The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 52

Thursday 2 January 2020

Contents

China flight systems jammed by pig farm's African swine fever defences
SCMP
Boeing spacecraft lands safely in New Mexico desert, a successful end to a flawed test mission
The Washington Post
Laser-based attacks for controlling voice-activated systems such as Amazon's Alexa
Light Commands
Science Under Attack: How Trump Is Sidelining Researchers and Their Work
The NY Times
Bumble blocked Sharon Stone, thinking she was a fake
WashPost
U.S. Coast Guard discloses Ryuk ransomware infection at maritime facility
DCO
CIA devised way to restrict missiles given to allies, researcher says
Reuters
Chinese Cloud Hopper hacking campaign is worse than thought
The Verge
Wawa Data Breach: DC, VA Customers Could Be Affected
Patch
Hackers steal data for 15 million patients, then sell it back to lab that lost it
Ars Technica
Executive dies, taking investor cryptocurrency with him. Now they want the body exhumed
Charlie Osborne
Driving surveillance: What does your car know about you? We hacked a 2017 Chevy to find out.
WashPost
Cars towed in South End due to city error
The Boston Globe
How tourists take their lives into their own hands
WashPost
Some junk for sale on Amazon is very literally garbage, report finds
ArsTechnica
This alleged Bitcoin scam looked a lot like a pyramid scheme
WiReD
Apple's new Screen Time Communication Limits are easily beaten with a bug
ArsTechnica
2019 Apple Platform Security guide shows what it is doing to 'push the boundaries' of security and privacy
9to5Mac
Wave of Ring surveillance camera hacks tied to podcast, report finds
Ars Technica
How to Track President Trump
*The New York Times*
India's Internet shutdown shows normal practice for sovereign countries
Prashanth Mundkur
Resignation of Board Members from Verified Voting
Rebecca Mercuri
Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers
WiReD
Planned Obsolescence
npr.org
Re: Human error installing SCADA system leads to 7.5 million gallons of, raw sewage dumped in Valdosta, GA
Martin Ward
Re: What happens if your mind lives for ever on the Internet?
Amos Shapir
Roderick Rees
Re: Bates v Post Office litigation: reliability of computers
Kelly Bert Manning
Info on RISKS (comp.risks)

China flight systems jammed by pig farm's African swine fever defences (SCMP)

Monty Solomon <monty@roscom.com>
Sat, 21 Dec 2019 18:23:25 -0500
https://www.scmp.com/news/china/society/article/3042991/china-flight-systems-jammed-pig-farms-african-swine-fever


Boeing spacecraft lands safely in New Mexico desert, a successful end to a flawed test mission (The Washington Post)

Gabe Goldberg <gabe@gabegold.com>
Sun, 22 Dec 2019 10:26:18 -0500
Because of a software problem, the uncrewed capsule had to abort its flight
to the International Space Station

https://www.washingtonpost.com/technology/2019/12/22/boeing-spacecraft-lands-safely-new-mexico-desert-successful-end-flawed-test-mission/


Laser-based attacks for controlling voice-activated systems such as Amazon's Alexa.

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 31 Dec 2019 10:44:26 PST
https://lightcommands.com/

  [Thanks to Steven Cheung at SRI.]


Science Under Attack: How Trump Is Sidelining Researchers and Their Work (The NY Times)

Dewayne Hendricks <dewayne@warpspeed.com>
December 29, 2019 18:46:13 JST
Brad Plumer and Coral Davenport, *The New Work Times*, 28 Dec 2019
  [Long item truncated for RISKS.  PGN]

In three years, the administration has diminished the role of science in
policymaking while disrupting research projects nationwide. Experts say the
effects could be felt for years.

https://www.nytimes.com/2019/12/28/climate/trump-administration-war-on-science.html

WASHINGTON—In just three years, the Trump administration has diminished
the role of science in federal policymaking while halting or disrupting
research projects nationwide, marking a transformation of the federal
government whose effects, experts say, could reverberate for years.

Political appointees have shut down government studies, reduced the
influence of scientists over regulatory decisions and in some cases
pressured researchers not to speak publicly. The administration has
particularly challenged scientific findings related to the environment and
public health opposed by industries such as oil drilling and coal mining. It
has also impeded research around human-caused climate change, which
President Trump has dismissed despite a global scientific consensus.

