risks@CSL.SRI.COM (RISKS Forum) (12/07/90)
RISKS-LIST: RISKS-FORUM Digest Monday 6 December 1990 Volume 10 : Issue 65
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
[*** NOTE: CSL.SRI.COM OFF THE AIR FRI/SAT/...; PHYSICALLY MOVING. ***]
[*** NEXT ISSUE: ``Computers at Risk'' and ``Computers Under Attack'' ***]
A fondness for turkeys (Pete Mellor)
Heads-up "Holograms" of Runways to assist in landings? (Richard Wood)
Airline safety (John Sullivan)
As the spacecraft turn (Steve Bellovin)
NeXT microphone problem? (E. Loren Buhle, Jr.)
Risks of global networking (Hank Nussbacher)
Technological Risk, by H.W. Lewis (Jake Livni)
Hackers Accessed NASA's Phones (anonymous)
Hacker view of the "Legion of Doom" sentencing in Atlanta (Emmanuel Goldstein)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM.
FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>; j is TWO digits. Vol summaries in
risks-i.00 (j=0); "dir risks-*.*<CR>" gives directory; bye logs out.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Sun, 2 Dec 90 09:14:27 PST
From: Pete Mellor <pm@cs.city.ac.uk>
Subject: A fondness for turkeys [No Thanksgiving for bad systems?]
Sitting up late one night last week, I caught the re-broadcast in the UK of the
US news program "60 minutes".
One of the items was about ADATS, a tank-based anti-helicopter missile system,
meant to be effective in conditions of poor visibility (e.g., Iraqi sandstorms),
and reckoned to be essential against such things as the HIND killer-chopper
(of which Iraq is rumoured to have 40 or so). It is, or rather was, being
developed by Oerliken of Switzerland. However, they have pulled out, and (I
think) the completion of the system is now directly managed by the DoD.
This follows cancellations by several potential customers: Germany, Holland,
Saudi Arabia, etc. Only the US and Canada still seem to be interested.
It is strongly supported by some military people, e.g., General Granrod (? -
Sorry, there were no subtitles, so I wasn't able to get the correct name of
everyone interviewed, and I have no idea what any of the acronyms stand for.),
who said it had exceeded its requirements in field trials. Convincing film was
shown of it shooting a parked helicopter off the top of a tower, and then
firing a missile in a corkscrew spiral ending in the nearest bit of shrubbery.
A strong feeling of deja vue then descended, as it turned out that this system
is (you've guessed it!) highly computerised.
There seem to have been a few unfortunate hitches in its development:-
Originally estimated at $7 billion, its cost has now reached $12 billion and
is rising fast. Protests from parts of Congress on behalf of the US taxpayer
are the main reason for its current notoriety.
It is late. Certainly too late for the gulf. After having been under
development for years, it is still at least 5 years from delivery.
Its requirements seem, err..., less than adequately related to the real world.
It uses laser to track its target. This is not a bright idea for an all-weather
system. "You don't see through clouds with a laser.", one commentator said.
"You don't even see into them very far!" The missile tracks the laser beam.
Once off the beam, there is no way it can get back on (a possible explanation
for the impressive exercise in hedge-trimming). The chopper pilot knows (in
something as sophisticated as the HIND) that he is being scanned, and has 30
seconds to do something about it, like dodge behind the nearest hill, which is
a fairly effective protection against a line-of-sight system like ADATS. There
is also the minor problem that the computer system can't tell friend from foe.
Reliability is a problem. Although the producers of the programme didn't seem
to have a very clear idea of the difference between reliability,
maintainability, and availability, a number of people made statements to the
effect that the availability of the system is 40%. The system is thought to be
so complex that its reliability may never reach an acceptable level.
"Pilots are cautious people." remarked one interviewee. "If they find they're
under attack from something like ADATS, they'll simply go away and come back
when the system isn't working."
Why does this situation arise so often in modern weapons system development?
- There is a school of thought which believes that complex electronic systems
are, or can be made, the answer to everything in modern warfare.
- Military careers are made on the backs of projects like ADATS. For those
involved, there is no advantage in cancellation, even if it doesn't work.
To get the troops something they can use is at most the third priority.
(Senator Chuck Bernard).
Why is the US military persisting with ADATS?
As the senator said: "In this country, we seem to like turkeys!"
