Subject: RISKS DIGEST 10.65 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 6 December 1990 Volume 10 : Issue 65 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: [*** NOTE: CSL.SRI.COM OFF THE AIR FRI/SAT/...; PHYSICALLY MOVING. ***] [*** NEXT ISSUE: ``Computers at Risk'' and ``Computers Under Attack'' ***] A fondness for turkeys (Pete Mellor) Heads-up "Holograms" of Runways to assist in landings? (Richard Wood) Airline safety (John Sullivan) As the spacecraft turn (Steve Bellovin) NeXT microphone problem? (E. Loren Buhle, Jr.) Risks of global networking (Hank Nussbacher) Technological Risk, by H.W. Lewis (Jake Livni) Hackers Accessed NASA's Phones (anonymous) Hacker view of the "Legion of Doom" sentencing in Atlanta (Emmanuel Goldstein) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory; bye logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sun, 2 Dec 90 09:14:27 PST From: Pete Mellor Subject: A fondness for turkeys [No Thanksgiving for bad systems?] Sitting up late one night last week, I caught the re-broadcast in the UK of the US news program "60 minutes". One of the items was about ADATS, a tank-based anti-helicopter missile system, meant to be effective in conditions of poor visibility (e.g., Iraqi sandstorms), and reckoned to be essential against such things as the HIND killer-chopper (of which Iraq is rumoured to have 40 or so). It is, or rather was, being developed by Oerliken of Switzerland. However, they have pulled out, and (I think) the completion of the system is now directly managed by the DoD. This follows cancellations by several potential customers: Germany, Holland, Saudi Arabia, etc. Only the US and Canada still seem to be interested. It is strongly supported by some military people, e.g., General Granrod (? - Sorry, there were no subtitles, so I wasn't able to get the correct name of everyone interviewed, and I have no idea what any of the acronyms stand for.), who said it had exceeded its requirements in field trials. Convincing film was shown of it shooting a parked helicopter off the top of a tower, and then firing a missile in a corkscrew spiral ending in the nearest bit of shrubbery. A strong feeling of deja vue then descended, as it turned out that this system is (you've guessed it!) highly computerised. There seem to have been a few unfortunate hitches in its development:- Originally estimated at $7 billion, its cost has now reached $12 billion and is rising fast. Protests from parts of Congress on behalf of the US taxpayer are the main reason for its current notoriety. It is late. Certainly too late for the gulf. After having been under development for years, it is still at least 5 years from delivery. Its requirements seem, err..., less than adequately related to the real world. It uses laser to track its target. This is not a bright idea for an all-weather system. "You don't see through clouds with a laser.", one commentator said. "You don't even see into them very far!" The missile tracks the laser beam. Once off the beam, there is no way it can get back on (a possible explanation for the impressive exercise in hedge-trimming). The chopper pilot knows (in something as sophisticated as the HIND) that he is being scanned, and has 30 seconds to do something about it, like dodge behind the nearest hill, which is a fairly effective protection against a line-of-sight system like ADATS. There is also the minor problem that the computer system can't tell friend from foe. Reliability is a problem. Although the producers of the programme didn't seem to have a very clear idea of the difference between reliability, maintainability, and availability, a number of people made statements to the effect that the availability of the system is 40%. The system is thought to be so complex that its reliability may never reach an acceptable level. "Pilots are cautious people." remarked one interviewee. "If they find they're under attack from something like ADATS, they'll simply go away and come back when the system isn't working." Why does this situation arise so often in modern weapons system development? - There is a school of thought which believes that complex electronic systems are, or can be made, the answer to everything in modern warfare. - Military careers are made on the backs of projects like ADATS. For those involved, there is no advantage in cancellation, even if it doesn't work. To get the troops something they can use is at most the third priority. (Senator Chuck Bernard). Why is the US military persisting with ADATS? As the senator said: "In this country, we seem to like turkeys!" Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 p.mellor@uk.ac.city (JANET) ------------------------------ Date: Thu, 29 Nov 90 17:39:03 PST From: rwood@vajra.pa.dec.com Subject: Heads-up "Holograms" of Runways to assist in landings? Summarized from: {Business Week Nov 19, 1990} Seattle's fog is legendary, but from now on it will not delay as many flights as it has in the past. Seattle-Tacoma International Airport is the first to win approval for takeoffs guided by new technology that lets a pilot see in thick fog. Developed by Flight Dynamics Inc., Portland OR, the system is similar to the heads-up display in jet fighters. A transparent screen flips down inside the windshield, and holographic images of the runway's center line and horizon are projected onto it. Thanks to special optical tricks, the images appear to be in front of the plane, where the real runway is. Alaska Airlines has been using the system for landings for the past year, but until now, the Federal Aviation Administration would not allow its use for takeoffs if visibility dropped below 600 feet. Richard Wood Corporate Worksystems Team Digital Equipment Corp. ------------------------------ Date: Tue, 4 Dec 90 11:36:13 CST From: sullivan@poincare.geom.umn.edu Subject: Airline safety This week's Economist has an article about airline safety, reminding us (as the Northwest crash yesterday did) that two-thirds of all accidents happen in the 5% of a flight around take-off and landing. Although three-quarters of accidents are blamed on pilots' errors, pilots can be "set up" for an accident by many things, such as confusing instructions from air-traffic controllers or by picking the wrong switch in a badly designed cockpit. The article focuses on four recommendations from Boeing for increased safety. None of them relates specifically to computer risks, though they all seem related to the safety and privacy concerns we have often discussed in RISKS. 1. Pilots should calculate before takeoff a "decision speed" at which takeoff can continue even with engine loss (rather than aborting and possibly going off the end of the runway). Such accidents are rare, but in 2/3 of the cases, the pilot is found later to have made the wrong decision. 2. Install new Ground Proximity Warning Systems (GPWS): Early GPWS systems can be unreliable and are prone to giving false alarms. ... this means they eventually get ignored--or disconnected. Pilots can easily turn them off in the cockpit. 3. Install more ILS (Instrument Landing Systems) at airports. This would encourage fewer "nonstabilised" approaches at high speed. 4. Make more use of flight-data recorder (black box) info, which could be "highly valuable for training". This "final suggestion is controversial" although already used by some airlines in Europe. The Economist closes: [T]here is opposition from some pilots and their unions. They reckon that the recorders--which also make a tape of flight-deck conversations--could become a "spy" in the cockpit. Passengers might think that a good idea. John Sullivan ------------------------------ Date: Wed, 05 Dec 90 11:09:41 EST From: smb@ulysses.att.com Subject: As the spacecraft turn This doesn't appear to be a very good week for computers in space... I'll let others tell the myriad stories about what's going on with the space shuttle's telescopes, but a lot of the problems appear to be computer-related. For example, one attempt to fix some star tracker problems involved patching some software, because the tracker was more sensitive than thought. Unfortunately, the patch was loaded into the wrong computer. On another (orbital) plane, Magellan lost several mapping orbits worth of data because of a data entry error. It seems that the commands downloaded (uploaded?) didn't have the required blank delimiters; consequently, the orbiter correctly rejected the entire sequence. --Steve Bellovin ------------------------------ Date: Tue, 27 Nov 90 12:56 EDT From: "E. Loren Buhle, Jr. [215-662-3084]" Subject: NeXT microphone problem? THIS MESSAGE DEALS WITH A POSSIBLE "RISK" PERTAINING TO CONTROL OF THE INTEGRAL MICROPHONE IN THE LATEST NeXT MACHINE. FIRST, SOME DESCRIPTION: The newest NeXT machine has a microphone in the lower left portion of the CRT console (embedded in the plastic frame of the CRT). This integral microphone is an important input device for the voice annotation software running on the NeXT. It comes with all new NeXT machines. The software interface on the NeXT presents the user with keys corresponding to a tape recorder (e.g. record, stop, rewind, play, etc.). The user hits the record button, speaks for any length of time, hits stop, rewind, play and hears the conversation that was recorded to a disk file (and played back) . . . . very nice touch! The operating system on the NeXT machine is Mach UNIX, a multiuser environment. NOTHING APPEARS TO PREVENT REMOTE OPERATION OF THE MICROPHONE. There is NO INDICATION ON THE FRONT