RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (02/15/89)
RISKS-LIST: RISKS-FORUM Digest Tuesday 14 February 1989 Volume 8 : Issue 25
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Authenticity in digital media -- electronic time travel (Steve Philipson)
Bogus Frequent Flyer Scheme (Kenneth R. Jongsma [and Dave Curry])
Automatic targeting for Maverick missile (Jon Jacky)
Economics, Engineering and Programming (Jerry Leichter)
RE: ATM Error in Europe (Udo Voges)
Another bank error (Hsiu-Teh Hsieh)
Static Electricity crash (Seth K)
Legal clamp-down on Australian "hackers" (Neil Crellin)
MIT virus paper available for anonymous ftp (Jon Rochlis)
Prospectus for "Computer Viruses" (J Cordani)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).
----------------------------------------------------------------------
Date: Tue, 14 Feb 89 10:18:50 PST
From: Steve Philipson <steve@aurora.arc.nasa.gov>
Subject: Authenticity in digital media -- electronic time travel
Two nights ago I saw a piece on Headline News that has some interesting
implications. It seems Hank Williams Jr. found a previously unknown
recording by his father, the late famed country singer Hank Williams, Sr.
Hank Jr. decided that it would be great to make a new recording as a duet
with his long departed Dad. From the news article, it sounded like the
recording was heavily processed to remove noise and recording artifacts.
In addition, film footage from a very old Kate Smith TV show was heavily
processed to show Hank Sr. singing this song (they implied that he did
NOT perform it on that show), matching mouth movements to the lyrics in
a very convincing manner. They also managed to merge an adult Hank Jr.
into the scene as if he was there when it is was recorded. Quite a feat,
as Hank Jr. was probably about 2 years old (or less) at the time.
The connection with RISKS is that computer/video processing technology
has progressed to the point where seeing is definitely not believing.
Not everyone is aware of this though, so the possibility exists that
public opinion could be manipulated by showing influential people doing
and/or saying things that are solely in the interest of the persons in
control of this technology.
This is probably not new break-through in technology, but it is the
first I've seen of it in national distribution.
Steve
------------------------------
Date: Mon, 13-Feb-89 17:10:18 PST
From: Kenneth_R_Jongsma@cup.portal.com
Subject: Bogus Frequent Flyer Scheme
Our local paper carried the following Associated Press story this evening:
An airline ticket agent piled up 1.7 million bonus air miles via computer
without leaving the ground, then sold the credits for more than $20,000,
according to a published report.
Ralf Kwaschni, 28, was arrested Sunday when he arrived for work at
Kennedy International Airport and was charged with computer tampering
and grand larceny, authorities said.
Kwaschni, a ticket agent for Lufthansa Airlines, used to work for
American Airlines, the Daily News reported today. Police said he used
his computer access code to create 18 fake American Airline Advantage
Accounts - racking up 1.7 million bonus air miles, according to the
newspaper.
All 18 accounts, five in Kwaschni's name and 13 under fake ones, listed
the same post office box, according to the newspaper.
Instead of exchanging the bonus miles for all the free travel, Kwaschni
sold some of them for $22,500 to brokers, who used the credits to get a
couple of first class, round trip tickets from New York to Australia,
two more between London and Bermuda and one between New York and Paris,
the newspaper said. It is legal to sell personal bonus miles to brokers
Port Authority Detective Charles Schmidt said.
Kwaschni would create accounts under common last names, the newspaper
said. When a person with one of the names was aboard an American flight
and did not have an Advantage account, the passengers name would be
eliminated from the flight list and replaced with one from the fake
accounts, the newspaper said.
"As the plane was pulling away from the gate, this guy was literally
wiping out passengers," Schmidt said.
Just continues to show that the greatest security risk is the internal one.
Aside from the obvious mistake of using the same address for all his
accounts, it would be difficult to catch this type of tampering. He was
doing the type of operations that his job requires (adding and deleting
passengers), so one wonders how American caught on.
Ken Jongsma
[Also noted by Dave Curry in the San Jose Mercury News.]
------------------------------
Date: Tue, 14 Feb 89 10:10:14 PST
From: jon@june.cs.washington.edu <Jon Jacky, University of Washington>
Subject: Automatic targeting for Maverick missile
Excerpts from a story in FEDERAL COMPUTER WEEK, 13 Feb 1989, pages 29 and 37:
REDUCING PILOT BURDENS COMES UNDER RAPID FIRE, by Fred Reed
Automatic targeting continues its penetration of the military with the
development of Rapid Fire, an automated fire-control system for the Maverick
air-to-ground missile. The system, from Hughes Aircraft Co., is typical of
approaches now being investigated by many manufacturers of several types of
weapons . ... Maverick is a large anti-tank missile that homes in, by means
of a sensor in its nose, on the infrared radiation emitted by tanks and
other vehicles. ...
