The RISKS Digest
Volume 27 Issue 36

Saturday, 6th July 2013

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Risks related to RISKS during my Seasonal Slowdown
Chrysler to recall 840,000 vehicles
Amos Shapir
Switching away from the PSTN on Fire Island
Paul Alan Levy
Switching away from the PSTN on Fire Island: NY AttyGen responds
Lauren Weinstein
What's good for the goose is good for the gander
Bob Sullivan via Henry Baker
Skype has been intercepted from before 2009
Peter Houppermans
License-plate readers let police collect millions of driver records
Henry Baker
Social engineering... Lowe's employees got fooled...
Danny Burstein
"Ransomware on Android: It was only a matter of time"
Ted Samson via Gene Wirchenko
Eager beaver blamed for killing Internet, cell service"
Gene Wirchenko
How innocent man's DNA got to crime scene
Henry K. Lee via Paul Saffo
Attackers sign malware using stolen Opera Software crypto certificate
Lauren Weinstein
*Newsweek* cover story: “Is Privacy Dead?''—27 July 1970
Lauren Weinstein
WashDC Metro Identifies Problem With Emergency Call Buttons on Trains
Gabe Goldberg
Double generator failure takes out two campuses
Richard A. O'Keefe
Novopay Ministerial Inquiry Report available
Richard A. O'Keefe
Why are software development task estimations regularly so far off?
Paul Robinson
Identity theft treasure trove
Henry Baker
Re: Cowlings Coming Loose from Engines: Human Factors at Work?
Craig Burton
Info on RISKS (comp.risks)

Risks related to RISKS during my Seasonal Slowdown

"Peter G. Neumann" <>
Sat, 6 Jul 2013 10:46:21 PDT
For the first time in many years, I have been more successful than usual in
trying to take my June-July vacation without too many work-related
interruptions.  However, the past three weeks since RISKS-the previous issue
have been heavily larded with potential RISKS-related material that is so
extensive that I cannot begin to include it all by way of catch-up.
Instead, let me simply remark that the Snowden case continues to amaze in a
swelter of information, misinformation, disinformation, fundamental issues
of constitutionality, privacy, accusations (French, U.S.), new revelations
of ongoing surveillance (NYC), and so on.  In addition, telcos have once
again resurfaced their desires to get rid of landlines, despite obvious
risks of disasters when the mobile facilities fail as well as risks for
rural folks with no cellular coverage.  But they and ISPs and others have
also been involved in surveillance.  Furthermore, the Federal Election
Commission has once again become more visibly broken—at a time when
Supreme Court has considerably muddied the waters regarding fair elections.
And so it goes.  There is apparently no possibility of vacations from risks,
even if you have had a vacation from RISKS.

I have well over one hundred submissions in the new queueueueue, and clearly
cannot use all of them.  I've picked just a few that still seem relevant and
timely.  If you feel I might have missed a really salient item you
submitted, please let me know.  [NOTE: Two belated items that were
resubmitted are included in this issue.]

Chrysler to recall 840,000 vehicles

Amos Shapir <>
Thu, 4 Jul 2013 18:08:36 +0300
About a third of this number are minivans in which a software bug causes
side airbags to deploy on the opposite side to that of an impact. (I wonder
how they did not catch this on QA?)

Full story at:

Switching away from the PSTN on Fire Island (via Dave Farber's IP)

"Paul Alan Levy" <>
Jul 5, 2013 9:31 AM
Cecilia Kang has a story in *The Washington Post* about the controversy on
Fire Island about Verizon's insistence that residents buy its new wireless
service because the company has decided to stop servicing the existing
copper-wired network.  The story includes chilling quotes from phone company
executives suggesting that, given the number of customers who have abandoned
landlines altogether in favor of cell phones, it is just a matter of time
before companies stop offering hard-wired telephone service even to those
who demand robust phone service.

