Subject: RISKS DIGEST 13.04 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 20 January 1992 Volume 13 : Issue 04 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Russian Computer Productivity in AScent in de Scent Exposure Gulf war virus? [2] (Phil R. Karn) Re: PC virus infects UNIX system (A. Padgett Peterson) Ohio justices fight over computer snooping (Dave Harding) Rumor: No 1992 for AT&T? (Thomson Kuhn) Another ATM Risk story (Josh Quittner) Words for theft of passwords (Mark R Cornwell) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE INTERNET FROM: ADDRESS, especially .UUCP domain folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Mon, 20 Jan 92 14:47:38 PST From: "Peter G. Neumann" Subject: Russian Computer Productivity in AScent in de Scent Exposure Fruit and flower smells [are] good for computer operators Moscow, 13 Jan 1992 (tass), by tass correspondent Lyubov Dunayeva Overloads to computer operators, who have to spend hours before displays every day, can be eased if the air in the room is saturated with the smells of fruit and flowers, psychologists say. Expert experiments [!] have shown that the scent of lemon, jasmine or eucalyptus boosts productivity and alleviates drowsiness. The jasmine smell in a computer room reduces keyboard errors by almost 30 per cent, and lemon aroma by almost 50 per cent, tass was told at a surgery research center of the russian academy of sciences. [Jasmine is clearly more saLyubrious than JazzMax. By the way, those of you who have read Nabakov's paean to programming* language, "Ada , or Ardor", might have noticed, among the many outrageous multilinguini of puns and adagrams, the russoingleski "yellow-blue Vass" (Ya Lyublyu Vas)... That is certainly Ada-ptive use of language! * I have used "programming" gerundively here, not adjectivally. At any rate, I am back from a trip and evidently do not have enough good scents! ... PGN] ------------------------------ Date: Sat, 11 Jan 92 18:34:05 EST From: karn@thumper.bellcore.com (Phil R. Karn) Subject: Gulf war virus? [The following items have stirred up considerable interest and confusion. It seems worthwhile running both the original item and its followup for those of you who missed them. PGN] Something in this story doesn't add up. How could a "printer" infect a computer with a "virus"? [PRK] U.S. Spies Planted Computer Virus in Iraqi Defense System WASHINGTON (AP) _ U.S. intelligence agents reportedly inserted a computer virus into a network of Iraqi computers tied to that country's air defense system several weeks before the start of the Persian Gulf War. The virus, U.S. News and World Report says in its issue dated next week, was designed by the supersecret National Security Agency at Fort Meade, Md., and was intended to disable a mainframe computer. Citing two unidentified senior U.S. officials, the magazine said the virus appeared to have worked, but it gave no details. It said the operation may have been irrelevant because of the allies' overwhelming air superiority. The secret operation began when American intelligence agents identified a French-made computer printer that was to be smuggled from Amman, Jordan, to a military facility in Baghdad, the magazine said. The agents in Amman replaced a computer microchip in the printer with another microchip that contained the virus in its electronic circuits. By attacking the Iraqi computer through the printer, the virus was able to avoid detection by normal electronic security measures, the report said. ``Once the virus was in the system, the U.S. officials explained, each time an Iraqi technician opened a `window' on his computer screen to access information, the contents of the screen simply vanished,'' U.S. News reported. The report is part of a book, based on 12 months of research by U.S. News reporters, called ``Triumph Without Victory: The Unreported History of the Persian Gulf War,'' to be published next month. In a series of adaptations from the book, U.S. News also reported that two 5,000 pound bombs developed by the Air Force during the Gulf War, called GBU-28s, were dropped on a command bunker on the second-to-last day of the war with the explicit purpose of killing Iraqi President Saddam Hussein. The fact that the bombs were dropped Feb. 27 has been reported previously, but U.S. officials have repeatedly denied that Saddam was the intended target. Gen. Ronald Yates, commander of Air Force Systems Command, told reporters last year that the bombs were aimed at ``senior staff'' of the Iraqi military. U.S. News also said it had calculated, with the help of private defense analysts in Washington, that as few as 8,000 Iraqi soldiers may have been killed in the war. The U.S. government has made no official estimate of Iraqi casualties, although the Defense Intelligence Agency has said the number killed may range between 50,000 and 150,000. ------------------------------ Date: Mon, 13 Jan 92 15:48:46 EST From: karn@thumper.bellcore.com (Phil R. Karn) Subject: I *knew* it sounded fishy! News Report of Computer Virus Attack On Iraq Is Similar To Hoax Report ROBERT BURNS, Associated Press Writer WASHINGTON (AP) _ A newsmagazine report that