According to (Rapid Fire project manager Floyd) Smoller, the processing is
possible with today's computers. Further, processing is less complex than
in full-scale target recognition systems that seek to identify targets with
certainty. ... ``The system does not give a hard and fast discrimination
between tanks and other vehicles,'' Smoller said. ``However, it does favor
tanks, based on variables such as size, aspect ratio and known signature.
It rejects objects in its range that are too large to be vehicles --- roads,
barns and so on. And it ignores fires so you don't shoot at burning tanks
or forests.''
Having found all candidate targets in its field of view, he said, the system
chooses four targets, if the aircraft carries four missiles. ``Then, if the
pilot wants, he can simply fire at the targets or he can change the priority
of the targets. The Air Force never likes to give up the final say on
firing,'' Stoller said. ...
The two trends exemplified by Rapid Fire --- toward integration of computer,
sensors, and weapons and toward increasing automation --- can be seen in many
modern weapons. ... An Air Force spokesman said Rapid Fire seemed to be a good
system but that the Air Force doesn't have a requirement for it now.
Hughes said it is working on an F-16 application to demonstrate Rapid Fire.
The company believes the system will become more important as close air
support grows in importance.'
------------------------------
Date: Tue, 14 Feb 89 12:41 EST
From: "Jerry Leichter (LEICHTER-JERRY@CS.YALE.EDU)"
Subject: Economics, Engineering and Programming
In a recent RISKS, Robert English points out that much of the pressure that
leads to programs being shipped quickly, without extensive testing, is inhe-
rent in the economic structure of the industry.
He's very right. The following passage, forwarded to me by a friend, was
taken from an article entitled "Technology and Competitiveness:" by John A.
Young (who is president and CEO of the Hewlett-Packard Company):
"In today's world, shortening the time between idea stage and finished
product often makes the difference between success and failure. The
high costs of developing new products, the brief time before copies
appear, and the rapid obsolencence make for a short innovation cycle -
often 3 to 5 years (6). A study by the consulting firm McKinsey &
Company demonstrated that for a typical product with a 5-year life
span, a 6 month delay in shipping would reduce after-tax profits by
one third. A 50% development cost overrun, by contrast, would reduce
the after-tax profits by only 3.5% (13)."
bibliography
(6) F. Press, in A HIGH TECHNOLOGY GAP (Council on Foreign Relations,
New York, 1987) pp. 14-15.
(13) D. G. Reinertsen, WHODUNIT? THE SEARCH FOR THE NEW PRODUCT
KILLERS (McKinsey & Company, New York, July 1983).
[taken from THE BENT of Tau Beta Pi - Winter 1989 issue]
Obviously, not everyone considers "6 month delay in shipping" and "50% deve-
lopment cost overrun" as the only two alternatives.
-- Jerry
------------------------------
Date: 02/10/89 09:16:11 CET
From: <IDT766@DKAKFK3.BITNET> ( KFK/KARLSRUHE - Udo Voges )
Subject: RE: ATM Error in Europe (RISKS-8.22)
A similar error happened at the postal banking office in Munich: a wrong tape
was mounted on 5 Jan 89 redoing all monthly transfers due at the end of the
month. The error was discovered (due to customer complains?) and repaired the
next working day (9 Jan) and apologies were mailed.
Udo Voges
------------------------------
Date: Sun, 12 Feb 89 02:02:44 -0800
From: vlsi005@ucscj.UCSC.EDU (Console Cowboy)
Subject: Another bank error
This happened about a year ago in a small local bank which has been
expanding its branches so far. One day I got a letter from a bank (computer
generated one) informing me that my checking account has been closed. This
was a shock to me, considering the fact that I have never requested my
checking account to be closed. When I went to the bank to demand an
explanation for the letter, the manager at the bank called up the central
data processing facility in another location, and here is what she told me:
my checking account was closed because it has not been accessed for 3
months, and since the balance was $0.00. This was correct as far as I knew,
but I have kept the balance in my checking account at $0.00 for over a year
then, since I have a share draft protection which means that whenever there
is not an adequate fund in the checking account, adequate fund are
automatically transferred from my savings account. So to simplify
bookkeeping, I have kept my checking account on balance $0.00 on purpose.
Also, I had considerable fund in my savings account at the time.
Although the bank manager apologized for this error, I have changed to
another bank since then.
Hsiu-Teh Hsieh, Univ. of Calif., Santa Cruz
------------------------------
Date: Mon Feb 13 14:16:22 1989
From: sethk@sco.UUCP
Subject: Static Electricity crash
Jeffrey Mogul (mogul@decwrl.dec.com) mentioned the following in RISKS-8.21:
> In RISKS 8.18, Jeff Makey writes about a PDP-11/40 that could be
> crashed by walking across the room and kicking the console terminal,
> thereby transferring a static charge to the console and the CPU. (...)
