RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (05/09/88)
RISKS-LIST: RISKS-FORUM Digest Sunday 8 May 1988 Volume 6 : Issue 80
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Yet another SSN risk (Tom Lord)
Risks of banking (Ritchey Ruff)
"Auftragstaktik" (Gary Chapman)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM.
For Vol i issue j, ftp kl.sri.com, get stripe:<risks>risks-i.j ... .
Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85).
----------------------------------------------------------------------
Date: Fri, 6 May 88 13:26:55 -0400 (EDT)
From: Tom Lord <lord+@andrew.cmu.edu>
Subject: yet another SSN risk
Promises from your personel department are almost certainly not sufficient
to protect your Social Security number. Such a promise presumes that the
department will have good control over its own records and, at least here at
CMU, this is not true. This morning on my way into the office a box of
trash outside the machine room caught my eye. The box was full of course
schedules listing each course, its classroom, its instructor, and the
instructor's SSN. My guess is that something went wrong with the printer as
the job was printing, and that the operators tossed the partial output and
started over.
-Tom
------------------------------
Date: Sat, 7 May 88 10:24:51 PDT
From: Ritchey Ruff <ruffwork@orstcs.cs.orst.edu>
Subject: Risks of banking
I belong to a credit union (which will remain unnamed for obvious reasons
below) and got the following notice in my end of month statement. I'll
refer to the credit union as <CU> when ever their name appears in the
flier... I am typing it in verbatim because of the numerous RISKS issues
bundled in this little flier, including: SSN's, manuals and instructions,
misinformation, etc. The CAPS are to represent either bold or caps in the
original. The format is as close as I could come to exactly the flier, and
many of the typos are really in the flier (I proof read it 3 times to try
to remove all MY typo's ;-). This should get some RISK dander up!!!
ILLY
<CU>'s Audio Teller
* ILLY - Audio Teller
"Illy" is <CU>'s AUDIO TELLER. You are "talking" directly to our
computer system by simply pushing buttons on the keyboard of your
Touch Tone phone!
Every member has a personal security code. Your security code is
the last four digits of your social security number. Only you and
the computer know this number. If you need to change your number,
you must request this in writing. No numbers will be changed by phone.
* Available hours
Financial transactions: 7:00 a.m. to 5:30 p.m.
During this time you are able to perform your own FINANCIAL
transactions. You can transfer funds, request a withdrawal
check be mailed, or transfer a loan payment from your share
account.
Inquiry Transactions: 7:00 a.m. to 5:30 p.m. and
9:00 p.m. to 7:00 a.m.
During this time you can check your share balance, inquire
if a certain share draft-check has been paid, or inquire on
your loan balance.
* How to use ILLY
1) <state> residence dial: (xxx) xxx-xxxx
<other state> residence dial: (xxx) xxx-xxxx
RESPONSE: You have dialed <CU>'s Audio Response System,
please enter you account number.
2) Press the touch-tone keys on your telephone that correspond
to your account number followed by the "#" sign.
EXAMPLE: 188177#
RESPONSE: Please enter your security code.
3) Press the keys on your telephone that correspond to the
last four digits of your Social Security number followed
by the "#" sign.
EXAMPLE: 9000#
RESPONSE: Please enter your transaction code.
4) Press the keys on your telephone that correspond to the
appropriate code for the transaction you want to perform
from the list below followed by the "#" sign. (Please
see "List of Account Numbers" with special note to the
asteriks preceding four accounts)
RESPONSE: Please enter your share type.
5) Press the keys on your telephone that correspond to the
share type listed below followed by the "#" sign.
00 = Regular Share Savings
01 = Share Draft-Checking
02 = Christmas Savings
03 = I.R.A. Account
04 = Mortgage/Escrow Shares
EXAMPLE: Share Savings, Enter 00#
RESPONSE: Please enter your Transaction code. Enter another
Enter another transaction code, or the # sign to complete the
call.
* List of Transaction Codes
100 - Inquire Share Balance
101 - Inquire Last Deposit
*102 - Inquire check (draft) cleared
190 - Inquire All Shares
120 - Inquire Loan Balance
192 - Inquire All Loans
122 - Inquire Loan Payment Amount and next due date
**200 - Share to Share Transfer
**201 - Share Withdrawal-Check issue
**220 - Loan Payment from Shares
SPECIAL NOTE
* During this transaction, only a five digit number can be entered.
