Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From: Peter G. Neumann <Neumann at CSL.SRI.COM>
... He claimed that the Iranians electronically countermanded the missiles
(an Exocet [which did not explode] and the other still unidentified missile,
possibly an AS-30 laser-guided missile) AWAY FROM one of their tankers.
Other messages have also referred to laser-guided missiles. [They] require
a laser to designate the target, which the missile then homes in on, by
seeking the reflected laser light. That means that there must be a laser
actively illuminating the target at all times while the missile is seeking.
If the airplane carrying the missile goes away or drops out of line of
sight, it can't illuminate the target.
[This discussion at the moment is labelled SPECULATION with respect to the
Stark investigation in progress. But one question is, how easily can a
missile such as the laser-guided AS-30 be faked out? What happens under
cloud cover? Does the missile go inertial for a while if it loses the
target, in hopes of reacquiring the target? Can it get confused by decoys,
light chaff, fireworks, or whatever? Is the Iranian countermeasure claim
plausible? Remember, there were two missiles (the exploded one suspected
NOT to be an Exocet?), and if one was electronic and the other laser guided,
the countermeasure theory seems less likely. Although I presume analogous
arguments hold for electronic countermeasures on electronically guided
missiles, the mechanisms might be different... In any case, the risks of
hitting something other than the desired target seem to be nontrivial. PGN]
FURTHER RESPONSE FROM HERB:
The AS-30 is indeed a laser guided missile, but it too requires an
independent laser designator. If no Iranian airplane or boat was in sight
of the ship, no target designation would take place. You must have a line
of sight to the target. [Rafsanjani reportedly said that there
had been an Iranian tanker in range. PGN]
The AS-30 is described as having two guidance components — inertial
reference for the initial phase, and laser homing for the terminal
phase. If anything intervenes between the laser beam and the target,
most likely the missile will lock its home-on track, and be lost.
OTTAWA - Two federal public servants who used a government computer for their own purposes have been ordered to pay the government $1,270 for misuse of high technology. The environment department billed Michel Grenier and Gaston Boisvert, two Montreal-based computer systems workers, for tying up a government computer for almost an hour in August 1986. Grenier, with the permission of his supervisor Boisvert, used the computer for 57 minutes to develop a personal program.
Perhaps this is an old problem; it occurred to me a couple of days ago.
It seems that there is more and more litigation initiated by people who
feel that they have been wronged by someone else's malice, negligence, or
deep pockets (ahem). Someone out there already sued Lotus, right?
What happens when an "expert system" is involved? Who gets the blame?
The programmer, who designed the system, or the expert(s) who supposedly
provided the rules that direct the system? Can you imagine the stream of
expert witnesses giving their debugging of the problem? Of course, if the
debugger was faulty....
Another source of fault might be the non-maintenance of an expert system.
For example, a new edition of the Physician's Desk Reference is published
every year. The new information should be added to the expert system, or
else it will get out of date (and lack information on new drugs and newly
discovered side-effects and interactions). If the expert system was
designed in such a way that maintenance was difficult, then the designer
might share some blame, too.
Just thought I'd ask. It sounds like a great opportunity for finger-pointing.
David
[We've been around this one several times before, although not
specifically in the context of "expert systems". The juries are
not in yet. Are there any new contributions in the wings? PGN]
When I got the MIT notice from the SECURITY list, I did a little digging
in the law books (Purdue's library is a Federal Depository).
I pulled out a copy of the Act (Public Law 99-508, H.R. 4952) and a copy
of Title 18 of the United States Code, which it amends. From this
(after a couple of hours of "strike words a through f, insert words g
through m" — I'd hate to be a law clerk), I extracted most of the
"interesting" parts of the law.
These parts pertain to administrators and users of electronic
communications services (if your machine has electronic mail or bboards,
it fits into this category). The parts I specifically went for were
what we can and cannot do, what the punishment is if we do it, and what
our means of recourse are if it's done to us. I left out all the stuff
about government agents being able to requisition things and stuff,
and all the stuff pertaining to radio and satellite communications.
So anyway, I typed all this stuff in to give it to our staff so they'd be
aware of the new legislation. Since there is probably interest in this, I
am making the document availble for anonymous ftp from the host
intrepid.ecn.purdue.edu. Grab the file "pub/PrivacyAct.troff" if you have
troff (it looks better), or "pub/PrivacyAct.output" if you need a
pre-formatted copy. Bear in mind I'm not a lawyer, and I just typed in the
parts of the law I deemed to be of interest to our staff.
