J Examples of Risks Posed by Unprotected Information
The following cases in which commercial, national security, and other sensitive information was compromised illustrate the variety and seriousness of threats to personal assets and privacy, business interests, and public well-being, among others. No claim is made that cryptography alone could have prevented these violations, but in the instances cited, cryptography might have had some role in protecting information against misappropriation and misuse. As discussed in Chapters 1 and 2, cryptographic technologies are part of an overall strategy to reduce information vulnerability.
J.1 RISKS ADDRESSED BY CRYPTOGRAPHY FOR AUTHENTICATION
• A pair of reporters wrote a controversial book about the hacking activities of a particular group. They subsequently found that their telephone had been "call forwarded" without their permission to another location where callers were greeted with obscenities, and that their Internet mailboxes had been filled with junk e-mail.1 Cryptography for authentication might have reduced the likelihood that the hackers would be able to penetrate the telephone switch servicing the reporters' homes.
• Secret documents belonging to General Motors (GM) containing
1 Philip Elmer-Dewitt, "Terror on the Internet," Time, December 12, 1994, p. 73.
information about a new GM vehicle to be sold in Europe and a top-secret experimental car were seized at an apartment used by a former GM executive who had since joined Volkswagen.2 Cryptography for authentication that created an audit trail might have helped to identify the former executive sooner.
• Insiders at the First National Bank of Chicago transferred $70 million in bogus transactions out of client accounts. One transaction exceeded permissible limits, but the insiders managed to intercept the telephone request for manual authorization.3 Cryptography for authentication might have helped to deny access of the insiders to the telephone request for authorization.
• A Dutch bank employee made two bogus computer-based transfers to a Swiss account, for $8.4 million and $6.7 million, in 1987. Each transfer required the password of two different people for authorization; however, the employee knew someone else's password as well as his own.4 Cryptography for authentication might have hindered the ability of a single individual to pretend that he was the second employee.
• The First Interstate Bank of California received a bogus request to transfer $70 million over the automated clearinghouse network. The request came via computer tape, accompanied by phony authorization forms, and was detected and canceled only because it overdrew the debited account.5 Cryptography for authentication might have demonstrated that the authorization was invalid.
• Forty-five Los Angeles police officers were cited from 1989 to 1992 for using department computers to run background checks for personal reasons.6 Cryptography for authentication might have been part of an audit trail that would have reduced the likelihood of abusing the department's computer system.
J.2 RISKS ADDRESSED BY CRYPTOGRAPHY FOR CONFIDENTIALITY
• According to unclassified sources, a foreign intelligence service conducted signal intelligence (SIGINT) operations against a major U.S. airplane manufacturer, intercepting telemetry data transmitted from an airplane under development during a particular set of flight tests and a
2 See Frank Swoboda and Rick Atkinson, "Lopez Said to Order GM Papers; Volkswagen Denies Receiving Documents," Washington Post, July 23, 1993.
3 See Peter G. Neumann, Computer-Related Risks, Addison-Wesley, Reading, Mass., 1995, p. 166.
4 Neumann, Computer-Related Risks, 1995, p. 168.
5 Neumann, Computer-Related Risks, 1995, p. 167.
6 Neumann, Computer-Related Risks, 1995, p. 184.
video teleconference held among company engineers located at various sites.7 Encryption of the telemetry data and the video conference might have kept sensitive information away from the foreign intelligence service.
• A bounty of $80,000 was reportedly posted on the Internet in 1994 for a notebook computer belonging to any Fortune 100 executive.8 Encryption of the files on the laptop might have helped to keep sensitive information confidential).
• A Green Bay Packer football player was overheard calling a male escort service and making explicit requests.9 A 23-minute conversation allegedly between Princess Diana and a man who called her "my darling Squidge" was taped by a retired bank manager in Oxford and transcribed in The Sun.10 The transcript of that conversation has now been circulated widely. Encryption of these communications would have prevented the disclosure of the information in question.
• In one instance relayed to the committee, a large multinational manufacturer dispatched a salesperson to engage in negotiations with a foreign nation. A laptop computer that carried a great deal of sensitive information relevant to those negotiations was seized by the border authorities and returned to the salesperson three days later. As the negotiations proceeded, it became clear to the salesperson that his opposites had all of the information carried on his laptop. In another instance, a major multinational company with customer support offices in China experienced a break-in in which Chinese nationals apparently copied paper documents and unencrypted computer files. Encryption of the stored files might have reduced the likelihood that the data contained therein would have been compromised.
J.3 RISKS ADDRESSED BY CRYPTOGRAPHY FOR BOTH AUTHENTICATION AND CONFIDENTIALITY
In the following instances, both authentication and confidentiality might have had a useful role to play. Authentication could have been useful to keep intruders out of the computer systems in question, while confidentiality could have helped frustrate their attempt to view or obtain
7 Peter Schweizer, Friendly Spies, Atlantic Monthly Press, New York, 1993, pp. 122-124.
8 Dan Costa, "Not-So-Soft Security," Mobile Office, August 1995, p. 75.
9 John Flinn, San Francisco Examiner, November 1, 1992; see also Neumann, ComputerRelated Risks, 1995, p. 186.
10 Flinn, San Francisco Examiner, 1992; see also Neumann, Computer-Related Risks, 1995, p. 186.
plaintext of information stored on those systems. However, in any individual example, it is not known if cryptographic authentication or encryption was or was not a part of the computer systems or networks that were penetrated.
• A reporter for Newsweek who wrote an article on malicious hacking activities was subjected to an electronic bulletin board trial and pronounced guilty. Subsequently, someone accessed a TRW credit database to obtain and post the reporter's credit card numbers. As a result, $1,100 in merchandise was charged to him, and his home computer was crashed remotely via his unlisted telephone number.11
• An employee of Disney World gained illegal access to Disney computer systems in 1994, reading confidential data files on employees and deleting information from the systems.12
• A major multinational chemical manufacturer headquartered in the United States has deployed an on-line videotext system that contains considerable amounts of proprietary information about processes used by that company. This manufacturer has disconnected one of its plants, located in the Far East, from the videotext network because of evidence that the government of the nation in which the plant is located is both willing and able to tap into this network to obtain valuable information that could be passed on to the manufacturer's foreign competitors.
• The domestic security service of a major Western European nation found information belonging to a major multinational manufacturer headquartered in the United States in the private homes of individuals with no connection to the manufacturer. This information was found marked for sale to a competitor of the manufacturer in question and was apparently obtained through the computer hacking efforts of these individuals.
J.4 RISKS ADDRESED BY CRYPTOGRAPHY FOR DATA INTEGRITY
• A convicted forger serving a 33-year term was released from jail after a forged fax had been received ordering his release. A legitimate fax had been altered to bear his name.13 Cryptography to ensure data integrity might have helped to detect the forgery.
11 Neumann, Computer-Related Risks, 1995, p. 137.
12 Richard Burnett, "More Hackers Speak in Code; Rise in Peeping Toms Alarms Central Florida Businesses," The Orlando Sentinel, July 4, 1994, p. 10.
13 See "Fraudulent Fax Gets Forger Freed," San Francisco Chronicle, December 18, 1991, p. A3.
• A prison inmate gained access to the on-line prison information system and managed to alter his release date. The alteration was detected by a suspicious deputy comparing the on-line entry with manual records, after the inmate had bragged about how he was going to get out early.14 Cryptography to ensure data integrity might have helped to detect the alteration of the files.
14 San Jose Mercury News, December 14, 1984.