The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 26 Issue 60

Friday 11 November 2011


ANA plane goes nearly belly up after wrong knob turned
Rob McCool
E-voting remains insecure, despite paper trail
Gene Wirchenko
Alleged Absentee Ballot Fraud in Florida
Massive Internet Outage blamed on Juniper routers
Lauren Weinstein
Gmail goes Colbert
James Morris
Automated systems that don't use automatic daylight savings
Tim Panton
NASA Confirms 'Suspicious Events' in Satellite Hacking Report
Rebecca Mercuri
Apple was OK to fire man for private Facebook comments
Anna Leach via Gene Wirchenko
Re: Blackberry outage saves lives
Geoff Kuenning
Re: United Airlines uses 11,000 iPads ...
Andrew Douglass
Geoff Kuenning
W32.Duqu: As ye sow, so shall ye reap ...
Stanley De Jager via Randall
New Malicious Program by Creators of Stuxnet Is Suspected
NYTimes via PGN
UK police using gear to intercept and monitor cell phones via mobile network spoofing
Lauren Weinstein
What happens when *everyone's* PII is leaked?
Jeremy Epstein
Contract worker stole 9M+ Israelis' personal information
Jeremy Epstein
Skype flaw allows BitTorrent users to be identified
Jeremy Kirk via Gene Wirchenko
Skype for iPhone makes stealing address books a snap
Dan Goodin via Monty Solomon
Info on RISKS (comp.risks)

ANA plane goes nearly belly up after wrong knob turned

Rob McCool <>
Thu, 29 Sep 2011 09:26:36 -0700 (PDT)

An ANA 737 went nearly belly up during cruise flight after the first officer
turned the wrong knob to let the captain back into the cockpit. The knob for
the rudder is similar to the knob to unlock the door and both are located in
close proximity to each other. Luckily, it was late at night and most
passengers were wearing their seat belts.

E-voting remains insecure, despite paper trail

Gene Wirchenko <>
Tue, 01 Nov 2011 13:13:08 -0700
InfoWorld Home / InfoWorld Tech Watch
October 31, 2011
E-voting remains insecure, despite paper trail
Microsoft researchers propose using cryptography technique as
temporary Band-Aid for making new e-voting systems more secure
By Ted Samson | InfoWorld

opening and closing paragraphs:

Microsoft Research has revealed a potential flaw in verifiable e-voting
machines through which fraudsters could easily use discarded ballot receipts
as a guide for altering votes. Fortunately, the researchers also offered a
solution—linking new receipts to previous ones with cryptographic hashes
-- but that alone won't make e-voting entirely secure, they cautioned.

This Microsoft Research report offers a fine example of how
electronic-voting systems have improved to a degree, but it also shows that
there's a lot of work to be done to make e-voting truly secure and
verifiable. The fact that so many lawmakers have continued to drag their
feet on this issue, even in light of documented controversies surrounding
e-voting over the past several years, suggests at best an abysmally high
level of technical ignorance among elected officials. At worst, it implies a
general disregard for the democratic process on which this country was
founded, a high level of corruption, or some combination thereof.

Alleged Absentee Ballot Fraud in Florida

Peter G Neumann <>
Wed, 19 Oct 2011 09:11:47 -0700

In Madison County, Florida, 8 residents have been arrested—among them
the election supervisor and a school board member—relating to the
2010 school board election in that county.  Apparently, the winner in one
district was implicated in illegally creating absentee ballots mailed to
false addresses, without voters' knowledge.

This reminds me of an incident in the 2000 election in Florida, in which the
inhabitants of entire rest home had voted 100% for one candidate, although
*none* of those residents who had been interviewed by ABC had actually
requested an absentee ballot—according to the ABC news reporter recording
me.  I suspect this is not uncommon.

