Home page logo

risks logo RISKS Forum mailing list archives

Risks Digest 27.68
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 3 Jan 2014 13:12:01 PST

RISKS-LIST: Risks-Forum Digest  Friday 3 January 2014  Volume 27 : Issue 68

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

Searching the Internet for evidence of time travelers (Robert J. Nemiroff
  via Dave Farber, Lauren Weinstein)
Apple, Cisco, Dell unhappy over alleged NSA back doors in their gear
  (Gene Wirchenko)
Apple Says It Is 'Unaware' of N.S.A. iPhone Hack Program (Nicole Perlroth)
Backdoor in popular wireless routers/DSL modems (Lauren Weinstein)
TA14-002A: Malware Targeting Point of Sale Systems (US-CERT)
4.6 million Snapchat phone numbers and usernames leaked (Lauren Weinstein)
Local restaurant chain source of data breach that compromised card info
  of conventioneers (Deirdre Fernandes)
Researchers Hack Webcam While Disabling Warning Lights (Nick Bilton)
Edward Snowden, Whistle-Blower (NYT Editorial via Dewayne Hendricks)
Recent *Der Spiegel* coverage about the NSA and GCHQ (Jacob Appelbaum)
Court Rules No Suspicion Needed for Laptop Searches at Border (ACLU via
  Richard Forno)
Re: Hackers target cash machines with USB sticks (David Alexander)
Re: Data brokers won't even tell the government how it ... your data
  (Matthew Kruk)
Internet citizen mobilization and the law (Gary T Marx)
Abridged info on RISKS (comp.risks)


Date: Thu, 2 Jan 2014 07:59:58 -0500
From: David Farber <farber () gmail com>
Subject: Searching the Internet for evidence of time travelers

Physics > Popular Physics (Submitted on 26 Dec 2013)
(From Robert J. Nemiroff via Dave Farber)

Time travel has captured the public imagination for much of the past
century, but little has been done to actually search for time
travelers. Here, three implementations of Internet searches for time
travelers are described, all seeking a prescient mention of information not
previously available. The first search covered prescient content placed on
the Internet, highlighted by a comprehensive search for specific terms in
tweets on Twitter. The second search examined prescient inquiries submitted
to a search engine, highlighted by a comprehensive search for specific
search terms submitted to a popular astronomy web site. The third search
involved a request for a direct Internet communication, either by e-mail or
tweet, pre-dating to the time of the inquiry. Given practical verifiability
concerns, only time travelers from the future were investigated. No time
travelers were discovered. Although these negative results do not disprove
time travel, given the great reach of the Internet, this search is perhaps
the most comprehensive to date.


Date: Wed, 1 Jan 2014 21:14:13 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Searching the Internet for evidence of time travelers

I should note that whenever I've conducted time travel experiments, I've
always scanned for any published research revealing it later (or, well,
earlier) and then gone "back" and introduced sufficient changes (small "c"
as per Asimov) to eliminate any evidence of those articles and/or newscasts,
etc.  That process will ultimately include this message.


Date: Fri, 03 Jan 2014 09:29:14 -0800
From: Gene Wirchenko <genew () telus net>
Subject: Apple, Cisco, Dell unhappy over alleged NSA back doors in their gear

Germany's Der Spiegel reports that the NSA has compromised a wide range of
  hardware for years to enable its spying
InfoWorld, 31 Dec 2013


Date: Wed, 1 Jan 2014 01:34:31 -0500
From: Monty Solomon <monty () roscom com>
Subject: Apple Says It Is 'Unaware' of N.S.A. iPhone Hack Program
  (Nicole Perlroth)

Nicole Perlroth, *The New York Times*, 31 Dec 2013

Apple said Tuesday that it was unaware of the National Security Agency's
efforts to hack into the iPhone and has never facilitated agency efforts to
install backdoors into its products.

The Cupertino, Calif., company released a strongly worded statement in
response to a recent article in the German magazine Der Spiegel, which
reported that N.S.A. analysts refer internally to iPhone users as "zombies"
who "pay for their own surveillance."

