25-Feb-87 00:12:38-PST,22812;000000000000 Mail-From: NEUMANN created at 25-Feb-87 00:11:18 Date: Wed 25 Feb 87 00:11:18-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.51 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Tuesday, 24 February 1987 Volume 4 : Issue 51 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: HiTech version of NixonTapes (Pete Lee) Re: Automatic Call Tracing for Emergency Services (Lee Naish) Air Traffic Control, Auto-Land (Matthew Machlis) Electronic steering (Spencer W. Thomas, excerpt from William Swan) Hurricane Iwa and the Hawaii blackout of 1984 (Bob Cunningham responding to James Burke, via Matthew P Wiener) Summary of a Talk by SANFORD (SANDY) SHERIZEN on Computer Crime (Eugene Miya) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- From: Pete Lee Date: Tue, 24 Feb 87 15:17:19 GMT To: risks@csl.sri.com Subject: HiTech version of NixonTapes This originated in New England, not Old England ... and is from the Boston Sunday Globe, 22 February 1987, editorial page. WHAT THE COMPUTER KNEW The Reagan presidency may become the first to be done in by a computer. While legislators, investigators and reporters go sniffing down the money trail, trying to track the flow of funds from Tehran to Geneva to Honduras, an electronic archive in the White House has been leaking the most embarrassing facts to the Tower Commission. It is an irony of the computer age that an administration obsessed with secrecy allowed many of its secrets to be saved in an electronic memory bank. All the computer messages Oliver North and his collaborators in covert action sent each other since Nov. 8 have been preserved. A nonpartisan system of software is now telling the Tower commission not only about the hardware sent to Ayatollah Khomeini, but also abut frantic White House efforts to save the president from scandal. The backup system for the White House computer reportedly shows that the president's men tried to alter the history of what they did in order to distance Reagan from his ill-considered policies. The computer messages are being compared to the tape recordings of Richard Nixon. If they demonstrate a White House attempt to design a cover-up, they may play the role of the Nixon tapes in the Watergate scandal. Messages indicating that North passed military intelligence to Tehran, for use in Khomeini's destabilizing war against Iraq, suggest that even now the White House has not told the full story of Reagan's concessions to the ayatollah. By preserving the tamper-proof truth of what government officials did or did not do, the electronic archive in the White House may add an unforeseen dimension to the system of checks and balances bequeathed by the Founding Fathers. This computer was not user-friendly. [Several readers noted that Alan Wexelblat meant NSC and not NSA in his message in RISKS-4.50. However, I recall that several key NSC phone conversations had been monitored by NSA fairly early in the game. The NSC archives remaining even after on-line copies were deleted and hard-copies shredded is of course another instance of the hidden-residue problem in (allegedly) secure systems, i.e., a deletion is a deletion is not a deletion! By the way, the assumption that the archives are tamperproof is of course bogus. PGN] ------------------------------ Date: Tue, 24 Feb 87 16:11:09 EST From: munnari!mulga.OZ!lee@seismo.CSS.GOV (Lee Naish) To: RISKS@csl.sri.com Subject: Re: Automatic Call Tracing for Emergency Services (RISKS-4.49) Organization: Computer Science, University of Melbourne I once spoke to someone who helped set up the fire brigade database in Melbourne. The system they use is to specify the intersection of two streets. Initially there were various integrity constraints in the database, such as street names had to be at least two characters long, streets didnt cross each other more than once etc. Two streets violated both conditions: S street (shaped like an S) crossed another street in three places and Y street (shaped like a Y) crossed another stree in two points (numbering must be rather confusing in Y St.!). (The real world is not designed for computers; pity :-) lee ------------------------------ From: Date: Tue, 24 Feb 87 11:37:44 EST To: risks@csl.sri.com Subject: Air Traffic Control, Auto-Land Is there anyone on this list who knows whether the air traffic control radar systems have automatic collision alert systems? And if they do, do they work? It seemed to me that if everyone were required to have Mode C transponders (which automatically report the plane's altitude to the nearest 100 feet to the ATC computer), then it would be simple to write a program which would detect possible collisions. Arguments against this may include that the controller would have much too many targets on his screen to handle -- as it is now they often screen out all traffic that they are not working with so that the planes do not even appear on their radarscope. However, a program such as I suggested could work on all planes, whether actually being displayed on the scope or not, and maybe bring to the controller's attention two planes on a collision course and altitude which were not being displayed and would not have been noticed. [It is my understanding that the ground-based AUTOMATED collision alerts will be a part of the new system (currently in procurement). But the expense of the on-board equipment seems to mitigate against its use in small private planes, which preset a very serious gap in the on-line information. 