The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 1 Issue 27

Saturday, 7 Dec 1985

Contents

oSummary of Groundrules:
o The RISKS Forum is a moderated digest. To be distributed, submissions should
o be relevant to the topic, technically sound, objective, in good taste, and
o coherent. Others will be rejected. Diversity of viewpoints is welcome.
o Please try to avoid repetition of earlier discussions.

Re: RISKS digests

Elliott S. Frank <hplabs!amdahl!esf00@ucbvax.berkeley.edu >
Fri, 6 Dec 85 11:49:54 PST
I'm attaching a cross posting from one of our other internal BBS systems.
You may have seen it before, and it may well be worth excerpting (or, even
posting) to the net.     [Elliott]

      [Although there is some old stuff here, it is interesting to have it
       all in one place.  Thus, I am sending this out intact.  Besides, it
       would take me longer than I have to try to edit it.  PGN]

===============================================================================

From nzm10 Thu Dec  5 15:26:10 1985
Relay-Version: version B 2.10.2 9/18/84; site amdahl.UUCP
Posting-Version: version B 2.10.2 9/18/84; site amdahl.UUCP
Path: amdahl!nzm10
From: nzm10@amdahl.UUCP (Neal Macklin)
Newsgroups: amdahl.general
Subject: worms and viruses (long)
Date: 5 Dec 85 23:26:10 GMT
Date-Received: 5 Dec 85 23:26:10 GMT
Distribution: amdahl
Organization: Amdahl Corp, Sunnyvale CA

This came off the VM conf system, and I thought it was interesting.
The first part is posted outside my office, so those of you that have
read that should go to line 530 (approx).

(I hate people who say "enjoy".....Neal)

   ------------------------------------------------------------------

 
* TOPIC: RUMOR -  "RUMOR Interesting tidbits about the company"
--> Item 15 from AJP30 on 12/02/85 at 16:22:58
 
 
This is part one of a two part series written by Gary North about software
worms and viruses.  Gary North is an investment newsletter publisher and
presents an interesting perspective of the problem from a non-technical
point of view.  Enjoy.
 
                                   Andrew J. Piziali, x8584.
 
 
   ---------------------------------------------------------------------------
 
                          Gary North's Remnant Review
                                                                  Matt. 6:33-34
   ---------------------------------------------------------------------------
 
Vol. 12, No. 20                      379                       November 1, 1985
  
 
What you are about to read will shock you.  It shocked me as I did the  research
on the project.  It so completely shocked me that I am lifting the copyright  on
this issue and the one to follow.  Reprint them in any form you choose.
 
Second, I am  sufficently scared about  what I've uncovered  that I am  going to
make this  request.  I  will pay  $1,000 to  the first  person who  blows what I
regard as significant holes in my thesis, and who consents to a 90-minute  taped
interview for  FIRESTORM CHATS.   If you  can't do  this, but  you can put me in
contact  wth  anyone  who  can  refute  me  or  show an effective way out of the
problems I  raise, I  WILL GIVE  YOU A  ONE YEAR  RENEWAL TO  REMNANT REVIEW FOR
LOCATING THE FIRST SUCH PERSON FOR ME,  AND I WILL PAY THE INDIVIDUAL $1,000  TO
DO THE 90-MINUTE TAPED INTERVIEW WITH ME, plus provide supporting evidence.  And
let  me  say,  it  will  be  the  happiest  check-writing session of my life.  I
DESPERATELY WANT TO BE PROVED WRONG.  Mail me your (his) outline.
 
I am going public with this  story because it is unlikely that  any conventional
news source will touch  it, unless pressure is  brougth to bear.  The  reason is
this:  the  problems  are  too  horrendous  even  to be discussed by appropriate
officials, unless they have specific  answers.  But they don't.  What  I present
here  cannot  be  smoothed  over  by  a  press  release  abount  having set up a
blue-ribbon study panel.
 
I literally stumbled into this information.  I had read about one tiny aspect of
it.  I made a  few extrapolations.  Then I  got worried.  The problem  looked as
though it would have major implications.  Little did I know!
 
Every dark cloud has a silver  lining, they say.  Well, every silver  lining has
its  dark  cloud.   This  is  a  "dark  cloud" report about the high tech silver
lining.
 
I am not trying to be deliberately gloomy, but this problem can only get  worse,
unless someone (and I don't know who) can figure out an answer.  I don't like to
present problems in  REMNANT REVIEW for  which I have  no answers.  This  time I
have to do what I don't like to do.  If you've got some answer, WRITE!
 
I am hoping that by going to my  reader I may locate one or more people  who can
provide decent counsel.  Congress hasn't the foggiest idea of the threat that is
now developing to the whole Western world.  When I began this research  porject,
neither did I. Those who  know the facts are so  close to the problem that  they
may have grown jaundiced --  or else they are people  who are the source of  the
problem,  and  they  don't  want  it  solved.  The technicians remain silent, or
discuss  it  only  in  "the  inner  circles"  where  the  issues are understood.
Policy-makers need to know.
 
 
 
                           ELECTRONIC AIDS (Part I)
 
 
Scenario: Paul Volcker is handed a telegram as he enters the monthly meeting  of
the Federal Open Market  Committe.  Every other member  of the FOMC, which  sets
monetary  policy  for  the  U.S.,  is  also  handed  an identical telegram.  The
telegram reads as follows:
 
    THIS MORNING (a rural  bank is named) SUFFERED  A MAJOR FAILURE IN  ITS
    COMPUTER SYSTEM   STOP  ALL  DATA IN  THAT COMPUTER  HAS BEEN SCRAMBLED
    BEYOND RECOGNITION  STOP   WHEN BANK OFFICIALS  ATTEMPT TO CALL  UP THE
    RECORDS FROM ITS BACK UP COMPUTER TAPES THEY WILL FIND THAT THESE  BACK
    UP TAPES  ARE ALSO  SCRAMBLED  STOP   ON MONDAY  AFTERNOON THREE  OTHER
    SMALL BANKS WILL SUFFER  THE SAME FATE  STOP   ONE WILL BE IN  NEW YORK
    CITY  STOP  ONE WILL  BE IN LOS ANGELES   STOP  ONE WILL BE  IN CHICAGO
     STOP  PLEASE MEET AGAIN ON  TUESDAY AFTERNOON  STOP  WE WILL  GIVE YOU
    INSTRUCTIONS AT THAT TIME
 
Volcker  calls  the  appropriate  bureaucrat  at  the  Federal Reserve Systems's
headquarters, and he asks if there are  any reports from the named bank.  A  few
minutes later,  the official  calls back.   The bank's  management confirms  the
breakdown.  The bank is attempting to install the back-up tapes.  Volcker orders
him to call back  and stop the tapes  from being installed.  The  bank complies.
The tapes are then shipped to the Federal Reserve Bank under armed guard.   When
the FED's  computer specialists  acquire the  same operating  system and  try to
bring up the data, the system crashes.  No usable data.
 
Tuesday  morning,  one  by  one  three  banks  call  the  FED, the FDIC, and the
Comptroller of  the Currency's  office, each  with the  same frantic tale.  They
have been  working all  night, but  their computer  records are scrambled.  They
cannot open at 10 a.m.  They have only an hour to make a decision.  What  should
they do?  The FED instructs them to remain closed.  They are also instructed  to
keep their mouths equally closed.
 
The T.V. networks are tipped off, but  no one at any bank says anything.   Lines
appear in front of each bank.  Governers in all three states call frantically to
Washington.  They all remember Ohio and Maryland.  What is the FED going to do?
 
The FOMC, the Board of Governors of the FED, each regional president, and a team
of  computer  experts  meet  at  the  New  York  FED's offices.  At three in the
afternoon, a telegram is delivered to Volcker.  It is brief.  It says:
 
                                     WORMS
 
"What the @%* is this?" he yells to no one in particular.  The computer men turn
white.   They  do  their  best  to  tell  him  what it means.  They are finished
answering his  questions in  about 45  minutes.  Another  telegram arrives.   It
says:
 
    ON FRIDAY AFTERNOON THE CHASE MANHATTAN BANK WILL EXPERIENCE A  SIMILAR
    COMPUTER  FAILURE   STOP   ITS  BACK  UP  TAPES WILL BE EQUALLY USELESS
     STOP   IT  WILL  NOT  BE  ABLE  TO  REOPEN ON MONDAY MORNING  STOP  ON
    TUESDAY  MORNING  CITICORP  WILL  SUFFER  A  SIMILAR  FAILURE  STOP  ON
    WEDNESDAY MORNING BANK OF AMERICA AND THREE OTHER MAJOR BANKS WILL ALSO
    SUFFER A BREAKDOWN   STOP  WE CAN  PROVIDE YOU WITH  THE CORRECTION FOR
    EACH  COMPUTER   STOP   THE  PRICE  WILL  BE  THE REMOVAL OF DIPLOMATIC
    RECOGNITION OF THE  ILLEGITIMATE STATE OF  ISRAEL BY THE  UNITED STATES
    AND AN END TO ALL ECONOMIC AID TO ISRAEL  STOP  TO PROVE THAT WE CAN DO
    THIS WE WILL  SCRAMBLE ALL THE  RECORDS OF CHASE  MANHATTAN BRANCH BANK
    XYZ TOMORROW MORNING  STOP
 
 
The next morning, all of the records of Chase Manhattan's branch bank are turned
into random numbers.  That afternoon, the President of the United States  breaks
off diplomatic relations  with the state  of Israel.  The  banks stay open.   No
crash of the data occurs.  This time.
 
