The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 79

Weds 8 February 1995

Contents

o Proposed Virginia law on self-disabling software
Jeremy Epstein
o Cellular Phone Security
Chip Seymour
o Japanese bank workers steal 140 million yen by PC
Mich Kabay
o Road pricing in Singapore
Phil Agre
o InfoWar Level II in Miami
Mich Kabay
o Phone switch bug causes alarm among NM officials
Mich Kabay
o Telephone RISKS
Ry Jones
o Risks in computerized cockpits
Rob Horn
o Concatenating phrases produces confusing results in bank responses
Daniel P. B. Smith
o More from the cat file
Phil
o 1996 ACM COCCS call for papers
R.F. Graveman
o Info on RISKS (comp.risks)

Proposed Virginia law on self-disabling software

Jeremy Epstein <jepstein@cordant.com>
Sun, 5 Feb 95 17:02:53 EST
The "Washington Post" reported in Saturday's edition (4 Feb 95) that the
Virginia legislature is considering a law requiring that companies notify
customers if the software they sell has a self-disabling feature (e.g.,
after some period of time).  The article was sketchy, but it's intended to
head off people developing software and then demanding ransom to prevent the
software from self-destructing.  The law would not *ban* such features, just
require that they be disclosed.

The RISK?  Does informing people that the software is self-disabling
encourage them to try to subvert the feature?  And if someone did and
that triggered the disable feature, would that come under the law?
And what if it were used in safety critical systems: "I'm sorry, but
the license period on the software in your heart monitor has expired.
Please contact the vendor to reenable."


Cellular Phone Security

Chip Seymour <cseymour@mbunix.mitre.org>
Mon, 6 Feb 1995 11:43:54 -0500
Under the heading "CELLULAR PHONE SECURITY", EDUPAGE of 5 Feb 1995 mentions
a *Wall Street Journal* article dated 3 Feb 1995 that states Cellular One of
New York and New Jersey is starting to require new customers to enter a
four-digit security code before placing calls.

This is in an effort to curtail cellular fraud, which is quoted as being
$482 million (3.7% of the industry's revenue) in 1994.

NYNEX began such a program last fall. I spoke with a NYNEX sales
representative who told me the new system changes channels after a user
enters the phone number and presses "Send". The four-digit PIN code is sent
on a new frequency, and would-be ESN thieves now have the added task of
determining which PIN goes with which ESN.

However, if your cellular telephone is equipped with a recall feature,
pressing "RCL" displays, not the telephone number you've just dialed, but
the four-digit PIN number. My Motorola DPL 550 recalls the PIN number even
after a powerdown.

Just a word of warning. Recall your PIN and Clear the display before leaving
your telephone, and consider enabling the automatic-lock feature, if
available.


Japanese bank workers steal 140 million yen by PC

"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
05 Feb 95 14:12:50 EST
>From the Reuters news wire via CompuServe's Executive News Service:

    RTw  02/05 0107  Japanese bank workers steal 140 million yen by PC

    TOKYO, Feb 5 (Reuter) - A Japanese bank employee and two computer
    operators have been arrested and charged with allegedly using a
    personal computer money transfer system to steal 140 million yen
    ($1.4 million), police said on Sunday.

    Police said the 140 million yen was illegally sent in December
    last year from Tokai Bank Ltd to an account in another bank
    using a settlement system operated by personal computers. It
    was withdrawn the same day.

    The following day, a total of 1,490 million yen ($14.9 million)
    was sent from Tokai Bank to accounts in several other banks using
    the same system. But this time the fraud was discovered before
    any withdrawals could be made.

According to the article, the suspects include employees of the bank systems
group and a computer services supplier.  It seems that the scheme was driven
in part by debts owed to organized crime groups.

 M.E.Kabay,Ph.D., Director of Education, Natl Computer Security Assn
   (Carlisle, PA); Mgmt Consultant, LGS Group Inc. (Montreal, QC)


road pricing in Singapore

Phil Agre <pagre@weber.ucsd.edu>
Sun, 5 Feb 1995 21:48:04 -0800
The LA Times had an article about road pricing in Singapore:

  Charles P. Wallace, Singapore in high-tech tangle to fight automobile
  gridlock, Los Angeles Times, 3 February 1995, page A5.

