The RISKS Digest
Volume 30 Issue 76

Friday, 20th July 2018

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
Kim Zetter
Rosenstein reveals how the Justice Department is fighting attacks on US elections
How the Russians hacked the DNC and passed its emails to WikiLeaks
Russia exploited Twitter for disinformation as early as 2014, targeting local news
We've unleashed AI. Now we need a treaty to control it.
AI Innovators Take Pledge Against Autonomous Killer Weapons
The cameras that know if you're happy - or a threat
Millions of Verizon customer records exposed in security lapse
Ticketmaster breach was part of a larger credit card skimming effort, analysis shows
Doctors, hospitals sue patients posting negative online comments
USA Today
Facial Recognition Shows Promise for Data Center Security
Shutting down an entire ATM network
Some food stamp recipients may soon lose access to farmers market benefits
Tesla Powerwall2 home battery hacking?
Henry Baker
China Expands Surveillance of Sewage to Police Illegal Drug Use
Scientific American
Hunting the Con Queen of Hollywood
Hollywood Reporter
Micro SD cards silently switching to read-only when they're "too old"
Benoit Goas
Birds are making expensive roaming calls
The Register
Robo-calls are getting worse. And some big businesses soon could start calling you even more.
Smart Mouthguard Senses Muscle Fatigue
Scientific American
Risks on a Friday the 13th ...
Rob Slade
We're not allowed to die anymore
'Data is a fingerprint': why you aren't as anonymous as you think online
Olivia Stein
Rob Slade
Re: Employees as subjects in clinical trials
Dmitiri Maziuk
Re: Video: Gavin Williamson hilariously interrupted by Siri
Amos Shapir
Sami Saydjari: Engineering Trustworthy Systems
Info on RISKS (comp.risks)

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (Kim Zetter)

geoff goodfellow <>
Tue, 17 Jul 2018 06:46:32 -1000
Kim Zetter, Motherboard
  Remote-access software and modems on election equipment 'is the worst
  decision for security short of leaving ballot boxes on a Moscow street

Election Systems and Software, “the nation's top voting machine maker has
admitted in a letter to a federal lawmaker that the company installed
remote-access software on election-management systems it sold over a period
of six years, raising questions about the security of those systems and the
integrity of elections that were conducted with them...''

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by
Motherboard, Election Systems and Software acknowledged that it had
“provided pcAnywhere remote connection software ... to a small number of
customers between 2000 and 2006'' which was installed on the
election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a
story I wrote for *The New York Times* in February.  At that time, a
spokesperson said ES&S had never installed pcAnywhere on any election system
it sold. “None of the employees, ... including long-tenured employees, has
any knowledge that our voting systems have ever been sold with remote-access
software,'' the spokesperson said.   [KZ]

  [Kim Zetter has been superb in her long-time reporting on election
  integrity—and the lack thereof—and many other RISKS-related topics.
  Her article is extremely timely, and just one more serious warning of the
  potential risks.  PGN]

Rosenstein reveals how the Justice Department is fighting attacks on US elections (CNBC)

Gabe Goldberg <>
Fri, 20 Jul 2018 12:01:46 -0400
The document highlights the increasing critical role that private-sector
companies are playing in national security matters.

How the Russians hacked the DNC and passed its emails to WikiLeaks (WashPo)

Monty Solomon <>
Sat, 14 Jul 2018 20:02:29 -0400
The special counsel's indictment of 12 Russian intelligence officers is a
technical guide to the Kremlin's 2016 operation.

Russia exploited Twitter for disinformation as early as 2014, targeting local news (Boingboing)

Lauren Weinstein <>
Thu, 12 Jul 2018 12:08:38 -0700
via NNSquad

  As early as 2014, Russian operatives working out of the Internet Research
  Agency (IRC) in St. Petersburg were busy creating fake Twitter accounts
  for U.S. local news organizations that did not exist.

We've unleashed AI. Now we need a treaty to control it. (

Richard M Stein <>
Tue, 17 Jul 2018 12:28:21 +0800

  "The treaty would enshrine certain basic principles. The concept of
  "human-in-command" to guarantee that people retain control over AI should
  be a priority. Standards would be set for monitoring AI
  systems. Fundamental human rights should be specifically protected.  A new
  international body should be created for oversight, similar to the
  International Atomic Energy Agency.

  "The obstacles are apparent, from rogue nations and monopoly-minded
  companies to the sorry state of international cooperation. But advances in
  AI and machine learning are moving so fast that today seems like
  yesterday, making the challenge urgent."

Daniel H. Wilson, the author of "How to Survive a Robot Uprising" is a good
candidate to lead treaty negotiations.

