Search RISKS

The RISKS Digest

Volume 27 Issue 74

Saturday, 15th February 2014

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents

RAF Voyager Grounded

Andy Cole <andyjcole65@gmail.com>

It has been reported that the RAF have grounded their fleet of Voyager aircraft after an 'in flight issue' that caused it to suddenly lose altitude on a flight from Afghanistan. This rather bland description appears to understate the actual events. The aircraft lost altitude very rapidly leading to serious injuries. The crew were unable to stop this descent until they 'pulled the fuse' on the autopilot.

NSF: 1/4 of Americans think sun goes 'round the earth...

Paul Saffo <paul@saffo.com>

26% of Americans think Sun revolves around the Earth, according to a National Science Foundation survey. http://n.pr/MVDaHo

Your Air Traffic Controller May No Longer Be Required to Have a High School Diploma (via Dave Farber)

*Glenn S. Tenney* <tenney@think.org>

http://boardingarea.com/viewfromthewing/2014/02/09/air-traffic-controller-may-longer-required-high-school-diploma/ The FAA has considered itself to be highly budget-constrained for years, and in 1997 found a way to reduce its training costs—encouraging college air traffic control programs so that they could hire new controllers that were effectively already trained. There's a wait list of over 3000 air traffic control college graduates in line for FAA positions. The FAA is killing off that wait list and, according to transportation researcher Bob Poole in the February Air Traffic Control Reform News will be announcing plans to 'hire off the street' with a requirement only of a high school degree or three years of work experience. This is apparently a move driven by the FAA's HR department to improve diversity. But it would mean less qualified candidates, it would mean higher training costs, and it would mean that students who invested in degrees that had been encouraged by the FAA will find those investments devalued. Air traffic control graduates will still be able to re-apply for these positions, of course, alongside folks without a high school diploma or specialized training. [For more detailed information, and the source of the above:] http://reason.org/news/show/air-traffic-control-reform-news-110#b [Perhaps the qualifications also include conviction that the Sun revolves around the Earth, and that global warming and evolution are only would-be theories. Belief in Gravity and the Second Law of Thermodynamics would clearly be optional. PGN]

Iron Mountain fire in Argentina destroys bank archives (AP)

Jim Reisert AD1C <jjreisert@alum.mit.edu>

By Associated Press, Updated: Wednesday, February 5, 12:17 PM Buenos Aires, Argentina—Nine first-responders were killed and seven others injured as they battled a fire of unknown origin that destroyed an archive of corporate and banking industry documents in Argentina's capital on Wednesday. http://www.washingtonpost.com/business/7-die-in-fire-destroying-argentine-bank-archives/2014/02/05/7c489abc-8e70-11e3-878e-d76656564a01_story.html

Heat System Called Door to Target for Hackers (NYTimes.com)

"Bob Frankston" <Bob19-0501@bobf.frankston.com>

A reminder of the risks of perimeter security http://www.nytimes.com/2014/02/06/technology/heat-system-called-door-to-targ et-for-hackers.html If I understand this right the real problem is perimeter security as in "hackers used a vendor's stolen credentials to get inside its corporate network". The idea of a "corporate network" is the pipe meme for networks. The HVAC system may use the wires in a building as a means of exchanging packets but that shouldn't mean it's in the corporate network any more than two people on the same sidewalks are in the same social network.

Auto battery death by improper charging

Monty Solomon <monty@roscom.com>

The battery died prematurely in our vehicle and it appears that the charging mode programming had an error. According to Honda Service Bulletin 12-041: Possible Cause The vehicle's battery sensor monitors battery condition and the PCM determines charging mode. Based on the sulfation of the battery and customer driving habits, the PCM may not select the correct charge mode. Corrective Action Update the PGM-FI software.

