RISKS-LIST: RISKS-FORUM Digest Thursday 1 December 1988 Volume 7 : Issue 85 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Security Pacific Automated Teller Theft (PGN and Stan Stahl) Re: Corps of Software Engineers? (Dave Parnas) Telecommunications, Data Entry and Worker Exploitation (Larry Hunter) Milnet Isolation (John Markoff via Geoff Goodfellow) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Wed, 30 Nov 1988 11:21:32 PST From: Peter Neumann Subject: Security Pacific Automated Teller Theft Security Pacific National Bank acknowledged that nearly $350,000 was stolen on 11-13 November from about 300 customer accounts. A specially privileged "passkey" card may have been used from various LA-area ATMs to gain access to each of these accounts, without requiring the PIN number and without being subject to the daily limits on individual accounts. (One person reportedly had $1200 taken on a single day, in 4 installments) [Source: Los Angeles Times adaptation in S.F. Chronicle, 30 Nov 88, p. A6] "Any system can be beaten," said a security official at another Los Angeles bank when told of the loss. [...] A security official at another Los Angeles bank, however, discounted the idea of a passkey. He did say that such a theft would almost certainly require inside knowledge. [From the original LA Times article by Douglas Frantz, Times Staff Writer, contributed by Stan Stahl (Stahl@DOCKMASTER.ARPA)] [Superuser-type trapdoor mechanisms may be more useful for illegitimate purpose than for legitimate purposes. Having spent many years designing structured systems that were sufficiently flexible WITHOUT having such mechanisms, I wonder why systems with relatively omnipotent trapdoors continue to be used in critical applications. The existence of such an ATM trapdoor seems highly unnecessary, and is clearly an invitation to misuse. Maintenance interfaces should be subjected to security and integrity controls, separation of duties, principle of least privilege, etc., just like everything else. PGN] ------------------------------ Date: Wed, 30 Nov 88 23:15:02 EST From: parnas@qucis.queensu.ca (Dave Parnas) Subject: Corps of Software Engineers? (RISKS-7.84) > "Flexibility is software's strong suit, allowing the military > to make changes in how a weapon system functions, even after > it is fielded... [discussion of gratuitous changes deleted] > ...making changes in a hurry during a conflict is imperative > if software is to help US forces prevail." > > [...] But where is the US corp of software engineers that can fix > a key software module quickly so the next airstrike can account for > an unexpected SAM threat? Do the armed services expect contractor > personnel to volunteer for duty on the front lines? ..... " > Henry Spencer at U of Toronto Zoology Yes. I have seen battlefield trucks from Viet Nam whose walls were full of debugging notes. Contractor personnel were assigned to debug the programs during battle. David L. Parnas, Queen's University, Kingston Ontario ------------------------------ Date: Thu, 1 Dec 88 16:29:36 EST From: Larry Hunter Subject: Telecommunications, Data Entry and Worker Exploitation From "Optical Information Systems Update," Dec 1, 1988, p.8. Digiport, a new telecommunications facility in Jamaica, will open up a new era for data entry operations. Two-way telecommunication eliminates one of the major problems of offshore data entry -- lengthly turnaround time. Previously, at least three to four days were required just for round trip flights. With image transmission, the data is quickly available for keying. In addition to fast turnaround, two-way transmission provides complete document control and security because the forms never leave the customers office. With this technology, the data entry function is electronically transferred to a low cost labor area with significant savings. For information, contact ... Offshore Information Services, Inc., 39 North Broadway, Tarrrytown, NJ 10591.... And, of course, with a significant loss to data entry personnel in high cost (like $6.00/hr) labor areas. Not to mention the savings (losses) in reduced requirements for worker benefits and safety standards. Larry ------------------------------ Date: 30 Nov 1988 17:29-PST From: the terminal of Geoff Goodfellow Subject: Milnet Isolation PENTAGON SEVERS MILITARY COMPUTER FROM NETWORK JAMMED BY VIRUS By JOHN MARKOFF, c.1988 N.Y. Times News Service NEW YORK _ The Pentagon said on Wednesday that it had temporarily severed the connections between a nonclassifed military computer network and the nationwide academic research and corporate computer network that was jammed last month by a computer virus program. Department of Defense officials said technical difficulties led to the