If your Share Draft-check number has only 3 or 4 digits, then
add zeros to the front of the number to make a five digit number.
EXAMPLE: Draft number 271 = 00271#
Draft number 1253 = 01253#
** During these transactions, you will need to know from what share
type you are making your transaction. The computer will repeat
your instructions, and then ask "Is this correct?", press the
"Y" key (number 9) on your telephone followed by the # sign.
RESPONSE: Transaction complete.
IF YOU DO NOT HEAR THE RESPONSE "Transaction complete",
NO TRANSACTION HAS BEEN MADE.
If no transaction has been made, you will hear - Enter your
transaction code - and you can re-enter your code
HELPFUL HINTS
* Have you instruction card handy before placing your call.
* Know your security code.
* For Financial Transactions enter dollar amounts in dollars
and cents. DO NOT ENTER DECIMAL POINTS.
EXAMPLE: $11.22 is entered as 1122#
$150.00 is entered as 15000#
* End each and every function with a "#" (pound) sign.
QUESTIONS/ANSWERS
QUESTION: Am I talking to a real person?
ANSWER: No, you are communicating with <CU>'s In-House Computer system.
QUESTION: What happens if I enter the wrong code?
ANSWER: Nothing, the computer will ask you to re-enter a valid code.
QUESTION: Am I really transferring money from my savings to
my checking?
ANSWER: Yes, you are. Now you can begin writing Share Draft-checks
against your newly transferred funds.
QUESTION: When I make a transfer, when are the funds available?
ANSWER: Immediately. You control your money movement.
QUESTION: Is this really safe?
ANSWER: Absolutely. No one but you has access yo your security
code. Without your security code matching up to your account
number, the computer will not allow transactions. It is
important to protect your security code and not publicize your
number.
QUESTION: When will my check be mailed?
ANSWER: It will leave the Main Office the next business day.
QUESTION: Can I transfer to someone elses account?
ANSWER: NO. You can only transfer within your own accounts.
Every account has its own security code.
QUESTION: Is there a charge for this?
ANSWER: No. ILLY is another convenient service provided by
your Credit Union to make life easier.
GROWING TO SERVE YOU BETTER!
What do you RISKer think of this new bank service. I called <CU>
and they said predictions are that within 5 years most people
in the US with credit union accounts will have this type of service.
I'm writing a letter to this particular CU warning of the RISKs, but
over the phone I got the feeling they expect that Standard Security
Measures for computer transactions will be enough (read---if nobody
knows how the system works, it can be left wide open and be perfectly
secure).
Almost, ALMOST, tempts me to do some hacking (let me see, they claim
they have 200,000 accounts and all accounts have a six digits, so
I should have to try about 5 times to hit a valid account---assuming
they are not sequencial---otherwise I KNOW what allot of them are---any
number smaller than my account number. The security code is 4 digits, so
several tries will get in here---autodialing is so nice. How much
does this person have---hmmm, $50,000...I'll mail a check for $20,000
to that swiss bank account of mine...TRANSACTION COMPLETE...;-)
If I see some good arguments I'll use them in my letter asking the CU
to change this system. Seems like now is the time to deal with this,
instead of waiting for it to spread nation-wide...
A last note: the state where this credit union resides uses your
SSN as the driver's license number. Thus if you cash a check
you have just given someone all the important info to hack on
your banking account...
-- Ritchey Ruff ruffwork@cs.orst.edu -or- ...!hp-pcd!orstcs!ruffwork
(Needless to say, my security code is NOT the default, although
they didn't require a signature on the note to change the
security code...sigh...)
------------------------------
Date: Fri, 6 May 88 10:10:00 PDT
From: chapman@csli.stanford.edu (Gary Chapman)
Subject: "Auftragstaktik"
This is a follow-up to one of Henry Spencer's messages, the one about the
German Army's emphasis on personal initiative among its military officers.
However, this is on a different tack than Henry's message about
"whistleblowing."