Switching away from the PSTN on Fire Island: NY AttyGen responds

Lauren Weinstein <>
Wed, 3 Jul 2013 13:40:37 -0700
NY Attorney General to Verizon: Either Serve Your Customers Or Sell and Get Out  (Stop the Cap)

  "Attorney General Eric Schneiderman is more than a little concerned with
  Verizon's plans to abandon offering landline service on the western half
  of Fire Island and potentially other areas further upstate to satisfy the
  company's wireless business strategy.  In a hostile 13-page filing
  directed to the New York Public Service Commission, Schneiderman's office
  accused Verizon of abdicating its responsibility to provide universal
  access to high quality landline service in favor of moving customers to
  inferior Verizon Wireless service."

    [He's not mincing his words.  Great reading.  LW]

      [This item hits home, as it were.  I am vacationing in an area where
      AT&T and Verizon both have miserable cellular service, cable is
      nonexistent, and the primary rather expensive alternative seems to be
      satellite for Internet, TV, and phone.  PGN]

What's good for the goose is good for the gander (Bob Sullivan)

Henry Baker <>
Thu, 20 Jun 2013 17:45:46 -0700
Bob Sullivan, Columnist, NBC News
Lawyers eye NSA data as treasure trove for evidence in murder, divorce cases

The National Security Agency has spent years demanding that companies turn
over their data. Now, the spy agency finds the shoe is on the other foot. A
defendant in a Florida murder trial says telephone records collected by the
NSA as part of its surveillance programs hold evidence that would help prove
his innocence, and his lawyer has demanded that prosecutors produce those
records. On Wednesday, the federal government filed a motion saying it would
refuse, citing national security. But experts say the novel legal argument
could encourage other lawyers to fight for access to the newly disclosed NSA
surveillance database.

"What's good for the goose is good for the gander, I guess," said George
Washington University privacy law expert Dan Solove. "In a way, it's kind of

Defendant Terrance Brown is accused of participating in the 2010 murder of a
Brinks security truck driver. Brown maintains his innocence, and claims
cellphone location records would show he wasn't at the scene of the
crime. Brown's cellphone provider—MetroPCS—couldn't produce those
records during discovery because it had deleted the data already.

On seeing the story in the Guardian indicating that Verizon had been ordered
to turn over millions of calling records to the NSA last month, Brown's
lawyer had a novel idea: Make the NSA produce the records.

Brown's lawyer, Marshall Dore Louis, said he couldn't comment while the
trial was ongoing.

"Relying on a June 5, 2013, Guardian newspaper article ... Defendant Brown
now suggests that the Government likely actually does possess the metadata
relating to telephone calls made in July 2010 from the two numbers
attributed to Defendant Brown," wrote U.S. District Judge Robin Rosenbaum in
an order demanding that the federal government respond to the request on
June 10.

The laws of evidence require that prosecutors turn over to the defense any
records they have that might help prove a suspect's innocence.

  [Long item truncated for RISKS.  PGN]

Skype has been intercepted from before 2009

Peter Houppermans <>
Fri, 21 Jun 2013 09:34:33 +0200
Not really news, but it's interesting to see more detail:

“A Skype executive denied last year in a blog post that recent changes
in the way Skype operated were made at the behest of Microsoft to make
snooping easier for law enforcement. It appears, however, that Skype
figured out how to cooperate with the intelligence community before
Microsoft took over the company, according to documents leaked by Edward
J. Snowden, a former contractor for the N.S.A.''

The risk is that using 3rd parties to bypass the still overly high charges
for phoning abroad has pushed communication into the hands of less
structurally controlled 3rd parties.

>From an intercept perspective, tools like Viber, WhatsApp and other data
based platforms have been an astonishingly successful way of replacing
communications protected under local laws with equivalents that can be
easily tapped from the comfort of a US data centre, instead of having to
play nice with local law enforcement and going through pesky approval
processes, cross judicial access requests and due process paperwork..

Peter Houppermans, The Privacy Club, Switzerland

License-plate readers let police collect millions of driver records

Henry Baker <>
Thu, 27 Jun 2013 09:34:23 -0700

Ali Winston, The Center for Investigative Reporting, 26 Jun 2013

A license-plate reader mounted on a San Leandro Police Department car can
log thousands of plates in an eight-hour patrol shift.  “It works 100
times better than driving around looking for license plates with our
eyes,'' says police Lt. Randall Brandt.

When the city of San Leandro, Calif., purchased a license-plate reader for
its police department in 2008, computer security consultant Michael
Katz-Lacabe asked the city for a record of every time the scanners had
photographed his car.

