The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 55

Tuesday 27 April 1993


o Computer criminal executed in China
Jani Pekkanen
o New Disclosures in 2600 Case
Dave Banisar
o Hacker Accused of Rigging Radio Contests
Don Clark via Peter Shipley
o Photocopier operation monitored totally by computer
Ian Staines
o Risk of using too much electricity
Phil Miller
o Incidents in civil airliners
Martyn Thomas
Jim Bidzos
Bill Campbell
Robert Firth
Padgett Peterson
John A. Pershing Jr.
Magnus Kempe
o Info on RISKS (comp.risks)

Computer criminal executed in China

Tue, 27 Apr 93 19:51 +1000
RISKS readers might be interested to note a short snippet that appeared in the
Courier Mail, the daily newspaper here in Queensland.

    Tuesday, 27 April 1993.  BEIJING: The first person in China to be
    convicted of embezzling bank funds by computer has been executed.

Mr Jani PEKKANEN, Queensland University of Technology, Brisbane, AUSTRALIA

New Disclosures in 2600 Case

Dave Banisar <>
Sun, 25 Apr 1993 9:43:32 EST
        As you may recall, last November at a shopping mall outside of
Washington, DC, a group of people affiliated with the computer magazine "2600"
was confronted by mall security personnel, local police officers and several
unidentified individuals.  The group members were ordered to identify
themselves and to submit to searches of their personal property.  Their names
were recorded by mall security personnel and some of their property was
confiscated.  However, no charges were ever brought against any of the
individuals at the meeting.

        Computer Professionals for Social Responsibility ("CPSR") filed suit
under the Freedom of Information Act and today received the Secret Service's
response to the FOIA lawsuit, in which we are seeking agency records
concerning the break-up of the meeting.  I think it's safe to say that our
suspicions have now been confirmed — the Secret Service *did* obtain a list
of names from mall security identifying the people in attendance at the

        There are three main points contained in the Secret Service's
court papers that are significant:

        1) The agency states that the information it possesses concerning the
incident was obtained "in the course of a criminal investigation that is being
conducted pursuant to the Secret Service's authority to investigate access
device and computer fraud."

        2) The agency possesses two relevant documents and the information in
those documents "consists solely of information identifying individuals."

        3) The information was obtained from a "confidential source," and the
agency emphasizes that the FOIA's definition of such a source includes "any
private institution which provided information on a confidential basis."

        Taken together, these facts seem to prove that the Secret Service
wanted names, they had the mall security people collect them, and they came
away from the incident with the list they wanted.

        The agency asserts that "[t]he premature release of the identities of
the individual(s) at issue could easily result in interference to the Secret
Service's investigation by alerting these individual(s) that they are under
investigation and thus allowing the individual(s) to alter their behavior
and/or evidence."

        CPSR, in conjunction with EFF and the ACLU, is planning to challenge
the actions of the mall security personnel, the local police and the Secret
Service on the ground that the incident amounted to a warrantless search and
seizure conducted at the behest of the Secret Service.

David Sobel, CPSR Legal Counsel

Hacker Accused of Rigging Radio Contests

Peter shipley <>
Fri, 23 Apr 1993 13:25:21 -0700
           Hacker Accused of Rigging Radio Contests
         [By Don Clark Chronicle staff writer]
                 [San Francisco Chronicle 22 Apr 1993]

    A notorious hacker was charged yesterday with using computers to
    rig promotional contest at three Los Angeles radio stations, in
    a scheme that allegedly netted two Porsches, $20,000 in cash and
    at least two trips to Hawaii.

