RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (10/21/88)
RISKS-LIST: RISKS-FORUM Digest Thursday 20 October 1988 Volume 7 : Issue 66
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
British computer calls Northern Ireland a "Region Unknown" (John Murray)
"Brain" virus shows up in Hong Kong (Dave Horsfall)
A Credit Card Fraud (Brian Randell)
Nausea-inducing propellor (Mike Trout)
Re: Ear-itating performance (Jan Wolitzky, Ken Johnson)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) /
get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95).
----------------------------------------------------------------------
Date: 20 Oct 88 18:25:36 GMT
From: johnm@amdahl.uts.amdahl.com (John Murray)
Subject: British computer calls Northern Ireland a "Region Unknown"
Paraphrased from The Irish Times (Dublin), Oct 15 1988:
'A computer error resulted in the gross domestic product of Northern
Ireland being underestimated by more than 10 percent between 1983 and
1986. [A spokesperson for the Northern Ireland Economic Council] said
that the sluggishness evidenced by the statistics "could have under-
mined the confidence of potential investors".'
. . . . 'Over 70 percent of the North's GDP consists of estimates of
income [which] are calculated at Newcastle-on-Tyne [England] from
income tax returns and information in the Dept. of Health & Social
Services. It appears that between 1983 and 1986 an error in the
computer programme responsible for extracting the relevant data cate-
gorised a growing number of earners in the North as "region unknown".'
[Further discussion follows about how the error may have supplemented
the region's other problems.]
------------------------------
Date: Tue, 18 Oct 88 13:34:27 est
From: Dave Horsfall <dave@stcns3.stc.oz.au>
Subject: "Brain" virus shows up in Hong Kong
On the off-chance that you haven't had enough of virus reports, here's
another one from Computing Australia, 17th October, 1988:
``HK consultants hit by overseas virus
A leading firm of financial consultants has become the first main-
stream business in Hong Kong to be affected by a computer virus.
The Business International consultancy reported last week the "Brain"
virus -- well-known elsewhere in the world, but never before seen
in Hong Kong -- had appeared on some disks. ... BI was playing down
the significance of the find last week, with a company spokeswoman
saying the virus had not reappeared and that no data had been lost.''
The article goes on further to discuss the origin of the Brain virus,
and makes the amazing observation "[it] does not destroy data, but
scrambles it beyond recognition". I dunno, I would certainly regard
data "scrambled beyond recognition" as being "destroyed".
Dave Horsfall (VK2KFU), Alcatel-STC Australia, dave@stcns3.stc.oz
dave%stcns3.stc.OZ.AU@uunet.UU.NET, ...munnari!stcns3.stc.OZ.AU!dave
------------------------------
Date: Tue, 18 Oct 88 11:51:07 +0100
From: Brian Randell <B.Randell@newcastle.ac.uk>
Subject: A Credit Card Fraud
This story, from Saturday's Guardian newspaper, comes from what sounds like an
interesting study of computer-related crime. It is reprinted here in full,
without permission. (The # sign is used to represent the pounds sterling sign.)
The risk in the particular fraud described would appear to have arisen - said
he with 20:20 hindsight, but no personal expertise in credit card fraud
- because of the latencies in, and inadequacies of, the means by which input
validity checks were performed.
Brian Randell
#9M Credit Card Fraudster Cleans Up With a Full House
[by] Peter Large
Technology Editor
[Guardian, 15 Oct. 1988, p.11]
Credit card companies were robbed of #6 million to #9 million within two weeks
by an eight stage, one-man fraud. The recipe used was this:
1: Take a mortgage on a house that has already changed hands once in the past
five years.
2: Advertise a bogus job overseas at a juicy salary (that brings 4,000
replies).
3: Send the job applicants a form demanding the same details as those required
for a credit-card application.
4: The hard work: transfer that information to the application forms of
several smallish credit-card and store-card operators, forging the signatures
and substituting the address of the safe house for the real address (that
ensures that any check with the electoral roll draws a blank, without
indicating a bogus applicant).
5: The fast work: spend or draw cash to the maximum possible - and within one
day - on each card as it arrives at the safe house.
6: To outpace the tracing, complete the operation within two weeks, even though
there are still many cards to spare.
7: Disappear.
8: Don't pay for the advert.
The case - he was never caught - was reported yesterday in the BIS group's
annual study of computer-related crime. Bill Farquhar, co-author of the report,
said the crime was discovered, much too late, when a clerk entering details
into a computer noted the same handwriting on different applications from the
same address.
