The RISKS Digest
Volume 29 Issue 69

Tuesday, 16th August 2016

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The $47 Billion Network That's Already Obsolete
Steven Brill
Tesla Spontaneously Catches Fire!
Alister Macintyre
Tesla and Troubles
Alister Macintyre
Re: A New Hack Can Unlock 100 Million Volkswagens
Jim Geissman
Hacker Releases More Democratic Party Documents
Lillie Coney
Hackers claim to have stolen NSA cyberweapons, auctioning them to highest bidder
80% of Android Linux users vulnerable
Digital Trends
"Now data-stealing Marcher Android malware is posing as security update"
Danny Palmer
New air-gap jumper covertly transmits data in hard-drive sounds
Ars Technica
More on Air-Gap Security Threats
Security Week
"Linux TCP flaw lets 'anyone' hijack Internet traffic"
Steven J. Vaughan-Nichols
"How an IP mapping glitch turned a farm into federal hell"
Charlie Osborne
Windows 10 re-problems Internet connection
Rob Slade
Thai Plan to Track All Foreigners By SIM Cards Moves Forward
Dan Jacobson
Hacking the Vote: the Security of Our Election Systems
Bruce Schneier
Statistical study of voting results
Re: How to hack an election in seven minutes
Robert I. Eachus
Social Security Administration REMOVES highly criticized cell phone access requirement
Lauren Weinstein
Info on RISKS (comp.risks)

The $47 Billion Network That's Already Obsolete (Steven Brill)

Richard Forno <>
August 14, 2016 at 9:46:24 AM EDT
The $47 Billion Network That's Already Obsolete
Steven Brill (via Dave Farber)

The prize for the most wasteful post-9/11 initiative arguably should go to
FirstNet -” a whole new agency set up to provide a telecommunications system
exclusively for firefighters, police, and other first responders. They would
communicate on bandwidth worth billions of dollars in the commercial market
but now reserved by the Federal Communications Commission for FirstNet.

FirstNet is in such disarray that 15 years after the problem it is supposed
to solve was identified, it is years from completion ”- and it may never get
completed at all. According to the GAO, estimates of its cost range from $12
billion to $47 billion, even as advances in digital technology seem to have
eliminated the need to spend any of it.

FirstNet, which has received scant press attention, was established in 2012
and funded with an initial $7 billion. A classic congressional compromise
made it a quasi-independent unit of the Department of Commerce. That was
supposed to give it the heft and authority of the federal government but the
agility and culture of a private-sector start-up. In fact, the reverse
dynamics seem to have taken over from the beginning.

It took FirstNet two years just to recruit a skeleton staff, only to be hit
by an inspector general's report that found potential conflicts of interest
and problems with the awarding of initial consulting contracts. It then took
another two years to issue a request for proposal (RFP) asking contractors
to bid on the work to build and operate the system.

The impetus for FirstNet grew out of an aspect of the September 11 narrative
that is part tragedy and part urban myth.

  Certainly, FirstNet is not on Jeh Johnson's priority list. Asked about
  FirstNet, the homeland-security secretary said he was “not familiar with
  what they're supposed to be doing.”

Tesla Spontaneously Catches Fire!

"Alister Wm Macintyre \(Wow\)" <>
Tue, 16 Aug 2016 07:48:04 -0500
Tesla Spontaneously Catches Fire, Burns Down During Test Drive In France.
Not yet explained.  There are some clues.

Earlier there was a Tesla on fire in Norway. A short circuit is the

An automobile spontaneously catching on fire, is not a risk unique to Tesla.
Many other auto brand names also experience this surprise hazard.

Tesla and Troubles

"Alister Wm Macintyre \(Wow\)" <>
Tue, 9 Aug 2016 05:01:46 -0500
Auto occupant: human behind the wheel, who is not driving, but using a
cyber-assist function, which cannot work right if there is no human to

Autopilot, not to be confused with "auto pilot" in air planes: a marketing
gimmick that falsely leads the public to think that the "Autopilot" in cars
is as qualified to drive the cars, as the auto pilot in planes is competent
to drive the planes, without human interaction.  The terminology
"self-driving" and "driverless" cars is equally dangerous, as it leads
consumers, and journalists, to believe technology has arrived which is much
smarter than is really there.

