As you may already have heard via the popular press, First Virtual Holdings has developed and demonstrated a program which completely undermines the security of every known credit-card encryption mechanism for Internet commerce. This is a very serious matter, and we want to make sure that the Internet community is properly informed about the nature of the problem that we have uncovered, and the manner in which we have made the information known. In this (unavoidably lengthy) post, I will try to explain the nature of the problem and its implications for Internet commerce. In deference to those who are not technically oriented, the detailed explanation of how the attack works will be the LAST part of this message.

First of all, let me be perfectly clear about the nature of the problem we have exposed. It is NOT a bug in a single program, and it is therefore NOT something that can be fixed with a "patch" or any other kind of software upgrade. Instead, we have demonstrated a very general attack that undermines ALL programs that ask users to type a credit card number into their home computer. We have tested the program and confirmed that it undermines the security of the credit card encryption software from Netscape and Cybercash, and we expect that it will work similarly for ANY future software based on the encryption of credit card numbers on the desktop. Quite simply, we believe that this program demonstrates a FATAL flaw in one whole approach to Internet commerce, and that the use of software to encrypt credit card numbers can NEVER be made safe. For consumers, we recommend the following simple rule:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

We should also be clear about the Internet commerce mechanisms that are NOT affected by this problem. First Virtual is unaffected because we never ask the user to put a credit card number at risk by typing it into a computer. Hardware-based solutions can also be devised that are immune to this attack, including solutions based on smart cards and solutions based on "card swipe" machines in the home. We believe that current digital cash solutions are also not vulnerable to this attack, although some variants of digital cash may be vulnerable to a similar form of attack. Commerce mechanisms based on the use of telephones or fax machines to transmit credit card numbers are also unaffected by this kind of attack. Other proposed commerce mechanisms should, from now on, be evaluated with this kind of attack in mind. The bottom line:

INTERNET COMMERCE CAN BE VERY SAFE, WITH SEVERAL DIFFERENT MECHANISMS, BUT ENCRYPTING CREDIT CARDS ON THE DESKTOP IS NOT ONE OF THE SAFE MECHANISMS.

It's important to understand why we have taken this step. Obviously, as the long-time leaders in Internet commerce, the last thing we would want to do is to undermine general confidence in Internet commerce. However, we realized that many people believed that credit card encryption was a safe and easy path to Internet commerce, and that very few people understood how easily it could be undermined. Upon investigation, we were frankly startled to realize just how easy it was -- a single programmer got the first version of our program running in about a week. Aside from our obvious interest in promoting our own commerce mechanism, we felt that we had an ethical obligation to bring this problem to the attention of the consumers, banks, and other financial institutions who could conceivably suffer catastrophic losses if software encryption of credit card numbers became widespread.

We also realize that we have an obligation to do everything possible to avoid helping any unscrupulous people who might seek to utilize this flaw for malicious purposes. We have accordingly been extremely responsible in how we have handled our discovery. We first demonstrated and explained our program to vital organizations such as CERT (the Computer Emergency Response Team) and the ABA (American Banking Association). Only after many such private disclosures, none of which revealed any defense against our technique, did we publicly disclose the existence of this program.

In addition, we have taken several steps to "cripple" our demonstration program, all of which will be discussed below. Furthermore, we have NOT made the program itself generally available. We are currently demonstrating it to selected financial institutions and government agencies, and will provide copies of the program only to CERT and a few other independent security-minded organizations. We have also alerted Netscape to the problem as part of their "bugs bounty" program. At some future date, we might conceivably distribute the program, in binary form on CD ROM, to selected financial institutions. The source code will always be very closely guarded. Unfortunately, however, the general method of attack is extremely easy to duplicate, and we don't know of any good way to alert the public to the problem without explaining it.

THE TECHNIQUE

Our basic approach was to write a computer program that runs undetected while it monitors your computer system. A sophisticated version of such a program can intercept and analyze every keystroke, mouse-click, and even messages sent to your screen, but all we needed was the keystrokes. Selectively intercepted information can be immediately and secretly transmitted via Internet protocols, or stored for later use.

First Virtual's research team has built and demonstrated a particular implementation of such a program, which only watches for credit card numbers. Whenever you type a credit card number into your computer -- even if you are talking to "secure" encryption software -- it captures your card number. Our program doesn't do anything harmful with your credit card number, but merely announces that it has captured it. A malicious program of this type could quietly transmit your credit card number to criminals without your knowledge.

The underlying problem is that the desktop -- the consumer's computer -- is not secure. There is no way of ensuring that all software installed on the consumer's machine can be trusted. Given this fact, it is unwise to trust ANY software such as a "secure" browser, because malicious software could have easily been interposed between the user and the trusted software.

The bottom line for consumers is that, on personal computers, INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY. We have dramatically proven that security ends the moment you type sensitive information into your computer. The vulnerability lies in the fact that information must travel from your keyboard, into your computer's operating system, and then to your "secure" application. It can be easily intercepted along the way.

This kind of insecurity is very frightening, and has implications far beyond credit card theft. However, credit cards embody and demonstrate the kind of information that is MOST vulnerable to this kind of attack. Credit card numbers are far more vulnerable to this kind of attack than most other forms of information because of the following particular characteristics of credit card numbers:

• Credit card numbers are easily recognized by simple pattern recognition.
• Credit card numbers are "one way" financial instruments, with no user-level confirmation or verification required for their use.
• Credit card numbers are of direct financial value.

DETAILS: HOW TO TOTALLY UNDERMINE SOFTWARE ENCRYPTION OF CREDIT CARDS

First Virtual's demonstration credit-card interception program, once installed, observes every keystroke that you type, watching for credit card numbers. It recognizes credit card numbers with almost perfect accuracy, because credit card numbers are specifically designed to match a simple, self-identifying pattern, including a check digit. Our program is even smart about punctuation and simple editing functions, so that nearly any credit card number that you type into your computer is immediately recognized as such by this program.

When our program spots a credit card number, it immediately plays a warning sound and pops up a window on your screen, including an iconic representation of the type of credit card that you have just entered, along with a clear explanation of what has just happened. The current program works only on Microsoft Windows (Windows 3.1, Windows NT, and Windows 95), but we believe that it would be simple to implement on Macintosh and UNIX systems as well. The program doesn't exploit any "holes" or bugs in the operating system. It uses existing, necessary operating system facilities which are part of the published Windows API, and which are necessary for the implementation of screen savers, keyboard macros, and other important software packages.

First Virtual's intent is to educate the public, certainly not to endanger it. For that reason, our program incorporates four important precautions intended to prevent any possibility of harm: