Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 1: Issue 27
Saturday, 7 Dec 1985
Contents
Summary of Groundrules:- The RISKS Forum is a moderated digest. To be distributed, submissions should
- be relevant to the topic, technically sound, objective, in good taste, and
- coherent. Others will be rejected. Diversity of viewpoints is welcome.
- Please try to avoid repetition of earlier discussions.
Re: RISKS digests
Elliott S. Frank <hplabs!amdahl!esf00@ucbvax.berkeley.edu >
Fri, 6 Dec 85 11:49:54 PST
I'm attaching a cross posting from one of our other internal BBS systems.
You may have seen it before, and it may well be worth excerpting (or, even
posting) to the net. [Elliott]
[Although there is some old stuff here, it is interesting to have it
all in one place. Thus, I am sending this out intact. Besides, it
would take me longer than I have to try to edit it. PGN]
===============================================================================
From nzm10 Thu Dec 5 15:26:10 1985
Relay-Version: version B 2.10.2 9/18/84; site amdahl.UUCP
Posting-Version: version B 2.10.2 9/18/84; site amdahl.UUCP
Path: amdahl!nzm10
From: nzm10@amdahl.UUCP (Neal Macklin)
Newsgroups: amdahl.general
Subject: worms and viruses (long)
Date: 5 Dec 85 23:26:10 GMT
Date-Received: 5 Dec 85 23:26:10 GMT
Distribution: amdahl
Organization: Amdahl Corp, Sunnyvale CA
This came off the VM conf system, and I thought it was interesting.
The first part is posted outside my office, so those of you that have
read that should go to line 530 (approx).
(I hate people who say "enjoy".....Neal)
------------------------------------------------------------------
* TOPIC: RUMOR - "RUMOR Interesting tidbits about the company"
--> Item 15 from AJP30 on 12/02/85 at 16:22:58
This is part one of a two part series written by Gary North about software
worms and viruses. Gary North is an investment newsletter publisher and
presents an interesting perspective of the problem from a non-technical
point of view. Enjoy.
Andrew J. Piziali, x8584.
---------------------------------------------------------------------------
Gary North's Remnant Review
Matt. 6:33-34
---------------------------------------------------------------------------
Vol. 12, No. 20 379 November 1, 1985
What you are about to read will shock you. It shocked me as I did the research
on the project. It so completely shocked me that I am lifting the copyright on
this issue and the one to follow. Reprint them in any form you choose.
Second, I am sufficently scared about what I've uncovered that I am going to
make this request. I will pay $1,000 to the first person who blows what I
regard as significant holes in my thesis, and who consents to a 90-minute taped
interview for FIRESTORM CHATS. If you can't do this, but you can put me in
contact wth anyone who can refute me or show an effective way out of the
problems I raise, I WILL GIVE YOU A ONE YEAR RENEWAL TO REMNANT REVIEW FOR
LOCATING THE FIRST SUCH PERSON FOR ME, AND I WILL PAY THE INDIVIDUAL $1,000 TO
DO THE 90-MINUTE TAPED INTERVIEW WITH ME, plus provide supporting evidence. And
let me say, it will be the happiest check-writing session of my life. I
DESPERATELY WANT TO BE PROVED WRONG. Mail me your (his) outline.
I am going public with this story because it is unlikely that any conventional
news source will touch it, unless pressure is brougth to bear. The reason is
this: the problems are too horrendous even to be discussed by appropriate
officials, unless they have specific answers. But they don't. What I present
here cannot be smoothed over by a press release abount having set up a
blue-ribbon study panel.
I literally stumbled into this information. I had read about one tiny aspect of
it. I made a few extrapolations. Then I got worried. The problem looked as
though it would have major implications. Little did I know!
Every dark cloud has a silver lining, they say. Well, every silver lining has
its dark cloud. This is a "dark cloud" report about the high tech silver
lining.
I am not trying to be deliberately gloomy, but this problem can only get worse,
unless someone (and I don't know who) can figure out an answer. I don't like to
present problems in REMNANT REVIEW for which I have no answers. This time I
have to do what I don't like to do. If you've got some answer, WRITE!