Massive Internet Outage blamed on Juniper routers

Lauren Weinstein <>
Mon, 7 Nov 2011 10:37:17 -0800

  "A global internet outage took down sites and services across the web on
  Monday.  The outage began shortly after 2pm, and affected telco Time
  Warner Cable in the US and numerous ISPs in the UK, including Eclipse
  Internet and Easynet.  Several of the affected companies blamed the
  downtime on a problem with the firmware in Juniper Network routers.  "This
  outage has affected other networks running Juniper routers with the
  majority of them seeing their devices core dump and reload," affected ISP
  Phyber Communications said."  (Silicon)

Time Warner has said their entire Internet network operation was affected by
this.  I've been having connectivity problems on one of my primary circuits
since late yesterday and continuing now that may or may not be related.
I'll see if this message makes it out.

Gmail goes Colbert (From Dave Farber's IP)

November 11, 2011 11:28:12 AM EST

The new gmail that apparently is going to be forced on everyone is not an
improvement as far as I can see. It has a lot of cosmetic changes that
someone liked, but the amazing thing is the way they are introducing
it. There is no way to revert to the old version, but they devote special
buttons to tell you how nice the new look is and to ask for you for
feedback. The feed back section has just two Colbert-like questions: "What
do you like about the new version?" and "What, if anything, would you change
about the new version?" Colbert would ask something like "Is this awesome or
super-awesome?" but he's trying to be ironic.

James H. Morris

Automated systems that don't use automatic daylight savings

Tim Panton <>
Tue, 1 Nov 2011 17:30:02 +0000

I just got this e-mail from reception of the building I'm in today:

  "With the clocks going back by one hour this has caused the security door
  in the reception area to automatically lock at 17:00 instead of 18:00. Due
  to our system being down at the moment we are unable to change
  this. Please can I remind you that you should carry you pass with you at
  all times for security reasons."

So, of the three security systems mentioned, both the automated ones have
partially failed, the fallback is to *e-mail* me to remind me to carry a
pass so I won't get locked on the landing on my way back from the WC.
Hardly a disaster, but annoying none the less.

  [I was hoping to get this issue out at 11/11/11/11:11.  There's still
  hope to celebrate if you are in Alaska or Hawaii.  Cheers!  PGN]

NASA Confirms 'Suspicious Events' in Satellite Hacking Report

RTMercuri <>
Sat, 29 Oct 2011 21:19:31 -0400

Chinese Military Suspected in Hacker Attacks on U.S. Satellites
By Tony Capaccio and Jeff Bliss - Oct 26, 2011 9:01 PM PT

Computer hackers, possibly from the Chinese military, interfered with
two U.S. government satellites four times in 2007 and 2008 through a
ground station in Norway, according to a congressional commission.

The intrusions on the satellites, used for earth climate and terrain
observation, underscore the potential danger posed by hackers,
according to excerpts from the final draft of the annual report by
the U.S.-China Economic and Security Review Commission. The report is
scheduled to be released next month.

"Such interference poses numerous potential threats, particularly if
achieved against satellites with more sensitive functions," according
to the draft. "Access to a satellite's controls could allow an
attacker to damage or destroy the satellite. An attacker could also
deny or degrade as well as forge or otherwise manipulate the
satellite's transmission."

A Landsat-7 earth observation satellite system experienced 12 or more
minutes of interference in October 2007 and July 2008, according to
the report.

Hackers interfered with a Terra AM-1 earth observation satellite
twice, for two minutes in June 2008 and nine minutes in October that
year, the draft says, citing a closed-door U.S. Air Force briefing.

The draft report doesn't elaborate on the nature of the hackers'
interference with the satellites.

Chinese Military Writings

U.S. military and intelligence agencies use satellites to
communicate, collect intelligence and conduct reconnaissance. The
draft doesn't accuse the Chinese government of conducting or
sponsoring the four attacks. It says the breaches are consistent with
Chinese military writings that advocate disabling an enemy's space
systems, and particularly "ground-based infrastructure, such as
satellite control facilities."

U.S. authorities for years have accused the Chinese government of
orchestrating cyber attacks against adversaries and hacking into
foreign computer networks to steal military and commercial secrets.
Assigning definitive blame is difficult, the draft says, because the
perpetrators obscure their involvement.

The commission's 2009 report said that "individuals participating in
ongoing penetrations of U.S. networks have Chinese language skills
and have well established ties with the Chinese underground hacker
community," although it acknowledges that "these relationships do not
prove any government affiliation."
Chinese Denials

China this year "conducted and supported a range of malicious cyber
activities," this year's draft reports. It says that evidence
emerging this year tied the Chinese military to a decade-old cyber
attack on a U.S.-based website of the Falun Gong spiritual group.