But the erosion of science reaches well beyond the environment and climate.
[...]

“When we decapitate the government's ability to use science in a
professional way, that increases the risk that we start making bad
decisions, that we start missing new public health risks,'' said Wendy
E. Wagner, a professor of law at the University of Texas at Austin who
studies the use of science by policymakers.


Bumble blocked Sharon Stone, thinking she was a fake (WashPost)

Monty Solomon <monty@roscom.com>
Tue, 31 Dec 2019 03:48:35 -0500
"Looks like our users thought you were too good to be true," the company
wrote to Stone on Twitter.

https://www.washingtonpost.com/business/2019/12/30/sharon-stone-was-kicked-off-bumble-because-users-thought-she-was-impersonating-sharon-stone/


U.S. Coast Guard discloses Ryuk ransomware infection at maritime facility (DCO)

geoff goodfellow <geoff@iconia.com>
Tue, 31 Dec 2019 11:05:05 -1000
*Ransomware infection led to a disruption of camera and physical access
control systems, and loss of critical process control monitoring systems*

EXCERPT:

An infection with the Ryuk ransomware took down a maritime facility for more
than 30 hours; the US Coast Guard said in a security bulletin it published
before Christmas.
<https://www.dco.uscg.mil/Portals/9/DCO Documents/5p/MSIB/2019/MSIB_10_19.pdf>

The agency did not reveal the name or the location of the port authority;
however, it described the incident as recent.

"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk'
ransomware," the US Coast Guard (USCG) said in a security bulletin meant to
put other port authorities on alert about future attacks.  POINT OF ENTRY:
PHISHING EMAIL

USCG officials said they believe the point of entry was a malicious email
sent to one of the maritime facility's employees.

"Once the embedded malicious link in the email was clicked by an employee,
the ransomware allowed for a threat actor to access significant enterprise
Information Technology (IT) network files, and encrypt them, preventing the
facility's access to critical files," the agency said.

The USCG security bulletin describes a nightmare scenario after this point,
with the virus spreading through the facility's IT network, and even
impacting "industrial control systems that monitor and control cargo
transfer and encrypted files critical to process operations."

Coast Guard officials said the Ryuk infection caused "a disruption of the
entire corporate IT network (beyond the footprint of the facility),
disruption of camera and physical access control systems, and loss of
critical process control monitoring systems."

The maritime facility—believed to be a port authority—was forced to
shut down its entire operations for more than 30 hours, the Coast Guard
said.

INCREASE IN MARITIME CYBER THREATS...

https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/


CIA devised way to restrict missiles given to allies, researcher says (Reuters)

geoff goodfellow <geoff@iconia.com>
Tue, 31 Dec 2019 11:03:05 -1000
EXCERPT:

The U.S. Central Intelligence Agency has devised technology to restrict the
use of anti-aircraft missiles after they leave American hands, a researcher
said, a move that experts say could persuade the United States that it would
be safe to disseminate powerful weapons more frequently.

The new technology is intended for use with shoulder-fired missiles called
Man-Portable Air-Defense Systems (MANPADS), Dutch researcher Jos Wetzels
told a cybersecurity conference here in Leipzig, Germany on Saturday.
Wetzels said the system was laid out in a batch of CIA documents published
by WikiLeaks in 2017 but that the files were mislabeled and attracted little
public attention until now.

Wetzels said the CIA had come up with a *smart arms control solution* that
would restrict the use of missiles “to a particular time and a particular
place.''  The technique, referred to as *geofencing*, blocks the use of a
device outside a specific geographic area.

Weapons that are disabled when they leave the battlefield could be an
attractive feature. Supplied to U.S. allies, the highly portable missiles
can help win wars, but they have often been lost, sold, or passed to
extremists...

https://www.reuters.com/article/us-usa-cyber-missiles/cia-devised-way-to-restrict-missiles-given-to-allies-researcher-says-idUSKBN1YY1BF


Chinese Cloud Hopper hacking campaign is worse than thought (The Verge)

geoff goodfellow <geoff@iconia.com>
Tue, 31 Dec 2019 11:04:06 -1000
*Much worse than original reported*

The global hacking campaign known as *Cloud Hopper* perpetrated by
government-sponsored Chinese hackers was much worse than originally
reported, according to an investigation by the *Wall Street Journal*
<https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061> you should read in full.