move. But several computer security experts said they had been told by Pentagon officials that the decision to cut off the network was made after an unknown intruder illegally gained entry recently to several computers operated by the military and defense contractors. Computer specialists said they thought that the Pentagon had broken the connections while they tried to eliminate a security flaw in the computers in the military network. The Department of Defense apparently acted after a computer at the Mitre Corp., a Bedford, Mass., company with several military contracts, was illegally entered several times during the past month. Officials at several universities in the United States and Canada said their computers had been used by the intruder to reach the Mitre computer. A spokeswoman for Mitre confirmed Wednesday that one of its computers had been entered, but said no classified or sensitive information had been handled by the computers involved. ``The problem was detected and fixed within hours with no adverse consequences,'' Marcia Cohen said. The military computer network, known as Milnet, connects hundreds of computers run by the military and businesses around the country and is linked through seven gateways to another larger computer network, Arpanet. It was Arpanet that was jammed last month when Robert T. Morris, a Cornell University graduate student, introduced a rogue program that jammed computers on the network. In a brief statement, a spokesman at the Defense Communication Agency said the ties between Milnet and Arpanet, known as mail bridges, were severed at 10 p.m. Monday and that the connections were expected to be restored by Thursday. ``The Defense Communications Agency is taking advantage of the loop back to determine what the effects of disabling the mail bridges are,'' the statement said. ``The Network Information Center is collecting user statements and forwarding them to the Milnet manager.'' Several computer security experts said they had been told that the network connection, which permits military and academic researchers to exchange information, had been cut in response to the intruder. ``We tried to find out what was wrong (Tuesday) night after one of our users complained that he could not send mail,'' said John Rochlis, assistant network manager at the Massachusetts Institute of Technology. ``Inititally we were given the run around, but eventually they unofficially confirmed to us that the shut-off was security related.'' Clifford Stoll, a computer security expert at Harvard University, posted an electronic announcement on Arpanet Wednesday that Milnet was apparently disconnected as a result of someone breaking into several computers. Several university officials said the intruder had shielded his location by routing telephone calls from his computer through several networks. A manager at the Mathematics Faculty Computer Facility at the University of Waterloo in Canada said officials there learned that one of their computers had been illegally entered after receiving a call from Mitre. He said the attacker had reached the Waterloo computer from several computers, including machines located at MIT, Stanford, the University of Washington and the University of North Carolina. He said that the attacks began on Nov. 3 and that some calls calls had been routed from England. A spokeswoman for the Defense Communications Agency said that she had no information about the break-in. Stoll said the intruder used a well-known computer security flaw to illegally enter the Milnet computers. The flaws are similar to those used by Morris' rogue program. It involves a utility program called ``file transfer protocol'' that is intended as a convenience to permit remote users to transfer data files and programs over the network. The flaw is found in computers that run the Unix operating system. The decision to disconnect the military computers upset a number of computer users around the country. Academic computer security experts suggested that the military may have used the wrong tactic to attempt to stop the illegal use of its machines. ``There is a fair amount of grumbling going on,'' said Donald Alvarez, an MIT astrophysicist. ``People think that this is an unreasonable approach to be taking.'' He said that the shutting of the mail gateways did not cause the disastrous computer shutdown that was created when the rogue program last month stalled as many as 6,000 machines around the country. [By the way, things still do not appear to be back to normal. Too bad. That means MILNET hosts are not receiving RISKS, and also that I will have more headaches than usual with BARFMAIL. PGN] ------------------------------ End of RISKS-FORUM Digest 7.85 ************************