Peter Mellor, Centre for Software Reliability, City University, Northampton Sq.,
London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 p.mellor@uk.ac.city (JANET)
------------------------------
Date: Thu, 29 Nov 90 17:39:03 PST
From: rwood@vajra.pa.dec.com
Subject: Heads-up "Holograms" of Runways to assist in landings?
Summarized from: {Business Week Nov 19, 1990}
Seattle's fog is legendary, but from now on it will not delay as
many flights as it has in the past. Seattle-Tacoma International
Airport is the first to win approval for takeoffs guided by new
technology that lets a pilot see in thick fog. Developed by
Flight Dynamics Inc., Portland OR, the system is similar to the
heads-up display in jet fighters. A transparent screen flips down
inside the windshield, and holographic images of the runway's
center line and horizon are projected onto it. Thanks to special
optical tricks, the images appear to be in front of the plane,
where the real runway is. Alaska Airlines has been using the
system for landings for the past year, but until now, the Federal
Aviation Administration would not allow its use for takeoffs if
visibility dropped below 600 feet.
Richard Wood Corporate Worksystems Team Digital Equipment Corp.
------------------------------
Date: Tue, 4 Dec 90 11:36:13 CST
From: sullivan@poincare.geom.umn.edu
Subject: Airline safety
This week's Economist has an article about airline safety, reminding us
(as the Northwest crash yesterday did) that two-thirds of all accidents
happen in the 5% of a flight around take-off and landing.
Although three-quarters of accidents are blamed on
pilots' errors, pilots can be "set up" for an accident by many
things, such as confusing instructions from air-traffic
controllers or by picking the wrong switch in a badly designed cockpit.
The article focuses on four recommendations from Boeing for increased safety.
None of them relates specifically to computer risks, though they all seem
related to the safety and privacy concerns we have often discussed in RISKS.
1. Pilots should calculate before takeoff a "decision speed" at which
takeoff can continue even with engine loss (rather than aborting and
possibly going off the end of the runway). Such accidents are rare,
but in 2/3 of the cases, the pilot is found later to have made the
wrong decision.
2. Install new Ground Proximity Warning Systems (GPWS):
Early GPWS systems can be unreliable and are prone to giving false
alarms. ... this means they eventually get ignored--or disconnected.
Pilots can easily turn them off in the cockpit.
3. Install more ILS (Instrument Landing Systems) at airports.
This would encourage fewer "nonstabilised" approaches at high speed.
4. Make more use of flight-data recorder (black box) info, which could be
"highly valuable for training". This "final suggestion is controversial"
although already used by some airlines in Europe. The Economist closes:
[T]here is opposition from some pilots and their unions.
They reckon that the recorders--which also make a tape of
flight-deck conversations--could become a "spy" in the cockpit.
Passengers might think that a good idea.
John Sullivan
------------------------------
Date: Wed, 05 Dec 90 11:09:41 EST
From: smb@ulysses.att.com
Subject: As the spacecraft turn
This doesn't appear to be a very good week for computers in space... I'll let
others tell the myriad stories about what's going on with the space shuttle's
telescopes, but a lot of the problems appear to be computer-related. For
example, one attempt to fix some star tracker problems involved patching some
software, because the tracker was more sensitive than thought. Unfortunately,
the patch was loaded into the wrong computer.
On another (orbital) plane, Magellan lost several mapping orbits worth of data
because of a data entry error. It seems that the commands downloaded
(uploaded?) didn't have the required blank delimiters; consequently, the
orbiter correctly rejected the entire sequence.
--Steve Bellovin
------------------------------
Date: Tue, 27 Nov 90 12:56 EDT
From: "E. Loren Buhle, Jr. [215-662-3084]" <BUHLE@xrt.upenn.edu>
Subject: NeXT microphone problem?
THIS MESSAGE DEALS WITH A POSSIBLE "RISK" PERTAINING TO CONTROL OF THE INTEGRAL
MICROPHONE IN THE LATEST NeXT MACHINE.
FIRST, SOME DESCRIPTION:
The newest NeXT machine has a microphone in the lower left portion of the CRT
console (embedded in the plastic frame of the CRT). This integral microphone is
an important input device for the voice annotation software running on the
NeXT. It comes with all new NeXT machines. The software interface on the NeXT
presents the user with keys corresponding to a tape recorder (e.g. record,
stop, rewind, play, etc.). The user hits the record button, speaks for any
length of time, hits stop, rewind, play and hears the conversation that was
recorded to a disk file (and played back) . . . . very nice touch!