Chinese officials long have denied any role in computer attacks.

The commission has "been collecting unproved stories to serve its
purpose of vilifying China's international image over the years,"
said Wang Baodong, a spokesman for the Chinese Embassy in Washington,
in a statement. China "never does anything that endangers other
countries' security interests."

The Chinese government is working with other countries to clamp down
on cyber crime, Wang said.

Defense Department reports of malicious cyber activity, including
incidents in which the Chinese weren't the main suspect, rose to a
high of 71,661 in 2009 from 3,651 in 2001, according to the draft.
This year, attacks are expected to reach 55,110, compared with 55,812
in 2010.

Relying on the Internet

In the October 2008 incident with the Terra AM-1, which is managed by
the National Aeronautics and Space Administration, "the responsible
party achieved all steps required to command the satellite," although
the hackers never exercised that control, according to the draft.

The U.S. discovered the 2007 cyber attack on the Landsat-7, which is
jointly managed by NASA and the U.S. Geological Survey, only after
tracking the 2008 breach.

The Landsat-7 and Terra AM-1 satellites utilize the commercially
operated Svalbard Satellite Station in Spitsbergen, Norway that
"routinely relies on the Internet for data access and file
transfers," says the commission, quoting a NASA report.

The hackers may have used that Internet connection to get into the
ground station's information systems, according to the draft.

While the perpetrators of the satellite breaches aren't known for
sure, other evidence uncovered this year showed the Chinese
government's involvement in another cyber attack, according to the

TV Report

A brief July segment on China Central Television 7, the government's
military and agricultural channel, indicated that China's People's
Liberation Army engineered an attack on the Falun Gong website, the
draft said.

The website, which was hosted on a University of Alabama at
Birmingham computer network, was attacked in 2001 or earlier, the
draft says.

The CCTV-7 segment said the People's Liberation Army's Electrical
Engineering University wrote the software to carry out the attack
against the Falun Gong website, according to the draft. The Falun
Gong movement is banned by the Chinese government, which considers it
a cult.

After initially posting the segment on its website, CCTV-7 removed
the footage after media from other countries began to report the
story, the congressional draft says.

Military Disruption

The Chinese military also has been focused on its U.S. counterpart,
which it considers too reliant on computers. In a conflict, the
Chinese would try to "compromise, disrupt, deny, degrade, deceive or
destroy" U.S. space and computer systems, the draft says.

"This could critically disrupt the U.S. military's ability to deploy
and operate during a military contingency," according to the draft.

Other cyber intrusions with possible Chinese involvement included the
so-called Night Dragon attacks on energy and petrochemical companies
and an effort to compromise the Gmail accounts of U.S. government
officials, journalists and Chinese political activists, according to
the draft.

Often the attacks are found to have come from Chinese
Internet-protocol, or IP, addresses.

Businesses based in other countries and operating in China think that
computer network intrusions are among the "most serious threats to
their intellectual property," the draft says.

The threat extends to companies not located in China. On March 22,
U.S. Internet traffic was "improperly" redirected through a network
controlled by Beijing-based China Telecom Corp. Ltd., the state-owned
largest provider of broadband Internet connections in the country,
the draft said.

In its draft of last year's report, the commission highlighted
China's ability to direct Internet traffic and exploit "hijacked"

To contact the reporters on this story: Jeff Bliss in Washington at; Tony Capaccio in Washington at

To contact the editor responsible for this story: Mark Silva in
Washington at

  [See also this article.  PGN

Apple was OK to fire man for private Facebook comments

Gene Wirchenko <>
Thu, 03 Nov 2011 10:34:33 -0700

Anna Leach: 'Image is so central to Apple's success', says tribunal,
*The Register*, 3 Nov 2011

selected text:

Apple was right to fire an employee of one of its UK stores for saying rude
things about the company on his Facebook wall, an employment tribunal in
Bury St Edmunds ruled.*

The tribunal judge upheld Apple's dismissal of the man for gross misconduct
in a case which sets another precedent for social network users who like to
bitch about work online.