  [Of course, grammatically an "auto pilot" might be someone licensed to
  drive an automotive vehicle who then tries to fly an aircraft.  In this
  context, auto- is a combining form, as is cyber- (which I have adjusted
  twice in this message.)  PGN]

Tesla expects auto occupant to have hands on steering wheel, prepared to
take over in an instant if the cyber-assistant needs to be superseded, but
this is in the manual in tiny print, below marketing implying this not

In First Autopilot Crash In China, Tesla Model S Driver Crashes In Beijing
With Autopilot

Auto occupants, of cars with Tesla Autopilot, can sometimes have video of
the Autopilot allegedly going bad, and the driver surviving the experience.

That says more for the safety features of Tesla, because in how many traffic
mishaps, where human occupants are driving, are they able to both video tape
their screw ups, and live to tell the tale?

What if the occupant falls asleep at the wheel, or suffers a medical
emergency?  It is a miracle, the car can drive to the nearest hospital.  At
current level of technology, it needs the occupant sufficiently conscious to
recognize what's going on & what is needed.  There is not yet any "get us to
1st responder" emergency button on the self-driving car controls.

Tesla car drives owner to hospital after he suffers pulmonary embolism

In 2013, NHTSA released rating system for autonomous vehicle capabilities
[NHTSA = US National Highway Transportation Safety Administration.].

In 2013, NHTSA released rating system for autonomous vehicle capabilities.

If it came to a court case, people could generally agree that:

. Tesla technology so far is no higher than level 2.
. Tesla marketing has claimed that it is at least level 3.

* No-Automation (Level 0): The driver is in complete and sole control of the
primary vehicle controls—brake, steering, throttle, and motive power --
at all times.

* Function-specific Automation (Level 1): Automation at this level involves
one or more specific control functions. Examples include electronic
stability control or pre-charged brakes, where the vehicle automatically
assists with braking to enable the driver to regain control of the vehicle
or stop faster than possible by acting alone.

* Combined Function Automation (Level 2): This level involves automation of
at least two primary control functions designed to work in unison to relieve
the driver of control of those functions. An example of combined functions
enabling a Level 2 system is adaptive cruise control in combination with
lane centering.

* Limited Self-Driving Automation (Level 3): Vehicles at this level of
automation enable the driver to cede full control of all safety-critical
functions under certain traffic or environmental conditions and in those
conditions to rely heavily on the vehicle to monitor for changes in those
conditions requiring transition back to driver control. The driver is
expected to be available for occasional control, but with sufficiently
comfortable transition time. The Google car is an example of limited
self-driving automation.

* Full Self-Driving Automation (Level 4): The vehicle is designed to perform
all safety-critical driving functions and monitor roadway conditions for an
entire trip. Such a design anticipates that the driver will provide
destination or navigation input, but is not expected to be available for
control at any time during the trip. This includes both occupied and
unoccupied vehicles.

[Maybe we need some new levels like 2.5].
  [Maybe journalists need to pick up on Tesla's realization that
  "autopilot" is a terrible misnomer!  PGN]

Re: A New Hack Can Unlock 100 Million Volkswagens (RISKS-29.68)

"Jim" <>
Fri, 12 Aug 2016 21:39:05 -0700
Andy Greenberg's article suggests this applies to VWs since 1995, therefore
quite a lot of them.  I got my 2001 model in 2000, and keyless was not
available then.  Perhaps the dates are wrong.

Hacker Releases More Democratic Party Documents

L Coney <>
Sun, 14 Aug 2016 23:58:15 -0400nn
The latest release on the DNC through WikiLeaks: This is potentially the
most damaging thing that the hackers could have done.  This could allow
access of personal address books, emails, and text messages of members of
Congress via malware such as a virus or worm program.  Privacy breaches are
about getting to private matters or information that is not public
knowledge.  The best defense is shut the phones off and switch to new
undisclosed numbers and emails until phone numbers and email addresses can
be changed.

