Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (08/25/83)
HUMAN-NETS Digest Tuesday, 23 Aug 1983 Volume 6 : Issue 50
Today's Topics:
Computers and People - Personal Information Systems,
News Article - Computer Security
----------------------------------------------------------------------
Date: 23 Aug 1983 0747-PDT
Subject: Computer networks vs. media
From: WMartin at Office-3 (Will Martin)
It seems to me that the intrinsic difference between the current
situation, where people get their information from a variety of mass
media and a relatively limited amount of personal interaction, and a
future situation where the information comes mostly off computer
networks, is not the enhanced ability to manipulate and process that
information, but the feedback mechanisms inherent in the computer
networks.
Right now, if you have the right resources (clipping services,
research staffs, secretaries, cooperative public libraries,
subscriptions to newsletters which summarize current data related to
specific fields, etc.), you can get just about all the advantages that
have been ascribed to computerized processing and extraction of
information from on-line databases. Of course, you have to be rich,
or have a company to support your activities, or be unusually lucky in
the extent of local public library funding and facilities. Having the
computer to do this puts it within the reach of many more people, and,
perhaps, the more computerized data inquiries are made, the more data
will be available on-line so that the searches get better and better
as the process continues.
However, this just puts the same results within the capabilities
of more users. The thing the networks offer that we do not have
now is the ability to contribute; to rebut or contest false or
misleading information, to add comments or bring up points left
uncovered in the original, or to reinforce arguments or
conclusions presented.
To me, this feedback is the key difference, and the primary
improvement provided by moving into this form of information
distribution. I also fear that it is the main reason that the
traditional media will fight this change. They are so used to
having total control of the content of distributed information
that I cannot envision them willingly giving this up. Suppose
you read something in your local newspaper that you strongly
disagree with. What can you do about it? First off, nothing --
any action you could possibly take is too late, no matter how
early you read the item. You can discuss this with people you
know; this usually is worthless, unless your circle includes the
paper's editor(s), or other media people who could broadcast
immediate refutations or otherwise counteract the original
publication of the offending item. You can write a letter to the
editor; this may or may not get published some days later, and,
even if it was, has miniscule effect. (As an aside, does
anyone's local paper do anything with "letters to the editor"
except publish them without comment? Many times I've seen a
letter asking a specific question regarding an earlier article,
and the paper never answers the question along with printing the
letter! What a waste!)
If you felt strongly enough, you could try to buy space in the
paper to carry your own rebuttal, but the paper can choose to
sell you space or not, as it desires, and also controls the
location your space will occupy. In any case, this will appear
some time later, and, in order to let people know what it is you
are rebutting, you have to give more publicity to the original
offending item! (I often feel such actions work more to SUPPORT
the original position than to counteract it!)
With the networks, you have a chance to get your comments, etc.,
included or appended with the original item BEFORE everyone else
has already seen it, if you see it soon after posting. Even if
you see it late, there can be mechanisms that inform those that
read this earlier that a follow-up has appeared. You can see
other contributors' added-on comments before you send yours,
which can reduce duplication and inspire more detail or deeper
probing of the subject.
Essentially, this eliminates editorial control. I can't see any
editor agreeing to this, of course. They all feel that they know
better than the readers, and they have to determine what is
included, what gets more emphasis, and what attitudes to take.
Wiping this out will do more for information interchange than
practically any innovation since printing!
Will Martin
------------------------------
Date: Friday, 19-Aug-83 02:18:39-PDT
From: Lauren Weinstein <vortex!lauren@LBL-CSAM>
Subject: Computer Security
The following wire service item was graciously sent to me by
AMSLER@SRI-AI. I believe it is important enough to be submitted to
this digest, even though it is rather long. Many of you know how I
deplore the way the press tends to handle computer security stories,
particularly in the wake of "Wargames". In most cases, they make
mountains out of molehills, and totally obscure the real issues
involved (e.g. confusing non-secure systems with dialup lines and
secure systems which do not have conventional dialup capabilities).
However, the following story is fairly well written and tells of a
potentially very serious problem. It's the first "computer security"
news item I've ever seen that literally made a chill run down by
spine. I'm afraid that the only way to deal with the sorts of
situations described below, apart from technical means, will be some
vigorous prosecutions of offenders.
--Lauren--
-------
a090 18-Aug-83 18:30
By DENA KLEIMAN
c. 1983 N.Y. Times News Service
NEW YORK - One or more young men, using a home computer to break
into larger ones around the country, gained access to the computerized
radiation-therapy records of cancer patients at Memorial Sloan-
Kettering Cancer Center in Manhattan, hospital officials said
Thursday.
The officials said they were almost certain that none of the
records had been altered and that no treatment had been affected. They
said, however, that they could not entirely rule out those
possibilities.
''They have nothing to gain by getting into the computer, just
thrills,'' said Dr. Radhe Mohan, director of the medical physics
computer service at the hospital, which is on Manhattan's Upper East
Side.
Sloan-Kettering said it became aware of the tampering in June and
notified the police and the Federal Bureau of Investigation. The
hospital even left messages in the computer system begging the
culprits to stop.
In an affidavit made public Wednesday in federal district court in
Milwaukee, the FBI named 21-year-old Gerald R. Wondra of West Allis,
Wis., as a suspect in the case. Wondra has not been charged.