3-D radar might be more appropriate, especially since a Mode-C transponder could be faulty... PGN] Another thing: what are people's opinions about autoland[ing]? This system, installed on many of the large passenger jets, will take over control of eveything -- rudder, ailerons, and throttles -- from up to 20 miles out from the airplane, fly the approach, flare the plane, and actually touch down, all automatically. At present I believe only several thousand complete autoland cycles have been flown at all. I read in an aviation magazine an article written by a 30,000 hour airline pilot about it; he said when he went along for a demonstration of autoland it flew a flawless approach, and he rated it well above the average human approach. Plus it can do this is any weather at all (in terms of visibility and cloud layers). Certainly computers are not infallible, but neither are humans. It may be true that if pilots always used autoland they would not retain the flying skills to take over in case of failure, but in some cases I can certainly see a use. For instance, a common time for minor incidents is when a plane is nearing its destination after a long international flight. After the crew has spent maybe 4 hours acting only as "system monitors," now they must suddenly start talking to people and actually flying the plane. If one would say that autoland is not good because pilots' skills would deteriorate, is this not true of the autopilot, which does the flying for a large part of most flights? -Matthew Machlis [For the AI community, I could not resist pointing out that whether or not this message got included might be determined by a variable "MachlisP". PGN] ------------------------------ Date: Tue, 24 Feb 87 17:22:34 MST From: thomas%utah-gr@utah-cs.arpa (Spencer W. Thomas) Subject: Electronic steering Apparently-To: risks@sri-csl.arpa Seems to me a point that the other respondents missed here is that in a military system, people are prepared to accept a certain number of deaths due to failure, in order to have a higher performance system. Look at the number of military planes that crash while on maneuvers, and no-one thinks much about it. Similarly, one might put electronic steering on a race car, if it was felt to offer a competitive advantage, and if the car crashed during the race, "them's the breaks". =Spencer ({ihnp4,decvax}!utah-cs!thomas, thomas@cs.utah.edu) [Another message on this subject was received from William Swan: ... Military planes undergo a lot of maintenance, logging, as I understand it, as much or more service time than flight time (if I am wrong, please provide the real numbers). ...] ------------------------------ Date: Tue, 24 Feb 87 01:48:18 PST From: weemba@brahms.Berkeley.EDU (Matthew P Wiener) To: RISKS@csl.sri.com Subject: Hurricane Iwa and the Hawaii blackout of 1984 [With respect to the WWN computer terminal story:] You might wish to read Stephen King's short story "Word Processor of the Gods" in his collection _Skeleton Crew_. ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720 From: bob@uhmanoa.UUCP (Bob Cunningham) Newsgroups: sci.misc Subject: Re: James Burke (what a real blackout is like) Date: 17 Feb 87 17:57:55 GMT Organization: Hawaii Institute of Geophysics On Thanksgiving evening 1984, Hurricane Iwa---essentially without warning---hit the islands of Kauai and Oahu, destroying major portions of the electrical grids on both islands and knocking out all electrical generation. It was several days before power was restored to portions of Honolulu (incidentally, the 11th most populous city in the United States), several weeks before power was completely restored. One of the reasons it took so long was that all of the generators were designed to be "jump-started" from another running generator on the grid, and no one knew how to bootstrap up a generator all by itself. The whole story is rather too long to go into here, but here are some of the key points... There was no satellite meteorological coverage for the central Pacific, because the GOES East satellite had failed, and the GOES West had been moved over to cover the Atlantic...which the Weather Service figured was more important. Weather observations from ships told of a strong hurricane developing west of the islands, but a military reconnaisance flight sent out on Thanksgiving day failed to accurately locate the storm. There was no historical precedence for the path it took that led right to the population centers. In the afternoon, winds started rising, and the Weather Service issued a Hurricane Watch, then quickly a Warning, but still didn't have a precise fix on Iwa, nor accurate information on speed or direction. Early in the evening, after dark the winds started gusting well above 60 mph, and the electrical grid went down, surprising the electrical utilities who had taken no precautions to isolate any of their systems...taking down all their generators. [This could be a separate story in itself, but suffice