The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 67

Wednesday 1 January 2014


Where are the 1984 Rose Bowl kids now?
Hackers target cash machines with USB sticks
Henry Baker
Matt Blaze on the `Alleged' RSA-NSA Scheming?
Dewayne Hendricks via Dave Farber
Daunting Mathematical Puzzle Solved, Enables Unlimited Analysis of Encrypted Data
Scientific Computing
IBM Earns Patent for 'Encrypted Blobs'
Ellen Messmer
Vint Cerf and Robert Kahn on the future of the Internet
John Markoff
On Security Architecture, The Panopticon, and "The Law"
arxlight via John Gilmore via Dave Farber
"The Real Purpose of Oakland's Surveillance Center"
Prashanth Mundkur
More on NSA surveillance
Henry Baker
Surveillance leads to censorship?
Robert Schaefer
Science humour that may disappear?
Martyn Thomas
REVIEW: Digital Archaeology: The Art and Science of Digital Forensics
Ben Rothke
Info on RISKS (comp.risks)

Where are the 1984 Rose Bowl kids now?

"Peter G. Neumann" <>
Wed, 1 Jan 2014 10:15:14 PST
It's time for the Rose Bowl again today.

The very first issue of RISKS-1.01 noted the very clever (especially at
the time) hacking of the 1984 Rose Bowl scoreboard, which displayed the
score as “Caltech 38 MIT 9'', displayed “Hi, Mom'' followed by two
Caltech beavers on the scoreboard, and broadcast a Monty Python song
over the stadium sound system.

   1984 Rose Bowl hoax, scoreboard takeover ("Cal Tech vs. MIT")

This was documented in the ACM SIGSOFT Software Engineering Notes vol 9
no 2, for which I was the editor.

Today's issue of *The New York Times* (page B9 in my National Edition
copy) has an (un-bylined) article (Some Pranksters with Panache) that
revisits that Rose Bowl, and reminds us of the Caltech students, Dan
Kegel and Ted Williams, who engineered the prank by building a small
computer, hooking it into the junction box for the scoreboard, and
managing to test it beforehand.  The article points out that Williams
now oversees the chips that go into Xbox consoles, and Kegel helped
Google transition from 32- to 64-bit computers and now works at Oblong
Industries, which served as a technological consulting for the film,
*Minority Report*.

This seemed innovative at the time.  However, today's abilities to hack
into automobile control systems and smart cards and just about
everything else continue to be demonstrated, in our modern world of
generally weak computer-communication security.

Happy New Year!

Hackers target cash machines with USB sticks

Henry Baker <>
Tue, 31 Dec 2013 05:42:23 -0800
So, the NSA's TAO/ANT group still thinks they're the only game in town?
This gang also seems to have a better comprehension of computer security
than does Target.

Matthew Sparkes, *The Telegraph*, 31 Dec 2013
A gang of thieves targeted cash machines belonging to an unnamed European bank by uploading malicious software that would spit out banknotes on command

Criminals targeted a string of cash machines by cutting holes in the fascia
to reach a USB port and upload malicious code that would spit out banknotes
on command.

Speakers at the Chaos Computing Congress in Hamburg described the attacks,
which affected an unnamed European bank that noticed several cash machines
had been entirely emptied without the safe at the rear being damaged.

The bank increased security after the first attacks and were able to spot
the gang drilling holes in the front of the machines, briefly inserting a
USB flash drive and then patching up the damage afterwards to cover their

They were then able to return at a later date and instruct the compromised
machine to dispense a specific amount of cash. To gain access they had to
enter a 12-digit code, followed by a second code – this is believed to
have been a failsafe to prevent individual members of the group from
stealing money on their own. The second code constantly changed and the
correct response could only be discovered by phoning another gang member.

Researchers found that the software then showed how many of each
denomination banknote were in the machine, and asked how much of each it
should dispense.

The BBC reports that the researchers, who asked to remain anonymous, said
the gang must have had a “profound knowledge'' of the workings of the cash
machines in order to develop and successfully install the software.