    Kevin Lee Poulsen, now awaiting trial on earlier federal charges, is
accused of conspiring with two other hackers to seize control of incoming
phone lines at the radio stations.  By making sure that only their calls got
through, the conspirators were assured of winning the contests, federal
prosecutors said.  A new 19-count federal indictment filed in Los Angeles
charges that Poulsen also set up his own wire taps and hacked into computers
owned by California Department of Motor Vehicles and Pacific Bell.  Through
the latter, he obtained information about the undercover businesses and
wiretaps run by the FBI, the indictment states.
    Poulsen, 27, is accused of committing the crimes during 17 months on the
lam from earlier charges of telecommunications and computers fraud filed in
San Jose.  He was arrested in April 1991 and is now in the federal
Correctional Institution in Dublin.  In December, prosecutors added an
espionage charge against him for his alleged theft of a classified military
document.  The indictment announced yesterday adds additional charges of
computer and mail fraud, money laundering, interception of wire communications
and obstruction of justice.
    Ronald Mark Austin and Justin Tanner Peterson have pleaded guilty to
conspiracy and violating computer crime laws and have agreed to help against
Poulsen.  Both are Los Angeles residents.  Poulsen and Austin have made
headlines together before.  As teenagers in Los Angeles, the two computer
prodigies allegedly broke into a Pentagon-organized computer network that
links researchers and defense contractors around the country.
    Between 1985 and 1988, after taking a job at Menlo Park-based SRI
International, Poulsen allegedly burglarized or used phony identification to
sneak into several Pacific Bell offices to steal equipment and confidential
access codes that helped him change records and monitor calls.  After being
indicted on these charges in 1989, Poulsen skipped bail and fled to Los
Angeles where he was eventually arrested at a suburban grocery store.
    One of the unanswered mysteries about the case is how he supported himself
as a fugitive.  The new indictment suggests that radio stations KIIS-FM,
KRTH-FM and KPWR-FM unwittingly helped out.
    Poulsen and his conspirators are accused of hacking into Pacific Bell
computers to block out other callers seeking to respond to contests at the
stations.  The conspirators allegedly used the scheme to let Poulsen and
Austin win Porsches from KIIS and let a confederate win $20,000 from KPWR.
Poulsen created aliases and phony identification to retrieve and sell one of
his Porsches and launder the proceeds of the sale, the indictment states.  In
February 1989, they arranged for Poulsen's sister to win a trip to Hawaii and
$1,000 from KRTH, the indictment states.
                            [Included in RISKS with permission of the author]

Photocopier operation monitored totally by computer

Ian Staines <>
Fri, 23 Apr 93 18:28 PDT
Our office recently acquired a new photocopier.  A sophisticated onboard
computer constantly monitors and controls all aspects of the photocopiers
operation, and maintenance.

The sorter trays on this machine are driven up and down by servo motors to
collate the output.  Under normal operation the tray would never be directed
by the computer to raise beyond a certain height; however, should there be a
problem, two sensors were placed at both limits of the tray's movement to
detect a possible over-run.  In keeping with the integrated nature of this
copier,  sensors were of course not wired directly into the servo-motors, but
instead were monitored by the main computer.

Today I watched the copier attempt to recover from an interrupted print job:
In error, it failed to note the starting position of the sorter tray, and
directed the servo-motors to move the tray upwards.  unfortunately there did
not appear to be a software check in the 'recover' routine to check the
over-run sensors.  The tray crashed upwards off its rails damaging several

Risk of using too much electricity

J. Philip Miller <>
Thu, 22 Apr 1993 11:57:46 -0500 (CDT)
In today's St. Louis Post Dispatch there was an article about a local man who
had been convicted of growing marijuana for resale.  His defense was primarily
related to using it to treat his asthma, but what was far more interesting was
the way that he was originally arrested.  According to the story, he first
came to the attention of the authorities because he was using substantially
more electricity than his neighbors.   They then utilized an airborne infrared
detector to infer that he had a substantial number of growlamps in his attic.
Based on this they were able to obtain a search warrant and discovered his
crop of 150 plants.

It would be interesting to know if the utilities actually have routines that
identify "unusual" customers and routinely report this to the authorities or
if there was some other reason that this man came to the attention of the

J. Philip Miller, Professor, Division of Biostatistics, Box 8067, Washington
Univ. Medical School, St. Louis MO 63110 (314) 362-3617

Incidents in civil airliners

Martyn Thomas <>
Mon, 26 Apr 93 15:16:50 BST
The latest "Feedback" (the newsletter of the confidential human factors
incident reporting programme, run by the RAF institute of aviation medicine
for the UK civil aviation community) contains two reports relevant to this
forum. I copy them without editing - I can't translate the abbreviations.
[Comments in square brackets are mine]

[First report]

    A Question: It is now accepted practice to "clear" the many spurious
    (?) messages which seem to occur for random reasons ("tyre pressure
    indicators" when the Reversers were locked out AD wise) by pulling
    and resetting the breaker, often after speaking to Tech. Control.
    These are "non events" and few are reported, but ought not each one
    to be MOR/ASR'd with full details so that the software engineers can
    at least attempt to trace the bugs?

[Feedback replies:]

    The question is really: "When does "just a bug" in the software
    constitute a broken bit of equipment?" With automatic recording and
    testing of faults this information should not be lost to the
    software engineers. There is currently no way of knowing
    what interrelated combinations of switching have been built up.
    These could be waiting for one further critical selection to provide
    a major problem.

[... and the power reset presumably clears these latent problems back to a
known state - but it all seems rather arbitrary for important systems. I
wonder if the incidents are really logged by the software. If so, someone
must know how common they are.