  [Monty Solomon <> comments on this NYTimes article:
  Guccifer 2.0, believed to have ties to Russia, claimed responsibility for
  the breach, which included lawmakers' personal cellphone numbers and email
  addresses.  PGN]

Hackers claim to have stolen NSA cyberweapons, auctioning them to highest bidder (BoingBoing)

Lauren Weinstein <>
Tue, 16 Aug 2016 08:30:37 -0700
via NNSquad

Passed along FYI, though the real-world impact of this stuff appears minimal
now, except to the wallet of any fool who was stupid enough to pay for it.

  [See also Elias Groll, *Foreign Policy*, 15 Aug 2016 A mysterious online
  group calling itself The Shadow Brokers is claiming to have penetrated the
  National Security Agency, stolen some of its malware, and is auctioning
  off the files to the highest bidder.

  Also, Tim Libert in Dave Farber's IP distribution:
  "They've thus far netted 1.6BTC [Bitcoin].   I don't think the auction
  is going well."

  And then this via Dewayne Hendricks by Mike Masnick, TechDirt, 16 Aug 2016:
  Mike Masnick: Ed Snowden Explains Why Hackers Published NSA's Hacking Tools,
  from the you-break-many-things. dept,

80% of Android Linux users vulnerable (Digital Trends)

"Peter G. Neumann" <>
Tue, 16 Aug 2016 08:48:00 -0700

"Now data-stealing Marcher Android malware is posing as security update" (Danny Palmer)

Gene Wirchenko <>
Tue, 16 Aug 2016 15:08:26 -0700
Danny Palmer, ZDNet, 16 Aug 2016
Now data-stealing Marcher Android malware is posing as security update
Cybercriminals are telling users their device is at risk from viruses unless
they download a particular 'security update'—which delivers the malware.

New air-gap jumper covertly transmits data in hard-drive sounds (Ars Technica)

Lauren Weinstein <>
Thu, 11 Aug 2016 22:08:03 -0700

  Researchers have devised a new way to siphon data out of an infected
  computer even when it has been physically disconnected from the Internet
  to prevent the leakage of sensitive information it stores.  The method has
  been dubbed "DiskFiltration" by its creators because it uses acoustic
  signals emitted from the hard drive of the air-gapped computer being
  targeted.  It works by manipulating the movements of the hard drive's
  actuator, which is the mechanical arm that accesses specific parts of disk
  platter so heads attached to the actuator can read or write data. By using
  so-called seek operations that move the actuator in very specific ways, it
  can generate sounds that transfer passwords, cryptographic keys, and other
  sensitive data stored on the computer to a nearby microphone. The
  technique has a range of six feet and a speed of 180 bits per second, fast
  enough to steal a 4096-bit key in about 25 minutes.

    [This not a new risk, but is getting a bit of hype.  PGN]

More on Air-Gap Security Threats (Security Week)

"Peter G. Neumann" <>
Mon, 15 Aug 2016 21:25:40 PDT
Air-gapping a computer (i.e., isolating it from the Internet) is considered
by many organizations a highly efficient security measure since, in theory,
it should be impossible to remotely steal information from the device.
However, researchers demonstrated on several occasions over the past years
that the air-gap can be jumped using optic, thermal, electromagnetic and
acoustic channels.  Since experts have shown that speakers and microphones
connected to a computer can be leveraged for a two-way communications
channel, many organizations have decided to ban employees from connecting
such devices to air-gapped systems. However, there are other components that
can be used for covert data exfiltration via acoustic signals.  In June,
researchers from Ben-Gurion University of the Negev detailed Fansmitter, a
method that involves using the noise from a device's fans to send bits of
data to a nearby receiver (e.g., mobile phone).

"Linux TCP flaw lets 'anyone' hijack Internet traffic" (Steven J. Vaughan-Nichols)

Gene Wirchenko <>
Fri, 12 Aug 2016 09:48:38 -0700

Steven J. Vaughan-Nichols for Networking, 11 Aug 2016
What started as an attempt to secure TCP/IP in Linux ended up enabling an
attack vector that can be used to break, or even hijack, Internet
connections between Linux and Android systems.

Some days you can't win for losing. In 2012, Linux implemented a new TCP/IP
networking standard, RFC 5961, Improving TCP's Robustness to Blind In-Window
Attacks, to improve security. In the process, they opened up a heretofore
unknown security hole. Ironically, other operating systems that lagged in
implementing this new "security" mechanism—such as FreeBSD, macOS, and
Windows—are immune to this new attack vector.