The results shocked him.

The paperback-size device, installed on the outside of police cars, can log
thousands of license plates in an eight-hour patrol shift.  Katz-Lacabe said
it had photographed his two cars on 112 occasions, including one image from
2009 that shows him and his daughters stepping out of his Toyota Prius in
their driveway.  [...]

  [Long item truncated for RISKS.  PGN]

Social engineering... Lowe's employees got fooled...

danny burstein <>
Mon, 24 Jun 2013 21:47:34 -0400 (EDT)
[Justice Dep't press release]

Woman Pleads Guilty to Defrauding Lowe's Stores by Fraudulently
Obtaining Gift Card Credit

Defrauded Lowe's of at Least $250,000 by Calling Lowe's stores and
Pretending to be from Lowe's IT Department

Baltimore, Maryland - Lucerte "Lisa" Abellard, age 35, of Dobbs Ferry, New
York, pleaded guilty today to conspiracy to commit wire fraud in connection
with a scheme to defraud Lowe's stores. ...  According to her plea
agreement, Abellard called employees at Lowe's stores around the United
States, pretending to be from the "IT department" at Lowe's headquarters,
telling the Lowe's employee that she received a report there were problems
with a register at the Lowe's store. She would then ask the employee to run
a series of diagnostics on the register, often pretending to be able to see
the tests remotely. The purported diagnostics ended with a "test"
transaction that put a credit on a Lowe's gift card - usually about $3,000
to $4,000. ...

"Ransomware on Android: It was only a matter of time"

Gene Wirchenko <>
Mon, 24 Jun 2013 14:06:08 -0700
Ted Samson | InfoWorld, 21 Jun 2013
Ransomware on Android: It was only a matter of time
Malware called Android.Fakedefender pretends to be antivirus software
while locking up your smartphone until you pay the 'registration fee'

Eager beaver blamed for killing Internet, cell service"

Gene Wirchenko <>
Thu, 04 Jul 2013 22:34:36 -0700
*The Daily News*, Kamloops, British Columbia, Canada, 29 Jun 2013; p. B8:

[Taos] officials have finally identified the culprit behind a 20-hour
Internet and cellphone outage last week in northern New Mexico—an eager
beaver.  CenturyLink spokesman David Gonzales told The Associated Press that
a beaver chewed through the fiber line.  He says the evidence was discovered
by contractors who worked to repair the outage.  Officials say more than
1,800 Internet users were affected by the blackout.  The number of cellphone
users without service during that time is still unknown."

   [Dam(n) luddite?  PGN with a noodge from Gene]

How innocent man's DNA got to crime scene (Henry K. Lee)

"" <>
Thu, 27 Jun 2013 10:33:07 -0700
Henry K. Lee, *San Francisco Chronicle*, 26 Jun 2013

When a San Jose man charged with murdering a Monte Sereno millionaire was
suddenly freed last month, prosecutors acknowledged he had an airtight alibi
-- he was drunk and unconscious at a hospital when the victim was killed in
his mansion miles away.

But a mystery remained: How did the DNA of 26-year-old Lukis Anderson—who
was so drunk his blood alcohol content was five times the legal limit - end
up on the fingernails of slaying victim Raveesh "Ravi" Kumra?

Santa Clara County prosecutors answered that question Wednesday, saying the
same two paramedics who had treated Anderson for intoxication at a downtown
San Jose liquor store in November had responded to Kumra's home just hours

  [Long item truncated for RISKS.  PGN]

Attackers sign malware using stolen Opera Software crypto certificate

Lauren Weinstein <>
Wed, 26 Jun 2013 18:06:09 -0700
  "Opera's advisory leaves out key information that makes it hard to assess
  just how much damage was done. Missing details include when the attackers
  first gained access to the servers, precisely when the stolen digital
  certificate expired, and whether there's reason to believe other
  certificates may also have been obtained. It would also be useful to know
  how hackers got access to an official Opera digital certificate, which is
  supposed to cryptographically prove that the software that bears its seal
  could only have come from the company. As Ars reported last year,
  companies such as Symantec go to great lengths to secure such keys,
  although Opera is hardly alone in losing control of such a valuable
  certificate."  (ars technica)