Mr Farquhar said #3 million was traced from bank to building society to another
bank, before it was transferred abroad. But the total take was at least #6
million and probably #9 million, he said. The police found an empty house
carpeted with cards.
The report shows how computer fraud is spreading: the 225 cases traced by BIS
in the past year netted an average of #389,000, compared with #31,000 in 1983.
BIS reckons 90 per cent of computer crime is not reported by firms - or not
traced at all.
Firms so fear the publicity that some give the criminals golden handshakes and
glowing references to pass on to their next victim."
[Also noted by blf@scol.uucp]
------------------------------
Date: 17 Oct 88 18:35:47 GMT
From: miket@brspyr1.brs.com (Mike Trout)
Subject: Nausea-inducing propeller (Re: RISKS DIGEST 7.64)
In RISKS-FORUM Digest Volume 7 : Issue 64, Marshall Jose discusses how an
unwanted 28 kHz spike at a Stevie Wonder tour was inducing irritability and
impatience among artists, crew, and audience. Our illustrious moderator Peter
also mentioned how the anapest beat of a particular rock tune could cause
alarming physical effects on certain people.
This brings to mind the story of the infamous XF-84H, an airplane whose tale
appears every now and then in rec.aviation. You may remember the old F-84
Thunderstreak/flash/whatever; in those days jet engines left a great deal to be
desired in both maximum power output and reliability. Accordingly, somebody
got the bright idea of putting a super turboprop on the front of an F-84.
Tests showed the plane (designated the XF-84H) to have lots of reliable power
and acceleration, but there was an unexpected side effect nobody predicted:
ground crews working with the XF-84H began suffering from uncontrollable
nausea. The cause was traced to the plane's monstrous propeller blades, which
of necessity were spinning at supersonic speeds and apparently setting up some
physiologically harmful harmonics. The project was scrapped; the only XF-84H
built is on display at some AFB in California, I believe.
There seems to be little hard data in circulation about this project; it is
mentioned briefly in various authoritative publications but the details are
always sketchy. Some questions that come to mind: What kind of harmonics
would induce nausea, rather than something like irritability as in the Stevie
Wonder 28 kHz spike? Why was the pilot apparently not affected? Why is nausea
NOT induced by other supersonically-spinning propellers (which occasionally
crop up on various general aviation aircraft)? I'm sure that USAF and Republic
Aviation reports on this incident exist somewhere; anybody know any more?
~~~~~~~~~~~~~~~~~~~~~~~~~Michael Trout (miket@brspyr1)~~~~~~~~~~~~~~~~~~~~~~~~~
BRS Information Technologies, 1200 Rt. 7, Latham, N.Y. 12110 (518) 783-1161
------------------------------
Date: Mon, 17 Oct 88 08:59 EDT
From: wolit@research.att.com
Subject: Re: Ear-itating performance
For one of his tours, Stevie Wonder contracted with Northwest Sound
to build a set of PA speakers of extraordinary capability -- response
nearly flat out to 45 kHz, etc. . . . .
Finally, during one show, one of the sound guys was examining
the audio spectrum analyzer screen, and mistakenly pushed the 20 kHz -
200 kHz range button instead of the 2 kHz - 20 kHz button. Imagine
his alarm at the sight of a potent 28 kHz component, the product of
all the synthesizers' DAC update clocks. . . . .
If the DAC clock rate was 28 KHz, the synthesizers' Nyquist frequency (the
highest frequency that could be reproduced) would have been only 14 KHz,
which is pretty crummy and wouldn't have required a fancy sound system.
Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit
(Affiliation given for identification purposes only)
------------------------------
Date: Tue, 18 Oct 88 17:56:23 EST
From: JOHNSON%FOR3083.ISSC@ISEC-OA.ARPA
Subject: Ear-itation
FROM: KEN JOHNSON GRC, ROOM D253 EXT.233
Subject: Ear-itation
A few years back , some pseudoscientists expressed a concern that the
"anapestic" beat was so counter to the natural beat of the heart that
the hearer's health and proper heart-functioning could be threatened
by hearing this beat. In other words, when the thumping "We Are the
Champions" anapestic (and irritating) beat is heard at sporting events,
there is a major health risk! Bah, I say!
Concerning the 28K Hz problem - aren't we continually bombarding
animals with much higher hearing ranges (dogs, birds(?), bats) with
sounds in the post-20K Hz range? And does Stevie Wonder, with a
higher dependence on his sense of hearing, notice the irritating
noises more than the person with normal senses?
------------------------------
End of RISKS-FORUM Digest 7.66
************************
-------