The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12 Issue 65

Tuesday 26 November 1991

Contents

o Phone outages expected to be tied to typing mistake
Rudy Bazelmans/Jim Horning
o Weather Service Circuit Failure
PGN
o Problems with nuclear plant safety computer in the UK
Peter Ilieve
o Results of Train Accident Investigations
Jymmi C. Tseng
o Bank misdeposits money
David Shepherd
o Mass. Governor wants to sell list of drivers licenses [Yes and No]
Kent Quirk
o CPSR FOIAs U.S. Secret Service
Craig Neidorf
o The Trojan Horse named `AIDS'
PGN
o Banning of autodialers?
John Sullivan
o A new risk for computer folks? -- computers and termination policy
Mark Bartelt
o E911 system brought to it's knees by a prank
Glenn S. Tenney
o Study on Computer Addiction
Chris
o Info on RISKS (comp.risks)

Phone outages expected to be tied to typing mistake

Jim Horning <horning@Pa.dec.com>
Tue, 26 Nov 91 11:00:51 PST
    [Originally forwarded by Rudy Bazelmans to Alan Martin to Bill McKeeman]

DSC Communications - Phone outages expected to be tied to typing mistake
The Wall Street Journal, 25Nov91, p.B4.

  A final report that may be presented to the Federal Communications Commission
this week is expected to conclude that a mistyped character in software from
DSC Communications Corp. resulted in several local-telephone service outages
last summer. The report, compiled by Bell Communications Research Corp., also
will show that the software didn't cause the failures alone. Faulty data,
failure of computer clocks and other triggers led to a chain of events that
caused the outages, according to the Dallas Morning News, which said it
obtained a copy of the report. The newspaper said the report will conclude that
none of the "trigger" events were caused by computer hackers. The disclosure
echoes testimony before Congress last July, in which DSC officials admitted
that three bits of information in a huge computer program were incorrect,
omitting computational procedures that would have stopped DSC's signaling
system from becoming congested with messages. A spokesman for DSC, which makes
the signal transfer point that carries signals to set up a call, but not the
call itself, confirmed that a "6" in a line of computer code should actually
have been a "D." That one error caused the equipment and software to fail under
an avalanche of computer-generated messages. The error was in an April software
modification for the signal transfer point systems. The spokesman said the
company won't distribute final copies of the report until Bellcore, as the
research consortium of the Baby Bells is known, presents a copy to the FCC and
a congressional telecommunications committee, possibly this week.

   [For background, see Ed Andrews' earlier NY Times article excerpted in
   RISKS-12.05, 11 July 1991.]


Weather Service Circuit Failure

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 25 Nov 91 12:04:57 PST
   WASHINGTON (AP, 23 Nov 91)
   A National Weather Service circuit that serves as the source of routine
weather information for most of the nation's newspapers and broadcast stations
was knocked out for 12 hours on Friday.  Urgent weather information flood or
storm warnings and watches remained available to most outlets because that
information is carried on a separate circuit relayed by The Associated Press.
But the 9:04 a.m. EDT outage of the weather bureau's Public Products Service
meant that routine forecasts were nonexistent for many media outlets until the
wire was restored at about 9 p.m.  [...]
   The AP was able to restore routine weather service to many of its members
before the PPS problem was solved because of a temporary arrangement with the
Contel Federal Systems Division of GTE, which has a contract from the Weather
Service.  [...]  Weather Service spokesman Bud Litton declared the "problem was
due to a major foulup by Bell Atlantic."


Problems with nuclear plant safety computer in the UK

Peter Ilieve <peter@memex.co.uk>
Mon, 25 Nov 91 10:47:47 GMT
Here is a story that appeared on the front page of the Independent on Sunday,
a UK `quality' paper, on 1991 Nov 24.

Sellafield safety computer fails

by Tom Wilkie and Susan Watts

Britain's nuclear watchdog has launched a full-scale investigation into
the safety of computer software at nuclear installations, following an
incident at the Sellafield reprocessing plant in which computer error
caused radiation safety doors to be opened accidentally.

The investigation, by the Nuclear Installations Inspectorate (NII),
could affect the computer-controlled safety system that Nuclear Electric
wants to install at the new Sizewell B pressurised water reactor under
construction in Suffolk.

Sizewell B will be the first nuclear power station in the UK to rely
heavily on computers, rather than people, in its primary protection system.
Nuclear Electric argued that they would be safer.