*Newsweek* cover story: “Is Privacy Dead?''—27 July 1970

Lauren Weinstein <>
Mon, 17 Jun 2013 21:26:57 -0700
  The Assault on Privacy;
  Snoops, Bugs, Wiretaps, Dossiers, Data Banks—and Specters of 1984  (Daily Beast via NNSquad)

WashDC Metro Identifies Problem With Emergency Call Buttons on Trains

Gabe Goldberg <>
Wed, 19 Jun 2013 13:51:16 -0400
According to the Metro, dozens of trains per day have been rolling around
without functioning emergency intercoms for a lengthy period.  The problem
exists with some trains that have 6000 series rail cars in the lead. The
newer electronics on those cars had trouble communicating with other, older
cars in the train, specifically 1000 and 4000 series cars, the transit
agency said.

Gabriel Goldberg, Computers and Publishing, Inc.
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433

Double generator failure takes out two campuses

"Richard A. O'Keefe" <>
Fri, 21 Jun 2013 10:26:10 +1200
[Originally sent 20 March 2013.  I missed it.  PGN]

On March 19, at 7am, a routine weekly generator test was done at the
University of Auckland.  The generator failed.  There was a UPS, with 20
minutes of power.  "The controller was locked in the generator position, and
we couldn't manually switch [the system] back [to mains power]."  The backup
generator also failed.  The outcome was that Auckland University and AUT
University lost both Internet and phone access all day.  The phone system is
IP based.

Source: The National Business Review

  Generator failures are of course no news to Risks readers, and having a
  generator fail in a test is why the tests are done.  The way the system
  couldn't be switched back to mains power is rather more worrying.

Novopay Ministerial Inquiry Report available

"Richard A. O'Keefe" <>
Fri, 21 Jun 2013 10:27:00 +1200
  [Originally sent 11 June 2013]

For the past several years a new payroll system for New Zealand's schools
has been under development.  It went live without a phased rollout, without
testing complete, and indeed with some functionality not finished in August
last year.  There have been enormous problems with overpay, underpay, and

The Ministry of education have released a lot of documents about this at An (in my view,
rather unsatisfactory) Technical Review is at

That review was the basis of the Government's decision to throw more money
and people at the project—Brooks' Law having been repealed—to fix it.
That report is anonymous, and the Government's response to my Official
Information request makes it clear that the Minister Responsible for Novopay
does not know who wrote it or what their qualifications might be or what
they actually did in the review process.

There was a Ministerial Inquiry, and the 120 page report is now available.  (Follow the PDF
link in that page.)

While the particular system is of local significance, the report should be
of interest to many RISKS readers and could make an excellent case study.

Two particular points:

- the IT contractor never got complete requirements, in large part
  because previous outsourcing meant the Ministry didn't actually
  know what the requirements were and didn't think to involve users
  (school administrators) in requirements gathering

- New Zealand's previous spectacular IT failure, INCIS, also had a
  Ministerial Inquiry.
  the lessons (section 6) of which seem to have been ignored in the
  development of Novopay.

Why are software development task estimations regularly so far off?