Israeli combat pilots stored top-secret info on smartphones

Steven J Klein <steven@klein.us>

Two Israeli Air Force combat pilots were were jailed for five days and 12 others were disciplined after it was learned they stored maps, documents and other sensitive material on their smartphones. "The security breach came to light after one of the pilots lost his cellphone and reported what was contained on it to the military. The phone was found." Source: <http://www.jta.org/2014/02/05/news-opinion/israel-middle-east/israeli-combat-pilots-jailed-for-storing-classified-info-on-smartphones>

FBI Checks Wrong Box, Places Student on No-Fly List

*Chris Beck* <cbeck@pacanukeha.net>

[Via Dave Farber] Obviously people make mistakes. Seems to me that the cover up and obfuscation need to be tried as well, and costs awarded to the pro bono lawyers. Seems to me that anyone who tries to invoke state secrets on such an obvious ploy to conceal incompetence ... anyone - lawyers, agents, or any employee - needs to have their clearance revoked, all of their assertions revisited and obviously their permission to classify or invoke removed. > Date: February 6, 2014 at 5:46:31 PM EST > From: Dewayne Hendricks> > Subject: [Dewayne-Net] FBI Checks Wrong Box, Places Student on No-Fly List > FBI Checks Wrong Box, Places Student on No-Fly List > By DAVID KRAVETS > 02.06.14 > <http://www.wired.com/threatlevel/2014/02/no-fly-list-bungle/> > > The government contested a former Stanford University student's assertion > that she was wrongly placed on a no-fly list for seven years in court > despite knowing an FBI official put her on the list by mistake because he > checked the "wrong boxes" on a form, a federal judge wrote today. > > The agent, Michael Kelly, based in San Jose, misunderstood the directions > on the form and "erroneously nominated" Rahinah Ibrahim to the list in > 2004, the judge wrote. > > "He checked the wrong boxes, filling out the form exactly the opposite way > from the instructions on the form," U.S. District Judge William Alsup wrote > (.pdf) today. > > The decision makes Ibrahim, 48, the first person to successfully > challenge placement on a government watch list. > > Much of the federal court trial, in which the woman sought only to clear > her name, was conducted in secret after U.S. officials repeatedly invoked > the state secrets privilege and sought to have the case dismissed. > > Attorneys working pro bono spent as much as $300,000 litigating the case. > > The judge issued a brief ruling last month declaring that the Malaysian > woman was a victim of a bureaucratic "mistake." The judge's full opinion > was released today. > > Ibrahim's saga began in December 2005 when she was a visiting doctoral > student in architecture and design from Malaysia. On her way to Kona, > Hawaii to present a paper on affordable housing, Ibrahim was told she was > on a watch list, detained, handcuffed and questioned for two hours at San > Francisco International Airport. > > She sued and federal authorities fought her all the way. > > The December 5-day trial was shrouded in extraordinary secrecy, with > closed court hearings and non-public classified exhibits. > > The agent testified to his bungle in closed court. > > Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>

