Updated 4 April 2003
3 April 2003
Introductory note published 26 February 2003 at http://cryptome.org/pacc.htm
The court's order of 21 February 2003, gagging public disclosure of Citibank's crypto vulnerabilities:
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/citibank_order.pdf
18 February 2003
To: ukcrypto@chiark.greenend.org.uk
Subject: Citibank tries to gag crypto bug disclosure
Date: Thu, 20 Feb 2003 09:57:34 +0000
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Citibank is trying to get an order in the High Court today gagging public disclosure of crypto vulnerabilities: http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_gag.pdf I have written to the judge opposing the order: http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_response.pdf The background is that my student Mike Bond has discovered some really horrendous vulnerabilities in the cryptographic equipment commonly used to protect the PINs used to identify customers to cash machines: http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-560.pdf These vulnerabilities mean that bank insiders can almost trivially find out the PINs of any or all customers. The discoveries happened while Mike and I were working as expert witnesses on a `phantom withdrawal' case. The vulnerabilities are also scientifically interesting: http://cryptome.org/pacc.htm For the last couple of years or so there has been a rising tide of phantoms. I get emails with increasing frequency from people all over the world whose banks have debited them for ATM withdrawals that they deny making. Banks in many countries simply claim that their systems are secure and so the customers must be responsible. It now looks like some of these vulnerabilities have also been discovered by the bad guys. Our courts and regulators should make the banks fix their systems, rather than just lying about security and dumping the costs on the customers. Curiously enough, Citi was also the bank in the case that set US law on phantom withdrawals from ATMs (Judd v Citibank). They lost. I hope that's an omen, if not a precedent ...
These are the documents banned by the High Court.
| Date | Document | URL | Size |
| 19 February 2003 | Gagging Order | http://cryptome.org/gag/gagging-order-X.pdf | 121KB |
| 19 February 2003 | "Decimalisation Table Attacks for PIN Cracking," Mike Bond and Piotr Zielinski, Cambridge University | http://cryptome.org/gag/PIN-Cracking.pdf | 135KB |
| 19 February 2003 | Host Security Module, RG7000, Operations and Installations Manual, 1270A513, Issue 3 | http://cryptome.org/gag/HSM_I&O_Manual_1270A513-3.pdf | 949KB 202 pp. |
| 19 February 2003 | Host Security Module, RG7000, Programmer's Manual, 1270A514, Issue 3 | http://cryptome.org/gag/HSM_Programmers_Manual_-1270A514-3.pdf | 1.22MB 289 pp. |
| 19 February 2003 | "API-Level Attacks on Embedded Systems," Mike Bond and Ross Anderson, Cambridge University | http://cryptome.org/gag/API-Attacks.pdf | 129KB |
| 19 February 2003 | "Attacks on Cryptoprocessor Transaction Sets," Mike Bond, Cambridge University | http://cryptome.org/gag/Attacks-on-Crypto-TS.pdf | 167KB |
| 19 February 2003 | "PIN Recovery Attacks," Jolyon Clulow | http://cryptome.org/gag/Clulow.pdf | 313KB |
| 18 February 2003 | Notice of Gagging Order | http://cryptome.org/gag/notice-of-gagging-order.pdf | 75KB |
| 23 January 2003 | Adrian Walker (Citibank/Diners Club Vice President) Affidavit | http://cryptome.org/gag/Adrian_Walker.pdf | 347KB |
| 23 January 2003 | Allen Mortlock (Citibank/Diners Club Business Development) Affidavit | http://cryptome.org/gag/Allen_Mortlock.pdf | 333KB |
| 23 January 2003 | Donald Jardine (Microswap Programmer) Affidavit | http://cryptome.org/gag/Donald_Jardine.pdf | 171KB |
| 23 January 2003 | Michael Bird (RELAY and INTERCHANGE Programs Developer) Affidavit | http://cryptome.org/gag/Michael_Bird.pdf | 468KB |
| 23 January 2003 | Michael Davidson (Standard Bank of South Africa Computer Software Consultant) Affidavit | http://cryptome.org/gag/Michael_Davidson.pdf | 176KB |
| 23 January 2003 | Michael Pinoock (Standard Bank of South Africa Information Security Consultant) Affidavit | http://cryptome.org/gag/Michael_Pinoock.pdf | 156KB |
| 23 January 2003 | Michelle Eriksen (Standard Bank of South Africa PIN Manager) Affidavit | http://cryptome.org/gag/Michelle_Eriksen.pdf | 366KB |
| 23 January 2003 | Pieter Pretorius (Standard Bank of South Africa Information Technology Consultant) Affidavit | http://cryptome.org/gag/Pieter_Pretorius.pdf | 421KB |
| 20 January 2003 | Proceedings 1 | http://cryptome.org/gag/proceedings1.pdf | 3.52MB |
| 20 January 2003 | Proceedings 2 | http://cryptome.org/gag/proceedings2.pdf | 4.28MB |
| 20 January 2003 | Proceedings 3 | http://cryptome.org/gag/proceedings3.pdf | 3.22MB |
| 20 January 2003 | Proceedings 4 | http://cryptome.org/gag/proceedings4.pdf | 1.52MB |
| 28 November 2002 | Petrus Bonfrer (The Trust Bank of South Africa IT Department) Affidavit | http://cryptome.org/gag/bonfrer_affidavit.pdf | 1.44MB |
| 26 November 2002 | Craig Bond (Citibank/Diners Club Director) Affidavit | http://cryptome.org/gag/craig-bond-affidavit.pdf | 1.45MB |
| 26 November 2002 | Craig Bond (Citibank/Diners Club Director) Reply Affidavit | http://cryptome.org/gag/craig-bond-reply-affidavit.pdf | 1.21MB |
| 26 November 2002 | Defendants Anil Singh and Vanithra Singh Affidavit 2 | http://cryptome.org/gag/def-affidavit-2.pdf | 374KB |
| 26 November 2002 | Defendants Anil Singh and Vanithra Singh Affidavit | http://cryptome.org/gag/defendants-affidavit.pdf | 381KB |
| 26 November 2002 | Plaintiffs Rule 366 Reply | http://cryptome.org/gag/plaintiffs-rule366-reply.pdf | 1.63MB |
| 26 November 2002 | Ross Anderson (Cambridge University) Affidavit | http://cryptome.org/gag/rja-affidavit.pdf | 732KB |
| 26 November 2002 | Proceedings September 2002 | http://cryptome.org/gag/proceedings-sep02.pdf | 2.79MB |