CRYPTO-GRAM June 15, 2003 by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. schneier@counterpane.com A free monthly newsletter providing summaries, analyses, insights, and=20 commentaries on computer security and cryptography. Back issues are available at=20 . To subscribe, visit=20 or send a blank message=20 to crypto-gram-subscribe@chaparraltree.com. Copyright (c) 2003 by Counterpane Internet Security, Inc. ** *** ***** ******* *********** ************* In this issue: The Risks of Cyber-Terrorism Crypto-Gram Reprints Self-Destructing DVDs The Doghouse: BSB Utilities Attacking Virtual Machines with Memory Errors News Counterpane News Security Notes from All Over: Tasers and Security Audits Expired Domains, E-Mail Addresses, and Passwords Teaching Viruses Comments from Readers ** *** ***** ******* *********** ************* The Risks of Cyberterrorism The threat of cyberterrorism is causing much alarm these days. We have=20 been told to expect attacks since 9/11; that cyberterrorists would try=20 to cripple our power system, disable air traffic control and emergency=20 services, open dams, or disrupt banking and communications. But so=20 far, nothing's happened. Even during the war in Iraq, which was=20 supposed to increase the risk dramatically, nothing happened. The=20 impending cyberwar was a big dud. Don't congratulate our vigilant=20 security, though; the alarm was caused by a misunderstanding of both=20 the attackers and the attacks. These attacks are very difficult to execute. The software systems=20 controlling our nation's infrastructure are filled with=20 vulnerabilities, but they're generally not the kinds of vulnerabilities=20 that cause catastrophic disruptions. The systems are designed to limit=20 the damage that occurs from errors and accidents. They have manual=20 overrides. These systems have been proven to work; they've experienced=20 disruptions caused by accident and natural disaster. We've been=20 through blackouts, telephone switch failures, and disruptions of air=20 traffic control computers. In 1999, a software bug knocked out a=20 nationwide paging system for a day. The results might be annoying, and=20 engineers might spend days or weeks scrambling, but the effect on the=20 general population has been minimal. The worry is that a terrorist would cause a problem more serious than a=20 natural disaster, but this kind of thing is surprisingly hard to=20 do. Worms and viruses have caused all sorts of network disruptions,=20 but it happened by accident. In January 2003, the SQL Slammer worm=20 disrupted 13,000 ATMs on the Bank of America's network. But before it=20 happened, you couldn't have found a security expert who understood that=20 those systems were dependent on that vulnerability. We simply don't=20 understand the interactions well enough to predict which kinds of=20 attacks could cause catastrophic results, and terrorist organizations=20 don't have that sort of knowledge either -- even if they tried to hire=20 experts. The closest example we have of this kind of thing comes from Australia=20 in 2000. Vitek Boden broke into the computer network of a sewage=20 treatment plant along Australia's Sunshine Coast. Over the course of=20 two months, he leaked hundreds of thousands of gallons of putrid sludge=20 into nearby rivers and parks. Among the results were black creek=20 water, dead marine life, and a stench so unbearable that residents=20 complained. This is the only known case of someone hacking a digital=20 control system with the intent of causing environmental harm. Despite our predilection for calling anything "terrorism," these=20 attacks are not. We know what terrorism is. It's someone blowing=20 himself up in a crowded restaurant, or flying an airplane into a=20 skyscraper. It's not infecting computers with viruses, forcing air=20 traffic controllers to route planes manually, or shutting down a pager=20 network for a day. That causes annoyance and irritation, not terror. This is a difficult message for some, because these days anyone who=20 causes widespread damage is being given the label "terrorist." But=20 imagine for a minute the leadership of al Qaeda sitting in a cave=20 somewhere, plotting the next move in their jihad against the United=20 States. One of the leaders jumps up and exclaims: "I have an=20 idea! We'll disable their e-mail...." Conventional terrorism --=20 driving a truckful of explosives into a nuclear power plant, for=20 example -- is still easier and much more effective. There are lots of hackers in the world -- kids, mostly -- who like to=20 play at politics and dress their own antics in the trappings of=20 terrorism. They hack computers belonging to some other country=20 (generally not government computers) and display a political=20 message. We've often seen this kind of thing when two countries=20 squabble: China