The operating system on the NeXT machine is Mach UNIX, a multiuser environment.
NOTHING APPEARS TO PREVENT REMOTE OPERATION OF THE MICROPHONE. There is NO
INDICATION ON THE FRONT OF THE NeXT MACHINE THAT THE MICROPHONE IS LIVE OR
DEAD! (Remember Ronald Reagan's problems with "supposedly dead" microphones?)
Here is a scenario: A remote user turns on the microphone on the NeXT,
recording the voice to a file (locally or remotely). Any sound in the proximity
of the NeXT CRT is recorded. This file containing the conversation is then
played back on a remote NeXT. Voila, a built-in office bug! While it can be
argued that control of the microphone is by the console, anyone with superuser
privs can undoubtable find a workaround.
On the old (1988 vintage) NeXT box, the microphone was plugged into a jack on
the back. Unplugging the microphone removed this problem. Cumbersome, but very
effective. The new microphone is built into the CRT case. It is not trivial to
detach/attach at will.
So what can be done? One possibility would be to have a physical LED turn on
whenever the microphone was active. This LED would be physically wired to the
microphone and NOT be under program control. This possibility assumes the
people carrying on the conversation are looking at the NeXT console. . . .
Thoughts?
Dr. E. Loren Buhle, Jr. INTERNET: BUHLE@XRT.UPENN.EDU
University of Pennsylvania School of Medicine Phone: 215-662-3084
Rm 440A, 3401 Walnut St., Philadelphia, PA 19104-6228 FAX: 215-349-5978
------------------------------
Date: Wed, 28 Nov 90 09:45:05 O
From: Hank Nussbacher <HANK@BARILVM.BITNET>
Subject: Risks of global networking
Over the past few months I have noticed upon occasion files that appear in our
system that arrive from a fellow Bitnet system named NCCIBM1. The files always
remain in the RSCS print queue since they are destined for the system printer.
I always purged them, since there was never any indication that they were
intended for any user on our system - BARILVM (Bar-Ilan University in Israel).
This past week I decided to track down the people at NCCIBM1 and find out why
we are getting their job outputs. NCCIBM1 (USA Environmental Protection Agency
in North Carolina) determined that their JES system has BARILVM listed as node
#178. They also have a remote printer listed as #178. Rather than typing R178
for her output JCL, the user made a mistake and typed N178 - which sent the
output to Israel rather to some printer in North Carolina.
Is this a risk of computer networking? I bet over the past year there has been
a very irate user in North Carolina trying to find her job outputs. All she
had to do was hop on a plane and fly a few thousand miles to find her MVS
output. :-)
Hank Nussbacher, Computer Center, Bar Ilan University
------------------------------
Date: Wed, 28 Nov 90 21:39:35 EST
From: Jake Livni <jake@bony1.bony.com>
Subject: Book Review - Technological Risk by H. W. Lewis
In the Sunday New York Times book review section (Nov. 25, 1990), there was a
review of:
Technological Risk
by H. W. Lewis
353 pp. New York
W. W. Norton & Company. $22.95
According to the reviewer, it seems to be an interesting and surprising view of
risks in technology. The author, "a physicist at UCSB", shows that many
technological risks are overshadowed by similar natural risks and that concern
over technological disasters may be overdone.
I haven't seen this book, so I'm just notifying you about the article / review.
------------------------------
Date: Thu, 6 Dec 1990
From: [anonymous]
Subject: ``Hackers Accessed NASA's Phones''
Today's AP wire, datelined HOUSTON, and reported in the Houston Chronicle,
noted that computer intruders have stolen some $12 million in free telephone
service through Johnson Space Center... That figure was calculated from costs
of similar break-ins described by law enforcement agents specializing in
computer crime. A long-distance credit card number was used, as well as NASA's
phone lines. The credit card fraud was discovered by AT&T when use of the
number exceeded typical patterns. An earlier report, on 17 Nov 90, noted that
phone service worth millions had been similarly obtained from the Houston
offices of the Drug Enforcement Administration. Both cases involved intrusions
to the Federal Telephone System, which apparently has little or no
accountability.
