The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 21 Issue 81

Friday 7 December 2001

Contents

Trader's error causes multi million-dollar loss
George C. Kaplan
Security hole at WorldCom left internal computer networks at risk
PGN
Judge ordered hack of Interior Department trust fund system
James H. Paul
NatWest bank turns debits into credits
Bob Buxton
Cops get speeding tickets from cameras
Monty Solomon
Gwinnett County GA keeps prison inmates list online
Nick Brown
"Late-night" Internet-porno-ban
Debora Weber-Wulff
Optimizations at kiosks can be costly
Seth Arnold
Grocery self-checkout risks
Scott Nicol
Swedish police reportedly doctor video evidence, admit it
Jerry via Declan McCullagh
Ulf Lindqvist
E-voting and international law
Lucas B. Kruijswijk
Re: "Light turnout" for election
Andrew Fleisher
Re: Connecticut AG website wants Microsoft ...
Roland Roberts
Nathan Sidwell
Re: PLEASE REMOVE me from the CAL database
RootsWeb HelpDesk
Re: REVIEW: "Hackers Beware", Eric Cole
Mark Brader
Info on RISKS (comp.risks)

Trader's error causes multi million-dollar loss

<"George C. Kaplan" <gckaplan@ack.berkeley.edu>>
Tue, 04 Dec 2001 08:19:18 -0800

An article in the *Wall Street Journal* on 3 Dec 2001 describes how a simple
data-entry error could end up costing UBS Warburg up to $100 million:

  Dentsu Inc., one of the world's biggest advertising companies, was making
  its trading debut Friday on the Tokyo Stock Exchange after completing one
  of the year's biggest initial public offerings -- a deal arranged by UBS
  Warburg, a unit of Switzerland's UBS AG, ...

  Before the Tokyo market opened Friday, a UBS Warburg trader entered what
  was intended to be an order to sell 16 Dentsu shares at 610,000 yen
  ($4,924.53) each or above.  Instead, the trader keyed in an order to sell
  610,000 Dentsu shares at 16 yen apiece ...

The order was canceled by 9:02 AM, but not before 64,915 shares, almost half
of the 135,000 shares in the IPO, had been sold.  The price of Dentsu
shares, which had been bid up to 600,00 yen before the market opened, fell
to 405,000 yen.  Now, UBS Warburg is obligated to deliver the shares it
sold, and will have to buy them on the open market.

The article doesn't say anything about sanity checks in UBS's trading
software.  These have their own risks, of course, but you'd think that an
error of 4 orders of magnitude in the selling price would at least merit an
"Are you sure?" before the order went through.

Once again, we see how computers let people make really big mistakes quickly.

George C. Kaplan. Communication & Network Services, University of California
  at Berkeley  1-510-643-0496  gckaplan@ack.berkeley.edu


Security hole at WorldCom left internal computer networks at risk

<"Peter G. Neumann" <neumann@csl.sri.com>>
Thu, 6 Dec 2001 10:16:14 PST

A security hole at WorldCom Inc. left internal networks at several of the
nation's top companies (e.g., AOL Time Warner, Bank of America, CitiCorp,
News Corp., JP Morgan, McDonald's Corp., Sun Microsystems) open to hackers.
Adrian Lamo, a consultant in San Francisco, worked with WorldCom to fix the
months-old problem over the weekend.  There is no evidence that the security
hole had been exploited, although it was possible to reconfigure or shut
down corporate networks.  Lamo: ``These networks were never designed to be
connected to the Internet, They were private circuits running between
locations.''  [Source: eponymous AP item, 05 Dec 2001, PGN-ed]
  http://www.siliconvalley.com/docs/news/tech/080991.htm


Judge ordered hack of Interior Department trust fund system

<"James H. Paul" <jpaul@Capaccess.org>>
Wed, 05 Dec 2001 15:17:56 -0500

In an extraordinary step approved by a federal judge, a computer expert
hacked his way into a government-run, Denver-based financial system last
summer, created a false account and later altered yet another account. All
this happened without the hacker being detected.  Those steps, endorsed by
U.S. District Judge Royce C. Lamberth in advance, were revealed Tuesday as
part of a court case involving the Interior Department's handling of more
than 300,000 trust accounts it is supposed to manage for American Indians.
A court-appointed master said the ease with which the government's computer
system could be penetrated was "deplorable and inexcusable." In a report
ordered released by Lamberth, the special master, Alan Balaran, called on
the judge to seize control of the system.  [Source: Court-appointed hacker
altered Indian accounts, by Bill McAllister <bmcallister@denverpost.com>,
*Denver Post* Washington Bureau Chief, 5 Dec 2001
  (http://www.denverpost.com/Stories/0,1002,53%257E254976,00.html; PGN-ed

  [The DoI Web site is now OFF THE NET.  PGN]


NatWest bank turns debits into credits

<Bob Buxton <bob_buxton@uk.ibm.com>>
Mon, 03 Dec 2001 11:35:36 +0000

NatWest Bank (UK) online banking service offers the ability to download bank
statement information into Quicken and Microsoft Money on your PC and until
recently this worked correctly.