This is potentially a big deal, because it can be used to break or even
hijack Internet connections between Linux and Android systems.

The good news—and, yes, there is good news—is it's easy to fix.
First, Linux itself is being patched to stop the attack vector in its
track. Next, you simply raise the 'challenge ACK limit' to an extremely
large value to make it practically impossible to exploit the side channel
problem that enabled the attack to work.  [Example follows in article.]

"How an IP mapping glitch turned a farm into federal hell" (Charlie Osborne)

Gene Wirchenko <>
Fri, 12 Aug 2016 10:03:44 -0700
Charlie Osborne for Zero Day, ZDNet, 12 Aug 2016
Everyone from federal agents to ambulance staff and IRS collectors
all ended up on the same doorstep for years due to one lazy IP setting.

selected text:

A rural Kansas farmhouse has been the target of federal agents and
investigators for the past 10 years, driving the elderly owner and tenants
up the wall—and is all due to one mapping glitch.

The cause? A single company which turned the rural farmhouse into a
geographic hotspot and default answer for investigators attempting to trace
nefarious IP addresses in the United States.

The case has wound up in court, and in a background check conducted as part
of the Arnolds' complaint, it appeared that MaxMind picked the farmhouse to
act as the default IP for what was basically an unknown US location.

Windows 10 re-problems Internet connection

Rob Slade <>
Fri, 12 Aug 2016 11:18:14 -0800
I've mentioned my saga with Windows 10 and an intermittent Internet
connection problem:

After about a week of work, I found a workaround that seemed to be fairly

This week was, of course, patch Tuesday.  Wednesday night the machine
rebooted itself.

The workaround that I had implemented (of pointing to OpenDNS or Google's
DNS) now no longer works.

Fortunately, flushing the DNS still does.  But it does mean that I have to
leave the admin command prompt window open (on both our desktops), and keep
resetting the connection on a fairly regular basis.

And what is it that Microsoft has done this week to make things even worse
than they were before?

Thai Plan to Track All Foreigners By SIM Cards Moves Forward

Dan Jacobson <>
Sat, 13 Aug 2016 07:13:44 +0800
"We will separate SIM cards for foreigners and Thais," Takorn
Tantasith said Monday. "The location will always be turned on in this
SIM card for foreigners. And it cannot be turned off."

Hacking the Vote: the Security of Our Election Systems

Bruce Schneier <>
Mon, 15 Aug 2016 00:20:30 -0500
You can read this issue on the web at
<>. These
same essays and news items appear in the "Schneier on Security" blog at
<>, along with a lively and intelligent
comment section. An RSS feed is available.

Russia was behind the hacks into the Democratic National Committee's
computer network that led to the release of thousands of internal e-mails
just before the party's convention began, U.S. intelligence agencies have
reportedly concluded.

The FBI is investigating. WikiLeaks promises there is more data to come.
The political nature of this cyberattack means that Democrats and
Republicans are trying to spin this as much as possible. Even so, we have to
accept that someone is attacking our nation's computer systems in an
apparent attempt to influence a presidential election. This kind of
cyberattack targets the very core of our democratic process. And it points
to the possibility of an even worse problem in November—that our election
systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to
blame, our government needs to decide what to do in response. This is
difficult because the attacks are politically partisan, but it is
essential. If foreign governments learn that they can influence our
elections with impunity, this opens the door for future manipulations, both
document thefts and dumps like this one that we see and more subtle
manipulations that we don't see.

Retaliation is politically fraught and could have serious consequences, but
this is an attack against our democracy. We need to confront Russian
President Vladimir Putin in some way—politically, economically or in
cyberspace—and make it clear that we will not tolerate this kind of
interference by any government. Regardless of your political leanings this
time, there's no guarantee the next country that tries to manipulate our
elections will share your preferred candidates.

Even more important, we need to secure our election systems before
autumn. If Putin's government has already used a cyberattack to attempt to
help Trump win, there's no reason to believe he won't do it again --
especially now that Trump is inviting the "help."