The report says that at least a dozen cloud providers were affected, but
focuses on HP to illustrate the severity of the intrusions and the tactics
used to attack and defend.  “The Journal found that Hewlett Packard
Enterprise Co. was so overrun that the cloud company didn't see the hackers
re-enter their clients' networks, even as the company gave customers the
all-clear.''

“Inside the clouds, the hackers, known as APT10 to Western officials and
researchers, had access to a vast constellation of clients. The Journal's
investigation identified hundreds of firms that had relationships with
breached cloud providers, including Rio Tinto, Philips, American Airlines
Group Inc., Deutsche Bank AG, Allianz SE, and GlaxoSmithKline PLC.'' [...]

“They came in through cloud service providers, where companies thought
their data was safely stored. Once they got in, they could freely and
anonymously hop from client to client, and defied investigators' attempts to
kick them out for years.''

A lot of this was known in broad terms, as revealed by a *Reuters*
investigation in June.
<https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/>
The more detailed *WSJ* investigation
<https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061>
shows just how vulnerable our data is when stored by a third party, and how
aggressively state-sponsored hackers continue to pursue it.

https://www.theverge.com/2019/12/31/21044173/cloud-hopper-apt10-china-hackers


Wawa Data Breach: DC, VA Customers Could Be Affected (Patch)

Gabe Goldberg <gabe@gabegold.com>
Thu, 19 Dec 2019 23:38:49 -0500
https://patch.com/virginia/annandale/s/gyddx/wawa-data-breach-dc-va-customers-could-be-affected


Hackers steal data for 15 million patients, then sell it back to lab that lost it (Ars Technica)

Monty Solomon <monty@roscom.com>
Fri, 20 Dec 2019 11:32:01 -0500
https://arstechnica.com/information-technology/2019/12/clinical-lab-pays-hackers-for-the-return-of-data-of-15-million-patients/


Executive dies, taking investor cryptocurrency with him. Now they want the body exhumed (Charlie Osborne)

Gene Wirchenko <gene@shaw.ca>
Wed, 18 Dec 2019 17:19:23 -0800
      ["Paging Monty Python ..."]

Charlie Osborne for Zero Day | 18 Dec 2019
https://www.zdnet.com/article/an-executive-died-taking-investor-cryptocurrency-with-him-now-they-want-the-body-exhumed/
Executive dies, taking investor cryptocurrency with him. Now they want the
body exhumed.  The CEO of Quadriga was the only one who could access user
funds, but claims of his death have not satisfied everyone.

opening text:

The former Quadriga CX CEO Gerald Cotten died suddenly this year, taking the
keys required to access cryptocurrency funds belonging to investors with
him.

Now, these same traders, devoid of millions in investment, have requested
that the body of the firm's former CEO be exhumed to confirm his death.


  [Monty Solomon noted this on Ars Technica:
    Exhume dead cryptocurrency exec who owes us $250 million, creditors demand
  https://arstechnica.com/information-technology/2019/12/cryptocurrency-investors-want-to-exhume-ceo-who-took-250-million-to-his-grave/
  PGN]


Driving surveillance: What does your car know about you? We hacked a 2017 Chevy to find out. (WashPost)

Gabe Goldberg <gabe@gabegold.com>
Thu, 26 Dec 2019 17:08:53 -0500
https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/


Cars towed in South End due to city error (The Boston Globe)

Monty Solomon <monty@roscom.com>
Sat, 21 Dec 2019 11:53:06 -0500
https://www.boston.com/news/local-news/2019/12/20/south-end-cars-towed-city-error


How tourists take their lives into their own hands (WashPost)

Richard Stein <rmstein@ieee.org>
Mon, 23 Dec 2019 09:58:25 +0800
https://www.washingtonpost.com/opinions/how-tourists-take-their-lives-into-their-own-hands/2019/12/22/668a30d8-2342-11ea-bed5-880264cc91a9_story.html

This essay describes a two-step risk process which tourists consciously (or
unconsciously) perform when considering travel destination activities.