The story is that Singapore's streets are rapidly becoming jammed with cars,
and so the authoritarian government is trying to impose a road-pricing
scheme based on automatic vehicle identification (AVI).  "Road pricing"
means that every road, or at least every frequently clogged road, is a toll
road.  "AVI" means that your car carries a device that can be "pinged" by a
radio signal from a roadside beacon, whereupon it broadcasts a number (its
own serial number in most versions, but perhaps the car's identification
number) that allows a charge to be made to an account.  The LA Times article
is basically sympathetic to the government's position despite the
straightforward coercion that the system involves.  It pays no attention to
privacy issues.  The only existing AVI toll-collection system mentioned is
the voluntary Telepass system in Italy.

The basic argument behind road-pricing is a familiar market argument: when
people can travel on roads for free, they naturally do so at a higher rate
than if they had to pay the actual costs of providing roads.  Road pricing,
on this model, seeks to establish the most efficient level of road usage by
letting people decide how much it's worth to them to drive.

In practice this argument generally runs afoul of reality in several ways:

(1) Road pricing schemes have generally required the collection of large
amounts of data about individuals' travel patterns.  So long as this data
is accumulating, pressures to use it for other purposes, from marketing to
repression, are more or less inevitable.  Digital cash payment schemes might
alleviate this problem, but so far as I am aware they have not been seriously
proposed, much less implemented.

(2) Unless you actually privatize the roads, in practice a "road price"
is really a tax whose levels are set not by a market but by a legislature.
One might argue that this is fine in a properly functioning democracy, but
people often don't see it that way.  A road-pricing scheme in Hong Kong
failed a while back due in part to anti-tax sentiments.

(3) It's very difficult to establish a proper competitive market in roads,
since in most areas it's an industry with extremely high barriers to entry.

(4) The whole geography of many countries -- maybe not Singapore, but
certainly the United States -- has been shaped by the availability of free
road travel.  Introducing road pricing at this late date would cause great
economic disruption.  The resulting process would actually be very interesting
to watch, and in the very long run might even reverse the flight from cities
into the suburban sprawl.  But it would be very messy.

(5) When it costs money to drive on roads, the poor cannot legally drive.
When you're looking for a job, free roads are one of those little subsidies
that keep the wolves from the door.

Enormous intelligent vehicle-highway systems (IVHS) including AVI-based toll
collection are coming to most of the world.  Singapore is the exception in
declaring that the systems will be mandatory.  But do you really believe
that the IVHS in your region will remain voluntary?  Will your insurance
company require you to sign up for it?  Will the availability of AVI
encourage your local bureaucrats, faced with intractable budgetary woes, to
propose road pricing schemes for the two dozen most overburdened roads in
your region?  Will you still refuse to sign up for the system when the
alternatives are traveling strictly on free roads or stopping to pay
thirteen tolls every day?  These are questions worth thinking about now,
before IVHS technical standards are established and deployment decisions get
set in stone.

Phil Agre, UCSD


InfoWar Level II in Miami

"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
07 Feb 95 21:45:05 EST
The following item does not involve high technology, but it _does_
illustrate the risk from information warfare level II (inter-corporate):

    WP   02/06  Dial and Save's Word-of-Mouth Toll;
    Chantilly Long-Distance Firm Battles False Rumors of
    Free Service to Cuba

    By Kara Swisher, Washington Post Staff Writer

    Executives at Dial and Save, a small long-distance company
    in Chantilly, never thought they would have something in
    common with corporate giants such as Procter & Gamble Co.
    and Kentucky Fried Chicken Corp.  But recently the firm became
        a member of that unfortunate group of companies zapped by
        untrue rumors that spread out of control.  ... Dial and Save
        is contending with thousands of angry customers who say they
        thought that certain calls placed through its network were free.

According to the author, over 10,000 people in the Miami area thought they
were getting free calls to Cuba--and they placed over $2 million in calls in
a few weeks.  Now people are reacting to unexpected bills (some as high as
$10,000).

    The furious callers insisted that they had placed the calls
    only because they had heard they were using free test lines.
    Customers said they would never have made the calls if they
    had known the costs; they had believed that Dial and Save's
    access number was the code for a free ride to reach their
    relatives in Cuba.

The article continues with an extensive discussion of the public-relations
nightmare caused by the angry customers (or perhaps I should say, "would-be
non-customers") over their unexpected bills.  In addition, the company
has felt obliged to hire 20 extra Spanish-speaking operators to handle
the thousands of angry calls they are currently receiving.

