RISKS@CSL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (09/25/87)
RISKS-LIST: RISKS-FORUM Digest Thursday, 24 September 1987 Volume 5 : Issue 38
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Computer crash causes ATC delay (Dave Horsfall)
Risks TO Computers: Man Shoots Computer! (Martin Minow)
An Aporkriffle Tail? (Zeke via Martin Minow) (also noted by others)
The naming of names (Dave Horsfall)
Aliases, SINs and Taxes (Robert Aitken)
Risks in the Misuse of Databases (Cliff Jones)
Sprint Sues Hackers (Dan Epstein)
Re: Reach out, touch someone (Bob English)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM.
FTP back issues Vol i Issue j from F4.CSL.SRI.COM:<RISKS>RISKS-i.j.
Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97).
----------------------------------------------------------------------
Date: 24 Sep 87 14:55:54 +1000 (Thu)
From: munnari!astra.necisa.oz!dave@uunet.UU.NET (Dave Horsfall)
To: risks@uunet.UU.NET
Subject: Computer crash causes ATC delay
>From "The Australian", Tuesday Sep 22nd:
"Heathrow crash causes delays (headline)
A software problem last week triggered a computer crash at one of the
world's busiest airports, London's Heathrow, causing delays and diversions
during a peak period.
The main computer at London's Air Traffic Control Centre broke down for
more than three hours at 4.51am on Thursday at a peak period for long-haul
arrivals, a Civil Aviation Authority spokesman said.
He insisted there was no danger but said four flights had been diverted to
other European cities. Engineers spent more than three hours repairing the
computer [system]. The computer at West Drayton, just north of Heathrow,
controls all civilian air traffic movement in England and Wales.
The aviation authority spokesman said while the computer was out of
commission, air traffic controllers had switched to a manual system and
aircraft were ordered to keep a greater separation as a safety precaution."
Comment: why no backup computer?
Dave Horsfall (VK2KFU) ACSnet/CSNET: dave@astra.necisa.oz
NEC Information Systems Aust. ARPA: dave%astra.necisa.oz@uunet.uu.net
3rd Floor, 99 Nicholson St JANET: astra.necisa.oz!dave@ukc
St. Leonards 2064 AUSTRALIA UUCP: {enea,hplabs,mcvax,uunet,ukc}!\
TEL: +61 2 438-3544 FAX: 439-7036 munnari!astra.necisa.oz!dave
------------------------------
From: minow%thundr.DEC@decwrl.dec.com (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922)
Date: 23 Sep 87 14:46
To: risks@csl.sri.com
Subject: Risks TO Computers: Man Shoots Computer!
From the Echoes-Sentines [?], Somerset County, NJ, Sept. 17, 1987:
GILLETTE RESIDENT IS ARRESTED AFTER SHOOTING HIS COMPUTER
PASSAIC TWP. -- A Gillette man was arrested at his home last
Thursday night after he fired eight bullets at his home computer,
according to police.
The man, Michael A. Case, 35, of 64 Summit Ave., was arrested
shortly after 11 p.m., at his house, when police said they received
a report that shots were fired. They arrived at the home to find
a .44 Magnum automatic handgun and a shot-up IBM personal computer
with a Princeton Graphics System monitor.
The monitor screen was blown out by the blasts and its inner
workings were visible, Lt. Donald Van Tassel said on Monday. The
computer, which had bullet holes in its hardware, was hit four times
while four more bullet holes were found in various areas next to the
computer, Van Tassel said.
"The only thing he (Case) said was that he was mad at his computer
so he shot it," Van Tassel said.
The handgun, which the lieutenant identified as an Israeli Arms
Desert Eagle .44, has "a lot of firepower," he said. "It's a big
gun." Case used hollow-point, or dum-dum, bullets, he added.
Case was surprised when police arrested him because he didn't think
he was breaking the law, Van Tassel said. "He couldn't understand
why he couldn't shoot his own computer in his own home," Van Tassel
said.
Case was charged with recklessly creating a risk and using a firearm
against the property of another, because the house is reportedly
owned by a relative. The walls were also damaged by the shots,
according to police.
He was also charged with unlawful posession of a firearm without a
permit, and with possession of illegal bullets, police said.
In addition, Case was issued to summonses, for discharging a weapon
in a restricted area and for discharging a single-projectile weapon,
police said.
Case spent early Friday morning in the Morris County Jail and was
released later in the day on $2,500 bail, according to police.
A Municipal Court appearance is scheduled for today, Sept. 17.