> If a PC were this sensitive to static, typewriters would still be big sellers.
Ever since SCO made the big conversion off of PDP-11/44's and on to PC's,
we have been plagued by crashes due to static. While some machines seem
more prone to this problem than others, it seems that any PC with a
cartridge tape drive has the potential of crashing when the tape is
inserted (and the correct conditions for static electricity exist).
The policy recommended for those who handle backups here is to ground
yourself to the chassis of the machine before/during insertion of the tape.
I do not plan to sell my manual Olivetti typewriter yet.
-Seth (sethk@sco.COM)
------------------------------
Date: Tue, 14 Feb 89 19:11:12 +1100
From: Neil Crellin <neilc@natmlab.dms.oz.au>
Subject: Legal clamp-down on Australian "hackers"
(Reproduced from The Financial Review, Feb 14th, 1989)
Clamp on computer hackers, by Julie Power
Federal Cabinet is expected to endorse today draft legislation
containing tough penalties for hacking into Commonwealth computer systems.
It is understood that the Attorney-General, Mr Lionel Bowen, will be
proposing a range of tough new laws closely aligned with the recommendations
of the Attorney-General's Department released in December. Mr Bowen
requested the report by the Review of Commonwealth Criminal Law, chaired by
Sir Harry Gibbs, as a matter of urgency because of the growing need to
protect Commonwealth information and update the existing legislation.
Another consideration could be protection against unauthorised
access of the tax file number, which will be stored on a number of
Government databases.
If the report's recommendations are endorsed, hacking into
Commonwealth computers will attract a $48,000 fine and 10 years
imprisonment. In addition, it would be an offence to destroy, erase,
alter, interfere, obstruct and unlawfully add to or insert data in a
Commonwealth computer system.
The legislation does not extend to private computer systems.
However, the Attorney-General's Department recommended that it would
be an offence to access information held in a private computer via a
Telecom communication facility or another Commonwealth communication
facility without due authority.
Neil Crellin, CSIRO Maths and Stats, Sydney, Australia. (neilc@natmlab.oz.au)
PO Box 218, Lindfield, NSW 2070. (ph) +61 2 467 6721 (fax) +61 2 416 9317
------------------------------
Date: Tue, 14 Feb 89 18:11:49 EST
From: Jon Rochlis <jon@ATHENA.MIT.EDU>
Subject: MIT virus paper available for anonymous ftp
The MIT paper on the Internet virus of last Novemember, "With Microscope and
Tweezers: An Analysis of the Internet Virus of November 1988", is now
available via anonymous ftp from either bitsy.mit.edu (18.72.0.3) or
athena-dist.mit.edu (18.71.0.38) in the pub/virus directory as mit.PS (and
mit.PS.Z). A version of this paper will be presented at the 1989 IEEE
Symposium on Research in Security and Privacy.
-- Jon
Abstract:
In early November 1988 the Internet, a collection of networks consisting of
60,000 host computers implementing the TCP/IP protocol suite, was attacked
by a virus, a program which broke into computers on the network and which
spread from one machine to another. This paper is a detailed analysis of
the virus program itself, as well as the reactions of the besieged Internet
community. We discuss the structure of the actual program, as well as the
strategies the virus used to reproduce itself. We present the chronology of
events as seen by our team at MIT, one of a handful of groups around the
country working to take apart the virus, in an attempt to discover its
secrets and to learn the network's vulnerabilities.
We describe the lessons that this incident has taught the Internet community
and topics for future consideration and resolution. A detailed routine by
routine description of the virus program including the contents of its built
in dictionary is provided.
------------------------------
Date: 12 Feb 89 17:08:00 EDT
From: "CORDANI, LTC J/A914-2469474" <cordani@pentagon-opti.army.mil>
Subject: Prospectus for "Computer Viruses"
1. Dr. J Cordani, at Adelphi University, and E. Rustadt, at Pace University
propose to bring out a collection of articles on the subject of computer
viruses for the academic and research community.
2. We envision a volume of 10 to 20 articles, each 10 to 30 pages in length.
We will attempt to cover the field of viruses in historical, social, ethical,
economic, and technical areas.
3. We envision a section as introduction, theory, classifications, life
cycles, epidemiology, countermeasures, economic and social issues, law,
beneficial uses, the future.
4. As a member of this forum, I know of few more fruitful media in which to
search for participants.
5. I should be most happy to discuss participation in the project with those
interested.
Dr. John Cordani Schools of Business Adelphi University Garden City, NY 11530
(516) 663 1182
(My host system will be down from Feb 17 to Feb 24 from maint problems.)
------------------------------
End of RISKS-FORUM Digest 8.25
************************
-------