it to say that the Civil Defense Emergency Broadcast system didn't work. Besides all the TV stations, all the radio stations---except one--- went off the air that night. The single radio station that had an operating emergency generator was running "on automatic", playing religious music.] By the next day, one or two other radio stations were up (and the religious station had hastily converted to all-news), but power was still out... remaining out for days. The first thing people missed was water, the water distribution system being driven by electrical pumps...though some places that had gravity feed from tanks above in the hills were lucky for a while. Traffic was a shambles since no traffic lights were working... though that became less of a problem over the next day or so since no gas stations were pumping and people realized that they were stuck with just whatever gasoline they happened to have in the tanks of their cars, and started being very careful about how they used that up. Food in refrigerators and freezers spoiled. Long lines developed at grocery stores as people tried to buy more food...and clerks had to add up by hand. Most resturants stayed closed; the few that opened---cooking with gas---soon closed again as the city gas system began losing pressure. Electrical generators (even small ones) were not available for love nor money, ice and candles (when available) went for premium prices. The most-listened-to person in the islands was the spokesman for the electrical company who spent virtually all of his waking hours on one radio station or another detailing the repair work underway. Meanwhile, the electrical utility company crews worked around the clock to restore portions of the electrical grid, and devise ways to start up even one major generator. I don't know the full story behind the restart effort, except that lots of different techniques were tried, one of which finally worked on Oahu. The Navy dispatched a nuclear submarine to Kauai in an effort to "jump start" the main generator there. It seemed like forever, but it was only a few days until electricity was available to some parts of Honolulu. We lived with rolling blackouts for about a week more. Outlying areas on the islands weren't fully restored for over two weeks. There were some fatalities, due mostly to "freak" accidents of various kinds...and a small, but statistically significant "baby boomlet" some 9 months later. If this had happenedd to a major mainland city in winter there would have been considerably more fatalities, and the story would be much more widely known. As it was, if it had lasted too many more days, water would have become very critical... Bob Cunningham bob@hig.hawaii.edu ------------------------------ From: Eugene Miya N. Date: 24 Feb 1987 1812-PST (Tuesday) To: neumann@sri-csl Subject: Summary of a Talk by SANFORD (SANDY) SHERIZEN on Computer Crime ReSent-To: RISKS@CSL.SRI.COM FUTURE TRENDS IN COMPUTER CRIME: THE POST-HACKER ERA Dr. Sandy Sherizen is a criminologist and former information security expert who consults with corporations, banks, and Government Agencies on the prevention of computer crime. Dr. Sherizen began his discussion by giving an impression based on the development of safes and safe cracking. He talked about the overly technological nature by which safes improved and safecrackers got better. What is important about Sandy speaking is that criminology is a well- founded science and that many of the patterns in computer security have been studied already in criminology. (Sandy finds this shocking.) We would do well to learn from it. Let me try to reproduce the sequence. First, safe were created, and crackers broke the locks. Locks got tougher. They went to combination locks (and lock picking, separate area). Next, they resorted to drills, and the countermeasure was stronger metal. Next came simple explosives again followed by heftier metal, and more powerful explosives. Around this time, they discovered nitroglycerin which as a liquid can be poured into cracks. They then discovered the use of oxyacetylene torches to cut thru. Safe makers retaliated with heat-conducting materials. During this time, people started kidnapping bankers and their families (a totally non-technical solution to the problem). This problem was "solved" using time-locks on doors. (I enjoyed the last example.) Crime goes on. In Sandy's thesis, there are 4 stages that we have to deal with in terms of computers, and the talk itself was a series of rambling discussions. The 4 stages, by the way, which worked in the case of banks, safes, and vaults, are detailed in a book in Criminology which we can get as a reference. Sandy's concerns are first: privacy, work, monitoring of work computerization of crime information property Sandy also made some interesting comments, for instance, on the development of laws -- the concept of "moral entrepeneurship", a very different kind of thing than most computer people are used to. The Tylenol drug poisoning case is an interesting case -- the point is that no new laws were created, but a technological solution of tamper proof packages came into use. That corporation on the whole had no policy for dealing with problems of this kind to begin with, and