Previously you could choose to download all of your transactions from
multiple accounts in a single download, now you have to download each
account separately which takes much longer - especially since when using
Netscape it forces you to go through the long winded logon procedure each
time.

But the real problem is that the information that you download into Quicken
or Microsoft money in the .OFX file format is plain wrong.  It shows
standing orders out of my account as credits into the account!

This of course results in the account balance appearing to be much higher
than it should be and as a result I went overdrawn before I realized what
was going on.

The NatWest help desk acknowledge that this is a known problem but don't
know when the problem will be fixed and have done nothing to warn customers
or disable the function from the web site.


Cops get speeding tickets from cameras

<Monty Solomon <monty@roscom.com>>
Sat, 1 Dec 2001 16:10:41 -0500

Cops get speeding tickets from cameras
By Brian DeBose, *The Washington Times*, 1 Dec 2001

Some D.C. police officers say they are slowing their response to emergencies
because photo-radar cameras are ticketing them for speeding on Code One
calls, and they are being forced to pay the fines.

At least three D.C. police officers told The Washington Times they were
caught by the cameras and ticketed while on official police business. They
said they and other officers have been forced to pay the fines, and are now
on edge about speeding to a crime scene and running red lights in
emergencies. Like area motorists, they have little chance of getting a
reprieve from the D.C. Bureau of Traffic Adjudication without evidence to
present in their defense.  ...

Some officers have paid so many tickets that they are no longer speeding or
running red lights to get to their dispatched calls even in emergency
situations, Sgt. Neill said.  ...

http://www.washtimes.com/metro/20011129-13345237.htm


Gwinnett County GA keeps prison inmates list online

<Nick Brown <Nick.BROWN@coe.int>>
Thu, 6 Dec 2001 13:48:45 +0100

As reported at the excellent www.cruel.com:

Wondering what happened to that acquaintance from Gwinnett County, Georgia,
from whom you haven't heard in a while ?  Try
  http://www.gwinnettcountysheriff.com/Docket%20Book.htm.

The RISKs are many and varied, but to get you started, click on the link to
see the list of charges against any inmate, at the end of which you find:

  "If you have reason to believe this information is inaccurate, you may
  submit a request for review to:

  Gwinnett County Sheriff's Department
  Records Section
  2900 University Parkway
  Lawrenceville, Georgia 20043"

No indication is given of how long it takes between one's (postal)
application to have incorrect details removed, and the update to the Web
site, but presumably the interval can be reduced if your lawyer can spell
"defamation".


"Late-night" Internet-porno-ban

<Debora Weber-Wulff <weberwu@fhtw-berlin.de>>
Wed, 05 Dec 2001 15:02:30 +0100

German officials are apparently attempting to prove that the PISA results
(Germany is pretty much at the bottom of the pack in regards to education
world-wide) are true and anyone, no matter how ignorant, can be a politician
in Germany:

The German Federal Government and the State governments have agreed to new
measures for protecting youth from pornography on the Internet: according to
the "Financial Times Deutschland" (http://www.ftd.de/pw/de/FTDPRAR3MUC.html)
all such content is banned from 11 p.m. until 6 a.m.

No, this is not April Fools' Day.  Really.  The German government seems to
think that when it is 11 p.m. in Germany, it is 11 p.m. everywhere else. And
that all those XXX folks on the Internet will happily turn off the sleaze
during the German day when the kiddies are awake.

This has of course caused an uproar amongst those in the know.
Spiegel-on-line wrote an open letter to the guy in charge of publishing this
nonsense, Frank-Walter Steinmeier
  http://www.spiegel.de/netzwelt/politik/0,1518,170361,00.html
    [The sarcastic wit in the letter may not make it through Babelfish
    intact, but it is quite funny]

What a sorry state of affairs. The risks posed by ignorant politicians may
yet be far more dangerous that the odd virus and software mistake.....