The \pounds240 million Sellafield plant, opened in February by Micheal
Heseltine, Secretary of State for the Environment, was expected to help
British Nuclear Fuels (BNFL) to return waste to its country of origin.
The plant encases high-level waste in glass blocks for transport and
storage, using a process that is known as vitrification.

In mid-September, a ``bug'' in the computer program that controlled the
plant caused radiation protection doors to open prematurely while highly
radioactive material was still inside one chamber. Nobody was exposed to
radiation and the plant has since been shut down, but the incident has
rung alarm bells within the nuclear inspectorate.

The inspectorate originally judged the computer software that controls
safety as acceptable --- partly because it consisted of only a limited
amount of computer code. However, the computer program was later amended
with what is known as a software ``patch''. It is this patch that is
thought to have caused the doors to open too soon.

BNFL did not believe that the amendment had any safety significance. The
inspectorate is investigating not only the computer technology itself,
but also BNFL's bureaucratic procedures.

Under British regulations, the safety-related functions of a nuclear power
station must be completely separate from its normal control systems.  Nuclear
Electric wants to have a computer-based system for both the control and the
safety functions at the new Sizewell pressurised water reactor.  However, the
safety-related computer program has grown so complicated that the distinction
between the software which controls the reactor and that which protects it has
become blurred. It is also almost impossible to check that the software would
react as it should if the reactor were to behave in a dangerous way.

The protection software is thought to have reached its current size because it
incorporates extra features which, although desirable, have complicated its
structure. Observers doubt that Nuclear Electric will be able to convince the
inspectorate that the software will function as designed.

The integrity of the software is the last technical issue on the safety
of Sizewell still to be sorted out, according to the NII. The inspectorate
feels the performance of the software, like the safety of the steel pressure
vessel, cannot be demonstrated on the basis of previous operating experience.

A BNFL spokesman said the company had completed an internal inquiry in the
last few days but had yet to send results to the nuclear inspectorate. It
does not expect the plant to reopen before mid-December.
---

A short description of the organisations involved for non-UK folk: British
Nuclear Fuels Limited (BNFL): A company, but all its shares are owned by the
government, either directly or indirectly via other companies like Nuclear
Electric. BNFL provides fuel manufacturing and reprocessing for both civil and
military programs. Its main plant is at Sellafield but it has plutonium
production reactors at Chapelcross in Scotland and an enrichment plant at
Capenhurst.

Nuclear Electric: A company, but wholly owned by the government. During the
privatisation of the electricity generation and distribution industry in the UK
it became clear that the nuclear part was unsaleable, so the goverment kept it.
Nuclear Electric owns all the nuclear power stations in England and Wales.
There is a similar company, Scottish Nuclear, for the stations in Scotland.

Nuclear Installations Inspectorate (NII): The UK nuclear regulatory body.  No
nuclear plant can operate without a licence from it. It is part of the Health
and Safety Executive, which is the statutory body for most health, safety and
pollution matters in the UK.
                                Peter Ilieve   peter@memex.co.uk

   [Also noted by John.Fitzgerald@newcastle.ac.uk (John Fitzgerald)]


Results of Train Accident Investigations

Jymmi C. Tseng <u431573@imux200.mgt.ncu.edu.tw>
Wed, 27 Nov 91 03:38:30 +0800
Abridged from China Times Nov. 23, 1991.

RESULTS OF TRAIN ACCIDENT INVESTIGATIONS INDICATE DRIVER'S NEGLECT OF TRAFFIC
SIGNALS DIRECT CAUSE OF ACCIDENT.

ACCORDING TO THE TRANSPORTATION SAFETY COMMITTEE OF THE RAILROAD AGENCY,
FAILURE OF AUTOMATIC WARNING AND BRAKES NOT CITED AS MAJOR CAUSE.

The transportation safety committee of the railroad agency announced the results
of its investigations into the Nov. 15th accident, when "Freedom" express
train 1006 rammed into the side of another incoming express train, and caused
30 deaths and 100 plus injuries.

The fact that the "Freedom" express train had knowledge before starting from
station that its safety systems were not working and yet allowed to carry
passengers was not cited as a direct cause.

After collecting onsite evidence, eyewitness reports, and five meetings, the
traffic signals were determined to be normal, because 5 previous trains
reported no problems with the signals.