EU has secret plan for police to 'remote stop' cars

Henry Baker <hbaker1@pipeline.com>

FYI—What could possibly go wrong with this technology? * Once this technology is installed in EU cars, it will likely be in _all_ cars world-wide, but merely 'disabled', so that it still provides additional attack surface even _outside the EU_. * Hackers/criminals can disable your car remotely—e.g., to rob or kidnap. * Governments can disable cars of the press, dissidents, activists, etc. * Governments can disable cars during 'emergencies' to allow 'prioritized' traffic. (Remember US air traffic control after 911, when certain special civilian flights were still allowed ?) * Govt employees can disable cars of ex-spouses, ex-lovers, etc. * Together with real-time GPS tracking, selected cars can have an "electronic fence" like your dog's electronic fence. The potential for mischief is unbounded. http://www.telegraph.co.uk/news/worldnews/europe/eu/10605328/EU-has-secret-plan-for-police-to-remote-stop-cars.html EU has secret plan for police to 'remote stop' cars The EU is developing a secret plan to give the police the power to control cars by switching the engine off remotely Bruno Waterfield and Matthew Day, 29 Jan 2014 The European Union is secretly developing a "remote stopping" device to be fitted to all cars that would allow the police to disable vehicles at the flick of a switch from a control room. Confidential documents from a committee of senior EU police officers, who hold their meetings in secret, have set out a plan entitled "remote stopping vehicles" as part of wider law enforcement surveillance and tracking measures. "The project will work on a technological solution that can be a 'build in standard' for all cars that enter the European market," said a restricted document. The devices, which could be in all new cars by the end of the decade, would be activated by a police officer working from a computer screen in a central headquarters. Once enabled the engine of a car used by a fugitive or other suspect would stop, the supply of fuel would be cut and the ignition switched off. The technology, scheduled for a six-year development timetable, is aimed at bringing dangerous high-speed car chases to an end and to make redundant current stopping techniques such as spiking a vehicle's tyres. The proposal was outlined as part of the "key objectives" for the "European Network of Law Enforcement Technologies", or Enlets, a secretive off-shoot of a European "working party" aimed at enhancing police cooperation across the EU. Statewatch, a watchdog monitoring police powers, state surveillance and civil liberties in the EU, have leaked the documents amid concerns the technology poses a serious threat to civil liberties "We all know about the problems surrounding police stop and searches, so why will be these cars stopped in the first place," said Tony Bunyan, director of Statewatch. "We also need to know if there is any evidence that this is a widespread problem. Let's have some evidence that this is a problem, and then let's have some guidelines on how this would be used." The remote stopping and other surveillance plans have been signed off by the EU's Standing Committee on Operational Cooperation on Internal Security, known as Cosi, meaning that the project has the support of senior British Home Office civil servants and police officers. Cosi, which also meets in secret, was set up by the Lisbon EU Treaty in 2010 to develop and implement what has emerged as a European internal security policy without the oversight of MPs in the House of Commons. Douglas Carswell, the Conservative MP for Clacton, attacked the plan for threatening civil liberties and for bypassing the parliament. "The price we pay for surrendering our democratic sovereignty is that we are governed by an unaccountable secretive clique," he said. Nigel Farage, the leader of Ukip, described the measure as "incredible" and a "draconian imposition". "It is appalling they are even thinking of it," he said. "People must protest against this attack on their liberty and vote against an EU big Brother state during the Euro election in May." In 2012, Enlets received a �484,000 grant from the European Commission for its declared mission to "support front line policing and the fight against serious and organised crime by gathering user requirements, scanning and raising awareness of new technology and best practices, benchmarking and giving advice". The six-year work programme for Enlets also includes improving automatic number plate recognition technology and intelligence sharing. Although the technology for police to stop a vehicle by remote control has still to be developed, Enlets argues the merits of developing such a system. "Cars on the run can be dangerous for citizens," said a document. "Criminal offenders will take risks to escape after a crime. In most cases the police are unable to chase the criminal due to a lack of efficient means to stop the vehicle safely." The introduction of stopping devices has raised questions of road safety. David Davis, the Conservative MP for Haltemprice and Howden, warned that the technology could pose a danger to all road users. "I would be fascinated to know what the state's liability will be if they put these devices in all vehicles and one went off by accident whilst a car was doing 70mph on a motorway with a truck behind it resulting in loss of life," he said. "It is time legislators stopped believing technology is a form of magic and realised that is fallible, and those failures do real harm." [Also noted by Gideon Yuval. PGN]

When teaching, you should know your subject

Paul Robinson <paul@paul-robinson.us>

This is one of those "technology gone bad" stories I found very funny. Washington DC Cable TV News Channel 8 reported Monday that one of the members of a Mideast terrorist group was teaching how to correctly build pipe bombs in a safe manner when one of the completed bombs blew up, setting off the rest, killing the instructor and 24 members of the group, and injuring several others who were caught trying to escape by police. The ri sk here is that if you're going to teach people how to commit terrorist acts, you should at least know how to handle explosives, and if you're trying to commit them - even if you're planning to be a suicide bomber - you have a better chance of injuring or killing people if you at least live long enough to survive the training class.