U.S. intelligence agents planted a disabling ``virus'' in an Iraqi military computer network before the Gulf War is strikingly similar to an article published last year as an April Fool's joke. The main author of the U.S. News and World Report article, Brian Duffy, said Monday, ``I have no doubt'' that U.S. intelligence agents carried out such an operation, but he said the similarities with the spoof article were ``obviously troubling.'' Duffy said the magazine was rechecking the sources who told it of the operation to determine whether details from the spoof article ``leeched into our report.'' [...] The main elements of the U.S. News virus story are similar to an article published in the April 1, 1991, edition of InfoWorld, a computer industry publication based at San Mateo, Calif. The article was not explicitly labeled as fiction but the last paragraph made clear that it was an April Fool's joke. [...] The U.S. News report is part of a lengthy collection of stories that it said would be published in February by Times Books-Random House as a book, titled ``Triumph Without Victory: The Unreported History of the Persian Gulf War.'' The Associated Press carried a report on the U.S. News story on Saturday, as did some other media. Questions about the story arose Monday when a number of readers called The AP to say the virus account was curiously like the InfoWorld article. That article said the virus was designed by the National Security Agency for use against Iraq's air defense control system, and that the CIA had inserted the virus into a printer being smuggled into Iraq through Jordan before the war began. ``Then the virus was on its own, and by Jan. 8, the allies had confirmation that half the displays and printers in the Iraqi air defense system were permanently out of commission,'' the InfoWorld article said. The U.S. News report also said the virus was developed by the National Security Agency. It said that once the virus was in the Iraqi computer network, ``each time an Iraqi technician opened a `window' on his computer screen to access information, the contents of the screen simply vanished.'' The InfoWorld article also said the virus was designed to attack ``window'' technology in which an operator gains access to information in the computer by use of an electronic pointing device rather than typing in commands. John Gantz, who wrote the InfoWorld article, said in a telephone interview Monday that it was fictional and that he had no knowledge of any such intelligence operation. Duffy said he had not heard of the InfoWorld spoof. In response to an inquiry by The Associated Press, he said a U.S. News reporter in Tokyo got the ``initial tip'' on the computer virus story, which the reporter then confirmed through ``a very senior official'' in the U.S. Air Force. Duffy said he personally confirmed the story through a senior official in the Air Force and a senior intelligence official. He said he could not reveal the three sources' names because they had spoken to U.S. News on condition of anonymity. Both the U.S. News and InfoWorld articles stressed that the reason for placing the virus in the printer was to circumvent normal anti-tampering systems in mainframe computers. Some private computer experts said, however, that it seemed highly unlikely that a virus could be transferred to a mainframe computer from a printer. ``A printer is a receiving device. Data does not transmit from the printer to the computer,'' said Winn Schwartau, executive director of the International Partnership Against Computer Terrorism. [The original report was also noted by Roland Ouellette and Henry Cox . PGN] ------------------------------ Date: Fri, 10 Jan 92 21:03:46 -0500 From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) Subject: Re: PC virus infects UNIX system (Bear Giles, RISKS-13.03) >We were configuring the ethernet card on our new 486 UNIX (SVR5) box ... Please note that this does not mean UNIX systems are infectable by PC viruses, rather computers that use PC BIOSes can be damaged (not infected) by a certain class of PC viruses known as Master Boot Sector Infectors of which the STONED is probably the best known example. This has been known by people who understand the architectures involved for some time. It does not mean that the STONED can infect a SPARC-station or HP/Apollo (it cannot). What happened is that when the machine was booted with a DOS disk, the STONED being unintelligent, found the fixed disk, assumed it was another DOS disk, copied itself to absolute sector 1 and the original sector 1 to sector 7. At this point the question becomes one of whether this actually overwrote any important data or, since the STONED changes the fixed disk access in a manner incompatible with UNIX, prevented the re-boot from acting properly (in this case all that is needed for recovery is to copy sector 7 back to sector 1. In the first case it would be necessary to rebuild sector 7 also). For some time I have been distributing as FREEWARE two technology demonstrators: SafeMBR and NoFBoot directed at stamping out this kind of problem in the DOS world by making it impossible for MBR infectors like STONED or its clones