The RISKS Digest
Volume 30 Issue 88

Tuesday, 23rd October 2018

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do
WiReD
Internet of Things
Don Wagner
Toward Human-Understandable, Explainable AI
computer.org
When AI Misjudgment Is Not an Accident
Scientific American
Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van will scoop you up afterward.
WashPost
3D Printers Have Fingerprints, a Discovery That Could Help Trace 3D-Printed Guns, Counterfeit Goods
University of Buffalo
SSH Authentication Bug Opens Door If You Say You're Logged-In
ITProToday
Hackers steal data of 75,000 users after Healthcare.gov FFE breach
ZDNet
Disrupting cyberwar with open-source intelligence
HPE
U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections
NYTimes
Twitter publishes dump of accounts tied to Russian, Iranian influence campaigns
Ars Technica
Saudis' Image Makers: A Troll Army and a Twitter Insider
NYTimes
Banks Adopt Military-Style Tactics to Fight Cybercrime
NYTimes
IBM Proves a Quantum Computing Advantage Over Classical
Brian Wang
Microsoft's problem isn't how often it updates Windows—it's how it develops it
Ars Technica
Susan Wojcicki on the EU's horrific Article 13
Lauren Weinstein
Now Apps Can Track You Even After You Uninstall Them
Bloomberg
These Researchers Want to Send Smells Over the Internet
ieee.org
Risks of voting systems
Stewart Fist
Re: Election Security
John Levine
Paul Burke
Re: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months
Keith Medcalf
Info on RISKS (comp.risks)

Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sat, 20 Oct 2018 23:01:23 -0400
Cars are getting smarter and more capable. They're even starting to drive
themselves, a little. And they're becoming a cause of concern for European
and American safety agencies and groups. They're all for putting better tech
on the road, but automakers are selling systems like Tesla's Autopilot, or
Nissan's Pro Pilot Assist, with the implied promise that they'll make
driving easier and safer, and a new study is the latest to say that may not
always be the case. More worryingly, drivers think these systems are far
more capable than they really are.

https://www.wired.com/story/semi-autonomous-systems-safety-research-euro-ncap-thatcham/


Internet of Things

Zap Katakonk <zapkatakonk1943.6.22@gmail.com>
Sun, 21 Oct 2018 15:08:37 +0200
In the Wild West, a cowboy was a man who, if he had to go a mile north,
would walk two miles south to get a horse, so he could ride there. The IoT
appears to be a product of computer cowboys.

Don Wagner <http://donwagner.dk>


Toward Human-Understandable, Explainable AI (computer.org)

Richard Stein <rmstein@ieee.org>
Sat, 20 Oct 2018 20:26:36 +0800
http://www.computer.org/csdl/mags/co/2018/09/index.html

Explainable AI (XAI), as defined by Hani Hagras, possesses these
characteristics:

"Transparency: We have a right to have decisions affecting us explained to
us in terms, formats, and languages we can understand.

"Causality: If we can learn a model from data, can this model provide us
with not only correct inferences but also some explanation for the
underlying phenomena?

"Bias: How can we ensure that the AI system has not learned a biased view of
the world based on shortcomings of the training data or objective function?

"Fairness: If decisions are made based on an AI system, can we verify that
they were made fairly?

"Safety: Can we gain confidence in the reliability of our AI system without
an explanation of how it reaches conclusions?"

These XAI characteristics, if demonstrably deterministic, can aid triage and
reconstruction of an AI platform's processing activities. A platform's XAI
compliance certification may deter and preclude worst-case, post-deployment
consequences.

AI platform publishers can serve public health and welfare by demonstrating
XAI characteristics prior to deployment. A public service that operates a
compliance simulation can enhance public safety, and reinforce social trust
for AI.  XAI certification might be used as a selling point, similar to a
label from the Underwriters Laboratory or a Consumer Reports ranking.

Autonomous vehicles (AVs) exemplify AI platforms. They promote and aspire to
embody safety capabilities that outperform carbon-based drivers, at least
per NHTSA statistics. Unless operation and failure modes can be simply
explained, AVs will remain a technological eight-ball. XAI characterization
affords one means to educate a skeptical public. But AV manufacturers must
proactively and transparently disclose traffic accident initiators and
processing sequences.

Attorneys will find it difficult to argue that Robocar-5 "LiDAR image
Bayesian decision anomaly suppression logic" is safer than a distracted or
inebriated carbon-based driver.

Given the tarnished reputation acquired from prior incidents, AV
manufacturers have become taciturn. See
https://www.washingtonpost.com/technology/the-switch/shaken-by-hype-self-driving-leaders-adopt-new-strategy-shutting-up/2018/10/18/87bbb99a-91f7-42ec-9b9b-e0cb36ae6be8_story.html

XAI compliance may be their best hope, and last chance, to rehabilitate
their image.


When AI Misjudgment Is Not an Accident (Scientific American)

Richard Stein <rmstein@ieee.org>
Sat, 20 Oct 2018 20:29:48 +0800
https://blogs.scientificamerican.com/observations/when-ai-misjudgment-is-not-an-accident/

"Injecting deliberate bias into algorithmic decision-making could be
devastatingly simple and effective. This might involve replicating or
accelerating pre-existing factors that produce bias. Many algorithms are
already fed biased data. Attackers could continue to use such data sets to
train algorithms, with foreknowledge of the bias they contained. The
plausible deniability this would enable is what makes these attacks so
insidious and potentially effective. Attackers would surf the waves of
attention trained on bias in the tech industry, exacerbating polarization
around issues of diversity and inclusion.

"The idea of 'poisoning' algorithms by tampering with training data is not
wholly novel. Top U.S. intelligence officials have warned that cyber
attackers may stealthily access and then alter data to compromise its
integrity. Proving malicious intent would be a significant challenge to
address and therefore to deter."

Risk: AI-generated, published content that incites widespread civil unrest,
or financial catastrophe.


Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van will scoop you up afterward. (WashPost)

Richard Stein <rmstein@ieee.org>
Sun, 21 Oct 2018 16:06:21 +0800
https://www.washingtonpost.com/technology/2018/10/20/drink-too-much-beer-dallas-cowboys-game-now-free-robot-driven-van-will-scoop-you-up-afterward

"Drive.ai has attempted to distinguish itself by prioritizing
'recognizability over beauty,' giving its Nissan vehicles bright orange
paint jobs that are designed to grab the attention of pedestrians and
drivers, according to company officials.

"The vehicles operate along fixed routes, include human backup drivers and
travel up to 35 mph. They also include exterior panels with messages—such
as 'waiting for you to cross'—to take the place of a human driver making
eye contact or gesturing with a pedestrian at a crosswalk, for example. At
some point, the CEO said, backup drivers will be removed and the vehicles
will operate autonomously."


3D Printers Have Fingerprints, a Discovery That Could Help Trace 3D-Printed Guns, Counterfeit Goods (University of Buffalo)

ACM TechNews <technews-editor@acm.org>
Fri, 19 Oct 2018 12:16:57 -0400
UB News Center, 16 Oct 2018, via ACM TechNews, 19 Oct 2018

University at Buffalo researchers have outlined the first accurate technique
for tracing a three-dimensionally (3D)-printed object to the machine that
produced it, which they think could help law enforcement and intelligence
agencies track the origin of 3D-printed firearms and counterfeit products.
The PrinTracker method identifies the unique signatures of 3D printers by
reading the tiny imperfections within the in-fill patterns they produce in
printed objects. The team created a set of keys from 14 common printers,
then generated digital images of each key. Each image was filtered to
characterize the in-fill pattern, then an algorithm aligned and calculated
each key's variations to confirm the printer signature's authenticity;
PrinTracker matched each key to its originating printer with 99.8% accuracy.
PrinTracker was presented this week at the ACM Conference on Computer and
Communications Security (ACM CCS 2018) in Toronto, Canada.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-1ccf3x217f1ax069069


SSH Authentication Bug Opens Door If You Say You're Logged-In (ITProToday)

Gabe Goldberg <gabe@gabegold.com>
Sat, 20 Oct 2018 23:17:23 -0400
https://www.itprotoday.com/data-security-encryption/ssh-authentication-bug-opens-door-if-you-say-youre-logged


Hackers steal data of 75,000 users after Healthcare.gov FFE breach (ZDNet)

Monty Solomon <monty@roscom.com>
Mon, 22 Oct 2018 10:09:46 -0400
https://www.zdnet.com/article/hackers-steal-data-of-75000-users-after-healthcare-gov-ffe-breach/


Disrupting cyberwar with open-source intelligence (HPE)

Gabe Goldberg <gabe@gabegold.com>
Sat, 20 Oct 2018 23:20:56 -0400
When invaders turned the digital information space into a battlefield,
citizen volunteers innovated a new kind of combat. Ukrainian activists are
working on the front lines to fight information aggression.

