Subject: RISKS DIGEST 12.65 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 26 November 1991 Volume 12 : Issue 65 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Phone outages expected to be tied to typing mistake (Rudy Bazelmans/Jim Horning) Weather Service Circuit Failure Problems with nuclear plant safety computer in the UK (Peter Ilieve) Results of Train Accident Investigations (Jymmi C. Tseng) Bank misdeposits money (David Shepherd) Mass. Governor wants to sell list of drivers licenses [Yes and No] (Kent Quirk) CPSR FOIAs U.S. Secret Service (Craig Neidorf) The Trojan Horse named `AIDS' Banning of autodialers? (John Sullivan) A new risk for computer folks? -- computers and termination policy (Mark Bartelt) E911 system brought to it's knees by a prank (Glenn S. Tenney) Study on Computer Addiction (Chris) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. REQUESTS please to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 26 Nov 91 11:00:51 PST From: horning@Pa.dec.com (Jim Horning) Subject: Phone outages expected to be tied to typing mistake [Originally forwarded by Rudy Bazelmans to Alan Martin to Bill McKeeman] DSC Communications - Phone outages expected to be tied to typing mistake The Wall Street Journal, 25Nov91, p.B4. A final report that may be presented to the Federal Communications Commission this week is expected to conclude that a mistyped character in software from DSC Communications Corp. resulted in several local-telephone service outages last summer. The report, compiled by Bell Communications Research Corp., also will show that the software didn't cause the failures alone. Faulty data, failure of computer clocks and other triggers led to a chain of events that caused the outages, according to the Dallas Morning News, which said it obtained a copy of the report. The newspaper said the report will conclude that none of the "trigger" events were caused by computer hackers. The disclosure echoes testimony before Congress last July, in which DSC officials admitted that three bits of information in a huge computer program were incorrect, omitting computational procedures that would have stopped DSC's signaling system from becoming congested with messages. A spokesman for DSC, which makes the signal transfer point that carries signals to set up a call, but not the call itself, confirmed that a "6" in a line of computer code should actually have been a "D." That one error caused the equipment and software to fail under an avalanche of computer-generated messages. The error was in an April software modification for the signal transfer point systems. The spokesman said the company won't distribute final copies of the report until Bellcore, as the research consortium of the Baby Bells is known, presents a copy to the FCC and a congressional telecommunications committee, possibly this week. [For background, see Ed Andrews' earlier NY Times article excerpted in RISKS-12.05, 11 July 1991.] ------------------------------ Date: Mon, 25 Nov 91 12:04:57 PST From: "Peter G. Neumann" Subject: Weather Service Circuit Failure WASHINGTON (AP, 23 Nov 91) A National Weather Service circuit that serves as the source of routine weather information for most of the nation's newspapers and broadcast stations was knocked out for 12 hours on Friday. Urgent weather information flood or storm warnings and watches remained available to most outlets because that information is carried on a separate circuit relayed by The Associated Press. But the 9:04 a.m. EDT outage of the weather bureau's Public Products Service meant that routine forecasts were nonexistent for many media outlets until the wire was restored at about 9 p.m. [...] The AP was able to restore routine weather service to many of its members before the PPS problem was solved because of a temporary arrangement with the Contel Federal Systems Division of GTE, which has a contract from the Weather Service. [...] Weather Service spokesman Bud Litton declared the "problem was due to a major foulup by Bell Atlantic." ------------------------------ Date: Mon, 25 Nov 91 10:47:47 GMT From: peter@memex.co.uk (Peter Ilieve) Subject: Problems with nuclear plant safety computer in the UK Here is a story that appeared on the front page of the Independent on Sunday, a UK `quality' paper, on 1991 Nov 24. Sellafield safety computer fails by Tom Wilkie and Susan Watts Britain's nuclear watchdog has launched a full-scale investigation into the safety of computer software at nuclear installations, following an incident at the Sellafield reprocessing plant in which computer error caused radiation safety doors to be opened accidentally. The investigation, by the Nuclear Installations Inspectorate (NII), could affect the computer-controlled safety system that Nuclear Electric wants to install at the new Sizewell B pressurised water reactor under construction in Suffolk. Sizewell B will be the first nuclear power station in the UK to rely heavily on computers, rather than people, in its primary protection system. Nuclear Electric argued that they would be safer. The \pounds240 