AZUSA, MICHELANGELO, NOINT, or EMPIRE to spread. Both are tiny and only one (NoFBoot) requires any RAM (c.a. 500 bytes). They would not have prevented the damage caused to the Unix system by booting from an infected DOS disk. They would have prevented the machine "across the hall" from infecting the disk in the first place. Padgett Peterson ps I know they can be found on urvax.urich.edu, 141.166.1.6 ------------------------------ Date: Wed, 15 Jan 1992 16:03:48 -0600 (CST) From: HARDING@MDTF00.FNAL.GOV (Dave Harding, x2971) Subject: Ohio justices fight over computer snooping Ohio justices probed over alleged fight (Chicago Tribune, 8 November 1991) COLUMBUS, Ohio - An investigation is under way into allegations that an Ohio Supreme Court justice angrily wrestled a fellow justice to the floor over complaints about computer file snooping, state police said Thirsday. Associate Justices Craig Wright and Andrew Douglas scuffled in front of fellow Justice Alice Robie Resnick until two of her clerks separated the pair. The witnesses said that Douglas confronted Wright over comments he reportedly had made about Douglas' secretary, Sue Pohlman. Wright said Wednesday that he and Douglas had a "little disagreement." He would not comment further Thursday. Douglas said he has been told that the State Highway Patrol is investigating. I clipped this a while ago but didn't send it in, hoping that an Ohio correspondent would report with more details than this digested wire service bulletin offered. It is not clear who was alleged to have been doing the snooping in the others computer files. Nor is it clear whether the scuffle was over what was recorded in those alleged files or over the alleged snooping. The question for RISKS is, as it often is, whether the incident would have happened without a computer. Would the offending notes have been made and retained? Would the other party have snooped? Would the parties gotten so excited? ------------------------------ Date: 11 Jan 92 11:11:52 EST From: Thomson Kuhn <70007.5444@compuserve.com> Subject: Rumor: No 1992 for AT&T? I have not confirmed this personally. I heard it from an AT&T VAR. He claims that no AT&T PCs can have their system dates set to 1992 via the DOS DATE command. Something about some prom code only accepting an 8 year range which ended in 1991. Further, he claims that the patch, now shipping, only provides for an additional 8 years! Thomson Kuhn ------------------------------ Date: Fri, 17 Jan 1992 12:15:30 est From: "josh quittner" Subject: Another ATM Risk story, from AP NOTE: Last graf. JQ [1.800.544.5410 (2806 at tone)] SYRACUSE, N.Y. (AP) _ Curtis Ratliff hit the jackpot when he stuck a stolen credit card into an automatic teller machine four months ago, and it spit out $5,600. But Ratliff's luck ran out in court Thursday when he pleaded guilty to third-degree grand larceny, the Syracuse Post-Standard reported. In September, Ratliff stole a woman's purse from her car. The woman had left her personal identification number for the ATM in the purse along with the card. Ratliff inserted the stolen card into a grocery store ATM, which started ejecting $20 bills, much to Ratliff's surprise. Twenty minutes later, Ratliff had stuffed $5,600 into his pockets. ``He became blinded to the reality of what he was doing, and the money just kept coming,'' Ratliff's lawyer, James Hopkins, told the Post-Standard. Ratliff made similar thefts at several other Price Chopper grocery store ATMs, stealing a total of $63,900. Ratliff, 36, of Kirkville, was sentenced Thursday to five years' probation for the theft. ``I'm sorry for what I did,'' Ratliff told County Judge Patrick J. Cunningham. ``It won't happen again.'' Ratliff, who was suspended from his job as an equipment salesman after his arrest, has repaid all but $1,800 of the money he stole, Hopkins said. ATMs, which hold up to $20,000, usually limit withdrawals on a single card to several hundred dollars in a 24-hour period, industry experts said. The Price Chopper machines were apparently incorrectly programmed. ------------------------------ Date: Fri, 17 Jan 92 00:19:25 -0500 From: Mark R Cornwell -- Mind Tools Corp Subject: words for theft of passwords This from the February 92 Atlantic Monthly column, Word Watch by Anne H. Soukhanov... shoulder surfing -- noun, slang, the theft of computer passwords or access codes, such as long distance telephone access codes, by reading the numbers over the shoulders of authorized users: "How do outsiders discover a company's codes? by '*shoulder surfing*,' 'dumpster diving', and stealing calling cards" (Investor's Business Daily). BACKGROUND: *Shoulder surfers* operating in the telephone marketplace are typically found in airports, train stations, and other crowded areas. In some instances they position themselves on balconies above phone booths and use binoculars to read callers' access numbers, which they later sell for $5-$10 each. Such fraud now costs long-distance companies some $1.5 billion a year -- triple the damages incurred in 1985. [Such fraud? Well, NOT JUST shoulder surfing alone... PGN] ------------------------------ End of RISKS-FORUM Digest 13.04 ************************