Received: from doc.ic.ac.uk by swan.doc.ic.ac.uk id <firstname.lastname@example.org>; Fri, 18 Nov 1994 10:54:18 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 18 Nov 1994 10:54: 01 +0000 To: email@example.com From: firstname.lastname@example.org (Chris Moss) Subject: Request for IBM mainframe programmer Message-ID: <"swan.doc.i.922: 220.127.116.11.54.07"@doc.ic.ac.uk> Sender: email@example.com Status: OR I've received an appeal for assistants with IBM mainframe skills (especially assembler and ACF2) from Ross Anderson, a lawyer (I think) with computing skills at Cambridge who has been an expert witness in the appeal for a police officer who complained about 'phantom withdrawals' from an ATM machine and was successfully prosecuted by Halifax building society for fraud. They have now won a disclosure order against Halifax, which will probably not be followed up but if it is, they need help. Consultancy fees will be payable. Most of the details are contained within the (rather long) emails below so I won't repeat them. I think you will see the relevance to the concerns of a computing department. The complacency of the building society is appalling. I might be able to dig up an earlier description of the trial if you're interested. If you or someone you know can help please contact Ross directly (and cc me too please). Chris Moss ------- Blind-Carbon-Copy To: firstname.lastname@example.org Subject: John Munden's appeal Date: Mon, 14 Nov 1994 18:58:06 +0000 From: Ross Anderson Hi folks, The machinery for John Munden's appeal has finally ground into motion, and the case should be heard at Bury Crown Court in Suffolk from the 21st November. John Munden, as you may recall, was one of our local police constables, who complained about six phantom withdrawals on his account with the Halifax Building Society when he returned from holiday in Greece. Their response was to have him prosecuted and convicted for attempting to obtain money by deception. I spoke with John over the weekend and he has lost a lot of weight. He had a burst duodenal ulcer, and his wife Lorraine even attempted suicide. They have been very depressed, but are perking up at the prospect of the appeal. John and Lorraine both send their heartfelt thanks to everybody who wrote in to the chief constable complaining about the verdict. Had it not been for you, he would have lost his job and been evicted from his house; as it is, he is still suspended on full pay, pending the outcome of the appeal. In fact, a new chief constable took office on the 14th February, and your letters started arriving on his desk on the following day. They were his first challenge in office, and he is not at all pleased about how things have turned out. He took the unprecedented step of suspending John rather than throwing him out of the force. Anyway, it is now the Halifax who are making the running for the prosecution. They have just purchased a large report from their external auditors, KPMG Peat Marwick, whose `expert' opinion is that as controls were allegedly in place to prevent all the ATM frauds they can think of, it must have been Munden who did it. This report is understandable, given that their clients are also defending an ATM test case which the Consumers' Association is funding in Scotland, But it avoids discussing the main problems which we pointed out at the trial, such that the Halifax had no quality assurance or computer security management function, and that it did PIN encryption in software (like another UK bank whose own operations staff were responsible for a spate of thefts in 1985). It also avoids discussing the fact that the Halifax has hundreds of other `unresolved' transactions (and has declined to provide details of these). If they get away with it, then there might be no reason for UK banks to buy encryption hardware or security consultancy ever again. Roll-your-own Caesar ciphers will satisfy the requirements of due diligence, and why spend more if customers who complain are dealt with at the expense of the taxpayer rather than the bank? However, the bank security community is not exactly rushing to help. So the trial has all the makings of a serious firefight, and it may well be in Munden's favour to have a computer literate audience. This will not just help impress on the judge (who will be sitting with two stipendiary magistrates) that this is not the proforma appeal of a villain who is chancing his arm, but a serious matter of wide public interest. It will also impress on KPMG that they cannot tell whoppers with impunity. Ross ------- End of Blind-Carbon-Copy To: rja14 Subject: Munden case update Date: Thu, 17 Nov 1994 18:20:53 +0000 From: Ross Anderson Hi folks, We managed to get an adjournment and a disclosure order against the Halifax at a directions hearing this morning. The trial will not now go ahead until at least February. The disclosure order gives me complete access to the Halifax's `computer systems, records and operational procedures'. On the basis of past experience, I would say that it is 80% likely that they will refuse to comply with this order and that Munden's appeal will therefore succeed. However, they have lost considerable face from the incident, and it is possible that they will be stupid enough to tough it out. In order to cover this possibility, I need to recruit assistants with IBM mainframe skills (especially assembler and ACF2). I have not worked in this environment since 1989, so we need some strengthening here. It might also be useful if we had access to a modern mainframe environment, in which - configuration difficulties always permitting - we could test code fragments if need be. We only have a rather ancient 3084 (which is due for the scrapyard next August), so we might not even be able to read a new format MVS/ESA PDS. As for payment, it is possible to charge one's normal consultancy rate once the work starts. However, as Munden is legally aided, payment will be subject to `taxation' - this does not mean Mr Clarke, but is a legal term which means that your payment is subject to review by a special court. You might get about a half of your invoice paid, and about a year late. However, that is just one of the handicaps under which defence experts have to work in this country. If you would like to get involved with this task, then please ship me a CV to put before Munden's solicitor. Please also let me know if you have access to a suitable mainframe, and whether you would be able to assist with visits to assorted sites in Yorkshire, where the bank's own systems are kept, Regards Ross Anderson ------- End of Blind-Carbon-Copy ---------------------------------------------- DOC, Imperial College, 180 Queens Gate, London SW7 2BZ Tel: +44(71)594 8220 ---------- Logic will get you from A to B, but with imagination you can circle the world. A. Einstein.