Prof. Dr. Debora Weber-Wulff, FHTW Berlin, Treskowallee 8, 10313 Berlin
+49-30-5019-2320  http://www.f4.fhtw-berlin.de/people/weberwu/


Optimizations at kiosks can be costly

<Seth Arnold <sarnold@marcelothewonderpenguin.com>>
Tue, 27 Nov 2001 18:28:30 -0800

Like Richard Akerman and Geoffrey Brent, an automated vending machine's
failure mode caught me by surprise. However, what I interpreted as a failure
mode may just be an optimization:

When purchasing a bus pass from an automated credit-card kiosk, I was
informed "Authorization Denied" after selecting the pass I wanted, so I took
my card and walked away. A kind soul ran up to me, handing me my receipt. An
unkind soul didn't bother to hand me my bus pass.

As far as I can figure, the Authorization Denied screen was probably the
last screen displayed on an off-screen buffer -- upon switching the display
to the previously off-screen buffer, the machine did not clear the old
screen. I imagine had I waited two more seconds, the machine would have
informed me of the successful transaction.

While I can think of several technological solutions to this problem, I
decided to do something more pragmatic: purchase my bus tickets from the
human-operated vending station a few blocks away.

(And yes, several phone calls and two days later, my money was refunded to
my card.)


Grocery self-checkout risks

<Scott Nicol <sbnicol@mindspring.com>>
Thu, 06 Dec 2001 00:37:22 -0500

This past summer, two major grocery store chains in my city installed
self-checkout lines.  They are arranged in groups of four, with one cashier
station supervising the group.

Credit-card purchases can be signed for at the self-check line (electronic
pad), but sometimes the line's register will prompt you to go to the
cashier's station to finish your transaction.  In other words, credit-card
transactions for 4 different stations are handled at one register.

On my August credit-card statement, I noticed two charges on the same day in
the same store.  To make a long story short, the charge was finally reversed
today.  The "extra" charge was for the checkout line adjacent to the one I
used, and was completed before my checkout was complete (it showed up
first).  The head cashier volunteered today that she had dealt with one
other customer who had the same thing happen.

The only strange thing about the checkout was that, at the end of the
transaction, I was prompted to swipe my card twice, then prompted to go to
the cashier station to sign the receipt. Swiping a card twice isn't unusual
- credit cards and credit-card readers aren't perfect.  Having 4 different
card readers connect to one cash register is.  I assume, in this case, the
system assigned the first swipe to the order from the adjacent line, and the
second swipe to my order.

Scott Nicol <sbnicol@mindspring.com>


Swedish police reportedly doctor video evidence, admit it

<Declan McCullagh <declan@well.com>>
Sat, 01 Dec 2001 19:07:13 -0500

Date: Sun, 2 Dec 2001 01:19:37 +0100
>From: jerry@xs4all.nl
To: <declan@well.com>
Subject: Swedish police files complaint against themselves

interesting article re Video Evidence in belgium newspaper;
http://www.standaard.be/nieuws/buitenland/index.asp?doctype=detail.asp
&ArticleID=DST01122001_034 (in Dutch)

re. http://www.svt.se/granskning/reportage.asp?S=744&A=744
(Swedish)

quick translation;

Swedish police filed a complaint against themselves after a sewdish TV show
revealed that police used manipulated video footage as evidence.

The TV show Uppdrag Granskning [http://www.svt.se/granskning/] compared its
own footage with the evidence used by the attorney general.

The comparison shows that images were swapped, sound was edited, and police
brutality cut out. Scenes where 19 year old Hannes Westberg gets shot in the
belly have been tampered with.

PS. The complaint is about copyrights and abuse of power.  Jerry

POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/


Swedish police reportedly doctor video evidence, admit it

<Ulf Lindqvist <ulf@sdl.sri.com>>
Sun, 2 Dec 2001 21:38:01 -0800 (PST)

This is in agreement with what I have read in Swedish media.  What is
missing here is that the prosecutor's office has repeatedly tried to obtain
raw film footage from TV stations, presumably to compare with the police
videos, but they refused and the Supreme Court agreed with the media. Out of
context, it sounds pretty nasty that a teenager was shot by police, but it
is apparently proven that he was hurling 4x4x4 inch solid cubic pavement
stones at an officer who was already badly wounded from previous stones,
bleeding and semiconscious. The police, relatively inexperienced with riots,
were armed with nightsticks and pistols only, nothing "in between" such as
water cannons, teargas/pepper spray or rubber bullets.


E-voting and international law

<"Lucas B. Kruijswijk" <L.B.Kruijswijk@inter.NL.net>>
Mon, 3 Dec 2001 00:18:25 +0100

Many articles were posted about the risks of computers with elections.  I
wondered to which extend the national Constitutions and International Law
protects the election process and reduces the risks. After some research I
made the conclusion that some kinds of voting are indeed violating
International Law. This means that there is a risk that a judge may forbid
some kind of voting methods, making the investment worthless. I also asked
my government (the Dutch government) to react on the issues which led to
remarkable responses.