vs. Taiwan, India vs. Pakistan, England vs. Ireland,=20 U.S. vs. China (during the 2001 crisis over the U.S. spy plane that=20 crashed in Chinese territory), the U.S. and Israel vs. various Arab=20 countries. It's the equivalent of soccer hooligans taking out national=20 frustrations on another country's fans at a game. It's base and=20 despicable, and it causes real damage, but it's cyberhooliganism, not=20 cyberterrorism. There are several organizations that track attacks over the=20 Internet. Over the last six months, less than 1% of all attacks=20 originated from countries on the U.S. government's Cyber Terrorist=20 Watch List, while 35% originated from inside the United=20 States. Computer security is still important. People overplay the=20 risks of cyberterrorism, but they underplay the risks of=20 cybercrime. Fraud and espionage are serious problems. Luckily, the=20 same countermeasures aimed at cyberterrorists will also prevent hackers=20 and criminals. If organizations secure their computer networks for the=20 wrong reasons, it will still be the right thing to do. ** *** ***** ******* *********** ************* Crypto-Gram Reprints Crypto-Gram is currently in its sixth year of publication. Back issues=20 cover a variety of security-related topics, and can all be found on=20 . These are a selection=20 of articles that appeared in this calendar month in other years. Fixing Intelligence Failures: Honeypots and the Honeynet Project Microsoft SOAP: The Data Encryption Standard (DES): The internationalization of cryptography policy: and products: The new breeds of viruses, worms, and other malware: Timing attacks, power analysis, and other "side-channel" attacks=20 against cryptosystems: ** *** ***** ******* *********** ************* Self-Destructing DVDs Disney is launching a pilot DVD-rental program that uses=20 self-destructing DVDs. The idea is that the DVD has a coating that=20 oxidizes after a few days, rendering the DVD unreadable. I think this is a very clever security countermeasure. The threat is=20 regular consumers. Disney wants to be able to rent DVDs to them at a=20 price-point lower than their sale price. By making a DVD that only=20 lasts a few days after being taken out of the package, Disney has=20 solved the problem of needing an infrastructure to process DVD returns. Of course this doesn't solve the problem of making illegal copies of=20 the DVD, but that's not the problem that Disney is trying to=20 solve. Self-destructing DVDs are a clever solution for a specific=20 security problem, and if it works well it's likely to be a cheap and=20 effective one. (Compare this to Circuit City's superficially similar=20 DIVX format, which also had expiring DVDs, but required a phone line=20 and special player.) or ** *** ***** ******* *********** ************* The Doghouse: BSB Utilities I got this as spam, no less. It's your typical=20 one-time-pad-that's-really-a-stream-cipher proprietary=20 algorithm. You've got your infinitely long key. You've got your=20 claims of more security than anything else on the market. You've got=20 your weird "independent evaluation" by experts who seem to have no=20 actual expertise in cryptography. But this is my favorite quote off the Web site: "One of the primary=20 means of testing the solidness of a form of encryption is to test the=20 randomness of the data it creates." Haven't these people ever heard of=20 cryptanalysis? ** *** ***** ******* *********** ************* Attacking Virtual Machines with Memory Errors This is a clever side-channel attack. An attacker can use memory=20 errors to attack a virtual machine. Here's how it works: First, he loads two Java applets into the target system's memory. The=20 first applet is large, and consists only of pointers to the second=20 applet. The second applet is the attack code, and can do whatever the=20 attacker wants. The trick is to cause a random memory error=20 occur. The researchers used a light bulb to heat the target system,=20 but you can imagine the same sort of result from a microwave oven,=20 static electricity, or a host of other environmental factors. It turns=20 out that a random error is likely to cause the system to run the attack=20 code. If, for example, the first applet fills up 60% of the target=20 system's memory, then a random error (a bit flip) will cause the=20 execution to pass to the pointer and then to the attack code more than=20 70% of the time. The attacker needs physical access to the machine being attacked, so=20 its main uses are in breaking smart cards and other devices that=20 attempt to remain secure against the person in possession of it. There=20 are lots of such devices that allow the owner to run any program on it=20 he wants, and maintains security by internal separation of=20 programs. This attack demonstrates that internal separation isn't as=20 