Second report:]

Foreign airline look-alike Boeing twin (glass cockpit) lined up on westerly
runway. 2+ aircraft positioning downwind, right hand, for duty runway.
Subject aircraft instructed "When airborne, disregard standard instrument
departure (which turns right) after noise, turn left, radar heading 190
degrees climbing to flight level 60". Expected readback was verbatim, in
fairly un-accented English.

When aircraft observed to turn right the pilot was reminded of previous
instruction and responded - "We want to turn left and you want us to turn
left but the aeroplane, she wants to turn right, so we are turning right. I
sorry (sic)".

At the time, the humour was lost on us. Is the Flight Management System
really the boss, or is there the rumoured cut-out/override switch?

[Feedback replied:]

Even if this pilot had taken the autopilot out the flight director was going
to take him the same way, which shows how much re-programming skill is
needed in the Glass Cockpit.

[... and the accident report would say "pilot error", but surely the system
is deficient in design if it is so hard to obey a simple ATC instruction].

      Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.   Email:     Fax: +44-225-465205

Clipper questions

Jim Bidzos <jim@RSA.COM>
Mon, 26 Apr 93 23:25:44 PDT
Much has been said about Clipper and Capstone (the term Clipper will be used
to describe both) recently.  Essentially, Clipper is a government-sponsored
tamper-resistant chip that employs a classified algorithm and a key escrow
facility that allows law enforcement, with the cooperation of two other
parties, to decipher Clipper-encrypted traffic.  The stated purpose of the
program is to offer telecommunications privacy to individuals, businesses, and
government, while protecting the ability of law enforcement to conduct
court-authorized wiretapping.

The announcement said, among other things, that there is currently no plan to
attempt to legislate Clipper as the only legal means to protect
telecommunications.  Many have speculated that Clipper, since it is only
effective in achieving its stated objectives if everyone uses it, will be
followed by legislative attempts to make it the only legal telecommunications
protection allowed. This remains to be seen.

The proposal, taken at face value, still raises a number of serious questions.

What is the smallest number of people who are in a position to compromise the
security of the system? This would include people employed at a number of
places such as Mikotronyx, VSLI, NSA, FBI, and at the trustee facilities.  Is
there an available study on the cost and security risks of the escrow process?

How were the vendors participating in the program chosen? Was the process

A significant percentage of US companies are or have been the subject of an
investigation by the FBI, IRS, SEC, EPA, FTC, and other government agencies.
Since records are routinely subpoenaed, shouldn't these companies now assume
that all their communications are likely compromised if they find themselves
the subject of an investigation by a government agency?  If not, why not?

What companies or individuals in industry were consulted (as stated in the
announcement) on this program prior to its announcement? (This question seeks
to identify those who may have been involved at the policy level; certainly
ATT, Mikotronyx and VLSI are part of industry, and surely they were involved
in some way.)

Is there a study available that estimates the cost to the US government of the
Clipper program?

There are a number of companies that employ non-escrowed cryptography in their
products today.  These products range from secure voice, data, and fax to
secure email, electronic forms, and software distribution, to name but a few.
With over a million such products in use today, what does the Clipper program
envision for the future of these products and the many corporations and
individuals that have invested in and use them?  Will the investment made by
the vendors in encryption-enhanced products be protected? If so, how?

Since Clipper, as currently defined, cannot be implemented in software, what
options are available to those who can benefit from cryptography in software?
Was a study of the impact on these vendors or of the potential cost to the
software industry conducted?  (Much of the use of cryptography by software
companies, particularly those in the entertainment industry, is for the
protection of their intellectual property. Using hardware is not economically
feasible for most of them.)

Banking and finance (as well as general commerce) are truly global today. Most
European financial institutions use technology described in standards such as
ISO 9796.  Many innovative new financial products and services will employ the
reversible cryptography described in these standards.  Clipper does not comply
with these standards. Will US financial institutions be able to export
Clipper?  If so, will their overseas customers find Clipper acceptable?  Was a
study of the potential impact of Clipper on US competitiveness conducted? If
so, is it available? If not, why not?

I realize they are probably still trying to assess the impact of Clipper, but
it would be interesting to hear from some major US financial institutions on
this issue.

Did the administration ask these questions (and get acceptable answers) before
supporting this program? If so, can they share the answers with us? If not,
can we seek answers before the program is launched?