Bad Domain Registrar Security Leads to Loss of Valuable Twitter Handle

Chuck Weinstock <weinstock@sei.cmu.edu>

https://medium.com/p/24eb09e026dd Hero has a single character twitter handle (N). Villain wants it. Through (mostly) social engineering villain is able to get control of the hero's domain name. He changes the name servers and tries to get a password reset email from twitter. Because of propagation delays the hero receives the email and is able to stop the hijack by changing his email address on twitter. But GoDaddy won't give him his domain back because he is not the registrant according to their records. Villain threatens to destroy hero's websites, etc. and successfully (for now) extorts the twitter handle from hero.

Altcoins will DESTROY the IT industry and spawn an infosec NIGHTMARE

"Matthew Kruk" <mkrukg@gmail.com>

GPS pioneer warns on network's security (Jones/Hoyos)

Henry Baker <hbaker1@pipeline.com>

Sam Jones and Carola Hoyos, *Financial Times*, 13 Feb 2014, http://www.ft.com/ The Global Positioning System helps power everything from in-car satnavs and smart bombs to bank security and flight control, but its founder has warned that it is more vulnerable to sabotage or disruption than ever before -- and politicians and security chiefs are ignoring the risk. Impairment of the system by hostile foreign governments, cyber criminals -- or even regular citizens—has become “a matter of national security,'' according to Colonel Bradford Parkinson, who is hailed as the architect of modern navigation. “If we don't watch out and we aren't prepared,'' then countries could be denied everything from navigation to precision weapon delivery, Mr Parkinson warned. “We have to make it more robust ... our cellphone towers are timed with GPS. If they lose that time, they lose sync and pretty soon they don't operate. Our power grid is synchronised with GPS [and] our banking system.'' Western governments are “in their infancy in recognising the problem,'' Mr Parkinson told the *Financial Times* in an interview on the fringes of a conference for government officials, academics and defence contractors at the UK's National Physical Laboratory. He said: “[In the US] I don't know anyone that is really in charge of it. The Department of Homeland Security should be [but] ... they don't have any people that understand it very well. They've got one person without any budget to speak of.'' Mr Parkinson, now a professor at Stanford University, created GPS in the 1970s on behalf of the US military—who still control the system of satellites today. Use of the system for civilian purposes has exploded with the development of mobile technologies. Though the US military has in place protection that could give its navigation systems a high-degree of robustness, most civilian GPS systems have none, Mr Parkinson said. He also warned that the EU's new �5bn Galileo satellite system, created as an alternative to the US-controlled GPS, was equally at risk. Richard Peckham, who helped develop the Galileo system, said that although its public service was encrypted, making it more difficult to hack and more secure for users such as the emergency services and public utilities, it was still vulnerable to jamming and interference. The US, which initially opposed the European satellite constellation, has come around to supporting it, in part because Washington has realised it needs a GPS back-up system that is neither Russian nor Chinese. A report compiled for the UK government and released this week warned that “the conditions are present for a catastrophic `Black Swan' event'' that would knock out one or more critical GPS systems. The report identified thousands of instances of GPS jamming occurring annually. Disruption of satellite navigation systems has so far remained a relatively low-level problem for governments. Small-range jamming devices can be acquired easily via the Internet. However, more powerful jamming equipment is becoming increasingly easy to acquire. Over the past few years South Korea has witnessed huge jamming attacks against its GPS systems, launched by North Korea. The areas affected stretch 100km into South Korean territory, and include major airports and shipping lanes. More than 1,000 ships and 250 planes had their travel disrupted by North Korean jamming attacks in 2012. Seoul has responded by ordering the construction of a land-based antenna array over more than 40 sites to provide a back-up system. The UK has already begun to build a similar system, primarily to help shipping in the event of GPS disruption. The stretch of water between Britain and France is one of the busiest shipping lanes in the world, but navigation throughout it could be disrupted by a single portable jamming device. “When a ship loses GPS, it isn't like a car satnav,'' said Professor David Last, a consultant to the UK's General Lighthouse Authority. “Multiple systems fail simultaneously.'' Prof Last cited a report into navigation vulnerabilities from the Royal Academy of Engineering that found “there was barely a single area of commerce or industry in the UK that wasn't dependent on GPS in some way.''

"NSA-GCHQ Allegedly Hack Cryptographer Quisquater"

Jean-Jacques Quisquater - UCL Crypto Group <jjq@uclouvain.be>

Comments about "NSA-GCHQ Allegedly Hack Cryptographer Quisquater" More info written by Jean-Jacques Quisquater. This text was updated on February 8, 2014 in the morning (Belgian time). Since 1 Feb 2014, many papers appeared in the newspapers and on Internet concerning the hack of the personal portable computer of Jean-Jacques Quisquater (JJQ). See http://www.pcworld.com/article/2093700/prominent-cryptographer-victim-of-malware-attack-related-to-belgacom-breach.html http://www.theregister.co.uk/2014/02/03/nsa_gchq_accused_of_hacking_belgian_smartcard_crypto_guru/ http://yro.slashdot.org/story/14/02/03/1239223/crypto-legend-quisquater-targeted---but-nsa-may-not-be-to-blame Unfortunately many of these papers suffer from approximations and extrapolations and some of them are wrong. The following text is intended to clarify the context of the attack as much as possible as the investigations are not complete at this stage. In short: Facts: Yes, this portable computer was attacked. We don't know for sure the vector of the attack in use. According to the Belgian Federal Police the attack of this computer is strongly related to the attack of Belgacom in Belgium allegedly hacked by NSA-GCHQ. The only found vector of attack is related to an e-mail spoofing a linkedin e-mail mentioning a name close to a name known by JJQ. From this e-mail, JJQ opened a link to a profile of the mentioned person and JJQ immediately understood it was a spoof and closed his computer in one second. The computer was later extensively scanned by several malware detectors without result. Possibly another vector of attack was used but there is no trace of it. * Data available on the computer: There was no sensitive data on the computer. The main part of the JJQ's work is the design of (formal) methods related to cryptography and computer security and this activity is twofold: - Methods related to the academic world finally anyway published in conferences, journals, patents and standards. Privacy concerning reviews of scientific papers is important to write these reviews without external pressure, the content is nevertheless not critical. - Activities related to sensitive data of companies always follow a very strict procedure which lead to a very strong level of security (the use of safes, only in company rooms, dedicated computers without connection, destruction of all the data at the end of the study). Therefore no sensitive information related to companies is available on this personal computer. Companies are only using the practical ideas of JJQ in the spirit of the main principles of Kerckhoffs (“Only the key is secret.'') and Shannon (“The enemy knows the system.''). * The purpose of the attack: we don't know. Maybe the cryptography research is under surveillance, maybe some people hope to find some interesting information or contact, maybe there is another goal we will never know. [...] [PGN-truncated for RISKS. Full text at cryptome.org/2014/02/quisquater-comments.htm Quite an item! PGN]

Book announcement: "Threat Modeling: Designing for Security"

Adam Shostack <adam@homeport.org>

One of the the biggest threats to threat modeling is to believe it's a mystical rite, or inborn skill which can never be taught. Everyone can threat model, and everyone should. (If threat modeling is harder than using git, whose fault is that?) That requires recasting threat modeling as a set of tasks which can be taught and integrated into the engineering processes which deliver products or services. Adam Shostack's Threat Modeling: Designing For Security (Wiley, 2014), is focused on actionable threat modeling for everyone involved in building and operating complex technology, in particular, developers, systems managers and security professionals. The book starts with a simple introduction focused on four questions: (1) What are you building (2) What can go wrong? (3) What are you going to do about it (4) Are you doing 1-3 sufficiently well for your project? From there, it covers finding threats (Part II), processing and managing threats (Part III), threat modeling for specific technologies and tricky areas (Part IV), and taking threat modeling to the next level (Part V). RISKS readers (especially those in security and other trustworthiness issues) will particularly benefit from framing threat modeling as a deeply practical, teachable discipline, and from having prescriptive guidance to help experts in other domains better interface with security. More information at http://threatmodelingbook.com, and available wherever fine books are sold.

Search RISKS

Please report problems with the web pages to the maintainer

Top