Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27: Issue 21

Thursday 21 March 2013

Contents

Mars Rover is Repaired, NASA Says

Henry Fountain

Weapons Experts Raise Doubts About Israel's Antimissile System

William J. Broad

Computer Networks in South Korea are Paralyzed in Cyberattack

Choe Sang-Hun

Hospital computer outage does not compromise patent safety

Richard Irvin Cook

Outage at Alchemy Communications data center in Irvine, California

Steve Golson

Cyberattack on Florida election raises questions

Lauren Weinstein

Details on the denial of service attack that targeted Ars Technica

Dewayne Hendricks

The ephemeral Internet

Bob Frankston

TSA tested program that tracked Bluetooth devices

Henry Baker

Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate

Lauren Weinstein

Re: Hacking the Papal Election

Sam Steingold
Neil Maller

Re: Boeing 787s to create half a terabyte of data per flight

Dag-Erling Smorgrav
PK

Re: Fake silicone fingers strike again (Mann, RISKS-27.20)

Dag-Erling Smorgrav

Re: "Attorney General's testimony on Aaron Swartz raises more questions than answers"

Jonathan Kamens

Sorry Google; you can Keep it to yourself

Joe Touch

Info on RISKS (comp.risks)

Mars Rover is Repaired, NASA Says (Henry Fountain)

"Peter G. Neumann" <neumann@csl.sri.com>

Thu, 21 Mar 2013 12:21:49 PDT

The Curiosity Mars Rover developed memory problems with one of its two
identical computers.  Control was switched to the second system to enable
repairs on the first computer.  However, the second system suffered a
software-based malfunction on 16 Mar and put itself on standby.  Finally, as
of the evening of 19 Mar, the second system was commanded back into safe
mode, and repairs of the first system continue, [Source; Henry Fountain,
*The New York Times*, 20 Mar 2013, PGN-ed]

Weapons Experts Raise Doubts About Israel's Antimissile System (William J. Broad)

"Peter G. Neumann" <neumann@csl.sri.com>

Thu, 21 Mar 2013 12:21:49 PDT

Israeli officials have been claiming success rates up to 90 percent.
Analysis by weapons experts suggests it is more likely 40 percent at best,
with some incoming rockets merely crippled or deflected and still able to do
considerable damage.  [Source: William J. Broad, *The New York Times*, 21
Mar 2013, PGN-ed]

  [This of course should remind readers of Ted Postol's efforts at MIT in
  demonstrating that the Patriot defenses were perhaps at best 20% effective
  rather than the officially regarded 95%—i.e., mostly failing to
  properly eliminate the scud missiles (R 13 19 and R 13 32).  PGN]

Computer Networks in South Korea are Paralyzed in Cyberattack (Choe Sang-Hun)

"Peter G. Neumann" <neumann@csl.sri.com>

Thu, 21 Mar 2013 12:21:49 PDT

Computer networks running three major South Korean banks and two of the
country's largest broadcasters were paralyzed on 20 Mar 2013 in DarkSeoul
virus attacks suspected of originating from North Korea.  This affected
ATMs, newcasters staring at blank screens, and so on.  DarkSeoul is malware
designed to evade popular anti-viral products.  Kim Jong-Un was quoted as
threatening to destroy government installations in the South and American
bases in the Pacific.  [Source; Choe Sang-Hun, *The New York Times*, 21 Mar
2013, PGN-ed]

Hospital computer outage does not compromise patent safety

Richard Irvin Cook <rcook@kth.se>

Wed, 20 Mar 2013 08:22:57 +0000

Boulder, CO newspaper "The Daily Camera" reports that the Boulder Community
Hospital was without a functioning clinical healthcare information system
for several days (http://www.dailycamera.com/news/boulder/ci_22819319). The
outage effected the hospital, eight laboratories, and six imaging centers,
according to the article. The hospital is: "using manual paper
record-keeping systems and traditional paper charts for its inpatients.
Hospital officials say the system allows them to continue treating patients,
provide diagnostic services and collect important clinical information that
will be entered later into each patient's electronic health record."

Although a hospital physician reportedly said he doesn't think the outage is
compromising the health or safety of patients, the backup system "seems a
little haphazard, and it's not an organized plan."

One patient is reported to have commented "If they can't keep their computer
system running, how can we trust them to perform surgery?"

"We apologize for the delays, but this was an unavoidable situation," a
hospital official reportedly said.