million Sellafield plant, opened in February by Micheal Heseltine, Secretary of State for the Environment, was expected to help British Nuclear Fuels (BNFL) to return waste to its country of origin. The plant encases high-level waste in glass blocks for transport and storage, using a process that is known as vitrification. In mid-September, a ``bug'' in the computer program that controlled the plant caused radiation protection doors to open prematurely while highly radioactive material was still inside one chamber. Nobody was exposed to radiation and the plant has since been shut down, but the incident has rung alarm bells within the nuclear inspectorate. The inspectorate originally judged the computer software that controls safety as acceptable --- partly because it consisted of only a limited amount of computer code. However, the computer program was later amended with what is known as a software ``patch''. It is this patch that is thought to have caused the doors to open too soon. BNFL did not believe that the amendment had any safety significance. The inspectorate is investigating not only the computer technology itself, but also BNFL's bureaucratic procedures. Under British regulations, the safety-related functions of a nuclear power station must be completely separate from its normal control systems. Nuclear Electric wants to have a computer-based system for both the control and the safety functions at the new Sizewell pressurised water reactor. However, the safety-related computer program has grown so complicated that the distinction between the software which controls the reactor and that which protects it has become blurred. It is also almost impossible to check that the software would react as it should if the reactor were to behave in a dangerous way. The protection software is thought to have reached its current size because it incorporates extra features which, although desirable, have complicated its structure. Observers doubt that Nuclear Electric will be able to convince the inspectorate that the software will function as designed. The integrity of the software is the last technical issue on the safety of Sizewell still to be sorted out, according to the NII. The inspectorate feels the performance of the software, like the safety of the steel pressure vessel, cannot be demonstrated on the basis of previous operating experience. A BNFL spokesman said the company had completed an internal inquiry in the last few days but had yet to send results to the nuclear inspectorate. It does not expect the plant to reopen before mid-December. --- A short description of the organisations involved for non-UK folk: British Nuclear Fuels Limited (BNFL): A company, but all its shares are owned by the government, either directly or indirectly via other companies like Nuclear Electric. BNFL provides fuel manufacturing and reprocessing for both civil and military programs. Its main plant is at Sellafield but it has plutonium production reactors at Chapelcross in Scotland and an enrichment plant at Capenhurst. Nuclear Electric: A company, but wholly owned by the government. During the privatisation of the electricity generation and distribution industry in the UK it became clear that the nuclear part was unsaleable, so the goverment kept it. Nuclear Electric owns all the nuclear power stations in England and Wales. There is a similar company, Scottish Nuclear, for the stations in Scotland. Nuclear Installations Inspectorate (NII): The UK nuclear regulatory body. No nuclear plant can operate without a licence from it. It is part of the Health and Safety Executive, which is the statutory body for most health, safety and pollution matters in the UK. Peter Ilieve peter@memex.co.uk [Also noted by John.Fitzgerald@newcastle.ac.uk (John Fitzgerald)] ------------------------------ Date: Wed, 27 Nov 91 03:38:30 +0800 From: u431573@imux200.mgt.ncu.edu.tw (Jymmi C. Tseng) Subject: Results of Train Accident Investigations Abridged from China Times Nov. 23, 1991. RESULTS OF TRAIN ACCIDENT INVESTIGATIONS INDICATE DRIVER'S NEGLECT OF TRAFFIC SIGNALS DIRECT CAUSE OF ACCIDENT. ACCORDING TO THE TRANSPORTATION SAFETY COMMITTEE OF THE RAILROAD AGENCY, FAILURE OF AUTOMATIC WARNING AND BRAKES NOT CITED AS MAJOR CAUSE. The transportation safety committee of the railroad agency announced the results of its investigations into the Nov. 15th accident, when "Freedom" express train 1006 rammed into the side of another incoming express train, and caused 30 deaths and 100 plus injuries. The fact that the "Freedom" express train had knowledge before starting from station that its safety systems were not working and yet allowed to carry passengers was not cited as a direct cause. After collecting onsite evidence, eyewitness reports, and five meetings, the traffic signals were determined to be normal, because 5 previous trains reported no problems with the signals. B Freedom 1066 C ===<#####<############>===================== # (65 km/h) / # A / ####>====================== Oncoming Express Train The oncoming express train was supposed to travel on the