The process is apparently not unique to vacation planning, but seems to
characterize the conduct in large, human-structured entities such as
businesses, and governments. Organizational structures, when unethically or
capriciously governed, can manufacture products or publish services that
injure public health and safety.

 >  From the article, the process is outlined as:

a) Risk Denied—Trek to an active volcano for a once in a lifetime
photograph. For White Island, the volcano's historical and current eruption
potential/activity level has been tracked since 1975 and available via
https://www.geonet.org.nz/about/volcano/whiteisland.

b) Risk Economized—Business profit priority over rigorous life cycle
practices compromise public safety. Messages from 2016, prior to 737 MAX
deployment certification, indicated flight simulation MCAS anomalies that
were not communicated to regulators (until very recently), and were
generally shirked by senior Boeing governance given triple constraint
(scope, schedule, cost) impact.

Risk: Governance situation awareness denial, aka myopia.


Some junk for sale on Amazon is very literally garbage, report finds (ArsTechnica)

Monty Solomon <monty@roscom.com>
Fri, 20 Dec 2019 11:35:00 -0500
https://arstechnica.com/tech-policy/2019/12/some-junk-for-sale-on-amazon-is-very-literally-garbage-report-finds/


This alleged Bitcoin scam looked a lot like a pyramid scheme (WiReD)

Monty Solomon <monty@roscom.com>
Fri, 20 Dec 2019 11:44:27 -0500
https://www.wired.com/story/alleged-bitcoin-scam-like-pyramid-scheme/


Apple's new Screen Time Communication Limits are easily beaten with a bug (ArsTechnica)

Monty Solomon <monty@roscom.com>
Fri, 20 Dec 2019 11:46:10 -0500
https://arstechnica.com/gadgets/2019/12/apples-new-screen-time-communication-limits-are-easily-beaten-with-a-bug/


2019 Apple Platform Security guide shows what it is doing to 'push the boundaries' of security and privacy (9to5Mac)

Gabe Goldberg <gabe@gabegold.com>
Sat, 21 Dec 2019 00:45:34 -0500
https://9to5mac.com/2019/12/19/2019-apple-platform-security-guide-shows-what-it-is-doing-to-push-the-boundaries-of-security-and-privacy/


Wave of Ring surveillance camera hacks tied to podcast, report finds (Ars Technica)

Monty Solomon <monty@roscom.com>
Fri, 20 Dec 2019 11:49:56 -0500
https://arstechnica.com/tech-policy/2019/12/wave-of-ring-surveillance-camera-hacks-tied-to-podcast-report-finds/


How to Track President Trump (*The New York Times*

Gabe Goldberg <gabe@gabegold.com>
Sat, 21 Dec 2019 17:14:38 -0500
https://www.nytimes.com/interactive/2019/12/20/opinion/location-data-national-security.html


India's Internet shutdown shows normal practice for sovereign countries (People.CN)

Prashanth Mundkur <prashanth.mundkur@sri.com>
Thu, 19 Dec 2019 05:38:26 +0000
China is now using Indian actions to shut down the Internet as a
justification for its own throttling:

17 Dec 2019
http://en.people.cn/n3/2019/1217/c90000-9641267.html


Resignation of Board Members from Verified Voting

Rebecca Mercuri <notable@mindspring.com>
Thu, 19 Dec 2019 19:36:42 -0500
  [News summary provided by Rebecca Mercuri, Ph.D. <mercuri@acm.org>.]

https://www.fastcompany.com/90441559/two-experts-quit-election-accountability-group-over-claims-it-has-been-endorsing-untrustworthy-machines

Richard DeMillo <https://www.cc.gatech.edu/people/richard-demillo>, a
Georgia Tech professor who sat on Verified Voting's advisory board, and UC
Berkeley statistics professor and associate dean Philip Stark
<https://www.stat.berkeley.edu/~stark/>, a VV board member, have resigned
from the advocacy group, stating that they believe that Verified Voting has
been giving election officials false confidence in some voting machines and
providing cover for the companies that make and sell these machines.