Matt Blaze on the `Alleged' RSA-NSA Scheming?

Dewayne Hendricks <>
December 27, 2013 at 8:56:38 AM EST
  [Remember J Edgar Hoover's excesses?  PGN]

How Worried Should We Be About the Alleged RSA-NSA Scheming?
Matt Blaze, *WiReD*, 27 Dec 2013

A Reuters news story published a week ago raised disturbing questions about
the relationship between the NSA and RSA Security (now a division of EMC), a
prominent vendor of cryptographic technologies. The article claims that RSA
entered into a $10 million contract that required, among other things, that
RSA make the (not yet standardized) DUAL_EC_DRBG random number generator the
default in its widely used BSAFE cryptographic library. BSAFE is used
internally for RSA's products as well as by other vendors, who license it
from RSA to develop their own products around it. A couple days later, RSA
issued a response, in which it denies that it deliberately weakened its
products, but is silent about most of the claims in the Reuters piece.

Random numbers in cryptographic libraries are a big deal. The security of
many of the most widely used cryptographic protocols—particularly those
involved in key generation and initial session setup—utterly depends on
an unpredictable source of random numbers. If that source is predictable to
an adversary, the security of the entire system collapses completely. And
DUAL_EC_DRBG is widely and very credibly suspected of containing a subtle
backdoor that allows the NSA (or anyone else) to predict its output under
certain conditions.

It's still unclear exactly why RSA agreed to make DUAL_EC_DRBG the default
in BSAFE—whether they understood from the outset that it was likely
compromised or were somehow hoodwinked by NSA. But it is clear that it
remained BSAFE's default random number generator from 2004 until September
of this year; there's an instructive timeline and analysis unraveling what
happened here. RSA says it trusted the NSA in 2004, and that it “continued
to rely upon'' NIST (the federal agency concerned with, among other things,
cryptographic standards for the federal government) as the “arbiter'' of
the algorithm's security after concerns about a backdoor were publicly
raised in 2007.

I believe RSA richly deserves criticism for, at best, abdicating its
responsibility to customers to critically evaluate what it sells. But that's
not the main point of this post. Rather, the central question here is: Just
how worried we should be about the NSA's apparent sabotage of BSAFE's random

Unfortunately, right now the answer is not very comforting.

What Exactly Has Been Compromised Here?

DUAL_EC_DRBG lies in a peculiar corner of a peculiar class of random number
generators. Its algorithm is deterministic, which means here that its output
is entirely determined by an initial “seed'' parameter (that has to come
from some other source of random bits that, for security, must be
unpredictable and kept secret). If you know the seed value, you can re-run
the algorithm and get the same random output every time.

So if an adversary learns the seed value, the random numbers aren't
secure. This isn't in and of itself a problem; in fact, any purely
algorithmic random number generator has this property. (These algorithms are
also sometimes called “pseudorandom'' for that reason.) The critical thing
for security purposes is that it not be possible to “reverse'' the
algorithm to discover the seed value or otherwise predict future output bits
just by looking at the random output. There are a number of widely-analyzed
cryptographic pseudorandom number generators that have been developed by the
crypto community. Typically, they're built on other cryptographic
algorithms, such as secret-key ciphers or hash functions.

But DUAL_EC_DRBG is somewhat unusual because it's based not on a secret key
cipher or hash function but on the public key (“number theoretic'')
technique called elliptic curve cryptography.

Public key cryptography is an unusual choice for a random number generator
function because it is much slower than corresponding secret key techniques;
each random bit requires much more computation to produce than it would in a
generator based on traditional secret key techniques. Under limited
circumstances, however, there may be legitimate reasons for a designer to
prefer a public-key based random number generator (having to do with
specific hardware designs or other algorithms a system uses). So,
standardizing a public-key based scheme as an option is not in and of itself
an unreasonable thing to do. NIST held a public workshop in 2004 at which
DUAL_EC_DRBG was proposed for consideration as a standard. (That's around
when RSA incorporated it as the default for BSAFE.) NIST officially
recommended it as a standard option in 2006.