Certain nations do not respect existing treaties governing human rights,
WMDs, or even climate change accelerants. What possible incentives will
motivate treaty compliance and membership in a hypothesized IAAIR—the
International Agency for Artificial Intelligence and Robotics? 

AI Innovators Take Pledge Against Autonomous Killer Weapons (

Richard M Stein <>
Thu, 19 Jul 2018 15:33:47 +0800

  "... we the undersigned agree that the decision to take a human life
  should never be delegated to a machine," the pledge says. It goes on to
  say, "... we will neither participate in nor support the development,
  manufacture, trade, or use of lethal autonomous weapons."

Compare with the IEEE Code of Ethics, Article 1 (see

  "to hold paramount the safety, health, and welfare of the public, to
  strive to comply with ethical design and sustainable development
  practices, and to disclose promptly factors that might endanger the public
  or the environment;"

The ACM articles (see
express similar intent. 

This pledge, while sincere and honorable, ignores long-established
professional ethics and practices. Creativity's thrill apparently infected
our colleagues' judgment, inducing myopia and amnesia toward these legacy
guiding principles. Perhaps research grants were too enticing to refuse
without risking university tenure or employment promotion opportunity?

Open-source neural networks and artificial life training platforms enable
even the smallest nation to initiate an autonomous killer program. These
weapons will likely populate the next battlefield; the "human-in-control"
probably faraway from the conflict zone.  I doubt "Real Steel" engagement
will become an effective tactic during a swarm intelligence battle.

This leads to the question of how to possibly sterilize a battlefield
deployment of AI-driven killers. A micro-EMP (preferably non-nuclear) might
do it. A cluster-bomb of radar-guided or passive-metal-seeking ultra-tazers?

The cameras that know if you're happy - or a threat (

Richard M Stein <>
Thu, 19 Jul 2018 15:14:27 +0800

This technology motivates the old aphorism to "Keep smiling, the boss likes
idiots." I wonder if employers will institute a "smile or frown" score as
part of performance reviews?

Millions of Verizon customer records exposed in security lapse (ZDNet)

Monty Solomon <>
Sun, 15 Jul 2018 00:51:30 -0400
Customer records for at least 14 million subscribers, including phone
numbers and account PINs, were exposed.

Ticketmaster breach was part of a larger credit card skimming effort, analysis shows (ZDNet)

Monty Solomon <>
Sat, 14 Jul 2018 18:57:13 -0400

Doctors, hospitals sue patients posting negative online comments (USA Today)

Monty Solomon <>
Wed, 18 Jul 2018 09:50:32 -0400

Facial Recognition Shows Promise for Data Center Security (EWeek)

Gabe Goldberg <>
Sat, 14 Jul 2018 11:03:19 -0400
While Ramos' trial is still months away, the successful use of computer
technology to confirm a murder suspect's identity made it clear that facial
recognition systems have reached the point where they can perform reliably
enough to identify a random person fairly reliability.

"Fairly reliably"—new horizons in mistaken identity? New questions needed
for defense lawyers to cross-examine facial recognition systems?

Shutting down an entire ATM network (JapanTimes)

Rodney Van Meter <>
Mon, 16 Jul 2018 19:08:58 +0900
Mizuho Bank is one of the largest banks in Japan. Today (Monday, Japan time)
is the last day of a three-day weekend. Mizuho decided to shut down *its
entire ATM network* from midnight Friday night until 8a.m. Tuesday, so they
could perform a flag day (maybe even forklift? not sure) upgrade on ATM
software. Apparently, it's not just their own ATMs, but any 7-11 or other
ATMs that would also normally give you access to your account cannot; it's a
backend upgrade as well as frontend.

Short blurb in English:

Short article in Japanese:

*Mizuho nammin*, or *Mizuho refugees*

I'm sure the risks of this are pretty obvious to readers here.  Suffice it
to say, their 24 million customers aren't happy.

Some food stamp recipients may soon lose access to farmers market benefits (WashPo)

Gabe Goldberg <>
Sun, 15 Jul 2018 15:00:58 -0400
The Washington Post

Josh Wiles, Novo Dia's founder and president, cited several reasons for the
company's shutdown. The marketplace for SNAP transactions is highly
regulated and requires extra (read: expensive) security measures beyond what
is required for credit cards or debit cards. The profits are small because
markets and individual farmers process micro-payments, often as little as a
few dollars.

The *tipping point*, though, Wiles said, was the decision by the new
administrator of the SNAP equipment program to work with electronic-payment
giant First Data, rather than Novo Dia and its Mobile Market app.