[Strange. I just heard a speaker talking about RIFLING THROUGH FILES,
rather than RIFFLING THROUGH FILES. Prophetic? PGN]
------------------------------
From: minow%thundr.DEC@decwrl.dec.com (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922)
Date: 23 Sep 87 22:01
To: risks@csl.sri.com
Subject: An Aporkriffle Tail? (The Squeal of Porchin'?)
Date: Mon, 14 Sep 87 23:41:57 CDT
Reply-To: ZEKE@ipfrcvm
Sender: BITNIC LINKFAIL List <LINKFAIL@bitnic.bitnet>
From: ZEKE@ipfrcvm
Subject: IPFRCVM downtime
To: LOCAL DISTRIBUTION <LINKFAIL-LOCAL@omnigate.clarkson.edu>
IPFRCVM - Iowa Pig Farm Research Center will be down tomorrow from
20:00-23:00 for system maintenance. Since we are an end node, nobody
will be affected except for us.
It turns out that one of our sows got in through a hole in the wall
and had her litter of piglets under our raised floor. The operator on
duty got quite a scare when he heard a number of squeals. He assumed
we had some massive head crashes and powered down the CPU. Since the
squeals continued, we traced it to a corner under our raised floors.
We will be off the air tonight so that we can power down again and get
the sow and her piglets out from under the floor.
Zeke - System Grunt, IPFRC [Ever litter bit counts!]
------------------------------
Date: 22 Sep 87 08:58:18 +1000 (Tue)
From: munnari!astra.necisa.oz!dave@uunet.UU.NET (Dave Horsfall)
To: risks@uunet.UU.NET
Subject: The naming of names
I just heard a report on the radio this morning, while struggling from the
foggy depths of sleep. It was one of those filler items they use to take
up the space between adverts...
The National Health Service computer in Great Britain sent out letters
to several hundred men, inviting them to make an appointment with their
gynaecologist for a cervical examination. Apparently, the computer used
their first names as the selection basis, and got confused by "foreign"
sounding names, and "androgynous" names (their words) like "Lesley".
The real kicker is that someone actually responded...
Dave Horsfall (VK2KFU) ACSnet/CSNET: dave@astra.necisa.oz
NEC Information Systems Aust. ARPA: dave%astra.necisa.oz@uunet.uu.net
3rd Floor, 99 Nicholson St JANET: astra.necisa.oz!dave@ukc
St. Leonards 2064 AUSTRALIA UUCP: {enea,hplabs,mcvax,uunet,ukc}!\
TEL: +61 2 438-3544 FAX: 439-7036 munnari!astra.necisa.oz!dave
[I imagine there were a lot of acervic responses from insulted males,
as well as requests for appointments that never got kept. Ann Onymous]
------------------------------
Date: Mon, 21 Sep 87 11:35:42 EDT
From: Robert Aitken
<mcgill-vision.UUCP!uhura.ee.mcgill.ca!rob@larry.mcrcim.mcgill.ca>
To: risks@csl.sri.com
Subject: Aliases, SINs and Taxes
The Montreal Gazette reported an interesting problem over the weekend
(9/19/87). It seems that a Ms. Josee Gagnon, a 19 year old student from
Repentigny (near Montreal), had sent in her tax return and expected to get a
modest refund from a summer income of roughly $4000. Revenue Canada informed
her, however, that she owed them an additional $400 in taxes. The tax
department claimed that this was the tax owed on two additional jobs in
Matane, over 300 miles away. Apparently there is another Josee Gagnon, with
the same birthdate, living in Matane, and the government issued the two of
them the same social insurance number (SIN). A Revenue Canada spokesman says
the mixup is due to an "unlikely coincidence".
The newspaper does not identify the cause of the problem, but it appears
that the Canadian government uses name and birthdate to key social insurance
numbers. Perhaps they should think about including birthplace as well.
Rob Aitken, larry.ee.mcgill.ca!spock!rob
------------------------------
Date: Mon, 21 Sep 87 8:14:18 BST
From: Prof Cliff Jones <@NSS.Cs.Ucl.AC.UK,@cs.ucl.ac.uk:cliff@unix.cs.man.ac.uk>
To: risks@csl.sri.com
Subject: Risks in the Misuse of Databases
It might be that my paranoia comes from the title of the article:
"TV cheats uncovered"
The article (in the London Times) runs:
"The Post Office has uncovered the address of every home in Britain
without a television licence as it begins its biggest crackdown
against licence dodgers, it was disclosed yesterday.
An estimated 1.4 million people avoid paying the licence fee each year.