good as people might think. Now that the attack is known, it can easily be prevented. Simple=20 measures like parity checking or error-correcting codes can defeat this=20 technique. But you can be sure there are other attacks like this. In=20 general, there is no way to secure secrets inside a device from someone=20 who has physical possession of the device. News article: Paper: ** *** ***** ******* *********** ************* News Very interesting article on the arrest of three Russian hackers. This=20 isn't a technical article, but speaks to socioeconomic conditions and=20 motivations of these criminals, as well as the competence and=20 effectiveness of the FBI. Getting a fake photo ID in New Jersey: Another article on the question of whether or not to apply security=20 patches: Good article on how we might preserve privacy in the face of the Total=20 Information Awareness program: Essay on the motivations of computer attackers: random attacks versus=20 targeted attacks: Video cameras in cell phones are a potential tool to buy=20 elections. One of the basic tenets of a good election is that the=20 ballot is secret. Someone can offer to buy a vote, but the buyer has=20 no guarantee that the seller will deliver from the privacy of the=20 voting booth. But video cameras in cell phones have the potential to=20 change that; the buyer can demand proof of a vote bought before he pays. Insider attack at Coca-Cola: Black box recorders in cars, originally intended to determine the cause=20 of death in an accident, are increasingly being used in court. People=20 can be sent to jail, or be held liable, based on the contents. But=20 since the system was not designed for use in an adversarial setting, my=20 guess is that the security surrounding these devices is minimal. or Hacking customer privacy in DirecTV: A new biometric: identifying people by the way they walk. The first=20 article claims that the system "has been 80 to 95 percent successful in=20 identifying people." Be careful about that number, though, because it=20 is meaningless without more information about how it was derived. Seattle police needed a DNA sample from a suspect. So they mailed him=20 a letter, and tricked him into mailing a reply back in an envelope he=20 licked. There was enough DNA there to link him to the crime. The Pentagon's Total Information Awareness program has a new name:=20 Terrorism Information Awareness. DARPA's "Report To Congress Regarding the Terrorism Information=20 Awareness Program": The Department of Homeland Security is setting up a cybersecurity=20 office. I suspect this is basically a political exercise, but it might=20 actually result in something positive. The problems with some current cyber-insurance policies: Identity theft insurance offered: Lots of companies are using "security" as an excuse to get around all=20 sorts of things from government: A reporter created a fake letterhead and used it to order the recipe=20 for sarin gas, and enough of the four chemicals to make enough to kill=20 tens of thousands. There's still the small matter of distribution --=20 which isn't as easy as it seems -- but it seems that making the stuff=20 just requires a basic chemist's education and some cheap commercial lab=20 equipment. This research on defeating biometric security isn't new, but I don't=20 remember seeing a translation of the actual article before. It covers=20 fingerprint scanners, facial recognition, and iris scanners. U.S. airline security is mostly window-dressing. or Student hacker being tried as an adult. This, to me, is a measure of=20 the hysteria today. Hacking your school's computer is the equivalent=20 of spray painting your name in the bathroom. It shouldn't be a felony,=20 and he shouldn't be tried as an adult. Good comments on U.S. cybersecurity by former czar Richard Clarke. The manual "Keeping Your Jewish Institution Safe," published by the=20 Anti-Defamation League, is actually a pretty good anti-terrorism and=20 security manual. I'm sure glad the Idaho police department's wireless network is "using=20 a hard-to-crack proprietary encryption protocol." or Cyber criminals are a bigger worry than cyber terrorists. No, it=20 wasn't me saying this...but it could have been. CryptoGram product. I have no idea if this is any good, and some of=20 the marketing claims made me wince. But for the record, I have nothing=20 to do with this French company. Fear causes irrational security decisions (see above). or Vulnerability Disclosure plan (draft) from the industry group called=20 the "Organization for Internet Safety." News articles: The U.S. Department of Homeland Security now has a National Cyber=20 Security Division, which will incorporate the Critical Infrastructure=20 Assurance Office (CIAO), the National Infrastructure Protection Center=20 (NIPC), the Federal Computer Incident