Unfortunately, however, DUAL_EC_DRBG's design turns out to have a serious
potential flaw depending on how it is used. [...]

Dewayne-Net RSS Feed: <>

Daunting Mathematical Puzzle Solved, Enables Unlimited Analysis of Encrypted Data

"Peter G. Neumann" <>
Mon, 30 Dec 2013 12:51:44 PST

IBM inventors have received a patent for a breakthrough data encryption
technique that is expected to further data privacy and strengthen cloud
computing security.

The patented breakthrough, called "fully homomorphic encryption," could
enable deep and unrestricted analysis of encrypted information --
intentionally scrambled data - without surrendering confidentiality. IBM's
solution has the potential to advance cloud computing privacy and security
by enabling vendors to perform computations on client data, such as
analyzing sales patterns, without exposing or revealing the original data.

IBM's homomorphic encryption technique solves a daunting mathematical puzzle
that confounded scientists since the invention of public-key encryption over
30 years ago.

Invented by IBM cryptography Researcher Craig Gentry, fully homomorphic
encryption uses a mathematical object known as an "ideal lattice" that
allows people to interact with encrypted data in ways previously considered
impossible. The breakthrough facilitates analysis of confidential encrypted
data without allowing the user to see the private data, yet it will reveal
the same detailed results as if the original data was completely visible.

IBM received U.S. Patent #8,565,435: Efficient implementation of fully
homomorphic encryption for the invention, which is expected to help cloud
computing clients to make more informed business decisions, without
compromising privacy and security.

"Our patented invention has the potential to pave the way for more secure
cloud computing services - without having to decrypt or reveal original
data," said Craig Gentry, IBM Researcher and co-inventor on the patent.
"Fully homomorphic encryption will enable companies to confidently share
data and more easily and quickly overcome challenges or take advantage of
emerging opportunities."

Following the initial revelation of the homomorphic encryption breakthrough
in 2009 Gentry and co-inventor Shai Halevi began testing, refining and
pursuing a working implementation of the invention. In 2011, the scientists
reported a number of optimizations that advanced their goal of implementing
of the scheme. The researchers continue to investigate homomorphic
encryption and test its practical applicability.

IBM invests more than $6 billion annually in R&D and consistently explores
new approaches to cloud computing that will deliver a competitive advantage
to the company and its clients.

For 20 consecutive years, IBM has topped the list of U.S. patent recipients.
The company's invention and patent leadership is illustrated at

IBM has a tradition of making major cryptography breakthroughs, such as the
design of the Data Encryption Standard (DES); Hash Message Authentication
Code (HMAC); the first lattice-based encryption with a rigorous
proof-of-security; and numerous other solutions that have helped advance
data security.

More information about how IBM inventors are propelling cloud computing
innovations is available at

IBM Earns Patent for 'Encrypted Blobs' (Ellen Messmer)

"Peter G. Neumann" <>
Fri, 27 Dec 2013 11:36:15 PST
Ellen Messmer, *Network World*, 19 Dec 2013

IBM cryptography researchers have fine-tuned their approach to keeping data
encrypted and processing it at the same time.  The researchers say they have
developed a data-scrambling technique in which encrypted data can be
processed without having to decrypt it first.  The technology is known as
fully homomorphic encryption, and is described as a way to create encrypted
blobs that can be combined and processed with other encrypted blobs and
obtain identical results as if the processes were not encrypted.  IBM, which
received a patent for the technology, continues to test for practical
applications, but believes it could be especially useful for sensitive data
such as financial information, particularly in cloud environments.  "Our
patented invention has the potential to pave the way for more secure cloud
computing services--without having to decrypt or reveal original data," says
IBM researcher and 2010 ACM Grace Murray Hopper Award recipient Craig
Gentry, co-inventor named on the patent with fellow researcher Shai Halevi.