secondary route A because of it's lower priority. But the "Freedom" express 1006 was travelling at 86km/h at point C and it was one minute early and interpreted the "slow down" signal at C as an "go ahead".In the meantime, the oncoming express train had only time to reach A when the "Freedom" express rammed into it's side at point B with a speed of 65 km/h, emergency brakes applied only 70 minutes before collision. If the driver had followed the signal at C, there would have been no accident. The paper cited that all accidents are caused by many individual incidents, which unfortunately coincided at the same time, not the direct cause of any singular event. If we look closely, we will see: 1) If "Freedom" 1066 had reduced speed according to the signals, there would have been no collision. 2) If the warning system had been working, the system would have warned the driver to reduce speed. 3) If the automatic braking mechanism had been working, emergency brakes would have been applied automatically and there might not have been so serious. The results of the investigations are therefore not convincing enough. Obviously, the current railroad procedures are at fault because trains with faulty safety mechanism which are not "readily fixable" to carry passengers, on the condition that drivers are given notice of their condition. The reporter made an comparison to a public bus, it would be analogous to telling the driver of a public bus without brakes to drive with only the hand brakes, and extreme caution. If operational procedures which have proved wrong and yet neglected is definitely a management problem. The negligence of the committee to address the overall problem, but only to emphasize the direct cause is a sacrifice of public safety and human lives. Jymmi C. Tseng, National Central University, Taiwan, R.O.C. ------------------------------ Date: Mon, 18 Nov 91 10:34:18 GMT From: David Shepherd Subject: Bank misdeposits money An item in the personal finance section of The Times (London) on Saturday told how someone had paid in a sizeable check into their account and then been surprised when a few days later the bank started bouncing checks. When he investigated he found that the check had not been credited to his account. The bank fairly quickly admitted that there had been a mistake but said they could not credit the money to him until they found where it had gone. When they explained the situation a few days later they said that a the clerk processing the check had dropped the last digit of his account number, the computer had decided that he had not typed a leading zero and this matched another account number at that branch! david shepherd: des@inmos.co.uk or des@inmos.com tel: 0454-616616 x 379 inmos ltd, 1000 aztec west, almondsbury, bristol, bs12 4sq ------------------------------ Date: Wed, 20 Nov 91 14:50:34 EST From: lotus!"CRD!Kent_Quirk@LOTUS"@uunet.UU.NET Subject: Mass. Governor wants to sell list of drivers licenses WBUR-FM reported this morning (11/20/91) that Massachusetts Governor William Weld has targeted for change some 140 laws and regulations that he says cause difficulties to those trying to do business in Massachusetts. One of his planned remedies is to sell the list of people holding a Massachusetts driver's license. The list contains approximately four million names, addresses and in most cases, Social Security numbers. This is because Massachusetts uses the Social Security number as a license number, except when specifically requested not to. It would require an act of the state legislature to make this possible; they may find it attractive because selling the list could earn some $5 Million at a time when state budgets are VERY tight. [SEE NEXT ITEM. PGN] ------------------------------ Date: Thu, 21 Nov 91 11:21:05 EST From: lotus!"CRD!Kent_Quirk@LOTUS"@uunet.UU.NET Subject: Mass. Governor NO LONGER wants to sell list of drivers licenses Boston Globe, Nov 21 1991: One day after unveiling the proposal, [Massachusetts] Governor Weld yesterday scrapped plans to sell computer access to Registry of Motor Vehicles records to private companies, saying he was swayed by concerns it could violate motorists' privacy. "As someone who is always working to keep government out of our personal lives...I do not want to make state government an accomplice in the dissemination of personal information about law-abiding citizens," Weld said. (Funny -- the day before yesterday he said something along the lines of "If people don't want their social security numbers included, they can just apply for a license without one.") .. The records are already publicly available, but only by requesting a cumbersome manual search by Registry clerks, which is costly. Weld aides estimated the state could make $5 Million a year by allowing firms to buy direct online computer access. However, civil libertarians...expressed concern that the move would make it far easier for companies to obtain sensitive information, such as Social Security numbers, which are used as drivers' license numbers, unless people request otherwise. They also