The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 19 Issue 39

Monday 22 September 1997

Contents

o Eagle (the President) and the Eagle Beagle: pager intercepts
David Wagner
o MFS Communications switch fails, with widespread effects
Steven Bellovin
o AT&T database glitch caused '800' phone service outage
Robert J. Perillo
o SSN used in "killing" victim electronically
Mich Kabay
o Falsified reports -- human behavior: an ultimate risk
Chiaki Ishikawa
o UK: Mobile-phone radiation causes short-term memory loss
Mich Kabay
o Microsoft, PBS team up on interactive Barney Show
Edupage
o Re: MS, PBS, Evil Dummies and Hungry Dolls
Mich Kabay
o Quicken Quagmire
Lauren Weinstein
o Re: FBI wants to ban the Bible ...
Ellen Spertus
Xcott Craver
Kenneth Albanowski
o Re: @LARGE -- Spaf quote
J Chapman Flack
Andy Sparrow
o Info on RISKS (comp.risks)

Eagle (the President) and the Eagle Beagle

David Wagner <daw@cs.berkeley.edu>
Fri, 19 Sep 1997 13:28:23 -0700 (PDT)
  [Adapted from a cypherpunks item, with David's permission.  PGN]

An unidentified hacker announced on 19 Sep 1997 the interception of
Pres. Clinton's pager messages (along with pager messages destined for
staff, Secret Service agents, and other members of his entourage) during his
recent trip to Philadelphia.  This is coming as an embarrassment to the
administration's policy on communications privacy and encryption.

The lengthy transcript of pager messagers was published on the Internet
to demonstrate that the pager infrastructure is highly unsecure.

(Apparently the President's entourage relies a lot on pagers for
communications.  There are messages from Hillary and Chelsea; a Secret
Service scare; late-breaking basketball scores for the Pres.; staffers
exchanging romantic notes; and other amusements.)

This comes at quite an embarrassing time for the administration, given their
policy on encryption.  Strong encryption is the one technology that could
have protected Pres. Clinton's private pager messages, but the
administration has been fighting against strong encryption.  Top FBI
officials have been giving many classified briefings to House members,
asking them to ban all strong encryption in the US.  These proposals are
expected to reach the House floor soon, attached to the (originally
pro-encryption) SAFE bill.

An anonymous White House staffer was quoted as saying that it would be
"an expensive and complicated proposition" to put encryption into pagers
and cellphones.  This quote is interesting, because it's the White House's
crypto policies that have made it so complicated and expensive to add
strong encryption -- the cellphone and pager industries have wanted to
add strong encryption for privacy and security, but the administration
has forcefully dissuaded them from doing so.

Anyhow, the press release is at

        http://www.inch.com/~esoteric/pam_suggestion/formal.html

The transcript of the pager messages (complete with basketball scores
for the Pres, messages to call wifey, two phone calls from Chelsea --
who got put on hold, staff romances, a Secret Service scare, etc.) is at

        http://www.inch.com/~esoteric/pam_suggestion/output.html

Feel free to get in touch by e-mail (daw@cs.berkeley.edu) or by phone
(510-643-9435) with me if you'd like more information, quotes, or the like.
-- David Wagner

  [ABC News apparently broke the story on the Evening News, Thursday 18 Sep.
  The transcript makes fascinating reading.
  David Wagner subsequently noted an article in
       http://www.tabloid.net/97/09/22/C1.html
  and also pointed me to a Reuters article
       http://www.reuters.com/rtrnews/stories/hackers.htm
  that includes a quote from Jim Bidzos of RSA Data Security, Inc.:
    "What an example! The Secret Service are victims themselves.
    This is the most sensitive communication of the Secret Service.
    What better argument could there be [for uncompromisible] encryption?"
  Once again, let me mention my Website, with lots of background on the
  crypto issues -- I've been getting lots of visitors, and would not
  want you to miss it:
       http://www.csl.sri.com/neumann/judiciary.html and /judiciary.ans
  on key-recovery crypto and related topics, and
       http://www.csl.sri.com/neumann/neumannSenate.html
  on risks in the computer-communication infrastructure.  PGN]