COI declaration: I was the lone dissenting opinion in the Institute of
Medicine's report on clinical healthcare information technology (available
at http://www.ctlab.org/documents/CookDissent.pdf). Clinical healthcare
information technology (CHIT) is a complex endeavor and there are wide
differences between the good CHIT and the bad CHIT.

Richard I Cook, MD, Professor of Healthcare System Safety
STH (Skolan f?r teknik och h?lsa)
KTH (Kungliga Tekniska h?gskolan)
Alfred Nobels All? 10, 141 52 Huddinge, SWEDEN mobile: +46 70 190 42 16
email: rcook@kth.se<mailto:rcook@kth.se>

Outage at Alchemy Communications data center in Irvine, California

Steve Golson <sgolson@trilobyte.com>

Wed, 20 Mar 2013 21:23:58 -0400

As reported by DreamHost:

http://www.dreamhoststatus.com/2013/03/19/power-disruption-affecting-us-west-data-center-irvine-ca/

Update from our CEO on the March 19/20, 2013 power outages affecting
services in our US-West (Irvine, CA) Data Center

I would like to share more details with our customers concerning the power
outages and resulting network and systems issues that impacted our services
on March 19/20 in our US-West (Irvine, CA) Data Center (the Irvine DC for
short).

A third party, Alchemy Communications, manages the Irvine DC. We lease a
large secure space in their facility. Alchemy is responsible for providing
power, cooling, security and related infrastructure services and
maintenance. The facility has a good track record on all of these
responsibilities—including providing reliable power. However, yesterday
at approximately 3pm Pacific Daylight Time (PDT), there was a failure in
their Uninterruptible Power Supply (UPS) system that completely shut down
power to all network and systems housed in the Irvine DC. This power outage
affected all tenants and was not limited to just DreamHost's equipment.

The power systems at the Irvine DC are designed to be redundant. The UPS
system is in-line and in the event the power grid feeds go down, the UPS
provides power until the diesel-powered generators kick in. We believe, at
this time, that Alchemy was performing unannounced maintenance on their UPS
systems and the systems failed—resulting in a complete power outage. In
addition to their UPS systems failing, their generators did not kick in.

The power failure lasted just a few minutes, however it created a number of
major issues with our network and systems in the Irvine DC that took many
hours for our operations teams to recover from. Not the least of which was
the loss of several critical pieces of networking hardware which did not
survive the power event. Complete details of these issues will be shared
once we have completed a detailed review over the next couple of days.

All customer-facing systems were largely restored from the first power
outage by early this morning 20 Mar 2013 PDT.

After the first power outage, we were assured by Alchemy that their power
systems would not be worked on further until a detailed, tested plan was in
place that would guarantee no additional loss of power. However, at sometime
around 4:30am PDT today their UPS system failed for a second time. This
resulted in another complete power outage and another intense period of
reboots, restores and system checks from our team. The time to restore most
services in the wake of this second power outage was much quicker, mainly
because there were no resulting hardware failures and we had learned from
the first failure. Alchemy has opted to run the Irvine DC on generators
until the UPS issues are fully identified and resolved, and we are
monitoring the situation closely to do our best to ensure that there are no
further power outages or issues that will affect our services in the Irvine
DC.

Corrective Action: Alchemy has a team of UPS specialists and Edison power
engineers on site who have identified potential points of failure in the
existing UPS infrastructure. They are currently in the planning phases of a
repair to the UPS systems. The proposed power system enhancements will be
subject to rigorous review and testing before being implemented. If all goes
as planned, the facility will be able to switch back from generators to
grid/UPS power. At this time, we do not believe that a public grid power
failure contributed to either of these incidents.

DreamHost will have additional network, systems and data center engineers
assigned to monitor all systems in the Irvine DC during the UPS system
upgrade. We also have oversight of the proposed UPS system repair plan being
structured by Alchemy. We will post an update on dreamhoststatus.com as soon
as the timing of any planned power system maintenance is known. We are
working diligently to ensure that the planning and implementation of any UPS
upgrades, maintenance and/or the cut back to grid/UPS power will not affect
continuous power to our systems and will not impact our customers.

Last, but not least, I want to apologize for these service disruptions. I
know how critical our services are to our customers and their livelihood. I
fully recognize that any disruption to services can affect important
production environments and projects. Our team will work diligently to
ensure that we mitigate the power issues going forward, including a full
audit of all facilities that house DreamHost customer data. We will learn
from this event and continuously improve our operations and services.

All customers impacted by these service issues can apply for credits or
refunds in accordance with our guaranteed uptime policy by contacting
support through the panel.