Without continuing to gain new customers and economies of scale, Wiles said,
Novo Dia could not remain financially viable: “Once it became clear that we
were not going to be part of it, we knew we would not be able to scale in a
manner that allowed us to be profitable or even sustainable.''

Tesla Powerwall2 home battery hacking?

Henry Baker <>
Tue, 17 Jul 2018 14:47:07 -0700
I'm not the only one who's noticed that the Tesla "Powerwall2" home battery
system uses the same ubiquitous "CAN bus" found in automobiles.  (Duh!  It
appears that the Powerwall2 is basically 1/4 of a standard base Tesla Model
3 battery.)  Many home battery systems utilize several Powerwall2's, and
hence approximate 1/4-3/4 of the energy storage capacity of a Tesla base
Model 3.

After a number of notorious car hacks using this same CAN bus over the past
several years, what could possibly go wrong with a Powerwall2 system --
having the equivalent of several gallons of gasoline stored within its
batteries—in/on your home?

Furthermore, the Powerwall2 is connected to the Internet through your home
router, so that the Tesla cellphone app can talk to Tesla and hence to your

Now Tesla has apparently put in a lot of effort into securing the
communications of its *autos*, but I wonder if this same level of effort has
been invested in the security of the Powerwall2?

Unlike the Tesla automobile, which is connected only sporadically with the
Internet, your home Powerwall2 is presumably capable of being attacked 24x7.

It's also possible that a standard auto OBD-II connector could be installed
by a hacker directly on the Powerwall2—after all, many Powerwall2 systems
are mounted *outside the house*.  With an OBD-II and Bluetooth/Wifi, hacking
could then be done discretely from a nearby vehicle, and would completely
bypass any security built into the Powerwall2's own wifi connection.

Click once to turn off the refrigerator; click twice to *halt and catch

China Expands Surveillance of Sewage to Police Illegal Drug Use (Scientific American)

Richard M Stein <>
Tue, 17 Jul 2018 12:32:19 +0800

April Fools for 2019: The PRC expands surveillance to detect halitosis and BO.

Hunting the Con Queen of Hollywood (Hollywood Reporter)

Gabe Goldberg <>
Fri, 13 Jul 2018 22:52:16 -0400
For more than a year, some of the most powerful women in entertainment --
including Amy Pascal, Kathleen Kennedy, Stacey Snider and a 'Homeland'
director—have been impersonated by a cunning thief who targets insiders
with promises of work, then bilks them out of thousands of dollars. The
Hollywood Reporter has obtained exclusive audio recordings of the savvy
imposter as victims come forward and a global investigation heats up. ...

For a long time, Linka Glatter thought she was alone in being faked. She
tried to contact the police and the FBI, but neither showed interest.  The
amount of money involved was too small, they told her. She hired a private
investigator, who discovered that the scammers were using burner phones to
cover their tracks and GoDaddy accounts for fake email addresses. She
contacted corporate security at a major Hollywood studio, but that didn't
help either. The calls kept coming. One day, a well-known political
consultant in Washington got in touch.

Micro SD cards silently switching to read-only when they're "too old"

Benoit Goas <>
Mon, 16 Jul 2018 23:38:44 +0200
The 64G Patriot micro SD I had been using in my cell phone from mid 2014
just decided to turn itself into a read-only memory card.  From what I read,
it most likely reached its maximum number of uses, as it happens at least
with some Samsung cards too.  It would be to protect the card from losing
all its data, after its cells were erased "too many times" (limit number
depending on the card, and appearing to be in the order of 10-100k).  And
according to Internet forums, and card reviews on Amazon, it looks like it's
getting more and more common!

A very bad point is that there were no error messages at all.  I added music
files before a trip, but I had none of the new files available later so at
first I thought I didn't do it correctly (even if the transfer was fine, it
could for example have been to my card backup on an hard drive instead of
going to the actual card).  Then, despite the pictures still being taken
correctly by my phone (browsing was OK, able to delete the bad ones...), I
lost all of the new ones when my phone rebooted. So they were only in a
cache memory somewhere, but nowhere on the SD card (not found by deep
recovery tools either).  More fun, the older ones I deleted came back during
the same reboot...

I understand it would be bothering to have an error message at each card
access, but at least I would have known to change the card and would not
have lost 3 days of pictures!  So beware...

