[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [courtfiling-process] Security of court orders [corrected version]
I
apologize for the reposting but it has come to my attention that one of the
links in the previous version did not work as intended. Also I did not want to
leave an impression that I endorsed a critical editorial opinion from SANS which
I deleted from this final version. Thanks for your
understanding.
<JM>[Note: For those not comfortably familiar with the technology being discussed,
please visit http://www.law-on-line.com/tutorial1.htm
for a description of encryption processes generally. Signatures and hashes
begin at http://www.law-on-line.com/tutorial3.htm,
and there is a glossary of terms available. An interactive quiz applies the
concepts to examples and hypotheticals. Some people who have used
it reported finding the explanations at the site extremely useful to get a
handle on the processes
involved.]
As I
understand the
described system by John Aerts, Gary Poindexter,
and Jim Keane, a hash of an order is
obtained and stored in a database. The relational association in the database between a username and a stored
hash is considered a "signature" since the judge
provided a password to submit the order to the system understanding that
the submission was an act of signature and the association between the
user's identity and the hash of an order in the database evidences the intended
signature.
I agree with Charles Gillam of
ContentGuard in his posting where he points out
"I have heard of persons entering
systems and placing unauthorized material there." Other responses I have
received stress the vulnerability of the database and the network as a source of
concern, and the ease of spoofing a judge's IP address (if IP addresses are
used) was also specifically mentioned as another potential security threat by
one knowledgeable
expert...
The security of the
database against attack is important since as Gary Poindexter points out,
the hash or message digest can be generated by anyone through use of the hashing
algorithm, which unlike encryption keys, is available generally to anyone. With
it, anyone can generate a hash of a file. SHA-1 referenced by John
Aerts is a commonly used hashing algorithm. The intentionally free availability
of hashing resources creates a possibility of an intruder replacing a
genuine hash in the database with another one of his or her making, thus
tricking the system into believing a judge signed an order other than the one
originally submitted.
Such an attack requires an ability to break-in to the
network and database to effectuate the substitution.
There is a recent case documented of such an
actual break-in and alteration of court
records in Riverside, CA, which led
to the conviction of two consultants. They pled guilty and were sentenced to nine years apiece.
The incident is cause for concern about the
architecture and process described by John Aerts, Gary Poindexter,
and Jim Keane.
Here is some of the
media web coverage.
</JM>
==========================================================================
"-- Two Men Sentenced for Altering Data in California Court Computer System (7 February 2003) Two hackers have pleaded guilty to breaking into Riverside County (CA) court computer system and altering data to make it appear charges had been dismissed in a number of cases, including one against one of the hackers. The two obtained access to the system through a password one of them had copied while working as an outside consultant to a local police department. William Grace and Brandon Wilson were each sentenced to nine years in prison. http://www.msnbc.com/news/870163.asp?0dm=C17LT [Editor's Note (Ranum): {<JM>redacted</JM>} (Grefer): This incident may serve as a timely reminder to our readers to implement (and test) a policy of regular password changes.]" ================================================
<JM>Some of the details of
how the attacks were made and discovered can be found at http://www.sachitechcops.com/news1115.htm
I have excerpted from the story by William Overend, of the Los Angeles Times: </JM> "Most recently, the San Diego task force was called to help solve a Riverside County case that had court officials puzzled. Employees had noticed that bail amounts had been reduced to zero in some cases and future court dates had been deleted. Investigators logged on to the computer system and began watching it around the clock, said the task force leader, Michael Groch. 'The investigators could see the suspect activity while it was taking place,' Groch said. 'Eventually, it turned out to involve a man with considerable computer skills.' According to investigators, Brandon Wilson and William Grace cracked into the county's court computer system 72 times, altering Wilson's records and those of four other people to make it appear that their cases had been closed. Charges included possession of illegal drugs and weapons, failure to appear in court, driving under the influence, and manufacturing and importing weapons. Officials say Wilson changed the records to show that the charges had been dismissed. Wilson also changed drug and gun charges for one woman, and traffic charges for a man, investigators said. Wilson also was charged with altering the records of an accused embezzler and another man charged with driving under the influence. Facing 216 felony counts each since their arrest in June, Wilson and Grace have pleaded not guilty and await trial in Riverside County." <JM>[Since the time the article was written they reportedly pled guilty and were sentenced. See earlier quoted article from SANS.]