The Real Risk of Clipper

Bill Campbell <>
Mon, 26 Apr 93 15:39:13 PDT
I've been browsing through as much as I could this morning on comp.risks and about the Cripple Chip.  Personally, I will boycott any
products that incorporate this insidious device, as well as encouraging any
within my own circle of influence to do the same.  Unfortunately, these
newsgroups are read primarily by individuals who understand well the risks of
the chip and its attendant policy.  We are "preaching to the choir".  After a
brief discussion, I offer an idea for how to address a broader audience.

        ======== The Real Risk of the Clipper Chip ========

Proponents/apologists for the chip make, as I see it, one (and only one)
valid point: use of the chip will protect me against the casual
eavesdropper better than no encryption at all.

I fear, however, that unless something high-profile is done (and done quickly)
the real risk associated with this technology-policy will be borne to
fruition.  To wit, the American public is by and large profoundly ignorant of
technical "stuff", and often very indifferent about protecting their own
Constitutional rights.  This same gullible public may very easily be convinced
by the government that not only is their privacy protected from their nosy
neighbor, but also from unlawful invasion by law enforcement and/or other more
determined individuals and organizations.  This is what I see as the real risk
of Clipper.

There are dozens, perhaps hundreds, of commercial, criminal and governmental
entities with access to government resources who would not hesitate for a
moment to violate my rights if they found it expedient to do so.  These
individuals and organizations have demonstrated beyond question that they are
not constrained by legal or ethical considerations, and as has been suggested
in a number of other postings, the technology employed by Clipper (including
the dual escrow sham) will probably not even pose so much as an inconvenience
to a determined adversary.  To suggest otherwise is, at best, profoundly

I believe that as a society we have at least two challenges with respect to
addressing this public gullibility/naivete:

1) we need to find some way to dispel the assumption held by many that the
government ultimately acts with the best interests of the public in mind.
This is unmitigated hogwash.  Government by its very nature is a consumer, not
a producer.  Left to its own, government will progressively consume more and
more of a nation's productivity until the nation finally collapses under the
weight of its inevitably oppressive and corrupt government, as in the Soviet
Union.  This can only be prevented by an informed and active citizenry.

2) we need to find a way to effectively educate the public about _specific_
threats to our freedom and prosperity from government action (such as the
Cripple Chip) as they arise.


The average person's capacity for self-delusion makes #1 an unlikely candidate
for solution, but I have an idea for #2: does anyone out there have a personal
acquaintance with, say, Tom "Red October" Clancy, or Michael "Jurassic Park"
Crichton?  It occurs to me that a best-selling techno-thriller about a
government "sponsored" cryptology initiative gone awry might be a very
effective method for raising the awareness of the general public.  There have
already been a number of highly plausible scenarios suggested in both
comp.risks and, that could probably be developed into a
story line.

Bill Campbell, Software Engineer, Sierra Geophysics, Inc.

Worries over the Clipper Chip

Tue, 27 Apr 93 08:08:58 -0400
Cui bono?

Who stands to gain from the Clipper Chip encryption system, and what
do they stand to gain?  From the reports, it seems pretty clear that
the users gain very little - the government is providing them with a
less secure system at marginally less cost than a more secure one.

So, why would the government go to all this trouble to do badly what
the market is already doing quite well?  As other have pointed out,
one obvious motive is to maintain, and indeed extend, the supposed
"right" of the authorities to snoop on private conversations.

However, that won't work.  Why should anyone worried about snoopers
use an encryption scheme designed to allow snooping?  In this, as in
much else, Gresham's Law will drive the Clipper from the market.

The answer, of course, is indeed that all other encryption schemes
must be outlawed.  Given the intense devotion to freedom and individual
rights in this country, it is very doubtful whether this could be done
directly, by legislative fiat.  Hence what I believe to be a deliberate
ruse by the government to finesse away this freedom.

You see, friends, if the Clipper becomes the normal, standard, or accepted
means of encryption, then *the use of any other encryption scheme can of
itself be considered "probable cause" for search and seizure*.  And thereby
could be lost in the courts what was won at such great cost.

For which reason, I believe the Clipper proposal warrants our united,
vocal, and implacable opposition.

Robert Firth

Baltimore Clipper LXVIII

407)826-1101 Tue, 27 Apr 93 08:08:35 -0400
Amazing how diversified the discussion has become with people deciding
just what Clipper will do and taking stands against it.

I'm taking the opposite approach. The people who designed it are talented and
dedicated. The criteria for design may not be exactly what we might like but
it must be *Good Enough* (C). Therefore a few postulates are submitted for
consideration. (Haven't been briefed so am free to think out loud 8*).

1) There will be many family keys. There may be only one *right now* but
   a single key makes no sense. I expect that corporations may be able to
   buy groups of Clipper chips with a single family key just as I expect
   corporations to be able to monitor their chips (owner's rights have
   nothing to do with wiretaps). See the court cases in California
   concerning monitoring if you doubt this.