[Comments by MK:  I don't want to discuss the possible motivations of
people claiming they expected free service by calling an access number.
My reason for posting this fairly low-tech story is to illustrate the
economic consequences of a simple rumour.  Now imagine this rumour
spreading through cyberspace, aided by anonymous postings and repostings
in innumerable news groups, e-mail messages and bulletin board systems.

This story reminds me of the lament recently posted by an anonymous
executive in _Network World_ 11(49):41 (94.12.05) entitled, "Ad leads to
a nightmare on Cyber-Street."  This poor fellow spammed the Net in a
small way and got a slew of nastygrams e-mail and was publicly pilloried
in many news groups.

Unfortunately, "someone uploaded a message to most of the alt.sex groups
that listed my company's two 800 numbers as phone sex lines."  The
consequences of _that_ rumour were horrendous:  flooded phone lines,
angry and embarrassed receptionists, and complete humiliation of the
naive Internet advertiser.

Now, such childish pranks have already had expensive consequences, yet
they are as nothing compared to the potential for economic terrorism
posed by anonymity and pseudonymity on the Internet.  As yet, I think,
only some people on the Net have internalized the appropriate level of
skepticism about _any_ information gleaned from the Internet, let alone
about _anonymous_ postings.  With a growth rate estimated by some at 10%
_per month_ in the number of people using IDs that can access the Internet,
we will see a natural increase in credulous newcomers.  If thousands of
people can believe that a phone-sex service would use an 800 number (or
that a commercial phone service supplier would make free long-distance
calls available), I think millions of people will be prepared to believe
all sorts of other nonsense--and, alas for the victims, act upon those
mistaken beliefs.

So what are we gonna do, eh?  Even my usual leitmotiv (We need
non-repudiatable identification and authentication for access to the
Internet -- etc. etc. etc.) fails: the people using the "free" access codes
for calls to Cuba were tracked unerringly by their normal phone company
accounts.  No doubt the gullible seekers after, ah, aural sex were equally
traceable--but so what?  The damage was done regardless of non-repudiation.

I dunno what we're going to do.  Any ideas?]

 M.E.Kabay,Ph.D., Director of Education, Natl Computer Security Assn
 (Carlisle, PA), Chief Sysop, CompuServe NCSA Forum


Phone switch bug causes alarm among NM officials

"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
07 Feb 95 21:45:39 EST
>From the Washington Post news wire via CompuServe's Executive News Service:

    WP   02/06       DIGITAL FLUBS

According to the brief report,

    The Albuquerque Tribune reported that many calls placed to
    numbers that use the state government's main Sante Fe prefix,
    827, were erroneously routed to a recording that announced
    that the number was not in service.

Since these events coincided with New Mexico Governor Gary Johnson's announced
intention to replace many government officials, the bug in the phone switching
software caused an unusual number of strong emotional responses.

 M.E.Kabay,Ph.D., Director of Education, Natl Computer Security Assn
 (Carlisle, PA); Mgmt Consultant, LGS Group Inc. (Montreal, QC)


Telephone RISKS

Ry Jones <rjones@rjones.oz.net>
5 Feb 1995 20:12:58 GMT
Two items have recently become news in the PNW. One, we had an earthquake
centered in Tacoma. According to articles in the Tacoma News-Tribune, the
Seattle Post-Intelligencer, and The Daily Olympian, all three counties 911
systems were knocked out due to people calling to see if there had been an
earthquake, or to get information about the quake. All three articles
mentioned very high call volumes; the Seattle article mentioned 350 calls in
the first 10 minutes after the quake.

The RISKS are obvious. As a denial of service attack, this was perfect.
Hundreds of well-meaning people (like rubberneckers on the information
superhighway?) slowed or stopped vital services from being delivered.  All
three counties exhorted people to only call 911 after you have been hurt in
an earthquake.

As an aside, I got on the net and hit
gopher://geophys.washington.edu:79/0quake and had instant, up-to-date
information. Much better than what was available on the radio or TV.
Perhaps if someone made a VMB that recited the most recent event to
all callers? Then we could lose access to one switch somewhere,
instead of to the 911 switch.