MFS Communications switch fails, with widespread effects

Steven Bellovin <smb@research.att.com>
Wed, 10 Sep 1997 20:49:16 -0400
Around 7pm on the evening of 8 Sep 1997, the main MFS Communications switch
(MFS Switch One) failed, downing UK telecommunications links provided by
MFS, Worldcom, and First Telecom.  The outage also affected most of
CompuServe's UK customers, whose access is typically via an MFS phone
number.  [PGN Stark Abstracting.  Evening usage is not necessarily off-peak,
because it is an excellent time to access computers in the U.S.  No one yet
has reported how long it took to restore service.  PGN]


AT&T database glitch caused '800' phone service outage

<Perillo@DOCKMASTER.NCSC.MIL>
Wed, 17 Sep 97 14:01 EDT
AT&T's network of toll-free numbers (800) crashed Wednesday 03 Sep 1997, and
thousands of callers were greeted with busy signals between 12:30pm and
2:00pm EDT.  The network outage was the company's worst overall outage since
[the long-distance slowdown of] 15 Jan 1990 [RISKS-9.61, ff.].  AT&T blamed
human error of a technician for the crash.  AT&T Corp. stated that it would
compensate customers for their toll-free service disruption.  Many customers
have contracts that entitle them to compensation.

The problem was caused when a technician uploaded to AT&T's Signaling System
#7 (SS7) an incorrect set of translations for the routing of '800' phone
calls.  Calls using the new '888' prefix were not affected.  '800/888'
numbers have become increasingly popular for remote access and call centers,
And may account for more than 40% of the volume on AT&T's domestic network.

Loading incorrect Routing and Translation tables has been the cause of many
recent network outages.  These tables should be tested off-line, and
automatically checked for format problems by a pre-processor.  Preferably an
automated "knowledge engineering" system should be used to create these
tables.

Since many of these problems have been blamed on a "technician's human
error", increased training is in order.  Before the changed
Tables/Instructions are uploaded into the system, there should be a
mandatory Quality Assurance review.

[References:
 * AP, "AT&T to Compensate Customers", 04-Sep-1997.
 * Network World, "Database glitch KOs 800 lines", 08-Sep-1997. ]

Robert J. Perillo, CCP, CNE, Principal Telecommunications Engineer
Richmond, VA  Perillo@dockmaster.ncsc.mil


SSN used in "killing" victim electronically

"Mich Kabay [NCSA]" <Mich_Kabay@compuserve.com>
Wed, 17 Sep 1997 17:38:00 -0400
Associated Press 97.09.11 via CompuServe's Executive News Service:

> OVERLAND PARK, Kan. (AP) -- Bulletin to the Social Security
> Administration: Kirsten Phillips is not only alive, she's hopping mad.
>
> Someone claiming to be a brother-in-law called the agency June 16 to
> report Ms. Phillips had died.

The government immediately stopped payments of $860 in benefits, took money
directly out of her bank account (and made several cheques bounce), then
arranged for her credit cards to be cancelled.  One week later, her records
were restored, but the damage caused hours of problems for the victim.

According to the AP report,

> A person who reports a death must provide only a name, address,
> phone number and some specific information about the deceased,
> as well as his relationship to the person. More questions could
> be asked if there are doubts about the caller's truthfulness,
> said Rick Conway, program specialist for Social Security in Kansas City."

"Anybody can do harm with your Social Security number," Ms. Phillips said.
"If somebody is mad at you and they're a real vengeful person and they're
real creative, all they have to do is call up ... and have enough personal
information on you that they can destroy your life."

[Comment from MK:  Operations which have expensive consequences need
thorough investigation before they are implemented.  Social Security
Administration should change its policies so that notifications of death
are _always_ verified using at least one _independent_ source of information.
An obvious candidate:  the person who is supposedly deceased.]