------------------------------
Date: Fri, 30 Nov 90 01:00:21 pst
From: emmanuel@well.UUCP (Emmanuel Goldstein)
Subject: Hacker view of the "Legion of Doom" sentencing in Atlanta
The following is from the forthcoming Autumn 1990 edition of 2600, The Hacker
Quarterly. We would appreciate it being distributed to as many interested
people as possible. We consider this to be a very major and very frightening
issue. If there are any questions or comments, we can be reached at
2600@well.sf.ca.us or (516) 751-2600.
Emmanuel Goldstein, Editor, 2600 Magazine
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Over the past year there has been a great deal of publicity concerning the
actions of computer hackers. Since we began publishing in 1984 we've pointed
out cases of hackers being unfairly prosecuted and victimized. We wish we could
say things were getting better but we cannot. Events of recent months have made
it painfully clear that the authorities, above all else, want to "send a
message". That message of course being that hacking is not good. And there
seems to be no limit as to how far they will go to send that message.
And so we come to the latest chapter in this saga: the sentencing of three
hackers in Atlanta, Georgia on November 16. The three, Robert Riggs (The
Prophet), Frank Darden, Jr. (The Leftist), and Adam Grant (The Urville) were
members of the Legion of Doom, one of the country's leading hacker "groups".
Members of LOD were spread all over the world but there was no real
organization, just a desire to learn and share information. Hardly a gang of
terrorists, as the authorities set out to prove.
The three Atlanta hackers had pleaded guilty to various charges of hacking,
particularly concerning SBDN (the Southern Bell Data Network, operated by
BellSouth). Supposedly Riggs had accessed SBDN and sent the now famous 911
document to Craig Neidorf for publication in PHRACK. Earlier this year,
BellSouth valued the document at nearly $80,000. However, during Neidorf's
trial, it was revealed that the document was really worth $13. That was enough
to convince the government to drop the case.
But Riggs, Darden, and Grant had already pleaded guilty to accessing
BellSouth's computer. Even though the facts in the Neidorf case showed the
world how absurd BellSouth's accusations were, the "Atlanta Three" were
sentenced as if every word had been true. Which explains why each of them
received substantial prison time, 21 months for Riggs, 14 months for the
others. We're told they could have gotten even more.
This kind of a sentence sends a message all right. The message is that the
legal system has no idea how to handle computer hacking. Here we have a
case where some curious people logged into a phone company's computer
system. No cases of damage to the system were ever attributed to them. They
shared information which we now know was practically worthless. And they
never profited in any way, except to gain knowledge. Yet they are being
treated as if they were guilty of rape or manslaughter. Why is this?
In addition to going to prison, the three must pay $233,000 in restitution.
Again, it's a complete mystery as to how this staggering figure was arrived at.
BellSouth claimed that approximate figure in "stolen logins/passwords" which we
have a great deal of trouble understanding. Nobody can tell us exactly what
that means. And there's more. BellSouth claims to have spent $1.5 million
tracking down these individuals. That's right, one and a half million dollars
for the phone company to trace three people! And then they had to go and spend
$3 million in additional security. Perhaps if they had sprung for security in
the first place, this would never have happened. But, of course, then they
would have never gotten to send the message to all the hackers and potential
hackers out there.
We think it's time concerned people sent a message of their own. Three young
people are going to prison because a large company left its doors wide open and
doesn't want to take any responsibility. That in itself is a criminal act.
We've always believed that if people cause damage or create a nuisance, they
should pay the price. In fact, the LOD believed this too. So do most hackers.
And so does the legal system. By blowing things way out of proportion because
computers were involved, the government is telling us they really don't know
what's going on or how to handle it. And that is a scary situation.
If the media had been on top of this story and had been able to grasp its
meaning, things might have been very different indeed. And if BellSouth's gross
exaggerations had been taken into account at the sentencing, this injustice
couldn't have occurred. Consider this: if Riggs' sentence were as much of an
exaggeration as BellSouth's stated value of their $13 document, he would be
able to serve it in full in just over two hours. And the $233,000 in
restitution would be under $40. So how much damage are we really talking about?
Don't look to BellSouth for answers.
In early 1991, the three are to begin their sentences. Before that happens, we
need to reach as many people as possible with this message. We don't know if it
will make a difference in this particular case if the general public,
government officials, and the media hear this side of the story. But we do
know it would be criminal not to try.
------------------------------
End of RISKS-FORUM Digest 10.65
************************