLEASE SEND ME INSTRUCTIONS for getting to SRI and parking.   YES |_|
                              [by email or SnailMail, as appropriate]

[Indicate one:]
I [will/will not] be willing to present a talk.

[Please complete the following:]

Title of Talk:

Abstract:


Suggestions for Discussion Topics:

Please report problems with the web pages to the maintainer

Top