"Apple has never worked with the N.S.A. to create a backdoor in any of our
products, including iPhone," an Apple spokeswoman said in an e-mail.

*Der Spiegel* released a number of slides detailing the agency's hacking
division - known internally as the Tailored Access Operations, or T.A.O.
division. One slide, describing an N.S.A.  software implant called
DROPOUTJEEP, stood out.

The agency described DROPOUTJEEP as a "software implant for Apple iPhone"
that has all kinds of handy spy capabilities. DROPOUTJEEP can pull or push
information onto the iPhone, snag SMS text messages, contact lists,
voicemail and a person's geolocation, both from the phone itself and from
cell towers in close proximity.

It can also turn the iPhone into a "hot mic" using the phone's own
microphone as a recording device and capture images via the iPhone's
camera. (Reminder to readers: Masking tape is not a bad idea). ...



Date: Thu, 2 Jan 2014 17:03:17 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Backdoor in popular wireless routers/DSL modems

  "A hacker has found a backdoor to wireless combination router/DSL modems
  that could allow an attacker to reset the router's configuration and gain
  access to the administrative control panel. The attack, confirmed to work
  on several Linksys and Netgear DSL modems, exploits an open port
  accessible over the wireless local network.  The backdoor requires that
  the attacker be on the local network, so this isn't something that could
  be used to remotely attack DSL users.  However, it could be used to
  commandeer a wireless access point and allow an attacker to get unfettered
  access to local network resources."
    http://j.mp/1cpQ717  (Ars Technica via NNSquad)


Date: Thu, 02 Jan 2014 17:13:59 -0600
From: "US-CERT" <US-CERT () ncas us-cert gov>
Subject: TA14-002A: Malware Targeting Point of Sale Systems

National Cyber Awareness System:
TA14-002A: Malware Targeting Point of Sale Systems, 2 Jan 2014

For quite some time, cyber criminals have been targeting consumer data
entered in POS systems. In some circumstances, criminals attach a physical
device to the POS system to collect card data, which is referred to as
skimming. In other cases, cyber criminals deliver malware which acquires
card data as it passes through a POS system, eventually exfiltrating the
desired data back to the criminal. Once the cybercriminal receives the data,
it is often trafficked to other suspects who use the data to create
fraudulent credit and debit cards.

As POS systems are connected to computers or devices, they are also often
enabled to access the Internet and e-mail services. Therefore malicious
links or attachments in e-mails as well as malicious websites can be
accessed and malware may subsequently be downloaded by an end user of a POS
system. The return on investment is much higher for a criminal to infect one
POS system that will yield card data from multiple consumers.

  [Excerpted for RISKS.  Please dig up the entire CERT message if this might
  affect you.  PGN]


Date: Wed, 1 Jan 2014 07:41:31 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: 4.6 million Snapchat phone numbers and usernames leaked

http://j.mp/1d9Nt0o (Verge via NNSquad)

  The phone numbers and usernames of more than 4.6 million North American
  Snapchat users have been leaked online. SnapchatDB, an unofficial site run
  by an anonymous individual or group, allows open access to two files - one
  an SQL dump, one CSV text - that show details of the photo-sharing app's
  users alongside their location.  The final two digits of phone numbers
  have been censored "to minimize spam and abuse," but SnapchatDB says
  people should "feel free" to contact it for the uncensored database, as it
  may release it under certain circumstances. Usernames are presented
  unedited, and SnapchatDB notes that "people tend to use the same username
  around the web." Those that download the information, it says, can try to
  "find phone number information associated with Facebook and Twitter
  accounts, or simply to figure out the phone numbers of people you wish to
  get in touch with."

    See also Has your Snapchat info been leaked?
    http://j.mp/1da2rDs  (Snapcheck)

       [See also


Date: Sat, 28 Dec 2013 17:34:36 -0500
From: Monty Solomon <monty () roscom com>
Subject: Local restaurant chain source of data breach that compromised
 card info of conventioneers (Deirdre Fernandes)

Deirdre Fernandes, *The Boston Globe*, 27 Dec 2013

A local restaurant chain confirmed Friday that its computer systems were
breached, putting at risk the credit card information of thousands of
customers, including visitors who attended two major conventions in Boston.