Two: page A9, Saturday Feb 4 1995 issue of The Daily Olympian.
   LOSER: AUTOMATIC CALLING
   Poor Kenneth Calkins. The retired South Sound resident has received
   the same call once a week, every week, for nearly a year. The call,
   made through the Employment Security Department, is for a job
   opening Calkins has no interest in. Officials say the call,
   portions of which are in spanish, was meant for another person at
   another number. ...
They go on to talk about how he didn't know how to remove himself from
whatever list was generating the calls.

The RISKS here are the annoyance of the voting elderly by newfangled
computers with Automatic Calling Units. You could get voted out of office if
enough people get angry...

Finest handcrafted code since 1987.


Risks in computerized cockpits

Rob Horn 6-4365 <horn%temerity@cliffy.polaroid.com>
Wed, 08 Feb 1995 10:04:00 -0500 (EST)
Last week's (30 Jan 1995) and this week's (6 Feb 1995) Aviation Week & Space
Technology have two moderately large sections on investigations, theories,
and practices with the new computerized cockpits.  In general the articles
are good.  The authors take the perspective of pilots. They discuss how
pilots interact with the computerized systems and how these interactions
improve or decrease effectiveness and safety.

R Horn

   [Also noted by wb8foz@netcom.com (David Lesher), who added that
   the first issue includes "detailed (make that *very* detailed) discussions
   on some of the [in]famous Airbus incidents."  PGN]


Concatenating phrases produces confusing results in bank responses

"Daniel P. B. Smith" <dpbsmith@world.std.com>
Thu, 2 Feb 1995 22:56:33 +0001 (EST)
BayBank, a Massachusetts chain, has recently started offering "linked
accounts."  For example, a recent ad shows the former hockey player, Bobby
Orr, using his telephone to transfer money from his account to his son's.  I
figured it would be neat to have something in common with Bobby Orr, so I
had them set up the same thing for me and my daughter who's at U. Mass.
Before setting up the link, my accounts, as shown at ATM machines or over
the phone, were identified as "savings" and "checking."

BayBank has a feature which they call "custom account names."  You might
think this means you can pick any name you want, but what it actually means
is that you can select from a list of about a hundred names, with highly
personalized choices like "daughter 1" and "son 2."  The BayBank rep who set
up my account suggested the "custom" names "my checking," "daughter's
checking," "my savings," and "daughter's savings," which sounded sensible to
me.

The first time I tried to be like Bobby Orr, here's what the confirmation
dialog I got over the phone was: "Seventy dollars have been transferred from
your my savings account to your daughter's checking account.  The reference
number for this transaction is one thousand eight hundred and four."  This
caused me to say "huh?" three times.  The (British?) grammar of "seventy
dollars have" isn't bad; I would have preferred that the transaction number
be read as "one eight zero four;" but the phrase "your my savings account"
stopped me cold.

So, next month my daughter gets her bank statement and, yep, you guessed it:
her statement shows this as "BayBank XP24 Transfer From BB Boston My
Savings."  See, it's my daughter's statement, but it's not _her_ my savings,
it's _my_ my savings.

Daniel P. B. Smith  dpbsmith@world.std.com


More from the cat file

<phil@hyphen.equinox.gen.nz>
Fri, 3 Feb 95 14:35:45 +1300
You think *you've* got problems...

We have three little furry friends.  The other morning (about 5 am) I was
obliged to remove one of them from my bedroom in response to demands for
food.  Said mammal was carried to the kitchen and fed in an attempt to get
some more sleep.

On the return trip to my room I was alerted by the distinctive sound of the
dial tone from the `handsfree' phone in my study.  Then I heard it dial...

It had only rung twice by the time I cancelled the call (it's a long hall,
ok? :-).  It appears that the kitten was asleep in the empty paper box on
the corner of my desk and had been aroused by the sound of cat biscuits
hitting the food bowl.  In the process of heading for the easy way off my
desk (via my chair) he had managed to stand on my phone and take advantage
of the `one-touch hands-off dialing' facility.

Later that morning I used the redial function to see who had been disturbed
and to apologise profusely for the obscenely early call.  Luckily, the
recipients were somewhat amused and quite forgiving.