</JM> "Morgester said one problem in past computer crime cases has been a history of light sentences. In addition, many prosecutors are reluctant to pursue them because they are often complex and pose difficult jurisdictional problems. A criminal can touch victims thousands of miles away. 'An old adage in law enforcement is, 'If it doesn't bleed, it isn't a crime,' Morgester said. As with the state's other task forces in San Jose, Napa, Los Angeles and San Diego, the Sacramento office is a mix of top electronics experts and cops pulled from other duties." <JM>[The story goes on to note the paucity of criminal investigators for such cases, which raises a possibility of other, undetected such cases.]</JM> "By Dec. 31 this year, we estimate we will have 12,000 identity theft cases in Los Angeles alone. We have 11 investigators to handle them." . ===============================================================================
<JM>Assuming proper security
of a single court's database, the EFSP model envisioned by LegalXML which
is being pursued more aggressively in this era of budgetary shortfalls,
greatly complicates the security issues. Not only do courts need to be concerned
with their own security, they need to be mindful of the security of the EFSP's
with whom they interact on a regular basis (which may be multiple
EFSP's where interoperable vendor systems access the court) and of any
private lawfirms whose CMS systems may be automatically be updated by objects
that communicate between an EFSP and an outside party. An attacker may be
able to find a back door into the network at any vulnerable point and work
backwards into the systems to reach the databases. The security issues are
likely to increase dramatically as the infrastructure develops and
matures.
I am the liasion between the LegalXML CourtFiling
TC and the DSS (Digital Signature Services) TC of Oasis. A digital signature
service includes a web service that affixes a digital signature on behalf
of a requestor. This is much like the hash + database example that is discussed
in the postings from John Aerts, Gary Poindexter, and Jim Keane, but it adds an
additional feature. Not only is the hash extracted and saved, but the hash is
encrypted with a private asymmetric key. (An encrypted hash is the digital
signature itself).
An added advantage is that an encrypted hash is much
harder to forge than a hash itself because one generally lacks the
private encryption key, which unlike the hashing algorithm, is not freely
available but is unique, guarded and hidden.
In fact if one reads the SHA-1
description closely, SHA-1 is designed primarily as a basis for digital
signature creation and verification, and the use of SHA-1 as a substitute for
digital signatures is not an intended use. See John Aert's citation of
authority:
Again, for those to whom the
technology discussion is confusing, please consider visiting the tutorial
that begins at http://www.law-on-line.com/tutorial1.htm
Mo Abdulaziz' court, the Arizona Court of
Appeals, Division Two, captures and saves the hash and digitally signs
submissions for this very reason.
It can be relatively easy
transition from a hash only system to a DSS that also uses digital signatures,
and the potential security advantages may be very important. There are other
enhancements and configurations possible, including having the Clerk's
office act as a DSS in its historic role of authentication of judicial orders,
but they can be discussed off-line if anyone is interested in pursuing such a
discussion
A DSS avoids having to have end users each
obtain, master, and use their own encryption keys and digital certificates,
while still using digital signatures for security. It occupies an area somewhere
between a hash-only system and full blown pki. Something like a DSS is probably
indispensible for EFSP's, who may be far more attractive litigation
targets than a court itself, which may (but not always) benefit from
sovereign immunity against liability.
The other part of the security picture is
a continuing analysis of the threat and attack points to compromise a network
and access the database. In this regard, the determination noted by Jim
Keane of the DOJ that the hash-only practice of the federal courts did not
compromise the secure DOJ network is more a statement about the interface
between the two and the overal security of the DOJ network than it may be an
approval of a particular hashing and storage method used by the
federal courts.
I think the security issues outlined in
the postings, including this one, deserve top priority by LegalXML Court Filing
and this subcommittee in particular.
Thanks and as always best
regards.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]