RISKS-LIST: RISKS-FORUM Digest Thursday 20 October 1988 Volume 7 : Issue 66 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: British computer calls Northern Ireland a "Region Unknown" (John Murray) "Brain" virus shows up in Hong Kong (Dave Horsfall) A Credit Card Fraud (Brian Randell) Nausea-inducing propellor (Mike Trout) Re: Ear-itating performance (Jan Wolitzky, Ken Johnson) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: 20 Oct 88 18:25:36 GMT From: johnm@amdahl.uts.amdahl.com (John Murray) Subject: British computer calls Northern Ireland a "Region Unknown" Paraphrased from The Irish Times (Dublin), Oct 15 1988: 'A computer error resulted in the gross domestic product of Northern Ireland being underestimated by more than 10 percent between 1983 and 1986. [A spokesperson for the Northern Ireland Economic Council] said that the sluggishness evidenced by the statistics "could have under- mined the confidence of potential investors".' . . . . 'Over 70 percent of the North's GDP consists of estimates of income [which] are calculated at Newcastle-on-Tyne [England] from income tax returns and information in the Dept. of Health & Social Services. It appears that between 1983 and 1986 an error in the computer programme responsible for extracting the relevant data cate- gorised a growing number of earners in the North as "region unknown".' [Further discussion follows about how the error may have supplemented the region's other problems.] ------------------------------ Date: Tue, 18 Oct 88 13:34:27 est From: Dave Horsfall Subject: "Brain" virus shows up in Hong Kong On the off-chance that you haven't had enough of virus reports, here's another one from Computing Australia, 17th October, 1988: ``HK consultants hit by overseas virus A leading firm of financial consultants has become the first main- stream business in Hong Kong to be affected by a computer virus. The Business International consultancy reported last week the "Brain" virus -- well-known elsewhere in the world, but never before seen in Hong Kong -- had appeared on some disks. ... BI was playing down the significance of the find last week, with a company spokeswoman saying the virus had not reappeared and that no data had been lost.'' The article goes on further to discuss the origin of the Brain virus, and makes the amazing observation "[it] does not destroy data, but scrambles it beyond recognition". I dunno, I would certainly regard data "scrambled beyond recognition" as being "destroyed". Dave Horsfall (VK2KFU), Alcatel-STC Australia, dave@stcns3.stc.oz dave%stcns3.stc.OZ.AU@uunet.UU.NET, ...munnari!stcns3.stc.OZ.AU!dave ------------------------------ Date: Tue, 18 Oct 88 11:51:07 +0100 From: Brian Randell Subject: A Credit Card Fraud This story, from Saturday's Guardian newspaper, comes from what sounds like an interesting study of computer-related crime. It is reprinted here in full, without permission. (The # sign is used to represent the pounds sterling sign.) The risk in the particular fraud described would appear to have arisen - said he with 20:20 hindsight, but no personal expertise in credit card fraud - because of the latencies in, and inadequacies of, the means by which input validity checks were performed. Brian Randell #9M Credit Card Fraudster Cleans Up With a Full House [by] Peter Large Technology Editor [Guardian, 15 Oct. 1988, p.11] Credit card companies were robbed of #6 million to #9 million within two weeks by an eight stage, one-man fraud. The recipe used was this: 1: Take a mortgage on a house that has already changed hands once in the past five years. 2: Advertise a bogus job overseas at a juicy salary (that brings 4,000 replies). 3: Send the job applicants a form demanding the same details as those required for a credit-card application. 4: The hard work: transfer that information to the application forms of several smallish credit-card and store-card operators, forging the signatures and substituting the address of the safe house for the real address (that ensures that any check with the electoral roll draws a blank, without indicating a bogus applicant). 5: The fast work: spend or draw cash to the maximum possible - and within one day - on each card as it arrives at the safe house. 6: To outpace the tracing, complete the operation within two weeks, even though there are still many cards to spare. 7: Disappear. 