The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 66

Thursday 26 December 2013


Belgian card payment network crashes two days after record usage
Peter Sayer via Jim Reisert
Programmed Interlocks remain a hazard
Bob Gezelter
Cryptolocker ransomware has 'infected about 250,000 PCs'
Leo Kelion
Brian Randell
Eric Burger
Target leaks credit card stripe data during Black Friday rush
Bob Gezelter
Security versus Countersecurity
Dick Mills
Secret contract tied NSA and RSA
Joseph Menn
Data brokers won't even tell the government how it uses, sells your data
Casey Johnston via Dewayne Hendricks
NSA oversight panel recommends more privatization of spying
Eli the Bearded
AT&T follows Verizon's lead, will start publishing law enforcement request data in early 2014
Verge via Lauren Weinstein
Re: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
Henry Baker
Silver Bullet 93: Yoshi Kohno
Gary McGraw
Info on RISKS (comp.risks)

Belgian card payment network crashes two days after record usage (Peter Sayer)

Jim Reisert AD1C <>
Wed, 25 Dec 2013 15:01:08 -0700
Peter Sayer, *PC World*, 24 Dec 2013

Belgium's card payment network failed on Monday night, leaving millions of
Belgians unable to pay at stores or to withdraw cash from ATMs and
self-service terminals inside banks.

Atos subsidiary Worldline, operator of Belgium's Bancontact-Mister Cash
payment network, reported on its website that it was difficult for
cardholders throughout the country to make payments or withdrawals from
around 4 p.m. local time on Monday. Local media reported long lines to make
cardless withdrawals at bank counters.

Worldline put its business continuity plan into effect, and payment
traffic began to recover from 5.15 p.m., returning to near-normal
levels from 6.30 p.m., the company said in a statement. ...
The outage came just two days after the Belgian payment network celebrated
its busiest ever day, processing 5,499,709 electronic payments on
Saturday. The previous record, of 5,314,820 transactions, was set on
Dec. 22, 2012, also a Saturday.

Programmed Interlocks remain a hazard

"Bob Gezelter" <>
Fri, 20 Dec 2013 06:17:49 -0700
It should be no surprise that interlock mechanisms relying on program
control can be compromised by a program bug (e.g., the well-documented
Therac-25 incidents) or by the same means through re-programming (e.g.,
malware).  A team at JHU has demonstrated that it is possible to activate
the camera on a Macbook while suppressing illumination of the "camera
active" LED. It should come as no surprise that programmable controllers can
be reprogrammed to behave in ways other than intended. It is not surprising
that the operating system apparently did not provide sufficient protection
to ensure that non-kernel components do not gain uncontrolled access to a
physical device, a failure on several fronts.  Better software integrity is
one answer. Regrettably, it is also arguable that the lesson for systems
designers is that required privacy interlocks should be implemented in
non-bypassable hardware circuitry, not as programmable displays. From a
consumer standpoint, the best interlock to covert audio/visual capture is
external devices that can be physically unplugged.  The JHU paper can be
found at: - Bob

Cryptolocker ransomware has 'infected about 250,000 PCs' (Leo Kelion via Steve Goldstein via DH via Dave Farber)

<*Dewayne Hendricks*>
Tuesday, December 24, 2013
[Note:  This item comes from friend Steve Goldstein.  DLH]

Leo Kelion, BBC, 24 Dec 2013

A virulent form of ransomware has now infected about quarter of a million
Windows computers, according to a report by security researchers.
Cryptolocker scrambles users' data and then demands a fee to unencrypt it
alongside a countdown clock.

Dell Secureworks said that the US and UK had been worst affected.  It added
that the cyber-criminals responsible were now targeting home Internet users
after initially focusing on professionals.  The firm has provided a list of
net domains that it suspects have been used to spread the code, but warned
that more are being generated every day.

Ransomware has existed since at least 1989, but this latest example is
particularly problematic because of the way it makes files inaccessible.
"Instead of using a custom cryptographic implementation like many other
malware families, Cryptolocker uses strong third-party certified
cryptography offered by Microsoft's CryptoAPI," said the report.

"By using a sound implementation and following best practices, the malware
authors have created a robust program that is difficult to circumvent."

Ransom dilemma

The first versions of Cryptolocker appear to have been posted to the net on
5 September.  Early examples were spread via spam e-mails that asked the
user to click on a Zip-archived extension identified as being a customer
complaint about the recipient's organisation.