M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education
National Computer Security Association (Carlisle, PA) http://www.ncsa.com


Falsified reports -- human behavior: an ultimate risk

Chiaki Ishikawa <Chiaki.Ishikawa@personal-media.co.jp>
Thu, 18 Sep 1997 09:34:55 +0900 (JST)
I have in the past reported a few recent accident/incidents at a Japanese
nuclear industry plant, fuel-processing factory, etc..  These have really
tarnished the image of the Japanese nuclear industry very much.  Recently, a
nuclear-waste storage plat has been found to be lacking proper oversight and
large drum barrels holding low-radiation materials were found rotting in a
badly built storage house.  This also caused a public uproar, at least in
the major press.

Now there is a new development that could really shatter the trust in the
nuclear industry -- although the government agency and the companies
involved are trying to downplay the importance:

  More than 150 cases of falsified reports concerning the post-processing of
  welded metal parts have been uncovered.

Background: Hitachi built parts of several nuclear power plants in Japan.
Its subsidiary, Hitachi Engineering Service produced and is the maintenance
company of various parts used in the assembled system in the nuclear power
plants.  Because the primary and secondary coolant system as well as the
steam generator and associated piping systems come into contact with heat
and high-pressure, the metal assembly used needs special post-processing:
they are heated and then annealed at a prescribed temperature-time curve to
give them better endurance under the expected load.

Hitachi Engineering Service apparently sub-contracted the annealing process
to a small company called Shinko (seven employees according to the
yesterday's Asahi-shimbun).

The nuclear industry is bound by many safety regulations issued by
government, and among it the requirement for record of the annealing
process, and a graph for temperature vs. time is in the required report.
Given the seriousness of a potential problem, I think it is proper for the
government agency to request the record of such process to make sure that
the parts are produced properly.

Shinko employees, for whatever the reason, falsified the reports by

 - producing a completely falsified record based on the computer
   simulation of  what the temperature reading at time intervals
   should be for a given type of assembly parts,

 - running two similar annealing processes for identical pipes, and
   took the reading off only one real process, falsifying the other
   report, etc.

The reason cited by the president of the Shinko was that the employees
seemed to have thought the real reading off the measurement instrument
contained glitches caused by line noise (noise from fluorescent lamps were
cited) was not pretty/clean enough to be accepted by the oversight agency,
and beautified the report with false graphs and such.

I had the gut feeling that at the subcontractor's level anything goes after
watching the movie "China Syndrome" back in early 1979.  (In the movie, the
X-ray photos which check the welding conditions was doctored, and Jack
Lemmon playing an engineer tried to bring the problem to the attention of
the management.)

This time, the falsification was made public by a letter to the president of
Hitachi. Someone acted as a whistleblower.  After the letter was received,
Hitachi initiated the investigation, and Hitachi Engineering Service people
went over the old records.  According to the newspaper, at least 160 records
seem to have been doctored.

I have no idea how they figured out which record is likely to be doctored,
and why they didn't catch it in the first place.  The number can be higher
if through investigation now conducted by Hitachi et al., and the government
agencies involved are over.

According a short comment issued by someone at the government agency, the
problematic parts should still be OK (!?) because the Hitachi Engineering
Service engineers accompanied the initial setup of each annealing process:
essentially, the desired temperature change of the annealing process is
typed into a control computer and the rest is automatic.  The reasoning is
that the process ought to have behaved according to the plan -- despite the
falsified record.

I have questions of my own:

* The cited measurement instruments are rather largish boxes with a moving
needle to indicate the temperature and at the same time records the reading
on paper (I assume).  Can they really be so easily susceptible to "line
noise" caused by fluorescent lamps?  The president cited "inverter noise",
which I think means the high-frequency noise caused by the type of
electronic circuits that changes the duty-cycle (on-off period) of AC.

* The government agency and Hitachi seem to take the position "Don't
worry. The parts are OK".  Isn't this like saying that computer programs
turn out to be found not going through prescribed testing, but since it is
written according to the spec, it should be OK?