For better or for worse, warfare drives technology innovation. World War I
turned the airplane from a rickety contraption into an essential force in
battlefield dominance; World War II brought us jet planes, radar, and atom
bombs. Today, attacks come through the Internet, not from the sky—and so
do the responses.

The cyberattack offensive that Russia launched in Ukraine in 2014 introduced
a new doctrine, hybrid warfare, that blends special-forces military action,
sophisticated propaganda, social media manipulation, and hacking. And the
resistance is coming from volunteers who work together.

https://www.hpe.com/us/en/insights/articles/disrupting-cyberwar-with-open-source-intelligence-1810.html


U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (NYTimes)

Monty Solomon <monty@roscom.com>
Tue, 23 Oct 2018 09:43:54 -0400
https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html

American operatives are messaging Russians working on disinformation
campaigns to let them know they've been identified. It's a measured step to
keep Moscow from escalating.


Twitter publishes dump of accounts tied to Russian, Iranian influence campaigns (Ars Technica)

Monty Solomon <monty@roscom.com>
Mon, 22 Oct 2018 10:51:34 -0400
Archive for researchers provides picture of Internet Research Agency's
influence ops.

https://arstechnica.com/tech-policy/2018/10/twitter-publishes-dump-of-accounts-tied-to-russian-iranian-influence-campaigns/


Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes)

Monty Solomon <monty@roscom.com>
Mon, 22 Oct 2018 10:39:03 -0400
The kingdom silences dissent online by sending operatives to swarm critics.
It also recruited a Twitter employee suspected of spying on users,
interviews show.

https://www.nytimes.com/2018/10/20/us/politics/saudi-image-campaign-twitter.html


Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Mon, 22 Oct 2018 16:50:22 -0400
Like many cybersecurity bunkers, IBM's foxhole has deliberately theatrical
touches. Whiteboards and giant monitors fill nearly every wall, with
graphics that can be manipulated by touch.

“You can't have a fusion center unless you have really cool TVs,'' quipped
Lawrence Zelvin, a former Homeland Security official who is now Citigroup's
global cybersecurity head, at a recent cybercrime conference. “It's even
better if they do something when you touch them.  It doesn't matter what
they do. Just something.''

Security pros mockingly refer to such eye candy as `pew pew' maps, an
onomatopoeia for the noise of laser guns in 1980s movies and video
arcades. They are especially useful, executives concede, to put on display
when V.I.P.s or board members stop by for a tour. Two popular `pew pew' maps
are from FireEye and the defunct security vendor Norse, whose video
game-like maps show laser beams zapping across the globe.  Norse went out of
business two years ago, and no one is sure what data the map is based on,
but everyone agrees that it looks cool.

https://www.nytimes.com/2018/05/20/business/banks-cyber-security-military.html

Of course, a comment on the article has the solution:

BLOCKCHAIN Software guarantees a valid trail of corrupted files, preserving
the data. I wonder how long it will be until even that system is
defeated. What BlockChain software the power is its distributive system,
meaning that the data is stored in multiple private computers.  Whether that
system meets legal requirements for privacy is another question. But the
logic is clear: if data is distributed according to a randomizing algorithm,
that makes it a lot more complicated for intruders to be able to follow data
and to corrupt the system to a point where it shuts down. Or worse, becomes
subject to malware that results in ransom or other maneuvers of financial
plundering. it is, no doubt, the bane of our digital world that the
vulnerabilities are incomprehensible to the lay person and difficult if not
impossible for the experts to protect fully. Things may not be at the point
where investors are advised to purchase gold and hide under a mattress. But
we may well be headed in that direction.