Later it was distributed via malware attached to e-mails claiming there had
been a problem clearing a cheque. Clicking the associated link downloaded a
Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto
the victim's PC.

By mid-December, Dell Secureworks said between 200,000 to 250,000 computers
had been infected.  It said of those affected, "a minimum of 0.4%, and very
likely many times that" had agreed to the ransom demand, which can currently
only be paid in the virtual currencies Bitcoin and MoneyPak. [...]

Dewayne-Net RSS Feed: <>

Cryptolocker ransomware has 'infected about 250,000 PCs'

<*Brian Randell*>
Wednesday, December 25, 2013
My immediate reaction to reading that Cryptolocker is very difficult to
combat, because it uses "strong third-party certified cryptography offered
by Microsoft's CryptoAPI", was to think what a glorious opportunity for NSA
to come to our collective rescue - by demonstrating publicly how great its
skills are! :-)

Cryptolocker ransomware has 'infected about 250,000 PCs'

Eric Burger <>
Thu, Dec 26, 2013 at 8:14 AM
The really sad thing is that [that] is what the Information Assurance
Division [of NSA] *is* supposed to be doing for us.  It is the logic behind
having the *protect American networks* in the same organization that
*attacks foreign networks.*  If you know how to break *them*, you can tell
*us* how to protect ourselves.

Target leaks credit card stripe data during Black Friday rush

"Bob Gezelter" <>
Fri, 20 Dec 2013 05:40:18 -0700
Target stores have reportedly experienced a wide-spread compromise of credit
card swipe data during the peak shopping season. While the technical details
of how the data was compromised remain under investigation, several recent
cases have pointed to malware on Point-of-Sale systems or compromised card
scanning terminals.  Point-of-Sales systems (and other process control
systems) should never have unbridled access to Internet-accessible
systems. They should be located in firewalled cul-de-sacs that prevent all
but those accesses absolutely required by their function (an observation
that I have been making in the "Computer Security Handbook" since the Third
Edition (1995) and reiterate in the soon to be released Sixth Edition.
Similarly, communications between Point-of-Sale card terminals, registers,
and upstream systems should be carefully managed and strongly encrypted,
with properly managed keys.  In the long run, preventative measures are
cheaper than the financial side effects of personal data compromises.
Recent articles are at:!
Bob Gezelter,

  [Gene Wirchenko noted a similar article by John Ribeiro in InfoWorld,
  "Target says 40 million cards likely skimmed in security breach".  PGN]

Security versus Countersecurity

Dick Mills <>
Mon, 23 Dec 2013 15:46:09 -0500
In the aftermath of the Snowden revelations, our focus has been on details
of who did what and how we can place limits on the NSA and others.  But
details aside, there is a higher level conceptual conflict; namely, the
fundamental incompatibly of security and cyber-warfare.

To avoid getting tied up in semantics, let me make two definitions for the
purpose of this post.  Let G stand for the aggregate of all programs, all
agencies, all levels, of governments, and international alliances of
governments.  Let the words secure and security stand for any level of
protection that G finds inconvenient to penetrate with slight effort.

One goal of G is to be able to intercept the electronic communications of
bad guys, anywhere, anytime, anyplace.  But any organization, public or
private, that has secure communications could be infiltrated or exploited by
bad guys.  Therefore, the need to intercept bad guys translates to the need
to intercept everyone.  Universal bulk surveillance is the only assured way
to achieve that goal all the time.

A second goal of G is the ability to wage offensive cyberwar.  G must be
able to launch effective cyber attacks on short notice against any future
enemy.   But there is no way to be sure in advance who those enemies might
be, or what hardware and software the enemy might choose.  Therefore, the
practical way to attain that goal is to obtain the ability to successfully
attack anyone good or bad.  Deciding who is good and bad can be postponed.

Probably the most pragmatic way to foster both these goals is to weaken
security standards and to install back doors in every security related
system.  Traditional methods of breaching security like social engineering
must be applied case-by-case, and thus can't reach everyone.  Only bulk
methods meet the requirements.

Security experts may warn us that weaknesses and back doors will eventually
be discovered and that the bad guys will turn them against us.   Ignoring
that, our defensive strategy seems to be secrecy (i.e. security via
obscurity) combined with budgets so big that the bad guys can't match them.

Assured offensive capability is synonymous with assuredly ineffective
defensive capability.

