Category Archives: History

History, Security

Restitution for Hacks

Leave a comment

I wrote earlier about a recent decision on computer fraud related to ATMs. I did a little history reading to jog my memory and see if I could figure out what about the case sounded familiar. I found Section 6-1 of my HP-UX System Security Manual, from October of 1989, with the following warning:

The U.S. Computer Security Act of 1987 casts new urgency on computer security in all business segments. It stipulates that if financial loss occurs due to computer fraud or abuse, the company, not the perpetrator, is liable for damages. Thus, ultimate responsibility for safeguarding information lies with individual businesses themselves.

Ronald Reagan’s Computer Security Act (CSA) was repealed by FISMA in 2002. Could it be relevant to today’s attacks?

The CSA was a reaction to the news of computer attacks in the early 1980s, especially by seven teenagers from Milwaukee. An eager Congressman from Kansas (Glickman) called House hearings that pointed out attacks were successful mostly because of weak and default passwords as well as of missing patches.

Here’s an amusing excerpt from InfoWorld in 1983:

…the FBI had implied that [a perpetrator] had violated the law when he sent electronic mail on the Telenet network. “We weren’t even aware that using the [stolen] passwords was illegal” he said.”

Obviously attacks have not changed much. What really has changed is restitution.

The major difference from pre-CSA regulation to today seems to have more to do with the liability of an attacker to pay for restitution than with any radical shift in system vulnerabilities.

Note the details in a case earlier this year. A man in New Hampshire was set to pay restitution of more than $2 million and forfeit another $8 million after running a four-year malware operation.

PALA and his co-conspirators infected German citizens’ computers with a program that would force the computers’ telephone modems to surreptitiously dial premium telephone numbers rented from German telephone companies by PALA’s co-conspirators. …from 2003 through 2007, PALA made approximately $7,941,336 from the computer hacking conspiracy. PALA also allegedly failed to pay approximately $2,287,993 in income taxes during this time.

Modems? He was expected to pay a hefty restitution to the IRS for undeclared profits from (unauthorised) dial-up fees.

Another interesting restitution case earlier this year was in Massachusetts, where a prisoner hacked the common computers and then was ordered to pay to protect the identity of other inmates.

Souter conceded that individual current and former employees could have paid for their own credit monitoring when they learned of the hacking, “but this in no way diminishes the reasonableness of the Facility’s investigation prompted by the risk that its security failure created.”

[Retired U.S. Supreme Court Associate Justice David] Souter rejected Janosko’s timeliness argument. “An employer-victim contemplating the resolution of a charge like the one here could be expected to press the prosecutor to demand any terms that would be necessary to make the members of the employer’s workforce whole, and a credit check even up to the moment of a plea agreement would therefore be timely,” he wrote.

The BofA case thus fits the trend of ordering a hefty restitution award from perpetrators. Unlike the time of the CSA the laws now seem headed towards large recovery awards, which some argue are disincentives to attackers. Hopefully the restitutions will not prematurely reduce the pressure to enhance technical controls.

History, Poetry, Security

UK Surveillance of WWII German POWs Reveals Private Beliefs

Leave a comment

There is a fascinating new twist for historians interested in German culture during the Second World War.

When German historian Sönke Neitzel ran across a bundle of documents in Britain’s National Archives in 2001, he could hardly believe his eyes: He had found transcripts of conversations between German soldiers secretly recorded while they were being held as prisoners of war during World War II. These were private conversations between soldiers who didn’t know that a third party was listening to and transcribing their every word.

Their British and American captors had hoped these conversations would provide them with militarily useful information. But they learned little about weapons depots or secret weapons. Most of what the transcripts reveal is what everyday life is like for the foot soldiers in a war, as they fight, kill, and die.

“I’ve developed the need to throw bombs,” reads one passage. “It sends tingles up your spine, it’s an awesome feeling. It’s just as good as shooting someone.”

I am curious if any poetry was found in these transcripts. So far I have not found any mention of it.

The real twist in this story comes when the historian and a psychoanalyst try to portray all war as equally criminal due to the requirement to kill.

According to Neitel and Welzer, there were without a doubt some committed Nazis among German soldiers during World War II, whose convictions told them that killing Jews was the right thing to do. But these, they say, were in the minority.

They also argue that the acts of violence committed under the Nazi regime were no more violent than those committed anywhere else. They believe that an ideology, such as Nazism is not the biggest factor that leads to atrocities. Instead, they say, it is a military values system that turns men into murderers.

It sounds like an anti-war argument. Regardless of motive, it fails a simple philosophy sniff test.

First of all, they use the term “minority” to call out “committed Nazis” so they obviously use some sort of criteria to distinguish their values from other soldiers. This alone proves that not all soldiers are equal-minded in war. From there it is just a matter of finding the right test pattern to identify exceptions to the rule.

Second, they say an ideology is separate and distinct from a military values system. They equate the latter to a job. While it is tempting to accept this analogy, and think of soldiers simply as professional killers, that would be an overly simplistic view of management ethics.

Take butchers, for example. Kosher butchers, Halal butchers…they too are professional killers but their ideology and their value system are not so easily separated. They use concepts and definitions of humane killing. Remove the religious foundation and replace it with health codes or even family traditions and you still will find ideology mixed with values and regulated by management.

Third, military values systems are not all historically equal. Historic comparisons often bring up stark differences in treatment of prisoners, to name one obvious example. The British definitely did not have the most humane military value system in their conflicts but the fact that we can differentiate them at all proves the point.

So Neitel and Welzer can claim that all killing in war is equally criminal, but that seems to me to be a hypothesis built upon their own views and personal definition(s) of atrocity. Others may approach the topic with the philosophy of finding the differences in self-defense versus aggression, for example.

And I suspect that German soldiers serving in Afghanistan today probably resent being linked to the military values system under Nazi rule. Military values across different eras have some things in common but that does not make them equal.

History, Security

USAID sends Elmo to Pakistan

Leave a comment

You might have noticed my post the other day about USAID.

The agency is “waiving” iPads through security requirements straight into field use by government officials.

I wondered what they possibly could be doing with the iPads, besides trying to annoy Secretary of State Clinton. Now I get it. They have drafted Elmo into service.

U.S. officials are taking a different approach, hoping that “Sesame Street” can instill education values in very young Pakistani children, arming them with the learning tools to fend off extremism later in life.

[…]

The format will be largely the same as the U.S. version, with each episode highlighting one letter and number for children to learn. Like the U.S. version, the program will also have strong female characters, with the subtle aim of promoting tolerance and gender equality. But it’s not slated to touch on any political themes outright.

Slated to touch? If that’s not a giant hint, I don’t know what is. Elmo needs a distribution channel. I mean how will Elmo reach all those impressionable children across rural Pakistan?

Obviously iPads (slates with touch) will be dropped from the sky. Elmo will be playing on them as they fall, saying “I come without any political themes outright”.

This sounds a lot like the modern equivalent of Para leer al Pato Donald (How to Read Donald Duck) published in Chile in 1972

…the world shown in the comics [sent to Latin America from the US], according to the thesis, is based on ideological concepts, resulting in a set of natural rules that lead to the acceptance of particular ideas about capital, the developed countries’ relationship with the third world, gender roles, etc.

Phase two, after the youth Elmo-isation is complete, US soldiers will deploy in Elmo suits to blend in and win local support.


Look Mr. Chief! Look Everybody! Elmo is your friend!