       B Freedom 1066       C
  ===<#####<############>=====================
          #   (65 km/h)         /
       #    A              /
        ####>======================
        Oncoming Express Train

The oncoming express train was supposed to travel on the secondary route A
because of it's lower priority.  But the "Freedom" express 1006 was travelling
at 86km/h at point C and it was one minute early and interpreted the "slow
down" signal at C as an "go ahead".In the meantime, the oncoming express train
had only time to reach A when the "Freedom" express rammed into it's side at
point B with a speed of 65 km/h, emergency brakes applied only 70 minutes
before collision.

If the driver had followed the signal at C, there would have been no accident.

The paper cited that all accidents are caused by many individual incidents,
which unfortunately coincided at the same time, not the direct cause of any
singular event. If we look closely, we will see:

1) If "Freedom" 1066 had reduced speed according to
   the signals, there would have been no collision.
2) If the warning system had been working, the system
   would have warned the driver to reduce speed.
3) If the automatic braking mechanism had been working,
   emergency brakes would have been applied automatically
   and there might not have been so serious.

The results of the investigations are therefore not convincing enough.
Obviously, the current railroad procedures are at fault because trains with
faulty safety mechanism which are not "readily fixable" to carry passengers, on
the condition that drivers are given notice of their condition.

The reporter made an comparison to a public bus, it would be analogous to
telling the driver of a public bus without brakes to drive with only the hand
brakes, and extreme caution.

If operational procedures which have proved wrong and yet neglected is
definitely a management problem.  The negligence of the committee to address
the overall problem, but only to emphasize the direct cause is a sacrifice of
public safety and human lives.

Jymmi C. Tseng, National Central University, Taiwan, R.O.C.


Bank misdeposits money

David Shepherd <des@inmos.com>
Mon, 18 Nov 91 10:34:18 GMT
An item in the personal finance section of The Times (London) on Saturday told
how someone had paid in a sizeable check into their account and then been
surprised when a few days later the bank started bouncing checks. When he
investigated he found that the check had not been credited to his account. The
bank fairly quickly admitted that there had been a mistake but said they could
not credit the money to him until they found where it had gone. When they
explained the situation a few days later they said that a the clerk processing
the check had dropped the last digit of his account number, the computer had
decided that he had not typed a leading zero and this matched another account
number at that branch!

david shepherd: des@inmos.co.uk or des@inmos.com    tel: 0454-616616 x 379
                inmos ltd, 1000 aztec west, almondsbury, bristol, bs12 4sq


Mass. Governor wants to sell list of drivers licenses

<lotus!"CRD!Kent_Quirk@LOTUS"@uunet.UU.NET>
Wed, 20 Nov 91 14:50:34 EST
WBUR-FM reported this morning (11/20/91) that Massachusetts Governor William
Weld has targeted for change some 140 laws and regulations that he says cause
difficulties to those trying to do business in Massachusetts.  One of his
planned remedies is to sell the list of people holding a Massachusetts driver's
license.  The list contains approximately four million names, addresses and in
most cases, Social Security numbers.  This is because Massachusetts uses the
Social Security number as a license number, except when specifically requested
not to.

It would require an act of the state legislature to make this possible; they
may find it attractive because selling the list could earn some $5 Million at a
time when state budgets are VERY tight.
                                                   [SEE NEXT ITEM.  PGN]


Mass. Governor NO LONGER wants to sell list of drivers licenses

<lotus!"CRD!Kent_Quirk@LOTUS"@uunet.UU.NET>
Thu, 21 Nov 91 11:21:05 EST
Boston Globe, Nov 21 1991:

One day after unveiling the proposal, [Massachusetts] Governor Weld yesterday
scrapped plans to sell computer access to Registry of Motor Vehicles records to
private companies, saying he was swayed by concerns it could violate motorists'
privacy.  "As someone who is always working to keep government out of our
personal lives...I do not want to make state government an accomplice in the
dissemination of personal information about law-abiding citizens," Weld said.

(Funny -- the day before yesterday he said something along the lines of "If
people don't want their social security numbers included, they can just apply
for a license without one.")
..
The records are already publicly available, but only by requesting a cumbersome
manual search by Registry clerks, which is costly.  Weld aides estimated the
state could make $5 Million a year by allowing firms to buy direct online
computer access.  However, civil libertarians...expressed concern that the move
would make it far easier for companies to obtain sensitive information, such as
Social Security numbers, which are used as drivers' license numbers, unless
people request otherwise.  They also feared that it would become easier to
obtain information about people's ages and the cars they own [which could be
used] to target marketing campaigns.