Briar Group, which owns 10 restaurants and bars in Boston, including two at
the Westin hotel connected to the Boston Convention and Exhibition Center,
said its computer systems were infiltrated sometime between October and
early November. It said customer names, credit card numbers, expiration
dates, and security information were captured from the cards' magnetic
strips. ...


Chain confirms it was source of breach affecting conventions
By Deirdre Fernandes |  GLOBE STAFF     DECEMBER 28, 2013

Important information about unauthorized access to credit card data
December 27, 2013


Date: Sun, 29 Dec 2013 01:19:01 -0500
From: Monty Solomon <monty () roscom com>
Subject: Researchers Hack Webcam While Disabling Warning Lights (Nick Bilton)

Nick Bilton, *The New York Times*, 19 Dec 2013

If you're sitting at your computer reading this, smile, you could be on
camera. Actually, don't smile.

Last week, researchers at Johns Hopkins University's Department of Computer
Science showed off an exploit that allows a hacker to take over some MacBook
computers and activate their Web cameras without the users' knowledge.

The webcam hacking technique, first reported by The Washington Post, is said
to be similar to a tactic used to spy on Cassidy Wolf, a 19-year-old Miss
Teen USA, who fell victim to a webcam hacker earlier this year.

The Federal Bureau of Investigation arrested the man responsible for the
spying on Ms. Wolf. He pleaded guilty to charges in connection with his
spying on her and a number of other women, using software that could snap a
picture or record video of them without warning.

The Johns Hopkins paper, titled "iSeeYou: Disabling the MacBook Webcam
Indicator LED," explains how the researchers were able to reprogram an
iSight camera's microcontroller to activate the recording functions and LED
activation lights independently to spy on someone without giving that person
any idea that the computer camera is in use. ...



Date: January 2, 2014 at 4:07:09 AM EST
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Edward Snowden, Whistle-Blower (NYT Editorial)

Edward Snowden, Whistle-Blower
The Editorial Board, *The New York Times*, 1 Jan 2014

Seven months ago, the world began to learn the vast scope of the National
Security Agency's reach into the lives of hundreds of millions of people
in the United States and around the globe, as it collects information about
their phone calls, their e-mail messages, their friends and contacts, how
they spend their days and where they spend their nights. The public learned
in great detail how the agency has exceeded its mandate and abused its
authority, prompting outrage at kitchen tables and at the desks of Congress,
which may finally begin to limit these practices.

The revelations have already prompted two federal judges to accuse the
N.S.A. of violating the Constitution (although a third, unfortunately, found
the dragnet surveillance to be legal). A panel appointed by President Obama
issued a powerful indictment of the agency's invasions of privacy and
called for a major overhaul of its operations.

All of this is entirely because of information provided to journalists by
Edward Snowden, the former N.S.A. contractor who stole a trove of highly
classified documents after he became disillusioned with the agency's
voraciousness. Mr. Snowden is now living in Russia, on the run from American
charges of espionage and theft, and he faces the prospect of spending the
rest of his life looking over his shoulder.

Considering the enormous value of the information he has revealed, and the
abuses he has exposed, Mr. Snowden deserves better than a life of permanent
exile, fear and flight. He may have committed a crime to do so, but he has
done his country a great service. It is time for the United States to offer
Mr. Snowden a plea bargain or some form of clemency that would allow him to
return home, face at least substantially reduced punishment in light of his
role as a whistle-blower, and have the hope of a life advocating for greater
privacy and far stronger oversight of the runaway intelligence community.

Mr. Snowden is currently charged in a criminal complaint with two violations
of the Espionage Act involving unauthorized communication of classified
information, and a charge of theft of government property. Those three
charges carry prison sentences of 10 years each, and when the case is
presented to a grand jury for indictment, the government is virtually
certain to add more charges, probably adding up to a life sentence that
Mr. Snowden is understandably trying to avoid.

The president said in August that Mr. Snowden should come home to face those
charges in court and suggested that if Mr. Snowden had wanted to avoid
criminal charges he could have simply told his superiors about the abuses,
acting, in other words, as a whistle-blower.