(I think I am a little too harsh on this. Hardware such as metal welding,
etc. probably works much more reliably and according to the spec than
software parts.  Also, the post-assembly annealing probably increases the
endurance, but possibly the initial design itself is such that the parts
will work under the load unbroken.  Apparently Hitachi conducted some checks
by putting the parts under over-the-spec condition to see if they withstand
such load, etc..)

Although, morality of engineers, how to instill such morality into the
engineers, etc. came to my mind, such blatant falsification of reports and
that they went unnoticed, coupled with the earlier problems in the nuclear
industry, really shook my confidence in the Japanese nuclear industry.
(Well, it was small to begin with.)

I think people living near the affected power plants have real cause for
worry given the many earthquakes Japan sees each year.

Yes, the risk here is hardly related just to computers, but I feel that we
should think of the risk analysis in a global picture, and if people
involved can behave so badly, the computer can hardly play a worse role.
This probably should be borne by everyone.

I don't think anything could be done on the computer side to catch this type
of stupid human behavior.  (But, if Hitachi Engineering Service could catch
the falsification after the whistleblower's letter, then maybe a computer
program today could scan the submitted graphs and such and report anomalies.
Just a thought.)

Ishikawa, Chiaki  Personal Media Corp., Shinagawa, Tokyo, Japan 142
ishikawa@personal-media.co.jp.NoSpam


UK: Mobile-phone radiation causes short-term memory loss

"Mich Kabay [NCSA]" <Mich_Kabay@compuserve.com>
Mon, 22 Sep 1997 08:27:05 -0400
> LONDON, Sept 20 AAP - Radiation emitted by mobile phones has been shown
> for the first time to cause short-term memory loss and lapses in
> concentration, The Sunday Times reported.  [Australian Associated Press 20
> Sep 1997, via CompuServe's Executive News Service]

It seems there is research at "Washington University" [UK?] with rats
showing that "microwaves of the kind emitted by mobile phones" damaged the
critters' ability to learn new tasks.  Dr Henry Lai is working on the
problem; the National Radiological Protection Board seems to accept the
hypothesis that cell phone emissions interact directly with brain function.

> The agency's deputy director, Dr John Stather said it has
> decided to lead a Europe-wide research effort into the effects of
> the radiation.

Apparently these effects, if proven, "could explain why mobile phones are so
often associated with road accidents."

M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education
National Computer Security Association (Carlisle, PA) http://www.ncsa.com


Microsoft, PBS team up on interactive Barney Show (Edupage)

Edupage Editors <educom@educom.unc.edu>
Sun, 21 Sep 1997 12:39:28 -0400
Microsoft and PBS are collaborating on a series of "Barney & Friends" that
will include a specially encoded signal that activates an interactive Barney
doll.  The signal is picked up by a Microsoft-made set-top receiver called
ActiMates, which then relays it to the doll.  The doll can then interact
both with the show and with the child watching it.  The shows are scheduled
for broadcast beginning Nov. 3.  (*Investor's Business Daily*, 19 Sep 1997;
Edupage, 21 Sep 1997)


Re: MS, PBS, Evil Dummies and Hungry Dolls

"Mich Kabay [NCSA]" <Mich_Kabay@compuserve.com>
Mon, 22 Sep 1997 08:49:02 -0400
I can see it now: a new genre of horror movie in which animated figures
controlled by TV shows take on a sinister glamour and throttle, eviscerate
and otherwise harm infants while under the control of the TV set.  This
development will rejuvenate the Evil Dummy theme and give succor to all the
mind-control freaks who already think that TV is a nefarious plot to damage
the collective intelligence of the human race.

Come to think of it, they may have a point.

On a more practical note, think about the damage caused by dolls that ate
their little owner's hair -- and then think about _computer-controlled_
dolls -- and then think about _hacked_ computer-control programs for little
robots being cuddled by infants.  Be afraid.  Be very afraid.