IBM Proves a Quantum Computing Advantage Over Classical (Brian Wang)

ACM TechNews <technews-editor@acm.org>
Fri, 19 Oct 2018 12:16:57 -0400
Brian Wang, Next Big Future, 18 Oct 2018, via ACM TechNews, 19 Oct 2018

IBM researchers have mathematically validated certain problems that require
only a fixed circuit depth when performed on a quantum computer regardless
of how the number of quantum bits used for inputs increase; these same
problems require larger circuit depths on classical computers. The proof is
that there will be problems that can only be executed on quantum systems,
and others which can be conducted much faster on quantum computers. The
research proves fault-tolerant quantum computers will do some tasks better
than classical computers, and offers guidance on how to further current
technology to leverage this as rapidly as possible. This marks the first
demonstration of unconditional partitioning between quantum and classical
algorithms. In practical terms, short-depth circuits are part of the
deployments of algorithms, so this result does not specifically state how
and where quantum computers might be better options for particular business
problems.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-1ccf3x217f19x069069


Microsoft's problem isn't how often it updates Windows—it's how it develops it (Ars Technica)

Monty Solomon <monty@roscom.com>
Mon, 22 Oct 2018 10:45:04 -0400
Buggy updates point at deeper problems.

https://arstechnica.com/gadgets/2018/10/microsofts-problem-isnt-shipping-windows-updates-its-developing-them/


Susan Wojcicki on the EU's horrific Article 13

Lauren Weinstein <lauren@vortex.com>
Mon, 22 Oct 2018 09:25:34 -0700
[I agree with Susan]

A Final Update on Our Priorities for 2018
https://youtube-creators.googleblog.com/2018/10/a-final-update-on-our-priorities-for.html

  Article 13 as written threatens to shut down the ability of millions of
  people—from creators like you to everyday users—to upload content to
  platforms like YouTube.  And it threatens to block users in the EU from
  viewing content that is already live on the channels of creators
  everywhere.  This includes YouTube's incredible video library of
  educational content, such as language classes, physics tutorials and other
  how-tos.  This legislation poses a threat to both your livelihood and
  your ability to share your voice with the world. And, if implemented as
  proposed, Article 13 threatens hundreds of thousands of jobs, European
  creators, businesses, artists and everyone they employ. The proposal could
  force platforms, like YouTube, to allow only content from a small number
  of large companies.  It would be too risky for platforms to host content
  from smaller original content creators, because the platforms would now be
  directly liable for that content.

I agree 100% with Susan regarding the EU's horrific Article 13 and the
immense damage that it would do, particularly to smaller creators.


Now Apps Can Track You Even After You Uninstall Them (Bloomberg)

"Dave Farber" <farber@gmail.com>
Tue, 23 Oct 2018 09:04:20 +0900
https://www.bloomberg.com/news/articles/2018-10-22/now-apps-can-track-you-even-after-you-uninstall-them


These Researchers Want to Send Smells Over the Internet (ieee.org)

Richard Stein <rmstein@ieee.org>
Sun, 21 Oct 2018 15:29:24 +0800
https://spectrum.ieee.org/the-human-os/biomedical/devices/these-researchers-want-to-send-smells-over-the-internet

Risk: Scent molecules trigger an allergic reaction or are
accidentally/intentionally blended into a poisonous vapor.

The IoT evolves into the IoA—Internet of Aromas; IoO—Internet of
Odors.

"The Emperor of Scent" by Chandler Burr discusses Luca Turin's theory of how
the human nose scent glands apply inelastic electron tunneling to
distinguish aromas.

  [See RISKS-28.78 for *Scent Received, With a Tap of a Smartphone*,
  Smell-o-Vision, Scent of Mystery, and Smell-O-Phones.  The nose knows, and
  the nos have it?  An aye for an aye!  Say Neigh to the Internet of
  Thinks Stinks?  PGN]


Risks of voting systems

Stewart Fist <stewart_fist@optusnet.com.au>
Sat, 20 Oct 2018 16:42:41 +1100
Australians are endlessly fascinated by correspondence and articles about
the failures and fiddles associated with the US voting system.  We have
always believed a stable and trustworthy system of ballots to be fundamental
to democracy, and we wonder why Americans don't to reform the whole system.

Australia has a preferential ballot system, and what is erroneously called
*compulsory voting*.

No one has to vote, because we also have secret ballots (we claim to have
invented them). So if you write obscenities on the paper or leave it
unmarked, then no one will be the wiser.

However you do need to attend a local booth on the day of the election and
have your name crossed on the electoral roll, and you might get a small fine
if you don't vote and don't have a legitimate excuse why you didn't perform
this basic civil duty.

My American friends see this as a draconian infringement on their human
rights.  Yet (by comparison) as Rob Slade (Jury Duty, 19 Oct) points out,
his civic jury duty for a trial is likely to last 3 months - for those too
*stupid* not to get themselves disqualified.