Over the years, more and more states have moved to electronic voting
machines and have flirted with Internet voting. These systems are insecure
and vulnerable to attack.

But while computer security experts like me have sounded the alarm for many
years, states have largely ignored the threat, and the machine manufacturers
have thrown up enough obfuscating babble that election officials are largely

We no longer have time for that. We must ignore the machine manufacturers'
spurious claims of security, create tiger teams to test the machines' and
systems' resistance to attack, drastically increase their cyber-defenses and
take them offline if we can't guarantee their security online.

Longer term, we need to return to election systems that are secure from
manipulation. This means voting machines with voter-verified paper audit
trails, and no Internet voting. I know it's slower and less convenient to
stick to the old-fashioned way, but the security risks are simply too great.

There are other ways to attack our election system on the Internet besides
hacking voting machines or changing vote tallies: deleting voter records,
hijacking candidate or party websites, targeting and intimidating campaign
workers or donors. There have already been multiple instances of political
doxing—publishing personal information and documents about a person or
organization—and we could easily see more of it in this election
cycle. We need to take these risks much more seriously than before.

Government interference with foreign elections isn't new, and in fact,
that's something the United States itself has repeatedly done in recent
history. Using cyberattacks to influence elections is newer but has been
done before, too—most notably in Latin America. Hacking of voting
machines isn't new, either. But what is new is a foreign government
interfering with a U.S. national election on a large scale. Our democracy
cannot tolerate it, and we as citizens cannot accept it.

Last April, the Obama administration issued an executive order outlining how
we as a nation respond to cyberattacks against our critical
infrastructure. While our election technology was not explicitly mentioned,
our political process is certainly critical. And while they're a hodgepodge
of separate state-run systems, together their security affects every one of
us. After everyone has voted, it is essential that both sides believe the
election was fair and the results accurate. Otherwise, the election has no

Election security is now a national security issue; federal officials need
to take the lead, and they need to do it quickly.

This essay originally appeared in the "Washington Post."

DNC Hack:

How hackers could influence an election:

Trump and Russia:

Electronic voting machine insecurities:

Insecurity of voting machines:

Relevant cartoon:

Diebold's spurious security claims:

The importance of voter-verified paper audit trails:

The insecurity of Internet voting:

Targeting voter records:

Political doxing:

Influencing Latin American elections with cyberattacks:

Obama's executive order on cyberattack response:

Russia has attacked the US in cyberspace in an attempt to influence our
national election, many experts have concluded. We need to take this
national security threat seriously and both respond and defend, despite the
partisan nature of this particular attack.

There is virtually no debate about that, either from the technical experts
who analyzed the attack last month or the FBI which is analyzing it now. The
hackers have already released DNC e-mails and voicemails, and promise more
data dumps.

While their motivation remains unclear, they could continue to attack our
election from now to November—and beyond.

Like everything else in society, elections have gone digital. And just as
we've seen cyberattacks affecting all aspects of society, we're going to see
them affecting elections as well.

What happened to the DNC is an example of organizational doxing—the
publishing of private information—an increasingly popular tactic against
both government and private organizations. There are other ways to influence
elections: denial-of-service attacks against candidate and party networks
and websites, attacks against campaign workers and donors, attacks against
voter rolls or election agencies, hacks of the candidate websites and social
media accounts, and—the one that scares me the most—manipulation of
our highly insecure but increasingly popular electronic voting machines.

On the one hand, this attack is a standard intelligence gathering operation,
something the NSA does against political targets all over the world and
other countries regularly do to us. The only thing different between this
attack and the more common Chinese and Russian attacks against our
government networks is that the Russians apparently decided to publish
selected pieces of what they stole in an attempt to influence our election,
and to use WikiLeaks as a way to both hide their origin and give them a
veneer of respectability.

All of the attacks listed above can be perpetrated by other countries and by
individuals as well. They've been done in elections in other countries.
They've been done in other contexts. The Internet broadly distributes power,
and what was once the sole purview of nation states is now in the hands of
the masses. We're living in a world where disgruntled people with the right
hacking skills can influence our elections, wherever they are in the world.