There is now an empty box over my phone whenever I'm not sitting right next
to it...

phil


1996 ACM COCCS call for papers

"R.F. Graveman" <rfg@ctt.bellcore.com>
Sat, 4 Feb 1995 10:50:03 -0500
                            Call for Papers
       Third ACM Conference on Computer and Communications Security

                     Hyatt Regency, New Delhi, India
                           March 14-16, 1996

                        Sponsored by ACM SIGSAC
                    Hosted by Indian NIC and AIMIL,
              Bell Atlantic, and George Mason University

High quality, original, and unpublished (and not submitted elsewhere)
research and practice papers in the area of computer and
communications security are solicited.  All aspects of computer
security are relevant, such as theories, techniques, applications, and
practical experiences.  They include:

  access control, accounting and audit, applied cryptography (block ciphers,
hash functions, digital signatures, key escrowing, cryptographic protocols),
authentication, authorization, data/system integrity, electronic commerce,
intrusion detection, key management, open systems security, privacy,
protection of software and intellectual property, secure networking (LANs,
WANs, firewalls, ATM, Internet, mobile, wireless, and telecommunications),
secure operating systems and APIs, security architectures and models,
security management, security of distributed systems and databases, security
protocols, and smart-cards and secure PDAs.

Instruction for authors:

Submit seven (7) copies of your paper (not exceeding 7500 words or 25 pages)
to either of the Program co-Chairs, in a form suitable for anonymous review
(no author names, affiliations, obvious references), with a cover letter
including author names, email and postal addresses, phone and fax numbers.
Electronic or late submissions will be rejected without review.  Where
possible all further communications to authors will be via email.

Paper submission:         July 1, 1995
Acceptance decision:      September 1, 1995
Camera-ready papers due:  December 1, 1995

General Chairs:
Ravi Ganesan, Bell Atlantic, USA
Ravi Sandhu, George Mason University, USA

Program Chairs:

Li Gong
SRI International
Computer Science Laboratory
333 Ravenswood Avenue
Menlo Park, California 94025, U.S.A.
Tel: + 1-415-859-3232
Fax: + 1-415-859-2844
Email: gong@csl.sri.com

Jacques Stern
ENS-DMI
45 Rue d'Ulm
75230-05 Paris, France
Tel: + 33-1-44322029
Email: Jacques.Stern@ens.fr

Local Arrangement:
N. Seshagiri, National Informatics Center, India
H.C. Verma, AIMIL, India

Awards: Raymond Pyle, Bell Atlantic, USA
Publication: Clifford Neuman, U. of Southern California, USA
Publicity: Richard Graveman, Bellcore, USA

Program Committee Members:

Aditya Bagchi, Indian Statistical Institute
Elisa Bertino, University of Milan, Italy
Matt Blaze, AT&T Bell Laboratories, USA
Claude Crepeau, Universite de Montreal, Canada
Matthew Franklin, AT&T Bell Laboratories, USA
Virgil Gligor, University of Maryland, USA
Richard Graveman, Bellcore, USA
Sushil Jajodia, George Mason University, USA
Kwok-Yan Lam, National University of Singapore
E. Stewart Lee, University of Toronto, Canada
Arjen K. Lenstra, Bellcore, USA
Kaicheng Lu, Tsinghua University, China
Shyh-Wei Luan, IBM Almaden Research Center, USA
Tsutomu Matsumoto, Yokohama National University, Japan
Catherine Meadows, Naval Research Laboratory, USA
Clifford Neuman, University of Southern California, USA
Luke O'Connor, DSTC, Australia
Bart Preneel, K.U. Leuven, Belgium
Jean-Jacques Quisquater, UCL-MathRiZK, Belgium
Lakshmi Raman, Bellcore, USA
Michael Reiter, AT&T Bell Laboratories, USA
Nachum Shacham, SRI International, USA
Y.K. Sharma, National Informatics Center, India
Shiuh-Pyng Shieh, Chiao-Tung University, Taiwan
Stuart Stubblebine, AT&T Bell Laboratories, USA
Paul Syverson, Naval Research Laboratory, USA
Paul Van Oorschot, Bell-Northern Research, Canada
Vijay Varadharajan, University of Western Sydney, Australia
Gio Wiederhold, Stanford University, USA
Michael Wiener, Bell-Northern Research, Canada
Rebecca Wright, AT&T Bell Laboratories, USA
Moti Yung, IBM T.J. Watson Research Center, USA

More information, access http://www.csl.sri.com/acm-ccs/ccs.html or
email to acmccs3@isse.gmu.edu.

Please report problems with the web pages to the maintainer

Top