Vint Cerf and Robert Kahn on the future of the Internet (John Markoff)

Lauren Weinstein <>
Mon, 30 Dec 2013 21:35:46 -0800
  "When Edward J. Snowden, the disaffected National Security Agency contract
  employee, purloined tens of thousands of classified documents from
  computers around the world, his actions - and their still-reverberating
  consequences - heightened international pressure to control the network
  that has increasingly become the world's stage.  At issue is the technical
  principle that is the basis for the Internet, its "any-to-any"
  connectivity. That capability has defined the technology ever since Vinton
  Cerf and Robert Kahn sequestered themselves in the conference room of a
  Palo Alto, Calif., hotel in 1973, with the task of interconnecting
  computer networks for an elite group of scientists, engineers and military
  personnel."  [Nice interviews with both Vint and Bob.  PGN]
    (John Markoff in *The New York Times* Science Tuesday via NNSquad)

[IP] On Security Architecture, The Panopticon, and "The Law"

Dave Farber <>
Fri, 27 Dec 2013 20:02:07 -0500
  - - -------- Forwarded message ----------
From: *John Gilmore*
Date: Friday, December 27, 2013
Subject: [Nsa-spying] On Security Architecture, The Panopticon, and "The

for IP, forwarded from the Cryptography mailing list

Date: Thu, 26 Dec 2013 02:25:10 +0100
From: arxlight < <javascript:;>>
To: Cryptography < <javascript:;>>
Subject: [Cryptography] On Security Architecture, The Panopticon,
        And "The Law"

Obviously, I applaud the herculean efforts the list members have (even just
in the last few months) exerted in the service of reforming "the practice"
in light of the labyrinthine mess we have all been recently presented with.
That said, and at the risk of running afoul of the list's core charter on
Christmas Day, I would like to explore some of the higher level questions of
architecture and design as they relate to the legal schema that presently
underpins the intelligence apparatus of the West.  (Mostly because I am an
awful coder and I like the way big words look in print).

For better or worse (and mostly for worse at this point) the legal schema
that drives almost 100% of the global threat model stems from the United
States. No, no... we shall brook no whining my dear EU and UK
subjects... this will not do at this stage.  You get the worldwide
governance you deserve in the end, and by permitting a hegemonic, global
panopticon to emerge unchallenged over the last many years (is that an NSA
facility on your soil?  What?  Is that ANOTHER ONE?), even in the midst of a
supposed "democracy" you have effectively waived your standing to contest it
now by legal means. (What, Chancellor?  They have been listening to your
cellphone?  You know what, fuck you and your coalition for signing off on
Teufelsberg's funding every year).

So what now?  Well, from whence, we may ask, does the global panopticon
derive its surveillance power? We could likely fill several volumes in the
course of recording the discourse on this topic.  Being that our time
together is short, shall we instead focus on a few key points?  Yes?  Good.

Third Parties --

At least to my way of thinking one of the foremost issues that mucks the
entire schema up is the concept of "knowing exposure" of data that might
otherwise be shrouded in the "expectation of privacy."  An exploration of
Katz v. United States and the esteemed cases that later purport to suss out
the bounds of the "expectation of privacy" in the jurisprudence of the
United States is probably beyond the scope of this discussion, but it
probably bears notice to observe that such data as you (oh, noble Citizen of
the United States) convey to "third parties" has long been branded as data
for which you have waved your "expectation of privacy."  One does not, after
all, brag about liaisons with illicit lovers to third parties if one expects
such details to be kept "unter vier Augen."  [under four eyes]

This would be less daunting if it were possible to do more without conveying
critical data to third parties.  But it isn't.  The perverse rise of SaaS
offerings and the dependence on large carriers to convey data that should
require none such has created an environment where nearly everything is
conveyed to a third party.  Everything.  Ah, the client-server model of
computing, may it burn in hell.