This is hypothetical scenario.  It is NOT hypothetical technologically.  This is
the terrifying message of this issue  the REMNANT REVIEW. what I have  described
here is  conceivable technologically.   On a  small scale,  it has  already been
threatened.  Let's start with the historical and then go the the possible.
 
 
 
                                     WORMS
 
 
Earlier this year, I read a  very interesting article on a major  problem racing
computer software (programs) development companies.   A program comes on one  or
more 5.25-inch plastic discs.  It takes only a few seconds to copy a program  on
one disc to  a blank disc  which costs $3.   Yet these programs  normally run at
least $250, and usually  sell at $495, and  sometimes cost thousands.  Very  few
are less than $100.  So you have a major temptation: make a $500 asset out of  a
$3 asset.  Insert the $500 program into  drive A, write "COPY A:*.* B:" and  hit
the "enter key"; sixty seconds later, you have a $500 program in drive B.
 
There are  ways to  make this  copying more  difficult.  The  companies code the
programs, and force you to have a  control disc in drive A at all  times.  These
"copy protected" programs are a hassle for users.  We cannot put them on a "hard
(big) disc" easily, and sometimes the  control disc dies for some reason.   Then
what?  Your data are locked in your hard disc or on a floppy disc, but you can't
get  to  the  data  because  the  control  disc is not functioning.  You order a
replacement.  Weeks go by.
 
Last year, several firms came up with a solution.  It is called a WORM.  A  worm
is a command which is built deep into the complex code which creates the program
itself.  These are incredibly complex codes, and it is easy to bury a command in
them.  They cannot be traced.
 
What does the worm  do?  It "eats" things.   Say that you are  a software thief.
You  make  a  copy  of  a  non-copy-protected  disc,  either  to use on a second
computer, or to give (or sell) to a friend.  The programs works just fine.   But
when the programs is copied to a new disc, the worm is "awakened."  It bides its
time, maybe for many months, maybe for years.  The programs's user is blissfully
unaware that a monster lurks inside his pirated program.  He continues to  enter
data, make correlations, etc.  HE BECOMES COMPLETELY DEPENDENT ON THE PROGRAM.
 
Then, without warning, the worm strikes.  Whole sections of the data  dispppear.
Maybe the data storage  disc is erased.  Maybe  it is just scrambled.   Even his
back-up data discs have worms in them.  Everything he entered on those discs  is
gone.  Forever.
 
Can you imagine  the consternation of  the user?  He  has become dependent  on a
booby-trapped program.  His business could simply disappear.  For the savings of
$500 (stolen program), he could lose everything he has.
 
Several firms  threatened to  insert worms  into their  programs.  But then they
backed  off.   They  are  afraid  that  lawsuits initiated against them might go
against them in court.   The could be hit  for damages suffered by  the thieving
victims.  Juries might  decide that the  punishment (a bankruptcy)  was too much
for the crime (a $500 theft).
 
So far, no worms are lurking in any commercial software programs -- as far as  I
know and the industry knows, anyway.  But what if a disgruntled programmer  were
to hide one  in a master  copy of, say,  Lotus 1-2-3, the  most popular business
program on the  market?  What if  ten thousand copies  a month go  out for, say,
three years?  Then, without warning,  every company that has started  using them
loses three years of data?  They sue Lotus.  Lotus goes bankupt paying  lawyers.
NO  COMPANY  IN  THE  INDUSTRY  IS  WILLING  TO  TALK ABOUT THIS SABORAGE THREAT
PUBLICLY.  Obviously.
 
 
 
                                  LARCENISTS
 
 
I just happened to  stumble across an article  on worms in a  computer magazine.
It occurred to me that it might be possible to use the worm technique as a  form
of deliberate sabotage rather that just  as a copy protection device.  But  what
did I know?  I'm not a computer expert.
 
I know a computer expert, however.  I mean, a REAL expert -- one of those people
you occasionally read  about.  In the  world of business,  they're called "space
cadets."  They operate somewhere in between the asteroid belt and Jupiter.   But
this one is different.  He's a businessman, too.
 
I got him to sit  down with me to discuss  the problem of worms.  It  turned out
that he  has a  real fascination  for the  topic.  He  tells me  that there  are
advanced  design  worms,  called  'viruses'  by  'hackers'  --  computer   freak
programming genuises.   "The software  virus is  the most  terrifying thing I've
ever come acr

Please report problems with the web pages to the maintainer

Top