Paul Robinson <>
Tue, 2 Jul 2013 15:46:13 -0700 (PDT)
"Why are software development task estimations regularly off by a factor of
2-3?"  This question was asked a few months ago on[1] and the
responses are absolutely stunning. This question, and the more than 100
responses it got, is absolutely fascinating reading for the constant reasons
for failure.  Michael Wolfe, a responder back in January whose answer got
picked as the #1 response, gave an example of a couple of guys deciding to
hike from San Francisco to Los Angeles.  "The line is about 400 miles long;
we can walk 4 miles per hour for 10 hours per day, so we'll be there in 10
days. We call our friends and book dinner for next Sunday night, when we
will roll in triumphantly at 6 p.m. They can't wait!"  And it all goes
downhill from there!  And I don't mean downhill as in easier, I mean the
amount of progress on the schedule goes downhill. Actually, progress doesn't
go downhill, it isn't long before it starts dropping like a rock! First, the
trip is not a straight line, the coast has lots of twists and turns so it's
more like 500 miles. Then they discover the terrain doesn't support moving
as fast as they thought. So they need to call and push back the schedule by
another 20%. And it gets worse.  "Man, this is slow going! Sand, water,
stairs, creeks, angry sea lions! We are walking at most 2 miles per hour,
half as fast as we wanted. We can either start walking 20 hours per day, or
we can push our friends out another week.  OK, let's split the difference:
we'll walk 12 hours per day and push our friends out until the following
weekend. We call them and delay dinner until the following Sunday. They are
a little peeved but say OK, we'll see you then."  Does this sound familiar?
His example goes on, and on, and on, showing how this project's end result
follows the lyrics of the Steve Miller Band's "Fly like an eagle": "Time
keeps on slipping, slipping slipping... Into the future..."  And this
fascinating and very enlightening comment is just one of dozens and dozens
of extremely interesting comments.  Oh, as for our two intrepid explorers
making a 400 err I mean 500 err I mean whatever mile hike? Check out where
they get stuck, or rather, where he ends the example, showing how bad things
can get, faster than you'd expect.  If this example of a simple trek between
two cities doesn't remind you of more than one software project you've been
involved in - if not all of them - you're either working at a world-class
ISO 9000 certified development facility or you've never worked on any
software project taking more than two days!


Paul Robinson <> (My Blog)

Identity theft treasure trove

Henry Baker <>
Tue, 25 Jun 2013 10:50:58 -0700
FYI—What could possibly go wrong with this database ?

John Merline, Investor's Business Daily,
Think NSA Spying Is Bad?  Here Comes ObamaCare Hub

The Health and Human Services Department earlier this year exposed just how
vast the government's data collection efforts will be on millions of
Americans as a result of ObamaCare.

Sen. Max Baucus, D-Mont., asked HHS to provide "a complete list of agencies
that will interact with the Federal Data Services Hub." The Hub is a central
feature of ObamaCare, since it will be used by the new insurance exchanges
to determine eligibility for benefits, exemptions from the federal mandate,
and how much to grant in federal insurance subsidies.

In response, the HHS said the ObamaCare data hub will "interact" with seven
other federal agencies: Social Security Administration, the IRS, the
Department of Homeland Security, the Veterans Administration, Office of
Personnel Management, the Department of Defense and—believe it or not --
the Peace Corps. Plus the Hub will plug into state Medicaid databases.

And what sort of data will be "routed through" the Hub? Social Security
numbers, income, family size, citizenship and immigration status,
incarceration status, and enrollment status in other health plans, according
to the HHS.

"The federal government is planning to quietly enact what could be the
largest consolidation of personal data in the history of the republic,"
noted Stephen Parente, a University of Minnesota finance professor.

Not to worry, says the Obama administration. "The hub will not store
consumer information, but will securely transmit data between state and
federal systems to verify consumer application information," it claimed in
an online fact sheet .

But a regulatory notice filed by the administration in February tells a
different story.

That filing describes a new "system of records" that will store names, birth
dates, Social Security numbers, taxpayer status, gender, ethnicity, email
addresses, telephone numbers on the millions of people expected to apply for
coverage at the ObamaCare exchanges, as well as "tax return information from
the IRS, income information from the Social Security Administration, and
financial information from other third-party sources."

They will also store data from businesses buying coverage through an
exchange, including a "list of qualified employees and their tax ID
numbers," and keep it all on file for 10 years.

In addition, the filing says the federal government can disclose this
information "without the consent of the individual" to a wide range of
people, including "agency contractors, consultants, or grantees" who "need
to have access to the records" to help run ObamaCare, as well as law
enforcement officials to "investigate potential fraud."

Re: Cowlings Coming Loose from Engines: Human Factors at Work? (Bauer)

"Craig Burton" <>
Thu, 13 Jun 2013 11:18:16 +1000
The engines on these planes collect their own data about wear and are smart
enough to ask for parts replacements in preventative maintenance compared to
a complex model of parts wear from benchmarked engines.

When I get in my car and leave the door half-closed it tells me.

Am I an idiot to ask why there isn't some flashing red incandescent bulb in
the cockpit if an engine cowl says it is not closed?

  [No, you are not an idiot!  PGN]

Please report problems with the web pages to the maintainer