In DeMillo's December 1 resignation letter to Barbara Simons (chair of VV's
board of directors), he claimed that “Verified Voting's policy positions
were unpredictable, contradictory, and not aligned with the values I once
believed we shared. On more than one occasion, Verified Voting has taken
contradictory public stances in the span of a few days, undercutting allies
and supporters. The pattern of espousing new positions and making public
statements that take local VV stakeholders by surprise is nothing
new. Rather than seeking out advice, Verified Voting has gone to great
lengths to avoid it.''

With respect to VV's involvement in a Risk Limiting Audit (RLA) pilot in
Georgia, DeMillo claimed that “Verified Voting's seal of approval for the
security theatrics in Bartow County undermines efforts to make elections
more accountable. ... No audit based on an untrustworthy audit trail can
confirm the correctness of the outcome. Billing such an exercise as an RLA
and touting it as a proof of security plays into the hands of cynics.''

Stark, who resigned on November 21, accused VV of being on the *wrong side*
saying: “Our message to jurisdictions that buy poorly designed, insecure,
universal-use BMD [ballot marking device systems] should be, `We tried to
warn you. You need a better voting system' ... Instead, we're saying, 'Don't
worry: VV will teach you to sprinkle magic RLA dust and fantasies about
parallel testing on your untrustworthy election. All will be fine; you can
use our authority and reputation to silence your critics.''


Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Thu, 19 Dec 2019 23:36:51 -0500
https://www.wired.com/story/meet-the-mad-scientist-who-wrote-the-book-on-how-to-hunt-hackers/


Planned Obsolescence (npr.org)

Richard Stein <rmstein@ieee.org>
Fri, 20 Dec 2019 18:08:40 +0800
https://www.npr.org/2019/12/18/789436174/the-phoebus-cartel

  [NOTE: See http://catless.ncl.ac.uk/Risks/30/11#subj7.1 for the first
  mention of 'Phoebus Cartel' in comp.risks.]

Planned obsolescence encompasses two key business priorities that fuel the
consumer marketplace:

1) Products are designed and manufactured to fail within a certain service
   lifetime interval;

2) Product obsolescence promotes incremental improvements, and new versions
   become available for consumer purchase, often promoted as 'greener,
   reduced operational cost expenditure, faster, more reliable, etc.' than
   their predecessors to induce sales.

Brand loyalty or guilt from being 'left behind' can compel a repurchase
decision.

Light bulbs were originally designed and manufactured to never fail.  Their
nascent longevity and resilience testifies to engineering pride and
demonstrable human ingenuity. However, light bulb manufacturing businesses
observed that a marketplace saturated with very durable illumination
products limits future sales: revenue capture and realization stall, and
long-term profit potential and earnings drop.

And the light bulb's initially immutable nature, since reduced to ~1000
continuous hours (for the old wire filament type), taught business that
product innovation via incremental change can promote future profit
generation.

In structured business organizations, product change embodies processes
governed according to a risk management framework that weighs requirements,
process alternatives, and operational key performance metrics against
concrete business outcome potentials (market-share capture and revenue
growth, reputation improvement, etc.).

For technological devices, a new software revision or hardware enhancement
represents a product change that requires sophisticated, accountable, and
ethically motivated process governance. The evolution or introduction of
cellphones, smart home appliances, aircraft maneuvering augmentation
systems, pharmaceutical infusion devices, robotic surgery platforms,
implanted medical devices, etc. epitomize incremental technological change.

Tom Wolfe's "The Right Stuff" states concisely: "No bucks, no Buck Rogers."
Technological change is "Buck Rogers." Incremental product change requires
investment. Risk—to the public, to the business, to the environment --
arises from change, especially so for software, multi-billion transistor
chips, neuromorphics, memristors, quantum computers, etc. The creators and
builders of these products constitute considerable business expenses;
intellectual property innovation is not free, unless it is stolen.

Business risk planning and mitigation cannot be 100% complete or
accurate. Capricious collaboration, peculiar organizational behavior, and
mistake can be inimical to successful risk planning initiatives.  Perfection
does not, and cannot, exist anywhere in a business or project life cycle
context.

Technological systems or devices embody complexity that cannot be completely
characterized or profiled for risk. Consequently, product failures, or
unexpected field operations, materialize as consumer inconvenience, brand
outrage, and/or fatality.

An ethical and accountable governance process is expected to engage to
forestall catastrophe when change management processes are pressurized or
corrupted to overlook relevant risks that potentially sacrifice product
viability, especially if public safety is jeopardized by these
circumstances.