8: Don't pay for the advert. The case - he was never caught - was reported yesterday in the BIS group's annual study of computer-related crime. Bill Farquhar, co-author of the report, said the crime was discovered, much too late, when a clerk entering details into a computer noted the same handwriting on different applications from the same address. Mr Farquhar said #3 million was traced from bank to building society to another bank, before it was transferred abroad. But the total take was at least #6 million and probably #9 million, he said. The police found an empty house carpeted with cards. The report shows how computer fraud is spreading: the 225 cases traced by BIS in the past year netted an average of #389,000, compared with #31,000 in 1983. BIS reckons 90 per cent of computer crime is not reported by firms - or not traced at all. Firms so fear the publicity that some give the criminals golden handshakes and glowing references to pass on to their next victim." [Also noted by blf@scol.uucp] ------------------------------ Date: 17 Oct 88 18:35:47 GMT From: miket@brspyr1.brs.com (Mike Trout) Subject: Nausea-inducing propeller (Re: RISKS DIGEST 7.64) In RISKS-FORUM Digest Volume 7 : Issue 64, Marshall Jose discusses how an unwanted 28 kHz spike at a Stevie Wonder tour was inducing irritability and impatience among artists, crew, and audience. Our illustrious moderator Peter also mentioned how the anapest beat of a particular rock tune could cause alarming physical effects on certain people. This brings to mind the story of the infamous XF-84H, an airplane whose tale appears every now and then in rec.aviation. You may remember the old F-84 Thunderstreak/flash/whatever; in those days jet engines left a great deal to be desired in both maximum power output and reliability. Accordingly, somebody got the bright idea of putting a super turboprop on the front of an F-84. Tests showed the plane (designated the XF-84H) to have lots of reliable power and acceleration, but there was an unexpected side effect nobody predicted: ground crews working with the XF-84H began suffering from uncontrollable nausea. The cause was traced to the plane's monstrous propeller blades, which of necessity were spinning at supersonic speeds and apparently setting up some physiologically harmful harmonics. The project was scrapped; the only XF-84H built is on display at some AFB in California, I believe. There seems to be little hard data in circulation about this project; it is mentioned briefly in various authoritative publications but the details are always sketchy. Some questions that come to mind: What kind of harmonics would induce nausea, rather than something like irritability as in the Stevie Wonder 28 kHz spike? Why was the pilot apparently not affected? Why is nausea NOT induced by other supersonically-spinning propellers (which occasionally crop up on various general aviation aircraft)? I'm sure that USAF and Republic Aviation reports on this incident exist somewhere; anybody know any more? ~~~~~~~~~~~~~~~~~~~~~~~~~Michael Trout (miket@brspyr1)~~~~~~~~~~~~~~~~~~~~~~~~~ BRS Information Technologies, 1200 Rt. 7, Latham, N.Y. 12110 (518) 783-1161 ------------------------------ Date: Mon, 17 Oct 88 08:59 EDT From: wolit@research.att.com Subject: Re: Ear-itating performance For one of his tours, Stevie Wonder contracted with Northwest Sound to build a set of PA speakers of extraordinary capability -- response nearly flat out to 45 kHz, etc. . . . . Finally, during one show, one of the sound guys was examining the audio spectrum analyzer screen, and mistakenly pushed the 20 kHz - 200 kHz range button instead of the 2 kHz - 20 kHz button. Imagine his alarm at the sight of a potent 28 kHz component, the product of all the synthesizers' DAC update clocks. . . . . If the DAC clock rate was 28 KHz, the synthesizers' Nyquist frequency (the highest frequency that could be reproduced) would have been only 14 KHz, which is pretty crummy and wouldn't have required a fancy sound system. Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit (Affiliation given for identification purposes only) ------------------------------ Date: Tue, 18 Oct 88 17:56:23 EST From: JOHNSON%FOR3083.ISSC@ISEC-OA.ARPA Subject: Ear-itation FROM: KEN JOHNSON GRC, ROOM D253 EXT.233 Subject: Ear-itation A few years back , some pseudoscientists expressed a concern that the "anapestic" beat was so counter to the natural beat of the heart that the hearer's health and proper heart-functioning could be threatened by hearing this beat. In other words, when the thumping "We Are the Champions" anapestic (and irritating) beat is heard at sporting events, there is a major health risk! Bah, I say! Concerning the 28K Hz problem - aren't we continually bombarding animals with much higher hearing ranges (dogs, birds(?), bats) with sounds in the post-20K Hz range? And does Stevie Wonder, with a higher dependence on his sense of hearing, notice the irritating noises more than the person with normal senses? ------------------------------ End of RISKS-FORUM Digest 7.66 ************************