Response Center (FedCIRC) and the=20 National Communications System. No word yet on a person to run this thing. ** *** ***** ******* *********** ************* Counterpane News Counterpane has a new VP of Worldwide Sales, and a new VP of Strategy=20 and Development. Security Q&A with Schneier for Washington Technology magazine: ** *** ***** ******* *********** ************* Security Notes from All Over: Tasers and Security Audits A difficult problems in law enforcement is forensics: proving the=20 police officers acted properly. Many cases hinge on=20 my-word-against-his, and sometimes untrustworthy policemen might be=20 trusted when they shouldn't be. One solution is to add auditing=20 features directly into the weapon: "The weapon [taser] is fully trackable. A computer chip date-stamps=20 every time the trigger is pulled. The cartridges have serial numbers=20 and when fired, they release confetti with the serial numbers on=20 them. Investigators at a scene involving several officers can=20 determine who fired and how many times." ** *** ***** ******* *********** ************* Expired Domains, E-Mail Addresses, and Passwords A very common feature of password-protected Web sites is the ability to=20 request that the password be e-mailed to you. The idea is simple:=20 people forget their passwords and need to be reminded of them. It's a=20 reasonable security assumption that the e-mail address of the person is=20 secure, so it is reasonable to e-mail the password to them. (You can=20 argue about the wisdom of e-mailing the password unencrypted, but I=20 don't think eavesdropping is the attack we're worried about here.) Here's a clever attack to exploit this feature. Step 1: Buy an expired=20 domain. Step 2: Watch all the spam come in, and figure out what e-mail=20 accounts were active for that domain's previous owner. Step 3: Go to=20 an account-based site -- eBay, Amazon, etc. -- and request that the=20 password be sent to those accounts. If the people with those accounts=20 didn't bother to change their e-mail address when the domain expired,=20 you can collect their passwords. Someone tried that with an expired domain and eBay accounts, and found=20 that -- if he wanted to -- he could have collected a few=20 passwords. Moral: when an e-mail address deactivates, everything=20 associated with that address should be deactivated as well. ** *** ***** ******* *********** ************* Teaching Viruses The University of Calgary is offering a course on virus writing, and=20 many are up in arms about it. Wired has published an article on the=20 SQL Slammer worm, including source code, and recriminations ensue. Get real here. If we have any hope of improving computer security, we=20 need to teach computer security. Teaching computer security includes=20 teaching how attacks work. It includes teaching how viruses work. It=20 includes teaching how worms work. The bad guys have all sorts of resources to learn how to write=20 viruses. SQL Slammer source code has been available on the=20 Internet. Neither of these two actions will help the bad guys. But=20 they probably will help the good guys. Worms, viruses, exploits, hacking code...they're not infectious=20 diseases. We need to look at them as educational tools, and not things=20 to keep secret. University of Calgary's Virus course: Press coverage: or Wired's article on the SQL Slammer: ** *** ***** ******* *********** ************* Comments from Readers From: Eric Tribou Subject: Encryption and Wiretapping I think you missed the target on your comments regarding encryption and=20 wiretapping. First to note is that the report is not exclusive to wiretapping of=20 phone lines. Electronic and oral communications are=20 included. Encrypting phones may not have been encountered at all. The=20 encryption that was encountered could easily (and more likely) have=20 been the use of PGP or some other such method of encrypting e-mail. It=20 could also refer to encounters with encrypted Voice over IP=20 sessions. Both of those can be based on open systems. Second point is that how, exactly, the plaintext is recovered is not=20 mentioned at all. Using an encrypted phone line is good and all, but=20 if a bug has been planted in the room in which one side of this=20 conversation is taking place then there's little need to worry about=20 decrypting the data going over the phone line. The same holds true for=20 VoIP sessions and encrypted e-mail; in the case of the latter, a key=20 logger could be used. So while your point about encrypting telephone devices, and the greater=20 point about closed security systems, is certainly correct, I don't=20 believe it should take focus here. Instead I think it's worth=20 discussing how data is (or is not) secured on either end of the=20 communications line and not how it is secured during transmission. From: Arrigo Triulzi