Product change abandonment, and conscientious evaluation by root cause
analysis is essential when potential business profit sacrifice assumes
priority over public risk exposure. A product that does no harm is more
likely to sell than one that injures the public. Automobiles constitute an
acknowledge exception on this point, as do fire-arms, cigarettes, opioid
pharmaceuticals, etc. All of these products are subject to regulation and
enforcement in the US. Regulatory enforcement effectiveness is unfortunately
debatable.

Business risk blindness, and profit pursuit, have repeatedly jeopardized
public safety. In an era where regulatory arbitrage, and regulatory capture,
enables and sponsors risk blindness, profit motives become brand outrage's
and disaster's bridesmaid. Rigorous regulatory structures, strict
enforcement and penalties that deters reckless business governance conduct
is essential. Businesses must cease exploitation of product change that
sacrifices public blood and treasure.


Re: Human error installing SCADA system leads to 7.5 million gallons of, raw sewage dumped in Valdosta, GA (RISKS-31.51)

Martin Ward <martin@gkc.org.uk>
Fri, 20 Dec 2019 16:16:30 +0000
The cause is described as "human error": but surely it is a design
error if a disconnected sensor is indistinguishable from a connected
sensor reporting that everything is OK?


Re: What happens if your mind lives forever on the Internet? (Ward, RISKS-31.51)

Amos Shapir <amos083@gmail.com>
Sat, 21 Dec 2019 17:32:06 +0200
Of course I'm aware of the Turing Test, but I think its definition of an
"evaluator" who cannot distinguish between a human and a machine on-line, is
also a moving target.  The more we're used to interacting with "talking
machines", the more we become adept at distinguishing between these and
"real" humans.

I think no machine could ever fool its own creators; for them, at least, the
answer to the question "When will machines become as intelligent as humans",
would therefore always be "20 year from now".


Re: What happens if your mind lives forever on the Internet?

Roderick Rees <jp3vampire@gmail.com>
Thu, 19 Dec 2019 15:22:38 -0800
Martin Ward writes that The definition of "machines as intelligent as
humans" was established back in 1950 in the seminal paper by Alan Turing:
"Computing Machinery and Intelligence", which described the "Turing Test".
It should (still) be required reading for any software engineer.


The concept of machine intelligence is faulty because there is o clear and
generally accepted concept of human intelligence.  It is not merely the
intellectual capability of manipulating logic, and humans survived very well
for a long time without formal logic.

Also, despite Turing's clearly superior mathematical mind, he did not
sufficiently understand human thinking.  For consider, in the early days of
language and thinking with language, there was no need to distinguish
between speech from a human and speech from, say, a rock.  If you heard
speech, then of course you would normally assume it was a human speaking.
And the first recorded case of a human reacting to words from a machine as
if they were from a human was in the Doctor and Eliza experiments, with only
the most primitive processing of language.  The "Turing Test" is not valid.


Re: Bates v Post Office litigation: reliability of computers (RISKS-31.51)

Kelly Bert Manning <bo774@freenet.carleton.ca>
Tue, 31 Dec 2019 14:41:39 -0500 (EST)
There is an older UK case, going back to around Eternal September or before,
involving a British Police Officer who was initially convicted of attempted
fraud simply for asking about the details of an unrecognized withdrawal from
his bank account.

I will check old dead tree issues of *Privacy Journal* to see if I can
find more details in those.

If memory serves the only detail he ever got from the bank was a clerk
asking him if he enjoyed his Irish Vacation. He had not been to Ireland.

The bank had a draconian response to his simple request for details of what
we would now regard as an obvious case of ATM error or card cloning fraud
insisting that the Officer was trying to defraud them, rather than providing
details such as the location of the ATM and the time of day.

The Officer was convicted at the lowest level court, which got him fired, as
well as convicted. Things only turned around when the British Computer
Society got involved, providing Expert Opinion during the appeal about the
unreliability of the bank's ATM system and supposed iron clad
evidence. "Trust us, it is all in the computer and the computer is always
correct" should never be allowed to pass unchallenged in court.


Re: RISKS-31.51

Don Poitras

Please report problems with the web pages to the maintainer

Top