The Snowden documents have shown the world how aggressive our own
intelligence agency is in cyberspace. But despite all of the policy analysis
that has gone into our own national cybersecurity, we seem perpetually taken
by surprise when we are attacked. While foreign interference in national
elections isn't new, and something the US has repeatedly done, electronic
interference is a different animal.

The Obama administration is considering how to respond, but politics will
get in the way. Were this an attack against a popular Internet company, or a
piece of our physical infrastructure, we would all be together in
response. But because these attacks affect one political party, the other
party benefits. Even worse, the benefited candidate is actively inviting
more foreign attacks against his opponent, though he now says he was just
being sarcastic. Any response from the Obama administration or the FBI will
be viewed through this partisan lens, especially because the president is a

We need to rise above that. These threats are real and they affect us all,
regardless of political affiliation. That this particular attack targeted
the DNC is no indication of who the next attack might target.  We need to
make it clear to the world that we will not accept interference in our
political process, whether by foreign countries or lone hackers.

However we respond to this act of aggression, we also need to increase the
security of our election systems against all threats—and quickly.

We tend to underestimate threats that haven't happened—we discount them
as "theoretical"—and overestimate threats that have happened at least
once. The terrorist attacks of 9/11 are a showcase example of that:
administration officials ignored all the warning signs, and then drastically
overreacted after the fact. These Russian attacks against our voting system
have happened. And they will happen again, unless we take action.

If a foreign country attacked US critical infrastructure, we would respond
as a nation against the threat. But if that attack falls along political
lines, the response is more complicated. It shouldn't be. This is a national
security threat against our democracy, and needs to be treated as such.

This essay previously appeared on

More evidence pointing to Russia:

Organizational doxing:

How hackers could influence an election:

Foreign interference in US elections:

US interference in foreign elections:

US response:

Election interference as cyberattack:

Copyright (c) 2016 by Bruce Schneier.

Statistical study of voting results

"Peter G. Neumann" <>
Mon, 15 Aug 2016 13:22:00 PDT
A report with statistical analyses of the Democratic primaries shows
statistically significant disparities between machine-counted and
hand-counted vote totals—for example, 10% in one case.

As always, statistical studies have to be taken for what they are.
However, this report seems consistent with various independent factors
as well.

Re: How to hack an election in seven minutes (Kristiansen, RISKS-29.68)

"Robert I. Eachus" <>
Sat, 13 Aug 2016 19:57:23 -0400
Where I vote, and almost everywhere in New Hampshire (Dixville Notch may be
an exception ;-), we use mark sense paper ballots (ballots with blue boxes
you fill in with a black fiber pen), that are counted as they are collected
by a ballot box.  If there is a second recount, or if the numbers from one
ward or town seem off, the box can be opened and the ballots counted by

Ballot box stuffing is still possible, but it takes three separate actions
in the presence of voters and poll watchers.  It is not impossible, but
unlikely to be effective.  If you can round up enough people to vote in
multiple towns, and get past the local recognition issue to make a
difference, you can probably win the election based on their (single) votes

IF you lived in New Hampshire you would know just how much pressure there is
from the media to get instant results. Especially during the Presidential
primary, there are whole seconds between the polls closing and the TV
networks announcing winners, and bragging about how much faster their
network was in declaring winners.

Social Security Administration REMOVES highly criticized cell phone access requirement

Lauren Weinstein <>
Sun, 14 Aug 2016 08:06:58 -0700

My 29 July blog posting [now updated]:
Confirmed and Unacceptable: Social Security Administration Cutting Off
Users Who Can't Receive Text Messages
was highly critical of the manner in which SSA had implemented a new cell
phone-only 2-factor access requirement. That posting generated among the
most comments and responses I've ever received related to a single blog

I'm now informed that SSA has *removed* the requirement, and that users are
being greeted with this text:

  "We removed the requirement to use a cell phone to access your account.
  While it's not mandatory, we encourage those of you who have a text
  capable cell phone to take advantage of this optional extra security.
  We continue to pursue more options beyond cell phone texting."

Login security using 2-factor can be very important, but SSA totally botched
it up.  I appreciate that SSA has now done the right thing in this case.
Perhaps in the future they'll think these things through better *ahead* of

Please report problems with the web pages to the maintainer