--Dave Curry
[Background: sci.crypt is intended to discuss cryptography issues. Recently, it has been discussing automatic teller machines, the security of personal id numbers, and how cards are invalidated after successive incorrect input of the user's "secret code." This article branches out a bit, and might be of interest to Risks readers. Martin Minow ] Path: decvax!ucbvax!ucbcad!ames!lll-tis!ptsfa!lll-lcc!well!shibumi From: shibumi@well.UUCP (Kenton Abbott Hoover) Newsgroups: sci.crypt Subject: Re: ATM security (was Re: DES info wanted) Date: 23 May 87 21:26:55 GMT Organization: Whole Earth 'Lectronic Link, Sausalito, CA The determination on invalidation is done at the host. If the programmer wants to invalidate the card on three attempts, well, then the programmer has to put a flag on the data record for the card. An example: Bank Of America (who I used to work 4) simply sends a report to the branch where your account is and the branch personel decide whether to flag your card, or just call you and ask what the h**l is going on. Trivia: The Diabold and IBM ATMs (diabolds have CRTs with 4 unmarked buttons, IBMs say IBM on them, if not they have the cash sort of flop out of a slot and have an open/closed sign on them) are ...wait for it... 3270 devices! They] actually have PF keys and the whole nine yards built-in. Usual chain of activity in an ATM: 1) The interaction with the user, screens, etc. is done by some sort of controller, a Series/1-type (read: VERY STUPID) machine which controls a whole set of ATMs. The controller normally resides at some central location and communicates with the ATMs over leased lines. 2) When you do a transaction, the controller tries to queue up a set of transactions from its other ATMs. It will either succeed or timeout. In either case, the transactions are communicated to a 37X5 and from there to a mainframe which runs a batch job to do the transaction. 3) Most banks cannot update the account base in real-time, so the ATM processor (the mainframe doing the batch run, not the ATM itself) works from a database containing last nights data corrected with todays transactions. The transaction you actually do is simply made a memo posting and is entered into the actual accounts system as if it were a teller withdrawl/deposit with a note saying it was from an ATM. MORE TRIVIA: The PIN is not a timing issue (in most systems). Its just that the whole transaction is usually sent to the mainframe, and that is slow going. EVEN MORE TRIVIA: Have you ever been cheated out of money by an ATM? If you were it was most likely an IBM. Go to your branch and report it, and they (after you fill out the usual form) will credit your account. Save the ATM receipt, as they normally ask for it. The IBM machines steal like theives, and normally (like in socks in dryers) the money has simply vanished. Diabold ATMs miscount once in a blue moon, AND if you do a transaction that asks for more money than is the the ATM (they dont keep track in most cases), it will give you what it has and debit your account for only that much. STILL MORE TRIVIA: Dont deposit cash unless it is to a Diabold ATM. Diabold ATMs check the deposit envelope to see if there is anything in it. IBMs dont. The deposit box is opened by two branch officers, and they (normally) wont swipe cash from a Diabold, since it would be hard to claim an empty envelope. However, an IBM machine... (someone should really write a book on this subject)
I have submitted the following to comp.dcom.telecom, but thought it may also be
of interest to RISKS as indicating how advances in communication technology
pose a risk to society by facilitating the conduct of criminal activity.
> In a recent article dmt@ptsfa.UUCP (Dave Turner) writes:
>
> The following is from an editorial by Wayne Green in the June, 1987 issue
> of 73 Amateur Radio magazine:
>
> The recent legislation making cellular phone calls illegal to listen in on
> has provided a bonanza for both organized and disorganized crime. It's
> difficult not to laugh over the situation the cellular industry has gotten
> itself into in its blind pursuit of the fast buck.
>
> What's happened is a mass move into cellular by criminals. They buy a
> cellular system, have an unscrupulous dealer alter the electronic serial
> number (ESN) on the built-in programmable IC, which makes calls both
> untraceable and free--a great combo. They tool around town, making calls
> to Pakistan, Columbia, and their Caribbean drug warehouses at will.
I have a few comments to make on this and some related topics which
may be of interest to Net readers. My comments are based upon personal
knowledge and experience as one who has provided some forensic science
consulting services to certain law enforcement agencies for a number of years.
It's sort of interesting to note that it was even easier to implement
spoofing fraud in dial IMTS mobile telephone installations, but such fraud
has been virtually unheard of. The reasons for this are: much fewer IMTS
channels and much fewer IMTS customers than cellular make such fraud extremely
conspicuous; most IMTS installations are combined with MTS installations and
have a high probability of telephone company (or RCC) operator monitoring.
My personal opinion is that cellular fraud has been encouraged due to
"safety in numbers". :-)
> Cellular has turned out to be great for coordinating every kind of criminal
> activity. It's just what criminals have been needing for years-- a
> dependable, free, untraceable, and safe communications system. With a
> combination of pagers and cellular phones, crooks are making a shambles
> of the cellular system--all protected by Congress.
>
> If you wanted to deal in drugs, how better to get orders from your
> customers than by giving them your cellular phone number? There's no way
> to tap a telephone that can be anywhere in a big city, operating through
> different cells as it moves around. And with an altered ESN it's all free!
Progress in telecommunications has unquestionably been of benefit to
criminal activity.
Probably the single greatest benefit has been the introduction of call
forwarding. This service has been of such great benefit to the conduct of
unlawful gambling, narcotics and prostitution operations that for many years
I have jokingly referred to it as: "1A Criminal Facilitation Service"; AT&T
and BOC people may appreciate the satire in this remark.