I was worried that the legislature would find this proposal attractive because
of the added revenue, but apparently people are waking up to privacy risks.
This reminds me of the Lotus Marketplace snafu.


CPSR FOIAs U.S. Secret Service

Craig Neidorf <knight@eff.org>
Fri, 22 Nov 1991 17:08:47 -0500
I just received this from CPSR so I am passing it on to RISKS:

     The Secret Service's response to Computer Professionals for Social
Responsibility's (CPSR) Freedom of Information Act (FOIA) request has
raised new questions about the scope and conduct of the agency's
"computer crime" investigations.  The documents disclosed to CPSR
reveal that the Secret Service monitored communications sent across the
Internet.  The materials released through the FOIA include copies of
many electronic newsletters, digests, and Usenet groups including
"comp.org.eff.talk," "comp.sys.att," "Computer Underground Digest"
(alt.cud.cu-digest)," "Effector Online," "Legion of Doom Technical
Journals," "Phrack Newsletter," and "Telecom  Digest (comp.dcom.
telecom)".  Currently, there is no clear policy for the monitoring
of network communications by law enforcement agents.  A 1982 internal
FBI memorandum indicated that the Bureau would consider monitoring on a
case by case basis.  That document was released as a result of a
separate CPSR lawsuit against the FBI.

     Additionally, we have found papers that show Bell Labs in New
Jersey passed copies of Telecom Digest to the Secret Service.

     The material (approximately 2500 pages) also suggests that the
Secret Service's seizure of computer bulletin boards and other systems
may have violated the Electronic Communications Privacy Act of 1986 and
the Privacy Protection Act of 1980.

     Two sets of logs from a computer bulletin board in Virginia show
that the Secret Service obtained messages in the Spring of 1989 by use
of the system administrator's account.  It is unclear how the Secret
Service obtained system administrator access.  It is possible that the
Secret Service accessed this system without authorization.  The more
likely explanation is that the agency obtained the cooperation of the
system administrator.  Another possibility is that this may have been a
bulletin board set up by the Secret Service for a sting operation.  Such
a bulletin board was established for an undercover investigation
involving pedophiles.

     The documents we received also include references to the video
taping of SummerCon, a computer hackers conference that took place in
St. Louis in 1988.  The Secret Service employed an informant to attend
the conference and placed hidden cameras to tape the participants.  The
documents also show that the Secret Service established a computer
database to keep track of suspected computer hackers.  This database
contains records of names, aliases, addresses, phone numbers, known
associates, a list of activities, and various articles associated with
each individual.

     CPSR is continuing its efforts to obtain government documentation
concerning computer crime investigations conducted by the Secret
Service.  These efforts include the litigation of several FOIA lawsuits
and attempts to locate individuals targeted by federal agencies in the
course of such investigations.

     For additional information, contact:

     dsobel@washofc.cpsr.org (David Sobel)


The Trojan Horse named `AIDS' (RISKS-9.55, 65)

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 25 Nov 91 11:06:31 PST
A recent AP item from London (U.K. May Drop Computer Lawsuit) noted that
prosecutors had requested that the case against Joseph W. Popp had be dropped.
for lack of evidence.  Popp, 39, of Willowick, near Cleveland, Ohio, a former
consultant with the World Health Organization, had been arrested in the U.S. in
February 1991, extradited to Britain, and charged with blackmail and
distortion.  The warrant alleged that Popp distributed around 20,000 computer
diskettes from London in December 1989 containing information on AIDS for use
by hospitals and medical researchers.
   According to the U.S. attorney's office in Cleveland, Ohio, when the
diskettes were inserted into personal computers by unsuspecting recipients,
they found themselves unable to retrieve any data at all from their machines.
At the end of the program, the diskettes asked the computer user for a leasing
fee of $378, then printed an invoice with a Panama address where money was to
be sent, federal prosecutors said.
   Computer operators were told on the invoice that the rogue program they had
inserted into their machines would stop them from working until the money was
paid, when they would receive a "de-contamination" diskette.
   Popp's lawyers have maintained that a clear warning of the consequences of
using the diskettes was included in the packaging and that he had committed no
crime.