OF THE NeXT MACHINE THAT THE MICROPHONE IS LIVE OR DEAD! (Remember Ronald Reagan's problems with "supposedly dead" microphones?) Here is a scenario: A remote user turns on the microphone on the NeXT, recording the voice to a file (locally or remotely). Any sound in the proximity of the NeXT CRT is recorded. This file containing the conversation is then played back on a remote NeXT. Voila, a built-in office bug! While it can be argued that control of the microphone is by the console, anyone with superuser privs can undoubtable find a workaround. On the old (1988 vintage) NeXT box, the microphone was plugged into a jack on the back. Unplugging the microphone removed this problem. Cumbersome, but very effective. The new microphone is built into the CRT case. It is not trivial to detach/attach at will. So what can be done? One possibility would be to have a physical LED turn on whenever the microphone was active. This LED would be physically wired to the microphone and NOT be under program control. This possibility assumes the people carrying on the conversation are looking at the NeXT console. . . . Thoughts? Dr. E. Loren Buhle, Jr. INTERNET: BUHLE@XRT.UPENN.EDU University of Pennsylvania School of Medicine Phone: 215-662-3084 Rm 440A, 3401 Walnut St., Philadelphia, PA 19104-6228 FAX: 215-349-5978 ------------------------------ Date: Wed, 28 Nov 90 09:45:05 O From: Hank Nussbacher Subject: Risks of global networking Over the past few months I have noticed upon occasion files that appear in our system that arrive from a fellow Bitnet system named NCCIBM1. The files always remain in the RSCS print queue since they are destined for the system printer. I always purged them, since there was never any indication that they were intended for any user on our system - BARILVM (Bar-Ilan University in Israel). This past week I decided to track down the people at NCCIBM1 and find out why we are getting their job outputs. NCCIBM1 (USA Environmental Protection Agency in North Carolina) determined that their JES system has BARILVM listed as node #178. They also have a remote printer listed as #178. Rather than typing R178 for her output JCL, the user made a mistake and typed N178 - which sent the output to Israel rather to some printer in North Carolina. Is this a risk of computer networking? I bet over the past year there has been a very irate user in North Carolina trying to find her job outputs. All she had to do was hop on a plane and fly a few thousand miles to find her MVS output. :-) Hank Nussbacher, Computer Center, Bar Ilan University ------------------------------ Date: Wed, 28 Nov 90 21:39:35 EST From: Jake Livni Subject: Book Review - Technological Risk by H. W. Lewis In the Sunday New York Times book review section (Nov. 25, 1990), there was a review of: Technological Risk by H. W. Lewis 353 pp. New York W. W. Norton & Company. $22.95 According to the reviewer, it seems to be an interesting and surprising view of risks in technology. The author, "a physicist at UCSB", shows that many technological risks are overshadowed by similar natural risks and that concern over technological disasters may be overdone. I haven't seen this book, so I'm just notifying you about the article / review. ------------------------------ Date: Thu, 6 Dec 1990 From: [anonymous] Subject: ``Hackers Accessed NASA's Phones'' Today's AP wire, datelined HOUSTON, and reported in the Houston Chronicle, noted that computer intruders have stolen some $12 million in free telephone service through Johnson Space Center... That figure was calculated from costs of similar break-ins described by law enforcement agents specializing in computer crime. A long-distance credit card number was used, as well as NASA's phone lines. The credit card fraud was discovered by AT&T when use of the number exceeded typical patterns. An earlier report, on 17 Nov 90, noted that phone service worth millions had been similarly obtained from the Houston offices of the Drug Enforcement Administration. Both cases involved intrusions to the Federal Telephone System, which apparently has little or no accountability. ------------------------------ Date: Fri, 30 Nov 90 01:00:21 pst From: emmanuel@well.UUCP (Emmanuel Goldstein) Subject: Hacker view of the "Legion of Doom" sentencing in Atlanta The following is from the forthcoming Autumn 1990 edition of 2600, The Hacker Quarterly. We would appreciate it being distributed to as many interested people as possible. We consider this to be a very major and very frightening issue. If there are any questions or comments, we can be reached at 2600@well.sf.ca.us or (516) 751-2600. Emmanuel Goldstein, Editor, 2600 Magazine - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Over the past year there has been a great deal of publicity