The Dutch government is investigating the possibilities of two new ways of
voting. Voting at home with the use of the Internet and voting with a
"voting pillar". The voting pillars can be placed in public areas. There are
no officials nearby and the pillar is controlled remotely. The voter has to
identify itself with an electronic card with biometric information (iris
recognition).

Both ways of voting can not ensure that the voter is alone when he/she casts
his/her vote. There are no technical solutions known that prevent that
couples votes together at home. It might be possible to ensure this for a
voting pillar, but with the different body sizes this is certainly not
trivial. These limitations conflict with International Law.

First of all, there is article 21.3 of the Universal Declaration of Human
Rights:

  "The will of the people shall be the basis of the authority of government;
  this shall be expressed in periodic and genuine elections which shall be
  by universal and equal suffrage and shall be held by secret vote or by
  equivalent free voting procedures."

But more precise and more important is article 25.b of the International
Covenant on Civil and Political Rights:

  "To vote and to be elected at genuine periodic elections which shall be by
  universal and equal suffrage and shall be held by secret ballot,
  guaranteeing the free expression of the will of the electors."

When I read this article I conclude that the primary concern is the "free
expression of the will". However, the only legal way to achieve this is by
"secret ballot". So, if a government chooses a voting method where there is
no indication that the free expression of will is compromised but where the
vote is not secret, then this method is still not allowed to be used
(obvious the reason for this is that it is very hard to determine whether a
will is free or not).

The interpretation of "secret ballot" is now very important. Note that word
'ballot' refers to "voting balls" and not to the vote itself. There is a
risk in translating this into another language, because a literal
translation of 'ballot' might not exist. In such case a translation from
"secret paper" is maybe better than a translation from "secret
vote". According to the New Shorter Oxford Dictionary, the words "secret
ballot" means "in which votes are cast in secret". So, the circumstances in
which the vote is cast are important. If someone tells his/her vote
afterwards, it is still a secret ballot (because the vote was *cast* in
secret), but if two persons vote together with their personal computer, then
it is not a secret ballot.

This does not necessarily imply that voting at home or with voting pillars
are violating the Covenant. First of all if the voter is in such situation
that there is no realistic possibility to ensure that he/she casts his/her
vote in secret (for instance when he/she is abroad), then of course the
right to vote is more important then the secrecy of the vote. Second, the
article in the Covenant does not specify the responsibilities of the
States. You may argue that the secrecy of the vote is also the
responsibility of the voter to some extend.

The Human Rights Committee made comments on this article. The Committee is
allowed to make such comments under article 40 of the same Covenant. If a
State did also sign the first optional protocols, then individuals (and they
are admissible in this case) can ask the Committee for a judgment when
domestic remedies are exhausted. So, the Committee is the highest court.

On paragraph 20 of the comments, the Committee says:

  "States should take measures to guarantee the requirement of the secrecy
  of the vote during elections including absentee voting, where such a
  system exists."

The States are not fully responsible for the secrecy, but they are obliged
to make effort to ensure the secrecy.

To my opinion the "voting pillars" violate the Covenant. The government can
give the same service to the voter and ensuring the secrecy. It just adds a
supervising official to the voting pillar. So, the government is not
fulfilling its obligation of making this effort.

Voting at home via the Internet, is allowed for those people that live in
remote areas or abroad. However, a judge might forbid it for people that
live in urban areas where polling stations are not a practical problem. A
judge is probably more willingness to listen when is realized that voting
via the Internet will finally lead to the elimination of polling
stations. In the Netherlands the introduction of voting machines led to a
10% reduction of polling stations, because of the expensive voting machines
and budgets policies of the local governments (according to documents of the
national government). When voting at home is possible, then less people will
go to the polling stations, which result that polling stations are closed,
which will result that more people will vote at home etc.

I have requested 'Het Ministerie van Binnenlandse Zaken en
Koninkrijksrelaties' (the Ministry of the Interior or Home Department), to
react on the matter of the Constitution and International Law in relation
with the new ways of voting. The Ministry responded that the responsibility
of the State for the secrecy of the vote is "facilitating". So, according to
this principle the State is not responsible in anyway to ensure that the
votes are cast in secret; it should only guarantee that the voters have the
possibility to vote in secret. I think the Ministry is in error on this
point. First of all, if that would be the case, then the Covenant should say
something like "one has to right to vote in secret", but that are not the
words of the Covenant. Second, it would mean that it is allowed to give the
voter the option to make his/her vote with his/her name public on the
Internet (the voter has still the possibility to vote in secret). I think
one does not consider this as a proper way of voting.