May I just ask: How could an industry once so attached to redundancy and
distributed infrastructure become so taken with creating massive, single
points of failure and a critical reliance on trusted third parties?  Was
there some massive Facebook founder's share give away?  What happened to the
old manta "Trusted third parties aren't"?  How did the remnants of the
cypherpunk movement (forgive me the sentimental nostalgia of youth) lay so
utterly dormant as large, centralized providers came to dominate the storage
and transmission of critical data?  Where, at least, was the tool of
end-to-end encryption in this co-opted intermediary world?  How, after a few
compromises of root certificate authorities (that we know of) did X.509
survive for more than six more months?

And so now the panopticon has only to co-opt a couple dozen large
enterprises, many of which are deeply dependent on the largess of central
government in the burgeoning crony-capitalist West, to find itself in
possession of the vast majority of private communications without issue,
notice, or objection.

We cannot, surely, blame the panopticon.  With that juicy of a target
concentrated in a corporate surface area so small what else did we expect?
And someone does keep funding her, year in and year out, no?

And so I submit: The reliance on third parties must end.  It is not enough
simply to mandate that your data reside on third parties you deem slightly
more trustworthy than others (we're looking at you, European Union, and
particularly at you, Germany).  May we be so bold as to point out that
trusted third parties that are vulnerable to being co-opted by national
sovereigns cannot be trusted?  May we, by extension, point out that it is
rather difficult to describe a trusted third party that is not vulnerable to
being co-opted by national sovereigns?  Must we draw a diagram of the
inevitable conclusion that follows from these two observations?

Alright, if you insist: Stop trusting third parties, dammit.

  [More truncated for RISKS]

Legal Protections—[...]

Face it.  Digital liberty has lost the Lawfare fight.  It must win the
technical fight.

How?  [...]

"The Real Purpose of Oakland's Surveillance Center"

Prashanth Mundkur <>
Fri, 27 Dec 2013 23:42:09 -0800
News about surveillance by local law enforcement may be getting lost in the
attention captured by the ongoing NSA revelations.  In recent local news,
documents show that the surveillance targets of an elaborate system being
built by Oakland are not criminals, but protesters and large demonstrations.

The Real Purpose of Oakland's Surveillance Center
Darwin BondGraham and Ali Winston, in *East Bay Express*

  Oakland's citywide surveillance system, the Domain Awareness Center, or
  DAC, gained national notoriety earlier this year when some city residents
  voiced strong concerns about the project's privacy and civil rights
  implications. City officials and supporters of the DAC have responded by
  contending that objections over privacy and civil rights issues are
  overblown and that the true purpose of the surveillance center is to help
  Oakland finally deal with its violent crime problem. But thousands of
  pages of emails, meeting minutes, and other public documents show that,
  behind closed doors, city staffers have not been focusing on how the DAC
  can lower Oakland's violent crime rate. [...]

  The Domain Awareness Center is being built in stages and will merge OPD's
  existing license-plate scanners and gunshot detectors with video feeds
  from hundreds of surveillance cameras—many already in place and some to
  be installed in the future by several different agencies throughout the
  city—into a central hub. Oakland police will monitor this "flood of
  data," as one DAC project presentation called it. Originally limited to
  monitoring the Port of Oakland, the DAC has since expanded to encompass
  the entire city.

  The Oakland Privacy Working Group, an activist coalition opposed to the
  DAC, obtained thousands of pages of emails and other public records
  related to the project from the city via a California Public Records Act
  request. The privacy group then shared the documents—which cover the
  period from August 2012 through September 2013—with us.

  While the emails reveal a great deal about the DAC, they are also notable
  for what they do not talk about. Among the hundreds of messages sent and
  received by Oakland staffers and the city's contractor team responsible
  for building the DAC, there is no mention of robberies, shootings, or the
  138 homicides that took place during the period of time covered by the
  records. City staffers do not discuss any studies pertaining to the use of
  surveillance cameras in combating crime, nor do they discuss how the
  Domain Awareness System could help OPD with its longstanding problems with
  solving violent crimes. In more than 3,000 pages of emails, the terms
  "murder," "homicide," "assault," "robbery," and "theft" are never
  mentioned. [...]