concerning the actions of computer hackers. Since we began publishing in 1984 we've pointed out cases of hackers being unfairly prosecuted and victimized. We wish we could say things were getting better but we cannot. Events of recent months have made it painfully clear that the authorities, above all else, want to "send a message". That message of course being that hacking is not good. And there seems to be no limit as to how far they will go to send that message. And so we come to the latest chapter in this saga: the sentencing of three hackers in Atlanta, Georgia on November 16. The three, Robert Riggs (The Prophet), Frank Darden, Jr. (The Leftist), and Adam Grant (The Urville) were members of the Legion of Doom, one of the country's leading hacker "groups". Members of LOD were spread all over the world but there was no real organization, just a desire to learn and share information. Hardly a gang of terrorists, as the authorities set out to prove. The three Atlanta hackers had pleaded guilty to various charges of hacking, particularly concerning SBDN (the Southern Bell Data Network, operated by BellSouth). Supposedly Riggs had accessed SBDN and sent the now famous 911 document to Craig Neidorf for publication in PHRACK. Earlier this year, BellSouth valued the document at nearly $80,000. However, during Neidorf's trial, it was revealed that the document was really worth $13. That was enough to convince the government to drop the case. But Riggs, Darden, and Grant had already pleaded guilty to accessing BellSouth's computer. Even though the facts in the Neidorf case showed the world how absurd BellSouth's accusations were, the "Atlanta Three" were sentenced as if every word had been true. Which explains why each of them received substantial prison time, 21 months for Riggs, 14 months for the others. We're told they could have gotten even more. This kind of a sentence sends a message all right. The message is that the legal system has no idea how to handle computer hacking. Here we have a case where some curious people logged into a phone company's computer system. No cases of damage to the system were ever attributed to them. They shared information which we now know was practically worthless. And they never profited in any way, except to gain knowledge. Yet they are being treated as if they were guilty of rape or manslaughter. Why is this? In addition to going to prison, the three must pay $233,000 in restitution. Again, it's a complete mystery as to how this staggering figure was arrived at. BellSouth claimed that approximate figure in "stolen logins/passwords" which we have a great deal of trouble understanding. Nobody can tell us exactly what that means. And there's more. BellSouth claims to have spent $1.5 million tracking down these individuals. That's right, one and a half million dollars for the phone company to trace three people! And then they had to go and spend $3 million in additional security. Perhaps if they had sprung for security in the first place, this would never have happened. But, of course, then they would have never gotten to send the message to all the hackers and potential hackers out there. We think it's time concerned people sent a message of their own. Three young people are going to prison because a large company left its doors wide open and doesn't want to take any responsibility. That in itself is a criminal act. We've always believed that if people cause damage or create a nuisance, they should pay the price. In fact, the LOD believed this too. So do most hackers. And so does the legal system. By blowing things way out of proportion because computers were involved, the government is telling us they really don't know what's going on or how to handle it. And that is a scary situation. If the media had been on top of this story and had been able to grasp its meaning, things might have been very different indeed. And if BellSouth's gross exaggerations had been taken into account at the sentencing, this injustice couldn't have occurred. Consider this: if Riggs' sentence were as much of an exaggeration as BellSouth's stated value of their $13 document, he would be able to serve it in full in just over two hours. And the $233,000 in restitution would be under $40. So how much damage are we really talking about? Don't look to BellSouth for answers. In early 1991, the three are to begin their sentences. Before that happens, we need to reach as many people as possible with this message. We don't know if it will make a difference in this particular case if the general public, government officials, and the media hear this side of the story. But we do know it would be criminal not to try. ------------------------------ End of RISKS-FORUM Digest 10.65 ************************