2) Once a key is released for a wiretap, there is no way to protect the
   key and the future use of the chip would be invalidated. Therefore,
   keys will not be released. When a tap is authorized, the requesting
   authority will receive a duplicate Clipper chip. A physical device is
   much easier to account for and a duplicate can process anything the
   original can. If the plaintext is available, who cares what the key
   was ?

3) There will be several varieties of Clipper chips, some will allow key
   programming (Master Clippers ?) but the ones for the general public will
   be fixed.

4) (Stretching a bit) The algorithm will be kept secret simply because
   there is no one true algorithm. Reverse engineer two chips and they will
   not be alike. There are many different ways to say the same thing (and
   confuse engineers e.g. polymorphic viruses). If so can lay claim to prior
   art c.a. 1984, 1981 nee IBM 1957 8*).

5) Further suspect there might be some *traps* in the Clipper that will
   render chip useless if given the wrong inputs ("China Clippers" ?) -
   see #4.

Like I said, both the government and corporate America *need* Clipper, the
designers are some of the best in the world, and the administration has more
to lose than we do. Given that, Clipper will work as advertised.

Again, pure conjecture but phun ;*) Padgett  [Usual disclaimers apply]

Clipper Chip, et al.

"John A. Pershing Jr." <>
Tue, 27 Apr 93 09:37:01 EDT
I'm wondering how the Clipper Chip (actually, the entire genre of encrypted
telephone technology) impacts the rules of evidence presented in a court of
law.  I believe that current rules of evidence require that, when a phone is
being tapped, that a person be listening in on the phone at the time that it
is being recorded (tapped).  A tape recording by itself is not admissible;
there must be a person who will testify that he (she), indeed, listened in on
the phone line and that the tape recording is an accurate representation of
what was said.

With encrypted (digital) telephony and POST-HOC decryption, it is not possible
to have a human listen in on the live conversation in order to testify to the
authenticity of the tape.  The only way for this to work is to get the keys in
advance and decrypt the conversation in real time.

(Of course, this assumes that federal agents will not purjure themselves
regarding evidence.  It also does not rule out "fishing expeditions" in which
phones are tapped to gather information (never intended to be used as
evidence), perhaps as a "pointer" to other hard evidence...

...naww — it can't happen here!)   jp

Re: Responses to Clipper Chip Discussion (Denning, RISKS-14.54)

Magnus Kempe <>
Tue, 27 Apr 93 17:14:51 +0200
The RISKS, weaknesses and anti-constitutional aspects of the Clipper scheme
are becoming more and more apparent.  For instance, Dorothy Denning writes:

: Only law enforcement will have a decoder box that allows the law
: enforcement field to be decrypted. Initially, there will be just one
: box, and it will be operated by the FBI.

Who else is going to receive/develop such boxes?  I see many possibilities:
the IRS/EPA/DEA, criminals, enemy dictatorships, etc.

: After a tap has been completed [...] the subjects are certainly free
: to purchase a new device with a new chip [...]

Wonderful.  The feudal "subjects" are _free_ to spend their own money
to purchase a new device.  It is quite interesting that the protection
offered by the Constitution (no taking without compensation) is simply
disregarded.  A reminder seems in order: We are not subjects--we are freemen.

Even a suspect is under the protection of the Bill of Rights.
In particular, property that is taken away must be compensated
(the disclosure of the secret key destroys the value of the chip),
especially when _no_evidence_of_crime_ is found.  I would have
thought it was an essential aspect of the government's proposal:
respect and uphold the U.S.  Constitution--including the Bill of

: With the new technologies, law enforcers will be incapable of executing
: a tap without the assistance of the service provider.

This is an irresponsible promise, not a fact.  The new technologies
increasingly rely on radio transmissions.  Listening (i.e. tapping)
radio transmissions is the easiest thing in the world, whether the
listener is a bureaucrat, a criminal, a spook, or a competitor.

: The NSA has a long record of success with crypto, far better than any
: individual or organization in the public community.

The question is: what _kind_ of success?  universal _de_cryption?

Clearly, the prime mover of the Clipper scheme is not to protect the
people, but to make it easier for the government (and any government
in the future) to monitor the people.  The highest RISK is that the
government should some day take advantage of the new power it could
acquire given the precedent established by this proposal.

I can't wait for government mandated holes in our doors and walls in
order to make it possible for the FBI to listen to and watch "criminal
activities at home".  Where is the difference?

Magnus Kempe,

Please report problems with the web pages to the maintainer