Banning of autodialers?

<sullivan@geom.umn.edu>
Sat, 23 Nov 1991 14:56:26 -0600
Congress is considering a bill outlawing autodialers.  Edmund Andrews
reports in the Oct 30 New York Times that 20,000 such machines are working
in the US, each making 1000 calls every day.  The machines usually are
programmed to go through an entire exchange, calling each number and
speaking at whoever or whatever answers.  It might urge the listener to
dial a 1-900 number, or try to record the names of interested parties.

Supposedly, small businesses make the most use of these devices; large
companies can hire live operators to man central phone banks.  It's not
clear to me why such services can't be contracted out to smaller local
businesses.  Some states have already banned the use of these devices,
and now Congress is likely to ban them for interstate use.  One salesman
who uses an autodialer illegally was interviewed, an says he uses a false
name in the solicitation until he trusts a potential customer.

Autodialers seem to get the most negative publicity when they run through all
extensions at some business, perhaps leaving voice mail or typing up pagers.
To me, this is less worrisome than the calls to residential customers.  There
was no mention of the definition of an autodialer, though it seems that devices
which automatically call computers would not be covered under the law.

-John Sullivan


a new risk for computer folks? -- computers and termination policy

Mark Bartelt <sysmark@orca.cita.utoronto.ca>
Mon, 18 Nov 91 13:16:23 EST
Last week, 81 (of 120) support staff positions at the University of Toronto's
Faculty of Medicine were eliminated; 79 staff members were summarily dismissed,
and two vacant positions will not be filled.

Most of the victims were dismissed with less than a day's notice, and some with
far less than that.  The university acknowledged that the dismissals violate
the university's policies for layoffs and firings.  An article in The Varsity
(the UofT student newspaper) contained the following:

       Michael Finlayson, vice-president of Human Resources,
    admitted that the university did not follow the staff
    policy on consultation, but said giving notice would
    have caused security problems.
       "The problem in leaving them in their old jobs was
    the computers.  If you release people and then give
    them access to the university's computer system, you
    worry about security."

This raises some interesting questions.  The administration's concerns about
security may not be totally frivolous (but then again, they may be).  But even
if the concerns are justified, and if those concerns can be used as a basis for
an employer to ignore its own policies, then -- given that as time goes on, and
increasingly large percentage of all staff will be using computers in some
capacity -- what's the point of having such a policy at all?

Mark Bartelt, Canadian Institute for Theoretical Astrophysics   416/978-5619


E911 system brought to it's knees by a prank

Glenn S. Tenney <well!tenney@fernwood.UUCP>
Sat, 23 Nov 91 00:55:09 pst
The San Jose Mercury News reported that the San Mateo 911 system was
brought to it's knees because of a prank.  Were you wondering when
some phone phreak or system cracker would do this...

It seems that a disc jokey at KSOL decided to play a recent MC Hammer
record over and over and over... as a prank.  Listeners were concerned
that something had happened to the personnel at the station, so they
called 911 (as well as the police department business line).  It seems
that a few hundred calls in forty five minutes or an hour was enough to
jam up the system.  There was no report in the newspaper of any deaths
or injuries to the overloaded system.

The DJ didn't want to stop playing the record (claiming first amendment
rights), but did insert an announcement to not call the police.

So, it seems that a low tech "assault" on a 911 center could be quite
effective.  The system in question provides E911 for a few communities
in the San Francisco Bay Area.  This is the same center that went down
following the Loma Prieta earthquake a couple of years ago.  At that
time, they lost power and switched over to the emergency generator only
to find that just starting a generator once a month wasn't enough --
the generator conked out in about an hour!

Glenn S. Tenney


Study on Computer Addiction

CSRI Distribution Manager <distrib@turing.toronto.edu>
Fri, 22 Nov 1991 15:16:10 -0500
A group of researchers at the Ontario Institute for Studies in Education are
currently conducting research on person/computer interaction to address the
issue of computer addiction.  We would dearly love to here about people's
experiences in this matter and would be willing to post the results to risks.

We are most interested in hearing from people who at some time have felt that
they were spending more time (especially recreational time) at the computer
than they really thought they should.

Please feel free to contact me directly at: distrib@turing.toronto.edu
Thanks very much.    Chris

Please report problems with the web pages to the maintainer

Top