As someone concerned with critical infrastructure protection (CIP), I'm
horrified by the conflicted motivations of G.  The same G which demands that
I partner with them to make CIP secure, is also vested in the requirement
that my systems are not secure enough to thwart their surveillance and not
secure enough to repel their cyberwar attacks. After all, if CIP were to
become secure enough to foil G, then I might freely share that expertise
with CIP experts worldwide.  Worse, bad guys might become employees of CIP
organizations here and abroad and use CIP security to cloak their activities
from G. CIP must be secure --- CIP may not be secure, both according to G.

As I see it, the concepts of universal surveillance, offensive cyber war
capabilities, and security are irreconcilable at the highest level;
technical details be damned.

Dick Mills, Sailing Vessel Tarwathie

Exclusive: Secret contract tied NSA and security industry pioneer (Joseph Menn)

"Peter G. Neumann" <>
Mon, 23 Dec 2013 10:14:12 PST
  [Thanks to George Ledin for spotting this item.]

Exclusive: Secret contract tied NSA and security industry pioneer
Obama on surveillance: "There may be another way of skinning the cat"
Joseph Menn, Reuters, San Francisco, 20 Dec 2013

(Reuters) - As a key part of a campaign to embed encryption software that it
could crack into widely used computer products, the U.S. National Security
Agency arranged a secret $10 million contract with RSA, one of the most
influential firms in the computer security industry, Reuters has learned.

Documents leaked by former NSA contractor Edward Snowden show that the NSA
created and promulgated a flawed formula for generating random numbers to
create a "back door" in encryption products, the New York Times reported in
September. Reuters later reported that RSA became the most important
distributor of that formula by rolling it into a software tool called Bsafe
that is used to enhance security in personal computers and many other

Undisclosed until now was that RSA received $10 million in a deal that set
the NSA formula as the preferred, or default, method for number generation
in the BSafe software, according to two sources familiar with the
contract. Although that sum might seem paltry, it represented more than a
third of the revenue that the relevant division at RSA had taken in during
the entire previous year, securities filings show.

The earlier disclosures of RSA's entanglement with the NSA already had
shocked some in the close-knit world of computer security experts. The
company had a long history of championing privacy and security, and it
played a leading role in blocking a 1990s effort by the NSA to require a
special chip to enable spying on a wide range of computer and communications

RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to
stop using the NSA formula after the Snowden disclosures revealed its

RSA and EMC declined to answer questions for this story, but RSA said in a
statement: "RSA always acts in the best interest of its customers and under
no circumstances does RSA design or enable any back doors in our products.
Decisions about the features and functionality of RSA products are our own."

The NSA declined to comment.

The RSA deal shows one way the NSA carried out what Snowden's documents
describe as a key strategy for enhancing surveillance: the systematic
erosion of security tools. NSA documents released in recent months called
for using "commercial relationships" to advance that goal, but did not name
any security companies as collaborators.

The NSA came under attack this week in a landmark report from a White House
panel appointed to review U.S. surveillance policy. The panel noted that
"encryption is an essential basis for trust on the Internet," and called for
a halt to any NSA efforts to undermine it.

Most of the dozen current and former RSA employees interviewed said that the
company erred in agreeing to such a contract, and many cited RSA's corporate
evolution away from pure cryptography products as one of the reasons it

But several said that RSA also was misled by government officials, who
portrayed the formula as a secure technological advance.

"They did not show their true hand," one person briefed on the deal said of
the NSA, asserting that government officials did not let on that they knew
how to break the encryption.


Started by MIT professors in the 1970s and led for years by ex-Marine Jim
Bidzos, RSA and its core algorithm were both named for the last initials of
the three founders, who revolutionized cryptography.  Little known to the
public, RSA's encryption tools have been licensed by most large technology
companies, which in turn use them to protect computers used by hundreds of
millions of people.

At the core of RSA's products was a technology known as public key
cryptography. Instead of using the same key for encoding and then decoding a
message, there are two keys related to each other mathematically. The first,
publicly available key is used to encode a message for someone, who then
uses a second, private key to reveal it.

 From RSA's earliest days, the U.S. intelligence establishment worried it
would not be able to crack well-engineered public key cryptography.  Martin
Hellman, a former Stanford researcher who led the team that first invented
the technique, said NSA experts tried to talk him and others into believing
that the keys did not have to be as large as they planned.