As an example, an unlawful gambling operation could change location
every day or so, with the telephone number for bettors being the same. This
situation also neatly defeats any court-authorized eavesdropping warrant since
there would never be conversations on the telephone pair that was the subject
of such a wiretap; a forwarded call never takes place on the physical line
whose number was dialed. In earlier No. 1 and No 1A ESS installations there
was no rapid method to determine to what number a given line had its calls
forwarded; such determination could only be made by an experienced switchman
using the ESS maintenance tty. This rather frustrated law enforcement
agencies in their investigation of unlawful gambling and narcotics activity.
Furthermore, I know of some instances where telephone company personnel flatly
denied to law enforcement investigators that they could determine the
forwarded telephone number; this was, of course, a false statement, but was
made in a misguided effort to keep the telephone company "uninvolved".
As an interesting aside, prior to the advent of ESS and call
forwarding, some larger unlawful gambling operations used an electronic device
called a "cheese box" that effected a rudimentary kind of call forwarding in a
manner similar to a loop-around test line. Two telephone lines would be
ordered for say, an unoccupied office or apartment, and each line would
connect to the "cheese box". The actual location of the gambling operation
would call the first line, and remain on the line and wait for calls; the
"customers" would call the second line, with the result that it would
auto-answer and be connected to the first line.
Telephone company loop-around test lines were used for the conduct of
unlawful narcotics dealing during the 1970's, but this practice has generally
disappeared as telephone companies: (1) installed 60A control units or
equivalent devices that dropped loop-around connections upon the detection
of speech energy (legitimate use of loop-around test lines is for single
frequency transmission measurements only); and (2) went ESS and therefore had
"call trace" capability that would automatically determine the origin of
calls to loop-around and other test lines.
After call forwarding, the next most useful communications adjunct to
criminal activity is the voice radio pager. It is an unfortunate fact of life
that no self-respecting prostitute or "street dealer" of narcotics would be
caught without their voice pager. Voice pagers represent an ideal, inexpensive
method of arranging clandestine meetings. A typical voice pager scenario:
customer calls narcotics dealer's pager from a coin telephone, giving coin
telephone number; narcotics dealer finds coin telephone to call coin telephone
where customer is waiting to arrange for a meeting. What could be simpler
and more untraceable?
In my travels, I have known of only two instances where criminals used
any speech privacy devices (speech scramblers) to defeat eavesdropping (lawful
of otherwise); however, I suspect that a new generation of low-cost digital
speech privacy devices will result in more of these devices being used by
criminals. The units that I have seen used were all based upon analog
"speech inversion" techniques; these devices are easy to defeat, whereas the
digital devices are virtually impossible to compromise by other than NSA.
One of the most novel (at the time) applications of communications
technology by criminals that I have personally seen was the use of
telecopiers by a large unlawful gambling operation about 11 years ago.
While the law enforcement agencies involved had obtained eavesdropping
warrants to install wiretaps on some of the telephone lines involved, they
were totally baffled by the strange sounds heard during some intercepted
calls. I was called in to solve the mystery, and some listening told me
that this was an FSK facsimile machine running in 6-minute mode. So we
borrowed a telecopier to decode the tapes; this was not as easy as first
anticipated. I finally had to modify the telecopier to start in receive
mode without receiving a ringing signal (which was not possible from an
after-the-fact tape recording). We got some pretty damning evidence, much
to the consternation of the criminals (who suspected a wiretap, but felt
that the facsimile machine was "secure"). While telecopiers are rather
common today, such was not the case 11 years ago. I suspect that as
telecopiers decrease in price, they too will be more commonly used by
criminals. While Group I and Group II facsimile machines are fairly easy
to monitor, the more common Group III (sub-minute) machines are much more
complex since they are digital and require faking a handshake protocol by
any receiving machine used as a monitor.
> If it weren't against the law to listen to cellular channels, I'd suggest we
> hams help the law by listening for suspicious cellular calls and recording
> them. Say, how'd you like to get the goods on some serious crooks and find
> (a) the evidence is inadmissible because it was illegally attained and (b)
> yourself on trial for making the recordings. So join me in a big laugh, okay?
I know of law enforcement agencies that have in the past used scanners
to listen to paging service channels and IMTS mobile telephone channels, and
have obtained useful intelligence information. None of the information so
derived was used in court per se, but it may have contributed to the "probable
cause" for looking in a certain _public_ place at a certain time. When any
investigator was pressed in court for the "basis of probable cause", the
information was attributed to an "anonymous informant" - a VERY common source
of law enforcement information. Under the circumstances, I see nothing wrong
with this - but I am certain that a number of people will disagree with me.
For example, an experienced investigator can readily detect a drug
deal going on via certain types of pager messages. Now, if a police cruiser
just happened to be going by the aforesaid location, and decided it was time
for a routine traffic check... :-)
[Flames about prosecuting people for alleged "victimless" crimes such
as gambling, narcotics and prostitution should be directed to /dev/null]
<> Larry Lippman @ Recognition Research Corp., Clarence, New York
<> UUCP: {allegra|ames|boulder|decvax|rocksanne|watmath}!sunybcs!kitty!larry
<> VOICE: 716/688-1231 {hplabs|ihnp4|mtune|seismo|utzoo}!/
Please report problems with the web pages to the maintainer