The Apple Store worker had made derogatory comments about Apple's brand and
products on his Facebook wall. Although his posts were not public, one of
his unfriendlier "friends"—also a colleague in the store—printed the
comments out and showed them to their boss, who fired the man for

A striking feature of the case was that although the man's Facebook comments
were not public - privacy settings had been applied - the judge decided
because that the comments could be easily copied and pasted by his friends
they did not attract any privacy protection.

Re: Blackberry outage saves lives (Thorson, RISKS-26.59)

Geoff Kuenning <>
Wed, 26 Oct 2011 15:40:06 -0700

> Perhaps this could be exploited by throttling down network traffic during
> hazardous driving conditions, such as the first heavy rain of the season,
> major holiday evenings, and at the end of large sports events.

This bad idea was already tried by BART, with disastrous results.  There
are many socially beneficial uses for smartphones that don't involve
driving.  Even interfering with communication inside cars is a bad idea,
because it ignores the fact that the passengers might be the ones
contacting the babysitter to inform them they're going to be late.

Geoff Kuenning

Re: United Airlines uses 11,000 iPads ... (Stanley, RISKS-26.59)

Andrew Douglass <>
Tue, 25 Oct 2011 14:56:35 -0400

Good details all, but my concern was with *intentional* interference with
the flight systems, e.g., terrorism. It is a question necessarily suggested
I think by any concerns re interference by consumer electronics. In the
general operation of highly complex, fly-by-wire aircraft, such a deliberate
act could be a very bad thing. I have to hope contingency plans are in
place, and they probably aren't. There are I must believe alternatives (for
example hardened navigation options, like some sort of failsafe gyroscopic
or accelerometer control system (the wiser minds here will have better
ideas). Flying these large planes is a highly abstract exercise and flight
crews unprepared for malfunctions, as apparently with Air France 447, can be
rendered suddenly helpless—flying at cruising altitude is itself a
flight-critical operation.

Re: United Airlines uses 11,000 iPads ... (Irons, R-26.59)

Geoff Kuenning <>
Wed, 26 Oct 2011 21:33:36 -0700

>   Not quite. The main reason tablets and laptops are banned during takeoff
>   and landing isn't because of concerns over interference, but because they
>   might hinder an evacuation, and are potentially dangerous projectiles in
>   the event of an impact or rapid deceleration. ...

That's the first sensible justification that I've heard on this list for
prohibiting passengers from using devices that are allowed in the cockpit.

Of course, the airlines still don't get it quite right, since many still
permit (as only one example) the wearing of noise-canceling headphones that
are turned off; those, too, would be unpleasant to encounter at high speed.

Geoff Kuenning

W32.Duqu: As ye sow, so shall ye reap ... (Stanley De Jager)

Randall Webmail <>
October 19, 2011 1:34:20 PM EDT

> From Stanley De Jager:

> A new threat is getting some press this week and is being touted as "The
> next Stuxnet!" or at least a precursor to the next. The W32.Duqu appears
> to be written by either the same folks that brought us Stuxnet, or someone
> with access to its original source code. But whereas Stuxnet went after
> the control components for a device, this new code seems to be
> exfiltrating data to find assets for a possible future attack.

> It was Aeschylus, the Greek father of tragedy, that once wrote "For the
> impious act begets more after it, like to the parent stock."

> W32.Duqu: The Precursor to the Next Stuxnet

> And a much deeper public analysis here:
> W32.Duqu: The precursor to the next! Stuxnet

New Malicious Program by Creators of Stuxnet Is Suspected

Peter G Neumann <>
Wed, 19 Oct 2011 09:11:47 -0700

... Duqu is intended to steal digital information that may be needed to
mount another Stuxnet-like attack.  According to Symantec researchers,
“Duqu's purpose is to gather intelligence data and assets from entities,
such as industrial control system manufacturers, in order to more easily
conduct a future attack against another third party, The attackers are
looking for information such as design documents that could help them mount
a future attack on an industrial control facility.''  Duqu is designed to
last 36 days and then remove itself from the system it infected.  [Source:
John Markoff, The designers of Stuxnet, the computer worm that was used to
vandalize an Iranian nuclear site, may have struck again, security
researchers say.  Israeli Test on Worm Called Crucial in Iran Nuclear Delay
William J. Broad, John Markoff, David E. Sanger, *The New York Times*, 16
Oct 2011; PGN-ed]