feared that it would become easier to obtain information about people's ages and the cars they own [which could be used] to target marketing campaigns. I was worried that the legislature would find this proposal attractive because of the added revenue, but apparently people are waking up to privacy risks. This reminds me of the Lotus Marketplace snafu. ------------------------------ Date: Fri, 22 Nov 1991 17:08:47 -0500 From: Craig Neidorf Subject: CPSR FOIAs U.S. Secret Service I just received this from CPSR so I am passing it on to RISKS: The Secret Service's response to Computer Professionals for Social Responsibility's (CPSR) Freedom of Information Act (FOIA) request has raised new questions about the scope and conduct of the agency's "computer crime" investigations. The documents disclosed to CPSR reveal that the Secret Service monitored communications sent across the Internet. The materials released through the FOIA include copies of many electronic newsletters, digests, and Usenet groups including "comp.org.eff.talk," "comp.sys.att," "Computer Underground Digest" (alt.cud.cu-digest)," "Effector Online," "Legion of Doom Technical Journals," "Phrack Newsletter," and "Telecom Digest (comp.dcom. telecom)". Currently, there is no clear policy for the monitoring of network communications by law enforcement agents. A 1982 internal FBI memorandum indicated that the Bureau would consider monitoring on a case by case basis. That document was released as a result of a separate CPSR lawsuit against the FBI. Additionally, we have found papers that show Bell Labs in New Jersey passed copies of Telecom Digest to the Secret Service. The material (approximately 2500 pages) also suggests that the Secret Service's seizure of computer bulletin boards and other systems may have violated the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. Two sets of logs from a computer bulletin board in Virginia show that the Secret Service obtained messages in the Spring of 1989 by use of the system administrator's account. It is unclear how the Secret Service obtained system administrator access. It is possible that the Secret Service accessed this system without authorization. The more likely explanation is that the agency obtained the cooperation of the system administrator. Another possibility is that this may have been a bulletin board set up by the Secret Service for a sting operation. Such a bulletin board was established for an undercover investigation involving pedophiles. The documents we received also include references to the video taping of SummerCon, a computer hackers conference that took place in St. Louis in 1988. The Secret Service employed an informant to attend the conference and placed hidden cameras to tape the participants. The documents also show that the Secret Service established a computer database to keep track of suspected computer hackers. This database contains records of names, aliases, addresses, phone numbers, known associates, a list of activities, and various articles associated with each individual. CPSR is continuing its efforts to obtain government documentation concerning computer crime investigations conducted by the Secret Service. These efforts include the litigation of several FOIA lawsuits and attempts to locate individuals targeted by federal agencies in the course of such investigations. For additional information, contact: dsobel@washofc.cpsr.org (David Sobel) ------------------------------ Date: Mon, 25 Nov 91 11:06:31 PST From: "Peter G. Neumann" Subject: The Trojan Horse named `AIDS' (RISKS-9.55, 65) A recent AP item from London (U.K. May Drop Computer Lawsuit) noted that prosecutors had requested that the case against Joseph W. Popp had be dropped. for lack of evidence. Popp, 39, of Willowick, near Cleveland, Ohio, a former consultant with the World Health Organization, had been arrested in the U.S. in February 1991, extradited to Britain, and charged with blackmail and distortion. The warrant alleged that Popp distributed around 20,000 computer diskettes from London in December 1989 containing information on AIDS for use by hospitals and medical researchers. According to the U.S. attorney's office in Cleveland, Ohio, when the diskettes were inserted into personal computers by unsuspecting recipients, they found themselves unable to retrieve any data at all from their machines. At the end of the program, the diskettes asked the computer user for a leasing fee of $378, then printed an invoice with a Panama address where money was to be sent, federal prosecutors said. Computer operators were told on the invoice that the rogue program they had inserted into their machines would stop them from working until the money was paid, when they would receive a "de-contamination" diskette. Popp's lawyers have maintained that a clear warning of the consequences of using the diskettes was included in the packaging and that he had committed no crime. ------------------------------ Date: Sat, 23 Nov 1991 14:56:26 -0600 From: sullivan@geom.umn.edu Subject: Banning of autodialers? Congress is considering