  During construction of the first phase of the DAC, from roughly August
  2012 to October 2013, city staffers repeatedly referred to political
  protests as a major reason for building the system. Emails to and from
  Lieutenant Christopher Shannon, Captain David Downing, and Lieutenant
  Nishant Joshi of OPD and Ahsan Baig, Oakland's technical project leader on
  the DAC, show that OPD staffers were in the surveillance center during the
  Trayvon Martin protests this year, and that they may have been monitoring
  marches in Oakland. In the same chain of emails, Shannon asked if the
  Emergency Operations Center and the DAC control room's layout had "changed
  much since May Day," referring to yet another large political rally in
  Oakland when the DAC appears to have been used by OPD to monitor

The article also notes:

  And cameras are just the beginning: Documents mention monitoring "social
  media," "web feeds," and "text messaging."

  Large surveillance centers are becoming increasingly common nationwide:
  They now exist in New York City; Chicago; Baltimore; Washington, DC; and
  Hudson County, New Jersey.

More on NSA surveillance

Henry Baker <>
Mon, 30 Dec 2013 15:06:59 -0800
FYI—What if these folks spent even 1% of their cleverness on protecting
American citizens & businesses from actual criminals ?

Inside TAO: Documents Reveal Top NSA Hacking Unit, Der Spiegel, 29 Dec 2013

The NSA's TAO hacking unit is considered to be the intelligence agency's top
secret weapon. It maintains its own covert network, infiltrates computers
around the world and even intercepts shipping deliveries to plant back doors
in electronics ordered by those it is targeting. ...

Surveillance leads to censorship? [PGN retitling]

Robert Schaefer <>
Mon, 30 Dec 2013 15:40:28 -0500
In this December's IEEE *Computer* magazine, in the column titled "The
Intimidation Factor: How a Surveillance State Can Affect What You Read in
Professional Publications", Hal Berghel says that he was forced to pull a
screenshot of a powerpoint slide Edward Snowden leaked to The Washington

The screenshot appeared in the his July column printed version but was
removed from the IEEE digital library version.  Berghel writes: "Pull up a
chair and let me tell you a story..."

 The full article is behind a paywall:

Robert Schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford, MA 01886  781-981-5767

Science humour that may disappear?

Martyn Thomas <>
Mon, 30 Dec 2013 10:18:06 +0000

The RISK is that we may be the last generation who find this one funny ...

The floods had subsided, and Noah had safely landed his ark on Mount
Sinai. "Go forth and multiply!" he told the animals, and so off they went
two by two, and within a few weeks Noah heard the chatter of tiny monkeys,
the snarl of tiny tigers and the stomp of baby elephants. Then he heard
something he didn't recognise... a loud, revving buzz coming from the
woods. He went in to find out what strange animal's offspring was making
this noise, and discovered a pair of snakes wielding a chainsaw. "What on
earth are you doing?" he cried. "You're destroying the trees!" "Well Noah,"
the snakes replied, "we tried to multiply as you bade us, but we're
adders... so we have to use logs."  *contributed by Alan Turnbull**,
National Physical Laboratory

REVIEW: Digital Archaeology: The Art and Science of Digital Forensics

Ben Rothke <>
Sun, 29 Dec 2013 08:59:55 -0500
The book Digital Archaeology: The Art and Science of Digital Forensics
starts as yet another text on the topic of digital forensics.  But by the
time you get to chapter 3, you can truly appreciate how much knowledge
author Michael Graves imparts.

Archaeology is defined as the study of human activity in the past, primarily
through the recovery and analysis of the material culture and environmental
data that they have left behind, which includes artifacts architecture,
biofacts and cultural landscapes.

The author uses archeology and its associated metaphors as a pervasive theme
throughout the book.  While most archeology projects require shovels and
pickaxes, digital archeology requires an entirely different set of tools and
technologies.  The materials are not in the ground, rather on hard drives,
SD cards, smartphones and other types of digital media.

Full review at:

Please report problems with the web pages to the maintainer