Until now attempts to catch licence dodgers have been hampered by
lack of precise information, but the Post Office has used a
computer system to pinpoint evaders.
A spokesman said: `For the first time the computer now has a record
of every address in Britain without a television licence. There is
no doubt we are closing in on evaders. It may well be a record year
for prosecutions' "
A (simple ?) diff operation between 2 databases and you have it: my name on
a list of potential lawbreakers! (My strange behaviour (not owning a TV)
could be used as evidence for all sorts of other oddities!) I am worried
because I think these databases were not really designed for this purpose.
Cliff Jones, Manchester
------------------------------
Date: Mon, 21 Sep 87 10:26:14 pdt
From: hpperf1!de@hplabs.HP.COM (Dan Epstein)
To: Neumann@csl.sri.com
Subject: Sprint Sues Hackers
I was reading notes, and I came across the following information.
I, however, can not vouch for the accuracy or authenticity.
Dan Epstein, Hewlett-Packard, {hplabs, ucbvax}!hpda!de
Relay-Version: version Notes 2.7.5 (840 Contrib) 87/2/5; site hpcupt1.HP.COM
From: gcm@mtgzz.UUCP (g.c.mccoury)
Date: Wed, 16 Sep 87 20:27:41 GMT
Date-Received: Thu, 17 Sep 87 08:58:32 GMT
Subject: Sprint sues hackers
Message-ID: <3067@mtgzz.UUCP>
Organization: AT&T, Middletown NJ
Path: hpcupt1!hpda!hplabs!sri-unix!husc6!hao!oddjob!gargoyle!ihnp4!homxb!mtuxo!mtgzz!gcm
Newsgroups: att.general,misc.headlines
From Communications Week 8/31/87:
US SPRINT SUES OVER ALLEGED THEFTS
US Sprint Communications Co., Kansas City Mo., late last week
filed federal lawsuits in three states, seeking more than $20
million in damages in connection with an alleged multistate
long distance theft ring. The suits were filed in U.S. district
courts in Kansas City, Seattle and Los Angeles. The thefts
allegedly involved hackers who used computers to identify US
Sprint authorization codes, and individuals and companies that
sold the codes and used them to place unauthorized telephone
calls. Defendants named in the lawsuits are Frederick Deneffe III
and Burton Andrews of the Portland, Ore., area; Paul Lindahl, Ralph
Purdy III and Kenneth Sheridan, all of the San Francisco area; and
Gyan Syal and Karlheinz Mueller of the Los Angeles area. Charges
previously were filed against some of the defendants by federal
authorities. The defendants allegedly did business under various
company names, including Unitel Systems Inc., California Discall Inc.,
and Hello America. US Secret Service agents, with the help of US
Sprint investigators, seized hundreds of illegally obtained US Sprint
authorization codes, along with computer equipment, in a series of
raids in Kansas, California, Washington and Texas. Bernard Bianchino,
the US Sprint attorney heading company actions against such offenders,
said the stolen codes were used to place more than $20 million worth
of long distance calls.
Grover McCoury, ATT IS/Communications Laboratories
------------------------------
Date: Tue, 15 Sep 87 11:49:36 PDT
From: Bob English <lcc.bob@CS.UCLA.EDU>
To: RISKS FORUM (Peter G. Neumann -- Coordinator) <RISKS@csl.sri.com>
Subject: Re: Reach out, touch someone (RISKS 5.32)
> [What will it take before inventors of technology consider
> implications of their work as part of their responsibilities? MS]
Individual action cannot stop these developments; it can at best slow
them. Few technological applications are so remarkable that only one
person could conceive of them. Even if Dr. Man avoided this line of
research, someone else would take it up eventually, someone who either
didn't care about, didn't notice, or sought the Big Brother applications
of this new technology.
This century has seen many successful totalitarian societies, and none
of them needed Dr. Man's devices to function. His devices, while they
may facilitate or strengthen such regimes, will not create them of
themselves. The problem of totalitarianism is a human problem and
requires a human solution.
This is not to say that scientists have no responsibility in these matters.
"Advances" such as Dr. Man's carry with them grave risks, and it is the
responsibility of all people who care about such issues to make sure those
risks are known, and to do what they can to prevent the risks from becoming
realities. Part of that responsibility is to stem the flow of such threats
by avoiding the research that develops them. By doing so, we give society
extra time to learn about and to deal with these threats.
But that will not win the fight. It is only a part of it. --bob--
------------------------------
End of RISKS-FORUM Digest
************************
-------