(Extracted from Risks Digest Volume 18, Issue 25, Friday 12 July 1996.)
At twenty past two today, John Munden walked free from Bury Crown Court. This resolved a serious miscarriage of justice, and ended an ordeal for John and his family that has lasted almost four years. In a judgment loaded with significance for the evidential value of cryptography and secure systems generally, His Honour Justice John Turner, sitting with two assessors, said that `when a case turns on computers or similar equipment then, as a matter of common justice, the defence must have access to test and see whether there is anything making the computers fallible'. In the absence of such access, the court would not allow any evidence emanating from computers. As a result of this ruling, the prosecution was not in a position to proceed, and John Munden was acquitted. John was one of our local policemen, stationed at Bottisham in the Cambridge fenland, with nineteen years' service and a number of commendations. His ordeal started in September 1992 when he returned from holiday in Greece and found his account at the Halifax empty. He complained and was told that since the Halifax had confidence in the security of its computer system, he must be mistaken or lying. When he persisted, the Halifax reported him to the police complaints authority for attempted fraud; and in a trial whose verdict caused great surprise, he was convicted at Mildenhall Magistrates' Court on the 12th February 1994. I told the story of this trial in a post to comp.risks (see number 15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1). It turned out that almost none of the Halifax's `unresolved' transactions were investigated; they had no security manager or formal quality assurance programme; they had never heard of ITSEC; PIN encryption was done in software on their mainframe rather than using the industry-standard encryption hardware, and their technical manager persisted in claiming (despite being challenged) that their system programmers were unable to get at the keys. Having heard all this, I closed my own account at the Halifax forthwith and moved my money somewhere I hope is safer. But their worships saw fit to convict John of attempted fraud - which made the national papers. An appeal was lodged, but just before it was due to be heard - in December 1994 - the prosecution handed us a lengthy `expert' report by the Halifax's accountants claiming that their systems were secure. This was confused, even over basic cryptology, but it was a fat and glossy book written by a `big six' firm with complete access to the Halifax's systems - so it might have made an impression on the court. We therefore applied for, and got, an adjournment and an order giving me - as the defence expert witness - `access to the Halifax Building Society's computer systems, records and operational procedures'. We tried for nine months to enforce this but got nowhere. We complained, and an order was made by the judge that all prosecution computer evidence be barred from the appeal. The Crown Prosecution Service nonetheless refused to throw in the towel, and they tried to present output such as bank statements when the appeal was finally heard today. However, the judge would have none of it. Many thanks to all those who helped, and especially to guys like Brian Randell, Chuck Pfleeger and John Bull who wrote in to the Chief Constable and pointed out that the original judgment was patently absurd. It was largely due to their letters that John was suspended from the force rather than sacked. For the computer security community, the moral is obvious: if you are designing a system whose functions include providing evidence, it had better be able to withstand hostile review. This is understood by designers of forensic systems, and the value of hostile review is also well known to the military and the utilities. But with one or two exceptions - such as SET - the banks are just not on the same planet, and the risk to them should be clear! Ross