Simon Anderson, CEO, DreamHost

Cyberattack on Florida election raises questions

Lauren Weinstein <lauren@vortex.com>

Mon, 18 Mar 2013 14:22:22 -0700

http://www.cnn.com/2013/03/18/tech/web/florida-election-cyberattack/index.html?utm_sourceþedburner&utm_mediumþed&utm_campaignþed%3A+rss%2Fcnn_us+%28RSS%3A+U.S.%29

Details on the denial of service attack that targeted Ars Technica

<Dewayne Hendricks>

Wednesday, March 20, 2013

  [From Dave Farber's IP and elsewhere]

Sean Gallagher on Brian Krebs, 18 Mar 2013
Take a "booter" site survey, earn attacks like ones that targeted Ars,
http://arstechnica.com/security/2013/03/details-on-the-denial-of-service-attack-that-targeted-ars-technica/

Last week, Security Editor Dan Goodin posted a story about the "swatting" of
security reporter Brian Krebs and the denial of service attack on Krebs'
site. Soon after, Ars was targeted by at least one of the individuals behind
the Krebs attack. On Friday, at about noon Eastern Daylight Time, a denial
of service attack struck our site, making connectivity to Ars problematic
for a little less than two hours.

The attack continued to run throughout Friday. At 9pm EDT, when our hosting
provider brought down one of the filters that had been put in place to
thwart it, it quickly became apparent that the attack was still underway,
and the filter was restored. The most aggressive filters were finally
removed on Saturday.

At least in part, the offensive used the same attack tool and user
credentials that were involved in the denial-of-service (DoS) attack on
Krebs On Security, as Krebs himself revealed in a blog post. The attackers
used multiple accounts on TwBooter, a "booter" site that provides denial of
service attacks as a paid service (ostensibly for security testing
purposes), to launch an automated, denial of service attack on Ars. And at
least one of those logins was also used to attack Krebs' site.

TwBooter masks all of the complexity of launching attacks against sites.
Users of the site can, depending on how much they pay, launch up to three
simultaneous automated attacks against sites through a simple Web
interface. TwBooter users can even set up multiple accounts and fill up the
queue of the service's "attack server."

It doesn't cost much to get in on the ground floor with TwBooter—an
account with rights to a single automated attack of up to 60 seconds in
length is $10 for a month. This means you can launch as many 60 second
attacks as you want, one at a time, all month long. The "license" to launch
up to three attacks at a time of up to two hours duration is $169 a month --
but there's a 20 percent discount if you pay through Liberty Reserve instead
of PayPal.  There's also a free plan that allows for attacks up to 300
seconds long.  That service requires users to pick an attack type from a
pull-down menu in a Web form.

PayPal payments for the site are routed to Sebastien Lariviere, a former IT
technician for the county government (MRC) of Pierre-De Saurel in Quebec
(now operating as Lariviere Security). Lariviere did not respond to e-mails
from Ars for comment.

Obviously, sites like TwBooter generate a lot of ill will and are ironically
the target of DoS attacks themselves. Like many legitimate and "black hat"
sites—such as the site exposed.su, a website that recently posted the
personal information of many public figures—TwBooter runs behind the
CloudFlare content delivery network as a way of shielding itself from
attacks.

TwBooter may not have been the only service used to launch the attacks on
Ars and Krebs. "There are dozens of these booter services out there, most
of them based on the same source code," Krebs told Ars. But Krebs received
a tip pointing to a dump of TwBooter's customer database—openly accessible
on the services' website. It's clear the TwBooter site was part of the
attack. A snippet from the SQL dumps Krebs provided to Ars show that
multiple attacks (including Slowloris, TCP amplification, and SYN flood
attacks) were queued up by multiple accounts on the site. [...]

The ephemeral Internet

"Bob Frankston" <Bob19-0501@bobf.frankston.com>

Mon, 18 Mar 2013 16:00:44 -0400

http://forum.icann.org/lists/comments-closed-generic-05feb13/pdfVMmmFgwpbw.pdf

Disappointing - no sense that the DNS is problematic because it guarantees
the Internet will unravel. How can we have any long term persistence when
the very bonds that hold the Internet together a designed to melt away like
surgical thread. I understand that ICANN profits form leasing our identities
and thus has every incentive to continue this practice but where is the
pushback for a problem so real and obvious?

There are other issues in the document like the assumption that words can
have persistent meaning out of context like "For example, when you go to a
.map domain name you will be confident that you will see some sort of map."
The Google search team knows how difficult it is to pin down meaning.