The stakes rose when more technology companies adopted RSA's methods and
Internet use began to soar. The Clinton administration embraced the Clipper
Chip, envisioned as a mandatory component in phones and computers to enable
officials to overcome encryption with a warrant.

RSA led a fierce public campaign against the effort, distributing posters
with a foundering sailing ship and the words "Sink Clipper!"

A key argument against the chip was that overseas buyers would shun
U.S. technology products if they were ready-made for spying. Some companies
say that is just what has happened in the wake of the Snowden disclosures.

The White House abandoned the Clipper Chip and instead relied on export
controls to prevent the best cryptography from crossing U.S.  borders. RSA
once again rallied the industry, and it set up an Australian division that
could ship what it wanted.

"We became the tip of the spear, so to speak, in this fight against
government efforts," Bidzos recalled in an oral history.


RSA and others claimed victory when export restrictions relaxed.

But the NSA was determined to read what it wanted, and the quest gained
urgency after the September 11, 2001 attacks.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to
concentrate on VeriSign, a security certificate company that had been spun
out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to
Massachusetts, and many top engineers left the company, several former
employees said.

And the BSafe toolkit was becoming a much smaller part of the company.  By
2005, BSafe and other tools for developers brought in just $27.5 million of
RSA's revenue, less than 9% of the $310 million total.

"When I joined there were 10 people in the labs, and we were fighting the
NSA," said Victor Chan, who rose to lead engineering and the Australian
operation before he left in 2005. "It became a very different company later

By the first half of 2006, RSA was among the many technology companies
seeing the U.S. government as a partner against overseas hackers.

New RSA Chief Executive Art Coviello and his team still wanted to be seen as
part of the technological vanguard, former employees say, and the NSA had
just the right pitch. Coviello declined an interview request.

An algorithm called Dual Elliptic Curve, developed inside the agency, was on
the road to approval by the National Institutes of Standards and Technology
as one of four acceptable methods for generating random numbers. NIST's
blessing is required for many products sold to the government and often sets
a broader de facto standard.

RSA adopted the algorithm even before NIST approved it. The NSA then cited
the early use of Dual Elliptic Curve inside the government to argue
successfully for NIST approval, according to an official familiar with the

RSA's contract made Dual Elliptic Curve the default option for producing
random numbers in the RSA toolkit. No alarms were raised, former employees
said, because the deal was handled by business leaders rather than pure

"The labs group had played a very intricate role at BSafe, and they were
basically gone," said labs veteran Michael Wenocur, who left in 1999.

Within a year, major questions were raised about Dual Elliptic Curve.
Cryptography authority Bruce Schneier wrote that the weaknesses in the
formula "can only be described as a back door."

After reports of the back door in September, RSA urged its customers to stop
using the Dual Elliptic Curve number generator.

But unlike the Clipper Chip fight two decades ago, the company is saying
little in public, and it declined to discuss how the NSA entanglements have
affected its relationships with customers.

The White House, meanwhile, says it will consider this week's panel
recommendation that any efforts to subvert cryptography be abandoned.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Grant McCoo.)

Data brokers won't even tell the government how it uses, sells your data (Casey Johnston)

<*Dewayne Hendricks*>
Saturday, December 21, 2013
They do disclose consumer types like "credit reliant" and "resilient renter."
Casey Johnston, Ars Technica, 21 Dec 2013

A Senate committee released a report this week that goes to great lengths
to determine all of the things that data brokers, the companies that trade
in consumer data, don't want to talk about. The 35-page report describes
some of the companies' strategies for collecting and organizing data, but
significant portions of the report discuss what the companies are unwilling
to talk about: namely, where they get a lot of their data and where that
data is going.

Companies covered in the report include well-known firms, like Datalogix
and Acxiom, as well as credit reporting companies that also trade in
consumer data, like Experian and TransUnion. In the report, the committee
sets out to answer four questions: what data is collected, how specific it
is, how it's collected, and how it's used. While the first two questions
turned out to be reasonably easy to answer, the companies all but
stonewalled the committee on substantial answers to the latter two.

The report harkens back repeatedly to the good old days of data collection,
when many of the same companies queried used demographic information like
zip codes to help marketers figure out where to send catalogs or area codes
to figure out which towns to telemarket to. These days, our many
interactions with the Internet—particularly financial ones—have
resulted in an onslaught of data for these data brokers to not only collect,
but to resell to interested parties.