There was a German term for giving a lot of personal initiative,
responsibility, and autonomy to front-line commanders: the word is
"Auftragstaktik." This was actually a product of the closing days of World
War I, and then found its way into training of the German officers in the
inter-war years. The two most outstanding practitioners and advocates of
"Auftragstaktik" were Generals Guderian and Rommell, two of the more
successful Wehrmacht commanders.
What makes this term relevant and interesting today is that its precepts have
been rediscovered by the American Army in the 1980's. The (relatively) new
U.S. Army doctrine known as AirLand Battle doctrine is explicitly derived from
the German blitzkrieg, and the authors of the new doctrine recognized how
critical "Auftragstaktik" is to the success of the blitzkrieg. Consider the
following statement from Colonel Huba Wass de Czege, one of the authors of the
1982 Field Manual 100-5 which instituted AirLand Battle doctrine:
The second important realization was that the chaos of the next battlefield
will make centralized control of subordinates always difficult, sometimes
impossible. This led to the incorporation of a doctrine of command and
control which features decentralization of decisions by the use of mission
orders similar to that used by the Wehrmacht early in World War II. This
style of leadership is called Auftragstaktik by the Germans. ("Army
Doctrinal Reform," in Clark, Chiarelli, et al., eds., *The Defense Reform
Debate: Issues and Analysis*, Johns Hopkins University Press, 1984, p. 107.)
"Auftragstaktik" has been the subject of numerous articles in various military
journals, most often in *Military Review*, the military's chief publication of
scholarly writing, where it has been celebrated as a long overdue reform from
the Army's traditional, set-piece, "engineer" model of the line combat officer.
What makes this interesting in terms of computer technology is that so much of
the computer development that has been undertaken in programs like DARPA's
AirLand Battle Management System seems to run completely counter to this trend
in the Army. The AirLand Battle Management System is meant to provide
centralized control of combat operations at the corps level--a corps is the
next larger unit above a division--and the original DARPA plans wanted
electronic accountability down to the individual soldier and vehicle. The
AirLand Battle Management System is supposed to be a huge expert system that
analyzes a battle in progress, makes recommendations of tactics, issues orders
to subunits, watches the battle in real time through vast sensor and satellite
networks, and continues to update the corps commander with new information,
recommendations, and so on. This is exactly the opposite of what
"Auftragstaktik" entails.
The other worrisome aspect of "Auftragstaktik" in American doctrine is the wide
dispersion of nuclear devices in the U.S. Army in Europe. Once the INF Treaty
pulls out Pershing 2s and GLCMs, the nuclear devices that will be left in the
U.S. Army arsenal in Europe will all be short-range weapons like nuclear
artillery shells and mines. A doctrine which gives the "commander on the spot"
maximum authority for initiative and autonomy, combined with the availability
of short-range nuclear weapons, is something that worries a lot of people,
particularly the West Germans.
Finally, one of the most interesting things to watch in the military
establishment is the really severe conflict of interests between technophile
civilian managers and planners (usually people from the defense industry or
academic backgrounds) versus the traditional line military officers. When I
give talks about autonomous weapons, automated command and control systems,
AirLand Battle Management, etc., and there are line officers in the audience,
their reaction is almost as viscerally angry as that of peace activists. On
the other hand, my arguments against these systems (which are generally focused
on their risk) are characteristically dismissed by civilian planners and
managers as a smokescreen attempting to hide an agenda of "unilateral
disarmament," with everything that allegedly entails. There is a lot of
self-aware and well-developed antipathy to technical solutions on the part of
the line officers, but not very much awareness of (or apparently even interest
in) this antipathy on the part of civilian managers and planners. This gulf of
communication and the disparity in interests are likely sources of a lot of
confused policies in our military, and confused military policies bear a
significant degree of risk all by themselves.
As an aside, the material I have on the contradictions between AirLand Battle
doctrine's "Auftragstaktik" and the trends in computer systems meant to support
new military doctrine got cut out of *Computers in Battle* because it made my
chapter too long. Most of the material can be found in my two-part article in
the Fall 1985 and Winter 1986 issues of *The CPSR Newsletter*, "AirLand Battle
Doctrine and the Strategic Computing Initiative."
Gary Chapman, Executive Director, CPSR chapman@csli.stanford.edu
------------------------------
End of RISKS-FORUM Digest
************************
-------