Updated 4 April 2003

3 April 2003

Introductory note published 26 February 2003 at http://cryptome.org/pacc.htm

The court's order of 21 February 2003, gagging public disclosure of Citibank's crypto vulnerabilities:


18 February 2003

To: ukcrypto@chiark.greenend.org.uk
Subject: Citibank tries to gag crypto bug disclosure
Date: Thu, 20 Feb 2003 09:57:34 +0000
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Citibank is trying to get an order in the High Court today gagging public disclosure of crypto vulnerabilities: http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_gag.pdf I have written to the judge opposing the order: http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_response.pdf The background is that my student Mike Bond has discovered some really horrendous vulnerabilities in the cryptographic equipment commonly used to protect the PINs used to identify customers to cash machines: http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-560.pdf These vulnerabilities mean that bank insiders can almost trivially find out the PINs of any or all customers. The discoveries happened while Mike and I were working as expert witnesses on a `phantom withdrawal' case. The vulnerabilities are also scientifically interesting: http://cryptome.org/pacc.htm For the last couple of years or so there has been a rising tide of phantoms. I get emails with increasing frequency from people all over the world whose banks have debited them for ATM withdrawals that they deny making. Banks in many countries simply claim that their systems are secure and so the customers must be responsible. It now looks like some of these vulnerabilities have also been discovered by the bad guys. Our courts and regulators should make the banks fix their systems, rather than just lying about security and dumping the costs  on the customers. Curiously enough, Citi was also the bank in the case that set US law on phantom withdrawals from ATMs (Judd v Citibank). They lost. I hope that's an omen, if not a precedent ...

These are the documents banned by the High Court.

Date Document URL Size
19 February 2003 Gagging Order http://cryptome.org/gag/gagging-order-X.pdf 121KB
19 February 2003 "Decimalisation Table Attacks for PIN Cracking," Mike Bond and Piotr Zielinski, Cambridge University http://cryptome.org/gag/PIN-Cracking.pdf 135KB
19 February 2003 Host Security Module, RG7000, Operations and Installations Manual, 1270A513, Issue 3 http://cryptome.org/gag/HSM_I&O_Manual_1270A513-3.pdf 949KB
202 pp.
19 February 2003 Host Security Module, RG7000, Programmer's Manual, 1270A514, Issue 3 http://cryptome.org/gag/HSM_Programmers_Manual_-1270A514-3.pdf 1.22MB
289 pp.
19 February 2003 "API-Level Attacks on Embedded Systems," Mike Bond and Ross Anderson, Cambridge University http://cryptome.org/gag/API-Attacks.pdf 129KB
19 February 2003 "Attacks on Cryptoprocessor Transaction Sets," Mike Bond, Cambridge University http://cryptome.org/gag/Attacks-on-Crypto-TS.pdf 167KB
19 February 2003 "PIN Recovery Attacks," Jolyon Clulow http://cryptome.org/gag/Clulow.pdf 313KB
18 February 2003 Notice of Gagging Order http://cryptome.org/gag/notice-of-gagging-order.pdf 75KB
23 January 2003 Adrian Walker (Citibank/Diners Club Vice President) Affidavit http://cryptome.org/gag/Adrian_Walker.pdf 347KB
23 January 2003 Allen Mortlock (Citibank/Diners Club Business Development) Affidavit http://cryptome.org/gag/Allen_Mortlock.pdf 333KB
23 January 2003 Donald Jardine (Microswap Programmer) Affidavit http://cryptome.org/gag/Donald_Jardine.pdf 171KB
23 January 2003 Michael Bird (RELAY and INTERCHANGE Programs Developer) Affidavit http://cryptome.org/gag/Michael_Bird.pdf 468KB
23 January 2003 Michael Davidson (Standard Bank of South Africa Computer Software Consultant) Affidavit http://cryptome.org/gag/Michael_Davidson.pdf 176KB
23 January 2003 Michael Pinoock  (Standard Bank of South Africa Information Security Consultant) Affidavit http://cryptome.org/gag/Michael_Pinoock.pdf 156KB
23 January 2003 Michelle Eriksen (Standard Bank of South Africa PIN Manager) Affidavit http://cryptome.org/gag/Michelle_Eriksen.pdf 366KB
23 January 2003 Pieter Pretorius  (Standard Bank of South Africa Information Technology Consultant) Affidavit http://cryptome.org/gag/Pieter_Pretorius.pdf 421KB
20 January 2003 Proceedings 1 http://cryptome.org/gag/proceedings1.pdf 3.52MB
20 January 2003 Proceedings 2 http://cryptome.org/gag/proceedings2.pdf 4.28MB
20 January 2003 Proceedings 3 http://cryptome.org/gag/proceedings3.pdf 3.22MB
20 January 2003 Proceedings 4 http://cryptome.org/gag/proceedings4.pdf 1.52MB
28 November 2002 Petrus Bonfrer (The Trust Bank of South Africa IT Department) Affidavit http://cryptome.org/gag/bonfrer_affidavit.pdf 1.44MB
26 November 2002 Craig Bond (Citibank/Diners Club Director) Affidavit http://cryptome.org/gag/craig-bond-affidavit.pdf 1.45MB
26 November 2002 Craig Bond (Citibank/Diners Club Director) Reply Affidavit http://cryptome.org/gag/craig-bond-reply-affidavit.pdf 1.21MB
26 November 2002 Defendants Anil Singh and Vanithra Singh Affidavit 2 http://cryptome.org/gag/def-affidavit-2.pdf 374KB
26 November 2002 Defendants Anil Singh and Vanithra Singh Affidavit http://cryptome.org/gag/defendants-affidavit.pdf 381KB
26 November 2002 Plaintiffs Rule 366 Reply http://cryptome.org/gag/plaintiffs-rule366-reply.pdf 1.63MB
26 November 2002 Ross Anderson (Cambridge University) Affidavit http://cryptome.org/gag/rja-affidavit.pdf 732KB
26 November 2002 Proceedings September 2002 http://cryptome.org/gag/proceedings-sep02.pdf 2.79MB