UK police using gear to intercept and monitor cell phones via mobile

Lauren Weinstein <>
Sun, 30 Oct 2011 16:40:26 -0700
  network spoofing

  "Britain's largest police force is operating covert surveillance
  technology that can masquerade as a mobile phone network, transmitting a
  signal that allows authorities to shut off phones remotely, intercept
  communications and gather data about thousands of users in a targeted
  area." (Guardian)

One way to fight this is to focus on using trusted Wi-Fi networks for
communications when possible in constrained areas. The details are complex
but the principle has promise for special situations.

What happens when *everyone's* PII is leaked?

Jeremy Epstein <>
Mon, 24 Oct 2011 08:06:09 -0400

We've all seen hundreds of cases of PII being lost, stolen, etc.  But what
happens when an entire country's PII gets released?  Is that better or worse
- since absolutely everybody is potentially affected, is the government
forced to reissue authentication information to everyone, and change all the
databases?  (Assuming you can identify everyone to ensure that they get the
right authenticators, that is.)  Does the fact that it affects everyone mean
that people will be more cautious of social engineering attacks, since
everyone knows that they could be the target?  Or does it reduce the value
of the lost/stolen information, since everyone will be more on guard against

"The database provides the personal and familial information of all Israeli
citizens in the Population Registry—more than nine million people, some
of whom are no longer alive. Each citizen's family relations, personal
identification number and other private information are contained in the
database.  [...] At some point, the registry was sold for the paltry sum of
only a few thousand shekels [less than US$1000], and it is likely that it
was used for malevolent purposes. Since the start of the investigation,
Israeli agents have attempted to track down every copy of the registry and
remove it from the Internet. "

Of course removing "every copy" from the Internet is a fool's errand.

I don't have any answers to what the reaction will be, but we may have
a case study to watch.  The database was leaked several years ago, but
I only just read about it in an article about figuring out how the
information came to be posted on the web.

Contract worker stole 9M+ Israelis' personal information

Jeremy Epstein <>
Tue, 25 Oct 2011 20:21:21 -0400

[source: InfoSecNews, InfoSec News <>, 24 Oct 2011]

A contract worker from the Ministry of Labor and Welfare was charged with
stealing the personal information of over 9 million Israelis from the
Population Registry, the Justice Ministry announced Monday after a media ban
was lifted.

The worker electronically copied identification numbers, full names,
addresses, dates of birth, information on family connections and other
information in order to sell it to a private buyer.

The information was also given to another individual who used it to design a
software program called "Agron 2006", which exploited the database to allow
queries of all Israeli citizens, allowing information to be illegally sold
based on various parameters. Those parameters could include familial
relationships of the entire Israeli population, over several generations.

Subscribe to InfoSec News -

Skype flaw allows BitTorrent users to be identified (Jeremy Kirk)

Gene Wirchenko <>
Fri, 21 Oct 2011 10:26:23 -0700
Jeremy Kirk, Skype flaw allows BitTorrent users to be identified
Researchers have demonstrated its possible to link BitTorrent users
to Skype account information via IP addresses. It's a possible risk
to Skype's user privacy, 21 Oct 2011.

Skype for iPhone makes stealing address books a snap (Dan Goodin)

Monty Solomon <>
Fri, 21 Oct 2011 18:52:22 -0400

Dan Goodin, *The Register*, 20 Sep 2011

If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your
device's address book simply by sending you a chat message.  In a video
posted over the weekend, the security researcher makes the attack look like
child's play. Type some JavaScript commands into the user name of a Skype
account, use it to send a chat message to someone using the latest version
of Skype on an iPhone or iPod touch, and load a small program onto a
webserver. Within minutes, you'll have a fully-searchable copy of the
victim's address book. ...

Please report problems with the web pages to the maintainer