Subject: Encryption and Wiretapping I am just wondering if you are reading too much into the wiretapping report: |1) Encryption of phone communications is very uncommon. Sixteen cases | of encryption out of 1,358 wiretaps is a little more than one | percent. Almost no suspected criminals use voice encryption. | |2) Encryption of phone conversations isn't very effective. Every time | law enforcement encountered encryption, they were able to bypass | it. I assume that local law enforcement agencies don't have the | means to brute-force DES keys (for example). My guess is that the | voice encryption was relatively easy to bypass. What about these people being on GSM phones? GSM phones are encrypted,=20 using A4 (in theory). It is also true that to wiretap a GSM phone you=20 don't really have to break A4, you simply tap the base stations. By applying the above to the report it could well be that the=20 "encryption was encountered in 16 wiretaps" simply means "they had GSM=20 phones, we didn't have to worry about encryption 'cos we went and=20 listened to their conversations at the base stations or gateway=20 switches between the mobile operator and the fixed line operator/other=20 mobile operator." This is how they wiretap mobile phones in Europe... Of course it doesn't make the argument that people are selling snake=20 oil for phone encryption wrong at all, it simply completes the picture=20 and points out the need to understand where encryption ends in a=20 conversation... From: Anonymous Subject: Over-assumptions in "Encryption and Wiretapping" The court's report about encryption and wiretapping was interesting,=20 but not necessarily factual. As you pointed out, it is unlikely that=20 local police organizations could brute-force DES keys. Given that some=20 of the conversations were encrypted but none of that "prevented law=20 enforcement officials from obtaining the plain text of communications=20 intercepted," you assumed that the officials were able to break the=20 crypto systems. Other possible explanations include: - The reports of encryption were erroneous. This could be due to the=20 reporting officials misunderstanding what "encrypted" means, or=20 purposely lying to make themselves look good. - The reports that the encryption didn't prevent them from obtaining=20 the plaintext were erroneous. It is easy to believe that a police=20 officer would lie about this, particularly if they arrested the person=20 on trumped-up charges but wanted it to look like they had evidence. To me, both of these are much more plausible than assuming that local=20 police departments (or even the feds) are smart enough to circumvent an=20 encryption system. From: "Israel, Howard M (Howard)" Subject: Encryption and Wiretapping I think that you have made some assumptions, that are critical to the=20 conclusion that you have drawn. Briefly, the quoted text did not=20 specifically indicate that the encryption was actually broken by law=20 enforcement. Maybe: 1) law enforcement brought a legal action (e.g.,=20 subpoena) to the providers of the technology to get the keys?, 2) law=20 enforcement had multiple taps that captured to conversation anyway=20 (e.g., the phone conversation that was encrypted took place in a car,=20 and the encrypted voice was over the phone, but the car also had a bug=20 in it? 3) maybe the plaintext was obtained from a recording device of=20 an informant who was present during the conversation? 4) maybe the=20 encrypted conversation wasn't actually germane to the case, thus not=20 necessary for prosecution? Those are only a few hypothesis. Thus, I think that your conclusions=20 regarding openness are not justified. From: Mike Schiraldi Subject: Unique e-mail addresses and Spam I set up an address of the form flowers@foo when I used the services of=20 1-800-Flowers, and a year or so later I suddenly started receiving a=20 torrent of pornographic spam at this address. The customer service=20 agent assured me that they do not share their address list with anyone,=20 and I actually believe them. I'm certain that a DBA or even a temp=20 worker ran a quick SQL query, saved the results to disk, and sold it=20 all to spammers. So even if you trust a company to behave honorably as=20 a whole, you should still assume that any e-mail address you give them=20 could easily become public knowledge. From: "Aram Compeau" Subject: Unique E-mail Addresses and Spam Isn't this just an analog of selecting hard-to-guess passwords? A=20 slightly better schema is to use _counterpane_@machine.domain. This also overcomes the problem that=20 if you wish to retire but you still want to=20 subscribe, you must provide another e-mail. Under the new schema, you=20 can retire and generate=20 . Of course, there are many=20 variations on the hard-to-guess suffix. As long as you use something=20 like it, framing