``If the concern was that somehow this was the only way to get this
information out to the public, I signed an executive order well before
Mr. Snowden leaked this information that provided whistle-blower protection
to the intelligence community for the first time,'' Mr. Obama said at a news
conference. ``So there were other avenues available for somebody whose
conscience was stirred and thought that they needed to question government

In fact, that executive order did not apply to contractors, only to
intelligence employees, rendering its protections useless to
Mr. Snowden. More important, Mr. Snowden told The Washington Post earlier
this month that he did report his misgivings to two superiors at the agency,
showing them the volume of data collected by the N.S.A., and that they took
no action. (The N.S.A. says there is no evidence of this.) That's almost
certainly because the agency and its leaders don't consider these
collection programs to be an abuse and would never have acted on
Mr. Snowden's concerns.

In retrospect, Mr. Snowden was clearly justified in believing that the only
way to blow the whistle on this kind of intelligence-gathering was to expose
it to the public and let the resulting furor do the work his superiors would
not. Beyond the mass collection of phone and Internet data, consider just a
few of the violations he revealed or the legal actions he provoked: [...]

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>


Date: January 2, 2014 at 4:37:45 PM PST
From: Jacob Appelbaum <jacob () appelbaum net>
Subject: Recent Der Spiegel coverage about the NSA and GCHQ

I wanted to write to highlight some important documents that have recently
been released by Der Spiegel about the NSA and GCHQ. We worked very hard and
for quite some time on these stories - I hope that you'll enjoy them.

Inside TAO: Documents Reveal Top NSA Hacking Unit:


Part 1: Documents Reveal Top NSA Hacking Unit:


Part 2: Targeting Mexico:


Part 3: The NSA's Shadow Network:


NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need:


Shopping for Spy Gear: Catalog Advertises NSA Toolbox:


Interactive Graphic: The NSA's Spy Catalog:


  [The following are auf deutsch, URLs omitted.  PGN:]
TAO slides
NSA QUANTUM Tasking Techniques for the R&T Analyst
Yahoo! user targeting and attack example with QUANTUM
QUANTUMTHEORY and related QUANTUM programs
QUANTUM INSERT, race condition details
Details about the Man-On-The-Side with QUANTUM
Catalog of equipment covering around ~50 programs
NSA QUANTUMTHEORY capabilities list
GCHQ QUANTUMTHEORY capabilities list

An overview of all of these articles is available in German:

Earlier this week, I also recently gave a talk titled "To Protect and
Infect: part two" at CCC's 30C3. In the talk I explain a number of these
topics - the video is a reasonable complement to the above stories:

There are quite a few news articles and most of them have focused on the
iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture
asserting that the NSA needs physical access.  This is a
misunderstanding. The way that the NSA and GCHQ compromise devices with
QUANTUMNATION does not require physical access - that is merely one way to
compromise an iPhone. Generally the NSA and GCHQ compromise the phone
through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related attack

An example of a vulnerable Apple user is shown:

"note: QUANTUMNATION and standard QUANTUM tasking results in the same
exploitation technique. The main difference is QUANTUNATION deploys a state
0 implant and is able to be submitted by the TOPI. Any ios device will
always get VALIDATOR deployed."

  [Details on VALIDATOR auf deutsch.  PGN]

They're not talking about Cisco in that slide, I assure you.

Welcome to 2014!

The truth is coming and it can't be stopped,


Date: Tuesday, December 31, 2013
From: *Richard Forno*
Subject: Court Rules No Suspicion Needed for Laptop Searches at Border


Decision Dismisses ACLU Lawsuit Challenging DHS Search Policy as Unconstitutional
31 Dec 2013 [via Dave Farber's IP distribution]

BROOKLYN -- A federal court today dismissed a lawsuit arguing that the
government should not be able to search and copy people=92s laptops, cell
phones, and other devices at border checkpoints without reasonable
suspicion. An appeal is being considered. Government documents show that
thousands of innocent American citizens are searched when they return from
trips abroad.