I am hoping that by going to my reader I may locate one or more people who can
provide decent counsel. Congress hasn't the foggiest idea of the threat that is
now developing to the whole Western world. When I began this research porject,
neither did I. Those who know the facts are so close to the problem that they
may have grown jaundiced -- or else they are people who are the source of the
problem, and they don't want it solved. The technicians remain silent, or
discuss it only in "the inner circles" where the issues are understood.
Policy-makers need to know.
ELECTRONIC AIDS (Part I)
Scenario: Paul Volcker is handed a telegram as he enters the monthly meeting of
the Federal Open Market Committe. Every other member of the FOMC, which sets
monetary policy for the U.S., is also handed an identical telegram. The
telegram reads as follows:
THIS MORNING (a rural bank is named) SUFFERED A MAJOR FAILURE IN ITS
COMPUTER SYSTEM STOP ALL DATA IN THAT COMPUTER HAS BEEN SCRAMBLED
BEYOND RECOGNITION STOP WHEN BANK OFFICIALS ATTEMPT TO CALL UP THE
RECORDS FROM ITS BACK UP COMPUTER TAPES THEY WILL FIND THAT THESE BACK
UP TAPES ARE ALSO SCRAMBLED STOP ON MONDAY AFTERNOON THREE OTHER
SMALL BANKS WILL SUFFER THE SAME FATE STOP ONE WILL BE IN NEW YORK
CITY STOP ONE WILL BE IN LOS ANGELES STOP ONE WILL BE IN CHICAGO
STOP PLEASE MEET AGAIN ON TUESDAY AFTERNOON STOP WE WILL GIVE YOU
INSTRUCTIONS AT THAT TIME
Volcker calls the appropriate bureaucrat at the Federal Reserve Systems's
headquarters, and he asks if there are any reports from the named bank. A few
minutes later, the official calls back. The bank's management confirms the
breakdown. The bank is attempting to install the back-up tapes. Volcker orders
him to call back and stop the tapes from being installed. The bank complies.
The tapes are then shipped to the Federal Reserve Bank under armed guard. When
the FED's computer specialists acquire the same operating system and try to
bring up the data, the system crashes. No usable data.
Tuesday morning, one by one three banks call the FED, the FDIC, and the
Comptroller of the Currency's office, each with the same frantic tale. They
have been working all night, but their computer records are scrambled. They
cannot open at 10 a.m. They have only an hour to make a decision. What should
they do? The FED instructs them to remain closed. They are also instructed to
keep their mouths equally closed.
The T.V. networks are tipped off, but no one at any bank says anything. Lines
appear in front of each bank. Governers in all three states call frantically to
Washington. They all remember Ohio and Maryland. What is the FED going to do?
The FOMC, the Board of Governors of the FED, each regional president, and a team
of computer experts meet at the New York FED's offices. At three in the
afternoon, a telegram is delivered to Volcker. It is brief. It says:
WORMS
"What the @%* is this?" he yells to no one in particular. The computer men turn
white. They do their best to tell him what it means. They are finished
answering his questions in about 45 minutes. Another telegram arrives. It
says:
ON FRIDAY AFTERNOON THE CHASE MANHATTAN BANK WILL EXPERIENCE A SIMILAR
COMPUTER FAILURE STOP ITS BACK UP TAPES WILL BE EQUALLY USELESS
STOP IT WILL NOT BE ABLE TO REOPEN ON MONDAY MORNING STOP ON
TUESDAY MORNING CITICORP WILL SUFFER A SIMILAR FAILURE STOP ON
WEDNESDAY MORNING BANK OF AMERICA AND THREE OTHER MAJOR BANKS WILL ALSO
SUFFER A BREAKDOWN STOP WE CAN PROVIDE YOU WITH THE CORRECTION FOR
EACH COMPUTER STOP THE PRICE WILL BE THE REMOVAL OF DIPLOMATIC
RECOGNITION OF THE ILLEGITIMATE STATE OF ISRAEL BY THE UNITED STATES
AND AN END TO ALL ECONOMIC AID TO ISRAEL STOP TO PROVE THAT WE CAN DO
THIS WE WILL SCRAMBLE ALL THE RECORDS OF CHASE MANHATTAN BRANCH BANK
XYZ TOMORROW MORNING STOP
The next morning, all of the records of Chase Manhattan's branch bank are turned
into random numbers. That afternoon, the President of the United States breaks
off diplomatic relations with the state of Israel. The banks stay open. No
crash of the data occurs. This time.