Mua-ha-ha-ha. . . . [add reverb effect]

M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education
National Computer Security Association (Carlisle, PA) http://www.ncsa.com


Quicken Quagmire

Lauren Weinstein <lauren@vortex.com>
Wed, 17 Sep 97 18:48 PDT
Over the last few years, the acceptance of "Quicken" (a registered trademark
of Intuit, Inc., and possibly Checkfree, Inc.  which bought Intuit Services
Corp.) has been widespread.  Probably millions of persons have come to rely
on Quicken for much of their banking information, often ignoring their paper
statements in preference for the snazzy and handy Quicken displays.  Banks
around the U.S. have encouraged use of the package through free or cheap
online banking services that tightly integrate with Quicken.

Some users may have a problem though.  If you don't use the package often
enough--exactly how often is problematical--the balances Quicken presents
may often be completely incorrect.  Trying to find out who is at fault for
this results in a complicated tirade of finger-pointing between Checkfree
and member banks, but essentially the problem is so simple as to be almost
funny.

When triggered to collect online banking data, Quicken purports to run off,
collect all the data since your last call, download it, and then allow you
to add it automatically to your local account registers.  However, if you
haven't bothered to download your banking data for awhile (Busy?  Out of
town?  Forgot?)  you may very well find that banking transactions you
actually made are not recorded in any manner by Quicken, and that your
account balances from that point forward will be inaccurate.  Furthermore,
there is no warning of any kind to suggest that this might be the case--it
is a completely silent and "invisible" corruption of all balances from then
on unless manually corrected.

It turns out that the banks who contract through Checkfree/Quicken have
different policies for how long data is maintained.  The exact period can
vary widely, but tends to be between 30 and 90 days, with 45 days apparently
being very common.  If you haven't downloaded your account for a period
exceeding that interval, transactions can be lost--poof--Quicken doesn't
know that they ever existed.  If you don't download for an ever *longer*
period (again, the exact interval is unclear) your Quicken account may be
"locked out" for "security" reasons, but at least this is an obvious event,
not a silent dropping of banking transactions into the bit bucket.

Now, it probably would be too much to expect banks/Quicken/Checkfree to
maintain data indefinitely.  However, it seems bizarre that such an extreme
action as simply dropping data would occur without *some* sort of warning!
At least the software could warn that you had exceeded the appropriate
downloading interval for your bank, and that you had better check your
physical statements for lost transactions.  But it doesn't.  Or at the
*very* least the documentation could boldly warn of the risk of not
frequently downloading your data.  (According to the Quicken support folks
the available Quicken docs don't seem to mention this problem at all.)

When questioned about all this, Checkfree suggests that they "assume" people
will download their data often enough that this won't be a problem.  And
besides, they say the bank sets the data purge interval.  Bank
representatives point back at Checkfree, claiming Checkfree is in charge of
the data.  They also suggest that people should of course always compare
against their paper statements (but how many Quicken users might be
naturally lax in this regard?)

The bottom line seems to be that if you've *ever* exceeded your bank's data
purge period between Quicken download runs, you may have any number of
missing transactions, of any size, that have never been reflected in your
Quicken registers or balances.  So long as you've never gone an "extended"
period without downloading your data you may be OK.  But otherwise, if you
depend on Quicken, some painstaking manual research over your banking
records may be in order.

Lauren Weinstein, Moderator, PRIVACY Forum, Host, PRIVACY Forum Radio
http://www.vortex.com


Re: FBI wants to ban the Bible ... (Gleeson, RISKS-19.38)

Ellen Spertus <ellens@ai.mit.edu>
Wed, 17 Sep 1997 13:15:07 -0700 (PDT)
> The Risks of this go on and on: would information in languages that
> the FBI can't translate also be illegal? It could be argued that
> languages are elaborate "substitution codes".

This question is not hypothetical.  Prison officials have refused to relay
prisoner letters in languages that they do not know.  Also, Feynman wrote in
his memoirs similar issues with military censors when he worked at Los
Alamos during the War, including their objections to his including math in
his letters.


Re: FBI wants to ban the Bible ...