Birds are making expensive roaming calls (The Register)

Benoit Goas <>
Mon, 16 Jul 2018 23:36:43 +0200
A new risk when tracking birds (or any other kind of stuff): someone
manage to recover the SIM card from the tracker, and used it!
More detailed story at either

Robo-calls are getting worse. And some big businesses soon could start calling you even more. (WashPo)

Monty Solomon <>
Fri, 13 Jul 2018 21:42:47 -0400
Robocalls ravaged Americans' smartphones in record numbers last month.  But
some of the nation's top businesses are still urging the Trump
administration to make it easier for them to dial and text mobile devices en

Smart Mouthguard Senses Muscle Fatigue (Scientific American)

Richard M Stein <>
Fri, 13 Jul 2018 09:33:15 +0800

  "The mouth guard's batteries are rechargeable wirelessly, and the device
  can use low-power Bluetooth to send information to smartphones, watches
  and other electronic devices."

Athlete bio-surveillance provides clues about peak performance and
degradation under physical stress. This telemetry stream, if clear text
and not subject to privacy management protection, can be exploited by
gaming interests.

Risks on a Friday the 13th ...

Rob Slade <>
Fri, 13 Jul 2018 12:14:57 -0700
Happy Friday the 13th to all you professional paranoiacs out there.

I have previously mentioned some of the risks involved in living here.

In addition, the Lion's Gate Bridge is closed today, due to a "police
incident."  (That probably means a jumper.)  This also means that the
Ironworker's Memorial Second Narrows Bridge (and for risk fans I can
recommend "Tragedy at Second Narrows," by Eric Jamieson) is completely
clogged in both directions, while the Seabus has at least a two, and
possibly as high as four, sailing wait.

But that isn't the risk I wanted to talk about today.

We have bears here.

(When I was a young lad at university, back before there was an Internet, my
residence had a fellow from Cambridge whose family, back in The Olde
Country, were terrified that he would be eaten by a bear.  So, whenever
there were reports of bears in the north side communities, we helpfully cut
out the stories for him to send back to his family.)

Black bears are fairly cute, and not as vicious as grizzlys.  But it is not
a good idea to feed them.  It's dangerous for people, and it's dangerous for
the bears, too.  (They get acclimated, and come to regard people as sources
of food, and then there is trouble, and often the bears get shot.)  So there
are laws, here, prohibiting people from feeding bears.

Some people do it anyway.

Now, if you are going to break the law, it might be a good idea not to post
videos of you doing so on your social media account ...

We're not allowed to die anymore (NYTimes)

Benoit Goas <>
Mon, 16 Jul 2018 23:36:09 +0200
We still get some crazy cases with digitized processes: PayPal Apologizes
for Letter Demanding Payment From Woman Who Died of Cancer:

So many corner/special cases to think about!

In the same kind of problems, a(n old) friend of mine died recently, and
facebook want me to organize an event for his birthday later this month.
But at least, despite the posts by his family on his page, I guess facebook
doesn't know he's dead. Not like Paypal!

'Data is a fingerprint': why you aren't as anonymous as you think online (Olivia Stein)

Dewayne Hendricks <>
July 15, 2018 at 6:27:54 AM GMT+9
Olivia Solon, *The Guardian*, 13 Jul 2018
So-called *anonymous* data can be easily used to identify everything from
our medical records to purchase histories

In August 2016, the Australian government released an `anonymised' data set
comprising the medical billing records, including every prescription and
surgery, of 2.9 million people.

Names and other identifying features were removed from the records in an
effort to protect individuals' privacy, but a research team from the
University of Melbourne soon discovered that it was simple to re-identify
people, and learn about their entire medical history without their consent,
by comparing the dataset to other publicly available information, such as
reports of celebrities having babies or athletes having surgeries.

The government pulled the data from its website, but not before it had been
downloaded 1,500 times.

This privacy nightmare is one of many examples of seemingly innocuous,
de-identified pieces of information being reverse-engineered to expose
people's identities. And it's only getting worse as people spend more of
their lives online, sprinkling digital breadcrumbs that can be traced back
to them to violate their privacy in ways they never expected.

Nameless New York taxi logs were compared with paparazzi shots at locations
around the city to reveal that Bradley Cooper and Jessica Alba were bad
tippers. In 2017 German researchers were able to identify people based on
their `anonymous' web browsing patterns. This week University College London
researchers showed how they could identify an individual Twitter user based
on the metadata associated with their tweets, while the fitness tracking app
Polar revealed the homes and in some cases names of soldiers and spies.

“It's convenient to pretend it's hard to re-identify people, but it's
easy. The kinds of things we did are the kinds of things that any first-year
data science student could do,'' said Vanessa Teague, one of the University
of Melbourne researchers to reveal the flaws in the open health data.