But for the moment the high order bit is the lack of stable identifiers.

Bob Frankston  http://frankston.com

TSA tested program that tracked Bluetooth devices

Henry Baker <hbaker1@pipeline.com>

Thu, 21 Mar 2013 10:51:53 -0700

  [FYI—Didn't Google just get into a heap of hot water over doing exactly
  the same thing with WiFi?]

Scott MacFarlane, WPXI, 20 Mar 2013
TSA tested, scrapped program that tracked Bluetooth devices
http://www.wpxi.com/news/news/local/tsa-tested-scrapped-program-tracked-bluetooth-devi/nWyfh/


Lines can be long at airport security. The Transportation Security
Administration knows too. Documents obtained by Eyewitness News showed TSA
tested a project to measure how long.

Sensors in the terminal found Bluetooth devices, honed in on the signals and tracked how long it took people to get through security.

An internal TSA document stated it worked by “detecting signals broadcast to
the public by individual devices and calculating a wait time as the signal
passes sensors positioned to cover the area in which passengers may wait in
line.''

It said the information would be encrypted and destroyed within two hours to
protect people's privacy. TSA tested the technology in 2012 in Las Vegas and
Indianapolis, but bailed on it.

“This is an expensive and needlessly complicated way of estimating wait
times, compared with say a ticket agent writing the time at the front of the
line," said Julian Sanchez, author of "Wiretapping the Internet.''

TSA has taken criticism in the recent months for its handling of passenger
privacy, including enhanced pat downs and whole body scanners.

A spokesman for the Association of Airline Passengers Rights said his group
isn't comfortable with Bluetooth tracking and TSA has a history of saying
it's keeping passenger information private and then changing its story.

TSA documents show the agency considered posting warning signs alerting
passengers that Bluetooth sensors were active, but officials didn't return
comment when Eyewitness News asked if the signs were posted at the cities
where the technology was tested.

A spokesman confirmed they've scrapped the program before it became public.

Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate

Lauren Weinstein PRIVACY Forum <privacy@vortex.com>

Thu, 21 Mar 2013 12:03:27 -0700

  "Adoption of this amendment is a gross intrusion into the
  widely-respected, independent scholarly agenda setting process at NSF that
  has supported our world-class national science enterprise for over sixty
  years," the association said in a statement. "The amendment creates an
  exceptionally dangerous slippery slope. While political science research
  is most immediately affected, at risk is any and all research in any and
  all disciplines funded by the NSF. The amendment makes all scientific
  research vulnerable to the whims of political pressure."
  http://j.mp/Z3sWWY  (Huffington)

 - - -

An information and research control abomination by the Senate, in the
finest tradition of Stalinist thinking, Comrade Coburn.

Re: Hacking the Papal Election (Schneier, RISKS-27.20)

Sam Steingold <sds@gnu.org>

Wed, 20 Mar 2013 15:56:36 -0400

This article reminded me of a wonderful historical episode described by
Bazhanov - directly relevant to the voting security.

In 1920-ies the Soviet citizens were divided into 2 classes: Party
members, who enjoyed full democratic freedoms, and non-members, who were
completely at the mercy of the political police.

Policy decisions were made by party members by voting on a platform (the
Central Committee platform vs the Opposition platform).  So, each local
organization voted on the issue and sent the results to the Central
Committee, and these results were published in the official newspaper
Pravda.

Stalin, who, allegedly, later said that "it matters who counts the
votes, not who votes", came up with a brilliant scheme: Pravda published
all results as if they came in favor of the Central Committee platform.
E.g., if the local organization A voted 11 votes for CC, 17 votes for
Opposition and organization B voted 20 votes for CC and 12 votes for the
Opposition, then B was reported as is and the votes in A were switched
and reported as if 17 voted for CC and 11 for the Opposition.
This way the appearance was that the Central Committee's platform was
clearly more popular, and if the chief of A noticed the "typo" and
complained, the next issue would carry a small apology (obviously not as
prominent as the election results).

This way the Party was constantly bombarded by "evidence" that the Central
Committee's platform was more popular, which would swing the opportunist
vote (also there was always a risk that the supporters of the Opposition
might be expelled from the Party).