In a new letter I explicitly asked the Ministry to react on the text of the
Human Rights Committee. I also pointed on the inaccuracy of the Dutch
translation on the words "secret ballot". Since I wrote this letter
recently, I did not have a response yet.

Despite the fact that serious questions can be raised about the
compatibility of the new voting methods with national Constitutions and
International Law, the Ministry does not mention these in the official
documents at all.

I hope they do a better job with security.

Lucas B. Kruijswijk <L.B.Kruijswijk@inter.nl.net>


Re: "Light turnout" for election (Rhodes, RISKS-21.80)

<Andrew Fleisher <andrew8@start.com.au>>
Mon, 03 Dec 2001 14:09:35 +1000

[With respect to] power/phone outages and online voting, what about the case
where there is localised damage to power or phone systems preventing people
from using online voting systems in significant elections which are close?
It makes the recent Florida debacle during the Presidential election seem
simple.


Re: Connecticut AG website wants Microsoft ... (Ravin, RISKS-21.80)

<Roland Roberts <roland@astrofoto.org>>
03 Dec 2001 12:28:57 -0500

I took a look at this with both Netscape 4.77 and Mozilla 0.95 (both on
Linux) and it displayed fine.  The only "functionality" provided by
Javascript appears to be a pop-up that tells me the site is best viewed at
800x600 or 1024x768.

I think the real issue here is general stupidity: turning a "nice" feature
(the pop-up about resolution) into an absolute requirement.

Roland B. Roberts, PhD, RL Enterprises, 76-15 113th Street, Apt 3B
Forest Hills, NY 11375  roland@rlenter.com   roland@astrofoto.org


Re: Connecticut AG website wants Microsoft ... (Ravin, RISKS-21.80)

<Nathan Sidwell <nathan@acm.org>>
Mon, 03 Dec 2001 11:13:35 +0000

I've noticed more and more of this kind of brokenness over the last 12
months. (This is with Netscape on Solaris or Linux.)

1) An Internet bank (which no longer has my custom), broke the 'print'
capability of all but IE. And then failed to understand that (a) the Web !=
Microsoft, and (b) a standalone machine would not be connected to the web.

2) A credit-card company had the same problem. It used to work, but back in
May it broke. I reported the problem and nothing has happened since then.

3) Many Flash sites claim I have not got flash enabled. One of these has
enough smarts to say something like 'You don't appear to have Flash, go
<here> to get it or go <here> to continue, if you know our check bombed out'

Dr Nathan Sidwell :: Computer Science Department :: Bristol University
nathan@acm.org  http://www.cs.bris.ac.uk/~nathan/  nathan@cs.bris.ac.uk


Re: PLEASE REMOVE me from the CAL database (RootsWeb, RISKS-21.80)

<RootsWeb HelpDesk <helpdesk-post@rootsweb.com>>
Sat, 1 Dec 2001 13:35:12 -0700

  [This was the reply many of us received in response to requests to be
  removed from the RootsWeb database noted in RISKS-21.80.  Apparently quite
  a few RISKS readers made such requests!  PGN]

A response to your Help Desk message, "PLEASE REMOVE me from the CAL
database," of Saturday, 1 December 2001, at 12:52 p.m. follows [...]:

  As some states have passed laws to make their records publicly available,
  many of these records have been made searchable on RootsWeb.com for
  genealogical purposes. This data is a great asset to many individuals
  doing family history research.

  In addition to our goal to provide outstanding genealogical resources to
  our users, MyFamily.com is very committed to the privacy of those using
  our services, whether on MyFamily.com, Ancestry.com or RootsWeb.com. For
  this reason we have removed the CA and TX birth records from our site.


Re: REVIEW: "Hackers Beware", Eric Cole (Slade, Risks-21.80)

<msb@vex.net (Mark Brader)>
Sat, 1 Dec 2001 20:57:46 +0000 (UTC)

> %T   "Hackers Beware: Defending Your Network from the Wiley Hacker"
> ... within [the first] six sentences , misspells the word "brakes."

It would be still more impressive if the title was misspelled [Wiley] as
shown above.  Or was that one the reviewer's error, perhaps induced by
familiarity with books published by Wiley?

Mark Brader, Toronto, msb@vex.net

  [Note: It is actually wrong [Wiley, and not too wily!] on the cover page
  as shown on the Wiley Web site:
    http://images.amazon.com/images/P/0735710090.01.LZZZZZZZ.jpg
  The Wiley Coyote Editor must have been working overtime.  PGN]

Please report problems with the web pages to the maintainer

Top