One of the earliest examples of this type of privacy violation occurred in
1996 when the Massachusetts Group Insurance Commission released `anonymised'
data showing the hospital visits of state employees. As with the Australian
data, the state removed obvious identifiers like name, address and social
security number. Then the governor, William Weld, assured the public that
patients' privacy was protected.

Latanya Sweeney, a computer science grad who later became the chief
technology officer at the Federal Trade Commission, showed how wrong Weld
was by finding his medical records in the data set. Sweeney used Weld's zip
code and birth date, taken from voter rolls, and the knowledge that he had
visited the hospital on a particular day after collapsing during a public
ceremony, to track him down. She sent his medical records to his office.

In later work, Sweeney showed that 87% of the population of the United
States could be uniquely identified by their date of birth, gender and
five-digit zip codes.  “The point is that data that may look anonymous is
not necessarily anonymous,'' she said in testimony to a Department of
Homeland Security privacy committee.

More recently, Yves-Alexandre de Montjoye, a computational privacy
researcher, showed how the vast majority of the population can be identified
from the behavioural patterns revealed by location data from mobile
phones. By analysing a mobile phone database of the approximate locations
(based on the nearest cell tower) of 1.5 million people over 15 months (with
no other identifying information) it was possible to uniquely identify 95%
of the people with just four data points of places and times. About 50%
could be identified from just two points.

The four points could come from information that is publicly available,
including a person's home address, work address and geo-tagged Twitter

Re: FACEPTION (Goldberg, RISKS-30.75)

Rob Slade <>
Sat, 14 Jul 2018 19:18:10 -0700

Creepy social engineering is one thing. or

Basing law enforcement, physical security, investigations, and job
interviews on highly questionable premises is quite another.

Faception claims to be able to "reveal personality from facial images" and
"dramatically improve public safety, communications, decision-making, and
experiences."  How?  Well, after some buzzword filled marketing jargon about
"first-to-technology and first-to-market with proprietary computer vision
and machine learning technology" and mention of the magic word "biometrics,"
if you persist you may be able to find the theory behind the technology.  It
seems to boil down to the following logic:

1) DNA can determine (certain) personality traits (sometimes to a significant
   extent).  (This is true, with the provisos I've put in parentheses.)
2) DNA can determine how you look.


Your personality is determined by how you look.

(Finding the flaws in this argument is left as an exercise for students of

I am inescapably reminded of the "bomb detectors" sold to Afghani and Iraqi
security forces that had no detection capabilities at all, and caused large
numbers of deaths.  That's on the false negative side.  The potential damage
caused on the false positive side are likely considerably greater ...

Of course, there's always:

> Date: Sat, 14 Jul 2018 08:46:31 -0700
> From: "Peter G. Neumann" <>
> Subject: Regulation of facial-recognition software? (WashPo)

Re: Employees as subjects in clinical trials (Fenichel, RISKS-30.75)

Dmitri Maziuk <>
Sun, 15 Jul 2018 09:02:32 -0500
Last I heard El Al ground crews still fly the plane they serviced (always
have), and they still are fully at liberty to seek gainful employment
elsewhere.  I'm not quite sure what makes med AI coders so different --
though in all fairness I would draw the line at family members. I think El
Al does.

Re: Video: Gavin Williamson hilariously interrupted by Siri during statement to Parliament (RISKS-30.75)

Amos Shapir <>
Tue, 17 Jul 2018 00:44:04 +0300
It seems that what had triggered Siri was the mention of "*a Syri*an
democratic force".  Conclusion: Don't bring Siri to a discussion about

(And also be careful when talking about "*a Lexus*" or "*a court ana*lyzer")

Sami Saydjari: Engineering Trustworthy Systems

"Peter G. Neumann" <>
Thu, 19 Jul 2018 9:55:35 PDT
Here's a book that might be of interest to RISKS readers who are serious
about developing systems that must be much more trustworthy.  It is quite
comprehensive, addressing many problems that have been discussed in RISKS.
It may not be a complete answer on how to fully turn the attainment of
trustworthy systems into a true engineering discipline, but it should be
very helpful to anyone pursuing the creation of such a discipline—which
today does not seem to exist.

  O. Sami Saydjari
  Engineering Trustworthy Systems:
    Get Cybersecurity Design Right the First Time
  McGraw-Hill Education, 2018
  xlvii+540, $60.00
  ISBN 978-1-260-11817-9

Sami has extensive background (NSA, DARPA), and has managed to squeeze a lot
of it into the book.

The endorsements on the back cover and front-end material are copious, so I
am not going to even begin to cite some of them here.  They are available at .

Please report problems with the web pages to the maintainer