Sam Steingold (http://sds.podval.org/)
http://www.childpsy.net/ http://iris.org.il http://dhimmi.com
http://www.PetitionOnline.com/tap12009/ http://pmw.org.il http://truepeace.org

---

Re: Hacking the Papal Election (Schneier, RISKS-27.20)

Neil Maller <neil@nmaller.net>

Mon, 18 Mar 2013 15:26:36 -0400

As a postscript to Bruce Schneier's fascinating "Hacking the Papal Election"
analysis (RISKS-27.20), I would add that it has been widely reported that
Vatican authorities laid a false floor in the Sistine Chapel to cover
electronic jamming equipment.  This was intended to protect against
electronic eavesdropping...or unauthorized Cardinal tweets.

See:
<http://www.theverge.com/2013/3/10/4086176/radio-jammers-in-the-sistine-chapel-will-protect-secrecy-of-papal>.

Re: Boeing 787s to create half a terabyte of data per flight

=?utf-8?Q?Dag-Erling_Smørgrav?= <des@des.no>

Mon, 18 Mar 2013 22:01:37 +0100

"Bob Frankston" <bob2-39@bobf.frankston.com>
> I'm not sure what the worry is since we are collecting much of this
> already.

Steve Loughran <steve.loughran@gmail.com> writes:
> In Risks 27.19, Dag-Erling Smorgrav considers the fact that the Boeing
> 787s will generate 0.5TB of data per flight, and asks "what could
> possibly go wrong"?

You both missed the most important part of the quote I provided:

  "every piece of that plane has an Internet connection"

I sincerely hope Bulman misspoke, and that these devices are in fact
connected to a closed network, although that is no guarantee in itself.

Dag-Erling Smørgrav - des@des.no

---

Re: Boeing 787s to create half a terabyte of data per flight

PK <djc@resiak.org>

Mon, 18 Mar 2013 22:53:29 +0100

If the half-terabyte of data per Boeing 787 flight is going to be used for
anything important, I'd want it to be kept forensically secure, certain that
the data kept are the data gathered, unmodified.  And that, I think, is a
solvable problem.

I'd say the same should go for any important black box data, including cars
and trains.

Re: Fake silicone fingers strike again (Mann, RISKS-27.20)

=?utf-8?Q?Dag-Erling_Smørgrav?= <des@des.no>

Mon, 18 Mar 2013 21:47:17 +0100

The only surprise here is that anyone should consider this news.  And
you don't need an expensive 3D printer and the complex software and
know-how to operate it to create a prosthesis.  In this case, I suspect
they just took casts (since they were impersonating accomplices rather
than victims).  However, given a good copy of the victim's fingerprint,
a hundred dollars' worth of hobby electronics supplies and a teaspoon of
,liquid latex, you can trivially create a piece of prosthetic skin which,
when glued onto your own finger, will fool fingerprint scanners with
liveness detection.  Allegedly, some scanners can even be defeated by
pressing a balloon filled with warm water onto the sensor plate, causing
it to scan the latent fingerprint left behind by the previous user...

Dag-Erling Smørgrav - des@des.no

Re: "Attorney General's testimony on Aaron Swartz raises more questions than answers" (Samson, RISKS-27.20)

Jonathan Kamens <jik@kamens.us>

Mon, 18 Mar 2013 15:10:22 -0400

Both Senator Cornyn and the Ted Samson at InfoWorld display a marked lack of
understanding in how sentencing for federal criminal convictions works.

The news media is very bad about this in general, and has been very bad
about it specifically with regards to the Aaron Swartz case.

Ken White at the Popehat blog wrote a clear, detailed explanation of how
sentencing works and why it's almost always completely bogus to look at the
maximum possible sentences for all of the crimes someone has been indicted
for, add them all together, and pretend the total bears any relation
whatsoever to how long the defendant's sentence will actually be if s/he is
convicted.

This is required reading for anyone who wants to be an educated news
consumer who deals in facts rather than baseless hyperbole:

http://www.popehat.com/2013/02/05/crime-whale-sushi-sentence-eleventy-million-years/

Sorry Google; you can Keep it to yourself

"Joe Touch" <touch@isi.edu>

Mar 21, 2013 2:59 PM

  [Relatively self-contained response to a message in Dave Farber's IP
  distribution.]

Not sure what the surprise here is.

If you don't control your information, you don't *control* your information.

That's why I waited for Palm when many others were using dedicated
phonebook/note devices - it was open enough that I could backup and view the
info. When Palm went to a cloud-only solution, I switched to the iPhone. I
bought ToDo for it to manage reminders because Apple won't back them up
locally; when an update to ToDo required cloud-backup, I ceased tracking
updates.

Report problems with the web pages to the maintainer