This is hypothetical scenario. It is NOT hypothetical technologically. This is
the terrifying message of this issue the REMNANT REVIEW. what I have described
here is conceivable technologically. On a small scale, it has already been
threatened. Let's start with the historical and then go the the possible.
WORMS
Earlier this year, I read a very interesting article on a major problem racing
computer software (programs) development companies. A program comes on one or
more 5.25-inch plastic discs. It takes only a few seconds to copy a program on
one disc to a blank disc which costs $3. Yet these programs normally run at
least $250, and usually sell at $495, and sometimes cost thousands. Very few
are less than $100. So you have a major temptation: make a $500 asset out of a
$3 asset. Insert the $500 program into drive A, write "COPY A:*.* B:" and hit
the "enter key"; sixty seconds later, you have a $500 program in drive B.
There are ways to make this copying more difficult. The companies code the
programs, and force you to have a control disc in drive A at all times. These
"copy protected" programs are a hassle for users. We cannot put them on a "hard
(big) disc" easily, and sometimes the control disc dies for some reason. Then
what? Your data are locked in your hard disc or on a floppy disc, but you can't
get to the data because the control disc is not functioning. You order a
replacement. Weeks go by.
Last year, several firms came up with a solution. It is called a WORM. A worm
is a command which is built deep into the complex code which creates the program
itself. These are incredibly complex codes, and it is easy to bury a command in
them. They cannot be traced.
What does the worm do? It "eats" things. Say that you are a software thief.
You make a copy of a non-copy-protected disc, either to use on a second
computer, or to give (or sell) to a friend. The programs works just fine. But
when the programs is copied to a new disc, the worm is "awakened." It bides its
time, maybe for many months, maybe for years. The programs's user is blissfully
unaware that a monster lurks inside his pirated program. He continues to enter
data, make correlations, etc. HE BECOMES COMPLETELY DEPENDENT ON THE PROGRAM.
Then, without warning, the worm strikes. Whole sections of the data dispppear.
Maybe the data storage disc is erased. Maybe it is just scrambled. Even his
back-up data discs have worms in them. Everything he entered on those discs is
gone. Forever.
Can you imagine the consternation of the user? He has become dependent on a
booby-trapped program. His business could simply disappear. For the savings of
$500 (stolen program), he could lose everything he has.
Several firms threatened to insert worms into their programs. But then they
backed off. They are afraid that lawsuits initiated against them might go
against them in court. The could be hit for damages suffered by the thieving
victims. Juries might decide that the punishment (a bankruptcy) was too much
for the crime (a $500 theft).
So far, no worms are lurking in any commercial software programs -- as far as I
know and the industry knows, anyway. But what if a disgruntled programmer were
to hide one in a master copy of, say, Lotus 1-2-3, the most popular business
program on the market? What if ten thousand copies a month go out for, say,
three years? Then, without warning, every company that has started using them
loses three years of data? They sue Lotus. Lotus goes bankupt paying lawyers.
NO COMPANY IN THE INDUSTRY IS WILLING TO TALK ABOUT THIS SABORAGE THREAT
PUBLICLY. Obviously.
LARCENISTS
I just happened to stumble across an article on worms in a computer magazine.
It occurred to me that it might be possible to use the worm technique as a form
of deliberate sabotage rather that just as a copy protection device. But what
did I know? I'm not a computer expert.
I know a computer expert, however. I mean, a REAL expert -- one of those people
you occasionally read about. In the world of business, they're called "space
cadets." They operate somewhere in between the asteroid belt and Jupiter. But
this one is different. He's a businessman, too.
I got him to sit down with me to discuss the problem of worms. It turned out
that he has a real fascination for the topic. He tells me that there are
advanced design worms, called 'viruses' by 'hackers' -- computer freak
programming genuises. "The software virus is the most terrifying thing I've
ever come acr
Report problems with the web pages to the maintainer