So the argument about infringement on rights is trivial to the point of
ridiculous.  In my long life-time, jury duties and Vietnam War/National
Service conscription have been greater impositions than fifteen minutes
spent every few years to vote.

Security comes from the universality of enrollment.  Australia rarely has
more than trivial voting scandals because it is almost impossible to
manipulate the system without it becoming glaringly obvious.

So citizens don't need to have identification when they vote; no one ever
gets scrubbed from the rolls.  There are no disputes to hold up the voting
queues, and you can cast a vote in a distant electoral district if you are
away from home.

Voting machines are unnecessary also because many people can vote at the
time (which saves millions of dollars). We just put numbers alongside the
names on the ballot paper and most Australians can count from 1 to 5.  Local
scrutineers (who are aligned with the candidates) watch while the count is
tallied after the close of voting.

The system is designed to keep it simple, keep technology at a distance, and
have every citizen involved in making the final decision.  You register to
vote once when you come of age, and that is it—unless you change
addresses (or names when women get married).

Preferential voting also produces an outcome more aligned to the will of the
local electorate, and it has the additional benefit of diminishing the
over-riding power of the two major political parties. Preference voting
encourages independent candidates to enter the political conversation and
add their weight to the discussion.

American will always have problems with the current US voting systems, and
its about time that people faced up to that and looked at alternatives.

Stewart Fist, 70 Middle Harbour Rd, LINDFIELD NSW 2070


Re: Election Security (Burke on Zetter, RISKS-30.87)

"John Levine" <johnl@iecc.com>
21 Oct 2018 23:48:58 +0200
> ...Paper ballots and better security for election machines. Fine, but not
> a solution.  Counting millions of paper ballots in thousands of locations
> is not secure or affordable.

That is clearly false, since we conducted elections with hand counted paper
ballots in thousands of locations for centuries.  Canada still does.

The ballot counting machines we use in New York count the ballots as the
voters put them in the machine.  I assume that after the polls close, they
can lock the machine, read the totals, and call them in to get the tentative
results.  There are procedures for sealing the machines, delivering the
ballots, and so forth which I used to know when I was an election official,
but have since forgotten.

I realize this may come as a surprise for people expecting instant
gratification, but there is no need to report the results of an election
quickly.  I used to live in Cambridge MA where we used paper ballots to do
single transferrable vote elections for city council and school committee.
After the polls closed, they took the ballots to the high school gym where
they counted them with observers and challenges.  It took about a week,
which was no problem at all since that still left plenty of time before the
winners were certified and the new boards seated a month and a half later.


Re: Election Security (Levine, RISKS-30.88)

Paul Burke <box1320@gmail.com>
Sun, 21 Oct 2018 19:09:59 -0400
I think John Levine sees the need for independently checking paper ballots.
The story of Cambridge and other places shows that hand-checking is
expensive.  The US has 100 to 140 million long ballots to count, and a
history of shenanigans. Canadian voters typically vote on one contest during
each election, so counting is far simpler and cheaper than in the US where
we often have pages of choices.

Ballot-counting machines in NY and most states do read each ballot and
produce totals. Those machines are computers, and can be hacked when they
get annual updates or sit unguarded at polling places the night before an
election, so the "totals" they show may not reflect the ballots. A really
good feature is that NY also recounts ballots from 3% of the machines,
manually or with an independent machine. I'd like to see more independent
counts, since a nation-state could hack the independent machine too, but NY
is far ahead of states which don't check a good sample at all.
https://www.verifiedvoting.org/state-audit-laws/


Re: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months (RISKS-30.87)

"Keith Medcalf" <kmedcalf@dessus.com>
Fri, 19 Oct 2018 20:00:14 -0600
This is likely because it is irrelevant.

Once you have the requisite NT AUTHORITY\SYSTEM level access that is
required to carry out the "registry hack" to enable this "backdoor" there is
no point in going to all the trouble—and there are much easier ways to
obtain and maintain "Administrator" rights (or whatever rights you want) on
Windows—especially after you have once subverted the Operating System and
obtained NT AUTHORITY\SYSTEM privileges.

Besides which, this is not really a security problem/flaw, the system is
merely working as designed.  You can achieve just about the same thing in
any Operating System authorization system by making similar changes to the
information base used to generate the authorization token, and it is just as
trivially easy once you ALREADY HAVE "Act as part of the Operating System"
privilege.

Please report problems with the web pages to the maintainer

x
Top