Datalogix claimed to the committee that it has data on “almost every US
household,'' while Acxiom's databases cover 700 million people worldwide.
Types of data collected include consumer purchase and transaction
information, available methods of payment, types of cars consumers buy,
health conditions, and social media usage. Equifax specified that it knew
such specific details as whether people have bought a particular kind of
shampoo or soft drink in the last six months, how many whiskey drinks a
person has had in the last month, or how many miles they've traveled in the
last four weeks.

What the companies would not specify in full were their sources for consumer
data.  Three companies, Acxiom, Experian, and Epsilon, would not reveal the
sources of their data, citing confidentiality clauses as the reason.

The other data brokers said that their data comes from free government and
public databases, along with purchase or license data from retailers,
financial institutions, and other data brokers, which were otherwise
described as `third-party partners'.

The report mentions that companies acquire social media data specifically
for inclusion in their databases. However, this information is difficult to
connect to a profile without access to much of the metadata logged by the
sites providing those services. Those sites even discourage trying to source
that information outside their official avenues; as the report states,
Facebook once asked data broker Rapleaf to dispose of data it had obtained
by crawling the website. On the other hand, it's well-known that companies
like Facebook and Google re-sell `anonymized' data fed to their services by
customers to third parties like these data brokers.

Acxiom also gets data from websites that collect data in exchange for
coupons, discounts, or health insurance quotes. Beyond that, Acxiom only
stated cryptically that “there are over 250,000 websites who state in their
privacy policy that they share data with other companies for marketing
and/or risk mitigation purposes.'' [...]

NSA oversight panel recommends more privatization of spying

Eli the Bearded <*>
Fri, 20 Dec 2013 02:34:48 -0500 (EST)
The final report of the NSA oversight panel has been released.

It's very long (300ish pages) and I have read only a small amount. But this
bit struck me as very wrong.

  Recommendation 5

  We recommend that legislation should be enacted that terminates the
  storage of bulk telephony meta-data by the government under section 215,
  and transitions as soon as reasonably possible to a system in which such
  meta-data is held instead either by private providers or by a private
  third party. Access to such data should be permitted only with a section
  215 order from the Foreign Intelligence Surveillance Court that meets the
  requirements set forth in Recommendation 1.

As this is comp.risks and not comp.privacy.privatization, I'll just ask what
risk is posed by the government buying bulk telephony meta-data from private
third parties? Does this create a market for additional, meta-data
collection and data collectors? Will this mean many more systems to protect
from criminal parties? Will this mean private third parties will be more
easily able to interfere for their own benefit in government intelligence

AT&T follows Verizon's lead, will start publishing law enforcement request data in early 2014

Lauren Weinstein <>
Fri, 20 Dec 2013 11:57:49 -0800  (*Verge* via NNSquad)

  "Never let it be said that AT&T and Verizon don't follow each other's
  leads. Just one day after Verizon announced it would start publishing a
  semiannual transparency report that details all of the law enforcement
  requests it receives, AT&T announced that it would being doing the same in
  early 2014. The carrier's report will include info on the total number of
  law enforcement data requests received from the government in criminal
  cases, the number of subpoenas, court orders, and warrants received, and
  the total number of customers affected. The first report issued should
  cover all of the requests from 2013."

Re: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (RISKS-27.65)

Henry Baker <>
Sun, 22 Dec 2013 19:03:28 -0800
Before anyone sniffs at the Genkin/Shamir/Tromer method as being limited to
4 meters, consider the following LED microphone bug hack:

  An ordinary LED light bulb could be hacked to use 'microphonics' to
  pulse-width modulate the light.  With a proper telescope, this mechanism
  could be used to 'listen' to someone's computer from many miles away --
  perhaps even from a drone above...

LED's might be hacked to be even smarter—e.g., 10Mbits/second "LiFi" --
in order to snoop on a WiFi connection:

[SC-L] Silver Bullet 93: Yoshi Kohno

Gary McGraw <>
Tue, 24 Dec 2013 13:49:09 -0500
Here is Silver Bullet episode 93.  The podcast features a discussion with
Yoshi Kohno (a cigital alum) who is now a computer science professor at
University of Washington.

You've probably heard of Yoshi's car hacking stuff (or maybe even seen it on
Nova).  Yoshi has one of the best vulnerability finding minds in the

Please report problems with the web pages to the maintainer