a bill outlawing autodialers. Edmund Andrews reports in the Oct 30 New York Times that 20,000 such machines are working in the US, each making 1000 calls every day. The machines usually are programmed to go through an entire exchange, calling each number and speaking at whoever or whatever answers. It might urge the listener to dial a 1-900 number, or try to record the names of interested parties. Supposedly, small businesses make the most use of these devices; large companies can hire live operators to man central phone banks. It's not clear to me why such services can't be contracted out to smaller local businesses. Some states have already banned the use of these devices, and now Congress is likely to ban them for interstate use. One salesman who uses an autodialer illegally was interviewed, an says he uses a false name in the solicitation until he trusts a potential customer. Autodialers seem to get the most negative publicity when they run through all extensions at some business, perhaps leaving voice mail or typing up pagers. To me, this is less worrisome than the calls to residential customers. There was no mention of the definition of an autodialer, though it seems that devices which automatically call computers would not be covered under the law. -John Sullivan ------------------------------ Date: Mon, 18 Nov 91 13:16:23 EST From: Mark Bartelt Subject: a new risk for computer folks? -- computers and termination policy Last week, 81 (of 120) support staff positions at the University of Toronto's Faculty of Medicine were eliminated; 79 staff members were summarily dismissed, and two vacant positions will not be filled. Most of the victims were dismissed with less than a day's notice, and some with far less than that. The university acknowledged that the dismissals violate the university's policies for layoffs and firings. An article in The Varsity (the UofT student newspaper) contained the following: Michael Finlayson, vice-president of Human Resources, admitted that the university did not follow the staff policy on consultation, but said giving notice would have caused security problems. "The problem in leaving them in their old jobs was the computers. If you release people and then give them access to the university's computer system, you worry about security." This raises some interesting questions. The administration's concerns about security may not be totally frivolous (but then again, they may be). But even if the concerns are justified, and if those concerns can be used as a basis for an employer to ignore its own policies, then -- given that as time goes on, and increasingly large percentage of all staff will be using computers in some capacity -- what's the point of having such a policy at all? Mark Bartelt, Canadian Institute for Theoretical Astrophysics 416/978-5619 ------------------------------ Date: Sat, 23 Nov 91 00:55:09 pst From: well!tenney@fernwood.UUCP (Glenn S. Tenney) Subject: E911 system brought to it's knees by a prank The San Jose Mercury News reported that the San Mateo 911 system was brought to it's knees because of a prank. Were you wondering when some phone phreak or system cracker would do this... It seems that a disc jokey at KSOL decided to play a recent MC Hammer record over and over and over... as a prank. Listeners were concerned that something had happened to the personnel at the station, so they called 911 (as well as the police department business line). It seems that a few hundred calls in forty five minutes or an hour was enough to jam up the system. There was no report in the newspaper of any deaths or injuries to the overloaded system. The DJ didn't want to stop playing the record (claiming first amendment rights), but did insert an announcement to not call the police. So, it seems that a low tech "assault" on a 911 center could be quite effective. The system in question provides E911 for a few communities in the San Francisco Bay Area. This is the same center that went down following the Loma Prieta earthquake a couple of years ago. At that time, they lost power and switched over to the emergency generator only to find that just starting a generator once a month wasn't enough -- the generator conked out in about an hour! Glenn S. Tenney ------------------------------ Date: Fri, 22 Nov 1991 15:16:10 -0500 From: distrib@turing.toronto.edu (CSRI Distribution Manager) Subject: Study on Computer Addiction A group of researchers at the Ontario Institute for Studies in Education are currently conducting research on person/computer interaction to address the issue of computer addiction. We would dearly love to here about people's experiences in this matter and would be willing to post the results to risks. We are most interested in hearing from people who at some time have felt that they were spending more time (especially recreational time) at the computer than they really thought they should. Please feel free to contact me directly at: distrib@turing.toronto.edu Thanks very much. Chris ------------------------------ End of RISKS-FORUM Digest 12.65 ************************