Sloan-Kettering is the latest institution to be identified as a
victim of computer tampering. A loosely knit group of young computer
enthusiasts in Milwaukee - who refer to themselves as the ''414's,''
after that city's telephone area code - has been linked to tampering
with a computer at a government nuclear-weapons laboratory in Los
Alamos, N.M.
According to the federal document, Wondra used an Apple II
computer - which costs about $1,200 - to plug into the hospital's
computer directory through Telenet, a popular computer time-sharing
system used by more than 1,000 companies throughout the country.
Sloan-Kettering subscribes to Telenet, as do the 90 customers who
use the hospital's computer for legitimate medical reasons. Those
customers have secret passwords to give them access to the computer.
How these intruders were able to crack the password system, which
consists of six-letter combinations difficult to determine at random,
remains a mystery.
The first sign that there was something wrong at Sloan-Kettering
came when Chen Chiu, systems manager of the medical physics computer
service, walked into his office on the morning of June 3. The computer
system had broken down briefly the night before, and there was a
record of five new computer users.
Chui deleted those names from the computer file of those
authorized to use the directory. He also changed all the passwords of
those having ''privileged'' access to the computer, which allows a
user to change a patient's records. He thought this would put an end
to it. But it did not.
''When I came back on Monday,'' Chiu said, ''I discovered more
things.''
What Chiu discovered, he said, was that someone had not only
broken into the computer system but had succeeded in reprogramming so
that other users unknowingly revealed their passwords.
Authorized customers would type in their secret passwords, Chiu
explained, and the computer would type back ''User Authorization
Failure.'' When the customer typed the password again, it was
immediately transferred to the intruder. In this way, the intruder had
access to the most-privileged medical records and could have changed
them.
''It was panic,'' Mohan said. ''It meant there was another way to
get into the system. We have some very unusual passwords. There was no
way you could guess them by sheer luck.''
That Monday, Chiu tried to contact the intruder. He wrote a
message.
''I asked him to identify himself and please stop,'' Chiu said.
There was no reply. The next day, an associate tried one last time.
''You have done some harm to our system,'' the message read.
''Please call us and help us repair the damage.''
About an hour later, someone who sounded like a young man called
back.
''He said that he was sorry,'' Chiu said. ''He said he did not
realize he had done any damage and that he would try to help repair
the damage. But when we asked how he got into the system, he refused
[and] asked him not to use any of the accounts and told him that if he
really needed to use the computer we would assign to him a separate
name and password.''
Chiu then asked the caller what password he wanted for his own
use, and the caller told him ''DEMO.'' This password can now be used
to gain access to the computer. Hospital officials repeatedly pleaded
with the intruder to stop and even offered him free use of computer
time provided he did not alter records.
Hospital officials said Thursday that they remained perplexed
about how the intruder had broken into the system and how such
tampering could be prevented in the future.
''What we would like to know is how they got into the system,''
Mohan said. ''No harm was done, but someone who was up to big mischief
could have conceivably caused harm.''
The hospital's computer, a Vax 11-780, which is manufactured by
Digital Equipment Corp., maintains the radiation records of 6,000
current and past cancer patients. The computer keeps a record of the
amount and kind of radiation therapy prescribed for a particular
patient.
The hospital's computer is hooked to the machine that actually
dispenses the radiation and acts as a kind of safety catch for
treatment. Before any radiation is dispensed at the hospital, its
dosage must be consistent with the amount recorded on the hospital
computer.
According to Mohan, the only damage committed by the intruder was
a deletion of records billing customers for use of the computer at an
estimated cost of about $1,500 and ''a lot of anxiety.''
Wondra, the man named in the affidavit, could not be reached
Thursday for comment. When telephone calls were placed to his home, a
woman answered and said he was not home. He did not return repeated
messages.
Chiu said that during the correspndence with the intruder, the
hospital contacted the FBI and the police and a tap was placed on the
call to the hospital. But because the caller was using MCI, an
alternate long distance line, Chiu said, the number could not be
traced.
Since that time, there have been about 20 efforts to make use of
the computer, including once last week. At one point, someone typed a
message to hospital officials naming two youths in the Milwaukee area
as being responsible for the intrusion.
The message read in part: ''This is Dr. Jim Miller. I heard about
your system, and I am interested in knowing what it does.'' He invited
the hopsital to call him and gave what he said was his telephone
number. He also gave what he said was the number of ''the guy who gave
me this account.'' He said that person's name was Steve Rendul.
Chiu said the FBI had pursued these leads, but they had turned out
to be a hoax.
''At this point we're not sure if one person or many people are
involved,'' Mohan said. Referring to the access code, he said, ''He
might have given it to his friends or put it on some bulletin board.''
According to the court affidavit, which was filed by John G.
Sauls, an FBI agent as part of an application for a search warrant,
Wondra and several other individuals were interviewed in connection
with this and other computer-tampering cases and admitted having been
involved.
The affidavit states that Wondra was interviewed on July 28. It
says he conceded that he had made contact with the hospital and had
identified himself as ''the guy who gets on the system.'' When told
that his unauthorized actions had to stop, the document states, he
responded that ''he and his friends would be stopped in a couple of
years by technological improvements in the computer systems.''
The document, however, does not specify how or why Wondra was
approached in the first place.
nyt-08-18-83 2124edt
------------------------------
End of HUMAN-NETS Digest
************************