should be a non-issue for mistakes and casual malice. From: "Brent J. Nordquist" Subject: Countermeasures Against Employee Theft On Wed, May 14, 2003 at 11:57:49PM -0500, Bruce Schneier wrote: > A common security practice is to put a sign on the > register that says: "Your purchase free if I fail to give a > receipt." What that sign does is give the customer an interest in > paying attention to whether or not she gets a receipt and immediately > reporting an employee who doesn't give her one (by demanding her > purchase free). It enlists her as a security agent to defend against > employee theft. The customer has the capability to perform this > security function, and the sign gives her the incentive. A related scenario I've seen is the danger of the employee telling the=20 customer "That will be $7.73" when it's only $6.73, and pocketing an=20 extra $1. I've thus seen (at the Taco Bell drive-through and other=20 places) a conspicuous LED display with the price, and a warning at the=20 bottom "Please call 1-800-XXX-XXXX if you are asked to pay a different=20 amount than that shown here." From: Robert.Hannent@telenor.com Subject: Security at Ballparks While I was studying at university, I needed extra income to pay my=20 way, so in desperation I took a job working in football stadium=20 security! I even attended an official training course with the=20 Football Stewards Association. The issue of bottles was a significant=20 problem in UK football and field sporting events. The classic attack=20 was to take a fizzy drink bottle into the stadium and once it was empty=20 to re-fill it with bodily fluids. Then the bottle would be hurled at=20 either a static player or the opposing crowd. If the victim was lucky=20 it would just hit the body, but the unlucky victim would get it in the=20 head and the bottle would break releasing its contents. Cans have not been much of a threat, although in UK stadiums there are=20 issues over alcohol which have been addressed. The main can issue I=20 can see would be the problem of constructing a sharp offensive weapon=20 from the aluminum can. As Mr Bellovin stated, it doesn't matter if you deal with the issue of=20 larger projectile weapons; the smaller implements are always=20 available. There has long been an issue in UK sport with some coins=20 being used -- an especial favorite is the UK 50 pence coin, which is=20 not circular but multi-sided, and previously was much=20 heavier. Although recently, with the introduction of the heavy =A32=20 coin, generous thugs have found its weight and aerodynamics very useful. One aspect of stadium violence that I found the most enlightening=20 during my time was that a lot of inter-club "supporter" violence is=20 coordinated. There are groups of "fans" who enjoy the violence and=20 they arrange when and where to meet for a "ruck." I worked at a modern=20 stadium where there were very few incidents of in-stadium violence due=20 to skilled crowd control and a flexible high-coverage camera system. Out of the stadium has often been the biggest problem and this modern=20 stadium uses their technology to assist the police by highlighting=20 those in the crowd who are seen organizing with their mobile=20 phones. Coordinated intelligence gathering between civilian security=20 and police is highly important to maintain a decent level of safety. From: "Robert P. Goldman" Subject: Security at Ballparks Seeing those e-mails on this subject reminded me of something I=20 couldn't resist pointing out: the same security restriction is used in=20 New Orleans, except for the streets. You can drink alcoholic bevvies=20 in public, but they have to be in a plastic cup, so you can't hurt=20 anyone with them.... ** *** ***** ******* *********** ************* CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,=20 insights, and commentaries on computer security and cryptography. Back=20 issues are available on . To subscribe, visit or=20 send a blank message to crypto-gram-subscribe@chaparraltree.com. To=20 unsubscribe, visit . Please feel free to forward CRYPTO-GRAM to colleagues and friends who=20 will find it valuable. Permission is granted to reprint CRYPTO-GRAM,=20 as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Schneier is founder and CTO=20 of Counterpane Internet Security Inc., the author of "Secrets and Lies"=20 and "Applied Cryptography," and an inventor of the Blowfish, Twofish,=20 and Yarrow algorithms. He is a member of the Advisory Board of the=20 Electronic Privacy Information Center (EPIC). He is a frequent writer=20 and lecturer on computer security and cryptography. Counterpane Internet Security, Inc. is the world leader in Managed=20 Security Monitoring. Counterpane's expert security analysts protect=20 networks for Fortune 1000 companies world-wide. Copyright (c) 2003 by Counterpane Internet Security, Inc.