Xcott Craver <caj@math.niu.edu>
Wed, 17 Sep 1997 15:54:53 -0500 (CDT)
Remember the vague wording of the Communications Decency Act?  By a literal
interpretation (disclaimer: I am not a lawyer), an online card catalog in a
library is used to "publicly make available" material of a potentially
indecent nature, uses a telecommunications device (indeed, many just telnet
to a catalog at a remote university) and certainly doesn't discriminate
between minors and adults.  Just one more example of a blurry line, in this
case the one between the internet and reality.

By the way, remember Erann Gat's post to RISKS 16.87 ["The source of
semantic content"], in which it was pointed out that it may one day be
illegal to broadcast random strings via the Internet?  I imagine that many
will protest the FBI's stance by doing just that.

-Xcott


Re: FBI wants to ban the Bible ... (Gleeson, RISKS-19.38)

Kenneth Albanowski <kjahds@kjahds.com>
Wed, 17 Sep 1997 18:14:00 -0400 (EDT)
> It could be argued that languages are elaborate "substitution codes".

Which implies that the people of remote (or dispossessed) tribes with
languages that few people understand must be considered munitions, as must
the few people in the world who can read Mayan, Linear-B, etc., and that
Tolkien (and other folk who invented complete languages and scripts) must be
considered munition manufacturers, as well as high-grade munitions
themselves.

Or, to apply another reductio ad absurbum: how, exactly, does one
distinguish between random data (for scientific purposes) and random data
(for a cryptographic one-time-pad)?

Kenneth Albanowski (kjahds@kjahds.com, CIS: 70705,126)


Re: @LARGE -- Spaf quote (Spyker, RISKS-19.38)

J Chapman Flack <flack@cs.purdue.edu>
Fri, 19 Sep 1997 16:34:24 -0700 (PDT)
len spyker's alternative formulation:
> Using encryption on the Internet is the equivalent of arranging a bike
> courier to verbally deliver credit-card information from someone living in
> a home or company fortress to someone in an expensive shop on Park Lane.

Ah, but that contains the assumption that current operating systems and
applications--the endpoints of network operations--can be even remotely,
charitably, or whimsically thought of as fortresses.  They can't, and that
was exactly Spaf's point.  To put it another way:

Strong encryption methods are known and widely available (despite the
efforts of a number of governments including the US). Properly used, they
can make information very resistant to attack while in transit.  Encryption
affects an attacker's strategy: where without encryption it might be easiest
to meddle with information in transit, in the presence of good encryption
that strategy becomes less promising compared to a direct attack on the
endpoints, where the information can be had in the clear. Fortunately (for
the bad guys), our endpoints tend to be cardboard boxes and park benches.

That said, len's final point (using the net without encryption likened to
inviting muggers into the home) is well taken.

-Chap Flack <flack@cs.purdue.edu>


Re: @LARGE -- Spaf quote (Spyker, RISKS-19.38)

Andy Sparrow <spadger@best.com>
Fri, 19 Sep 1997 21:37:54 -0700
[...] given that the USA is a country in which people only rarely look at
the back of a credit card to check your signature, mere possession of the
plastic being deemed ample, where ordering goods on the telephone and
arranging for goods to be delivered elsewhere than the billing address
raises not an eyebrow, can you imagine my astonishment at noting a web site
(from a MAJOR bank, at that), which invited me to enter the following
information into an HTML form for transmission in ASCII text form to a
non-encrypted server:

i) Social Security Number ({over}used as a kind of de facto Citizen ID/PIN
   number in the US)

ii) Address, phone number, salary details

iii) (Optional) Details of existing credit card accounts, with balances

My gast, as they say, was flabbered...

The issue is, if they have such a poor understanding of the issues that they
simply ignore them like this, exactly what precautions do they take to
safeguard such confidential information should one supply it in a more
conventional fashion???

And this particular bank has a web page devoted to "Security" and credit
card fraud...

AS

Please report problems with the web pages to the maintainer

Top