had inadequate protection in understanding them. The reasons for commiting crime are interesting Criminological and Sociological areas. Basically, the common threat is a "trusted embezzler" with an "unsharable resource" or "unsharable problem", and there are what is called the 3 B's starting with Booze as the reason why people do regular crimes. The reason why people commit computer crimes is what is called the 3 C's: cash career challenge Sandy also mentioned the fact that the media basically regards computer crimes as hi-tech soap opera. We make criminals folk heroes, but at the same time we have to be able to protect whistle blowers. The 4 stages in EDP growth have similar trends or patterns in the nature of computer crime. This is called the Gibson-Noland Law on EDP growth. The 4 stages: initiation expansion formalization maturity as generalized to computer crime initiation begins with first hit or miss crime such as in Steven Levy's book, "Hackers" which is popular and we are transitioning out of this phase into a phase of expansion which includes lots of people and undetectable crime with many rewards. [We are] beginning "specialization," which is a formalization stage of crime where the law gets into the act and the criminals themselves specialize in criminal things like financial systems, or UNIX Systems, and so forth, but in the formalization stages law gets interested and finally the fourth stage of maturity there are a relatively predictable sequence of crimes. Such as, there is measure and countermeasure on part of the law enforcement as well as the criminals themselves. Sandy's basis for this talk is that were going to see new types of crime with a new series of targets: a new sense of how-to-do crime and how-to prevent crime. Basically, they are categorized by the 414's (the Milwaukee WI area code), teenagers who broke into computers. When asked by a Congressional committee when he realized that he had done something wrong, Neil Patrick pointed out "When the FBI was knocking on my door" -- there basically was hunt and peck computer crime. So Sandy's predictions for future directions of computer crimes are threefold: First of all there will be fewer crimes on computers, but they will be of a much more serious nature, because there is survival of the fittest -- and organized crime will get into it. We see some people who won't quit but who have to learn about criminal elements such as, laundering money, not leaving fingerprints, and so forth which would basically defeat the older generation criminals. The second thing will be more technological opportunities to commit crime, such as photocopying with copying machines and money. The third prediction is more internationalization of crime. (There was a brief aside after the internationalization regarding viruses, and the typical example of this was given in the piece of software known as eggbeater and also by the book Soft War -- eggbeater was a program that literally ate up data and dropped away ...) Another area of concern was the area of modes of learning about crime. Sandy was concerned with the suicide epidemic noted by the Center for Disease Control, and uses the name "copy-cat crime". (Example of copycat crimes are in the movie "War Games" and in use of Automatic Teller Machines (ATM).) The professionalization of crimes involves such things as raids and reverse-engineering files and records not just in a sense of building things. But changing records -- we're going to see more. Again, the evolution of specialization -- more collusion perhaps between individuals who commit crimes. A good example of this is the Walker spy trial; this is a serious crime but the public will not see it as a serious crime, just as it does not see white collar as a serious crime. Part of the problem is that we look upon things such as pens and pencils as free, which come with the territory as far as working. Because of offices, nobody thinks of it as a crime unless you come literally and haul the pens and pads away using a truck; that's just like taking a disk for a computer home, its not really regarded as a serious thing unless the entire payroll is located on it. So a large part of this is public awareness and education in terms of how to deal with crime. Privacy is the issue that we really probably need to work on the most, Sandy said -- the needs and problems of technology invading privacy and that what we should do (in particular) is worry about that as opposed to trying to solve all computer crime problems. Sandy is a friend of Dr. Lucy Suchman at the Xerox, Palo Alto Research Center (PARC) and if we want to get in any further contact with him the best thing to do is contact him through Lucy. I believe he's teaching at MIT. Also in attendance was Donn Parker (SRI International) who is also well known. There was considerably more discussion than was involved on this tape. Correspondents should send electronic mail to me, for further information. [Lightly edited. Garbles could be mine or Eugene's ... This is included primarily for our newer readers, in that RISKS has gone over much of this ground on various occasions in the past. PGN] ------------------------------ End of RISKS-FORUM Digest ************************ -------