"We're disappointed in today's decision, which allows the government to
conduct intrusive searches of Americans' laptops and other electronics at
the border without any suspicion that those devices contain evidence of
wrongdoing," said Catherine Crump, the American Civil Liberties Union
attorney who argued the case in July 2011. "Suspicionless searches of
devices containing vast amounts of personal information cannot meet the
standard set by the Fourth Amendment, which prohibits unreasonable searches
and seizures. Unfortunately, these searches are part of a broader pattern of
aggressive government surveillance that collects information on too many
innocent people, under lax standards, and without adequate oversight."

The ACLU, the New York Civil Liberties Union, and the National Association
of Criminal Defense Lawyers filed the lawsuit in September 2010 against the
Department of Homeland Security. DHS asserts the right to look though the
contents of a traveler's electronic devices, and to keep the devices or copy
the contents in order to continue searching them once the traveler has been
allowed to enter the U.S., regardless of whether the traveler is suspected
of any wrongdoing.

The lawsuit was filed on behalf of Pascal Abidor, a dual French-American
citizen who had his laptop searched and confiscated at the Canadian border;
the National Press Photographers Association, whose members include
television and still photographers, editors, students and representatives of
the photojournalism industry; and the NACDL, which has attorney members in
25 countries.

Abidor was traveling from Montreal to New York on an Amtrak train in May
2010 when he had his laptop searched and confiscated by customs officers.
Abidor, an Islamic Studies Ph.D. student at McGill University, was
questioned, taken off the train in handcuffs, and held in a cell for several
hours before being released without charge. When his laptop was returned 11
days later, there was evidence that many of his personal files had been
searched, including photos and chats with his girlfriend.

In June, in response to an ACLU Freedom of Information Act request, DHS
released its December 2011 Civil Rights/Civil Liberties Impact Assessment of
its electronics search policy, concluding that suspicionless searches do not
violate the First or Fourth Amendments. The report said that a reasonable
suspicion standard is inadvisable because it could lead to litigation and
the forced divulgence of national security information, and would prevent
border officers from acting on inchoate "hunches," a method that it says has
sometimes proved fruitful.

Today's ruling is available at:
CONTACT: 212-549-2666, media () aclu org


Date: Thu, 2 Jan 2014 15:42:49 +0000 (GMT)
From: David Alexander <davidalexander440 () btinternet com>
Subject: Re: Hackers target cash machines with USB sticks (RISKS-27/.67)

The article states that the researchers said the gang must have had a
"profound knowledge' of the workings of the cash machines in order to
develop and successfully install the software." Nobody should be surprised
that organised crime knows how to attach ATMs the smart way. Gangs have been
known to physically remove ATMs from buildings and take them away to empty
at their convenience. It's not beyond their wit to either sell the empty
machine on to a group of smart criminals for analysis or to simply steal one
of each type to order for that very purpose. Exactly the same thing used to
happen with the units in payphones to work out how to open them and get the
coins out. It's simply the next version of the 'arms race'.


Date: Fri, 27 Dec 2013 16:59:03 -0700
From: "Matthew Kruk" <mkrukg () gmail com>
Subject: Re: Data brokers won't even tell the government how it ... your data

"What the companies would not specify in full were their sources for consumer
data.  Three companies, Acxiom, Experian, and Epsilon, would not reveal the
sources of their data, citing confidentiality clauses as the reason."

Oh the irony.


Date: Thu, 2 Jan 2014 16:15:42 -0800
From: "Gary T Marx" <gtmarx () mit edu>
Subject: Internet citizen mobilization and the law

This article deals with the vagaries of citizen mobilization of and support
for the law via the Net.


This article taking off from citizen uses of the Net after the Boston
Marathon case, deals with the irony presented by technologies of visibility
which can protect the integrity of the person and the group ala Hobbesian
deterrence, yet can also be a tool for dastardly deeds.  The challenge is to
create informational borders that sustain the former, but not the latter.
One of the great unresolved civilizational issues is coming to terms with
(but never comfortably resolving) the tensions between and within visibility
as accountability and invasion, and invisibility as both freedom and


Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 27.68

  By Date           By Thread  

Current thread:
  • Risks Digest 27.68 RISKS List Owner (Jan 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]