The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 04

Monday 20 January 1992

Contents

o Russian Computer Productivity in AScent in de Scent Exposure
o Gulf war virus? [2]
Phil R. Karn
o Re: PC virus infects UNIX system
A. Padgett Peterson
o Ohio justices fight over computer snooping
Dave Harding
o Rumor: No 1992 for AT&T?
Thomson Kuhn
o Another ATM Risk story
Josh Quittner
o Words for theft of passwords
Mark R Cornwell
o Info on RISKS (comp.risks)

Russian Computer Productivity in AScent in de Scent Exposure

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 20 Jan 92 14:47:38 PST
   Fruit and flower smells [are] good for computer operators
   Moscow, 13 Jan 1992 (tass), by tass correspondent Lyubov Dunayeva

Overloads to computer operators, who have to spend hours before displays every
day, can be eased if the air in the room is saturated with the smells of fruit
and flowers, psychologists say.  Expert experiments [!] have shown that the
scent of lemon, jasmine or eucalyptus boosts productivity and alleviates
drowsiness.  The jasmine smell in a computer room reduces keyboard errors by
almost 30 per cent, and lemon aroma by almost 50 per cent, tass was told at a
surgery research center of the russian academy of sciences.

             [Jasmine is clearly more saLyubrious than JazzMax.
             By the way, those of you who have read Nabakov's paean to
             programming* language, "Ada 

Gulf war virus?

Phil R. Karn <karn@thumper.bellcore.com>
Sat, 11 Jan 92 18:34:05 EST
    [The following items have stirred up considerable interest and confusion.
    It seems worthwhile running both the original item and its followup for
    those of you who missed them.  PGN]

Something in this story doesn't add up. How could a "printer" infect a computer
with a "virus"?   [PRK]

U.S. Spies Planted Computer Virus in Iraqi Defense System
       WASHINGTON (AP) _ U.S. intelligence agents reportedly inserted a
computer virus into a network of Iraqi computers tied to that country's air
defense system several weeks before the start of the Persian Gulf War.  The
virus, U.S. News and World Report says in its issue dated next week, was
designed by the supersecret National Security Agency at Fort Meade, Md., and
was intended to disable a mainframe computer.  Citing two unidentified senior
U.S. officials, the magazine said the virus appeared to have worked, but it
gave no details. It said the operation may have been irrelevant because of the
allies' overwhelming air superiority.
       The secret operation began when American intelligence agents
identified a French-made computer printer that was to be smuggled from Amman,
Jordan, to a military facility in Baghdad, the magazine said.  The agents in
Amman replaced a computer microchip in the printer with another microchip that
contained the virus in its electronic circuits. By attacking the Iraqi computer
through the printer, the virus was able to avoid detection by normal electronic
security measures, the report said.  ``Once the virus was in the system, the
U.S. officials explained, each time an Iraqi technician opened a `window' on
his computer screen to access information, the contents of the screen simply
vanished,'' U.S. News reported.
       The report is part of a book, based on 12 months of research by U.S.
News reporters, called ``Triumph Without Victory: The Unreported History of the
Persian Gulf War,'' to be published next month.
       In a series of adaptations from the book, U.S. News also reported
that two 5,000 pound bombs developed by the Air Force during the Gulf War,
called GBU-28s, were dropped on a command bunker on the second-to-last day of
the war with the explicit purpose of killing Iraqi President Saddam Hussein.
The fact that the bombs were dropped Feb. 27 has been reported previously, but
U.S. officials have repeatedly denied that Saddam was the intended target.
       Gen. Ronald Yates, commander of Air Force Systems Command, told
reporters last year that the bombs were aimed at ``senior staff'' of the Iraqi
military.
       U.S. News also said it had calculated, with the help of private
defense analysts in Washington, that as few as 8,000 Iraqi soldiers may have
been killed in the war. The U.S. government has made no official estimate of
Iraqi casualties, although the Defense Intelligence Agency has said the number
killed may range between 50,000 and 150,000.


I *knew* it sounded fishy!

Phil R. Karn <karn@thumper.bellcore.com>
Mon, 13 Jan 92 15:48:46 EST
News Report of Computer Virus Attack On Iraq Is Similar To Hoax Report
ROBERT BURNS, Associated Press Writer
       WASHINGTON (AP) _ A newsmagazine report that U.S. intelligence
agents planted a disabling ``virus'' in an Iraqi military computer network
before the Gulf War is strikingly similar to an article published last year as
an April Fool's joke.  The main author of the U.S. News and World Report
article, Brian Duffy, said Monday, ``I have no doubt'' that U.S. intelligence
agents carried out such an operation, but he said the similarities with the
spoof article were ``obviously troubling.''  Duffy said the magazine was
rechecking the sources who told it of the operation to determine whether
details from the spoof article ``leeched into our report.''  [...]
       The main elements of the U.S. News virus story are similar to an
article published in the April 1, 1991, edition of InfoWorld, a computer
industry publication based at San Mateo, Calif. The article was not explicitly
labeled as fiction but the last paragraph made clear that it was an April
Fool's joke.  [...]
       The U.S. News report is part of a lengthy collection of stories that
it said would be published in February by Times Books-Random House as a book,
titled ``Triumph Without Victory: The Unreported History of the Persian Gulf
War.''
       The Associated Press carried a report on the U.S. News story on
Saturday, as did some other media. Questions about the story arose Monday when
a number of readers called The AP to say the virus account was curiously like
the InfoWorld article.  That article said the virus was designed by the
National Security Agency for use against Iraq's air defense control system, and
that the CIA had inserted the virus into a printer being smuggled into Iraq
through Jordan before the war began.  ``Then the virus was on its own, and by
Jan. 8, the allies had confirmation that half the displays and printers in the
Iraqi air defense system were permanently out of commission,'' the InfoWorld
article said.
       The U.S. News report also said the virus was developed by the
National Security Agency. It said that once the virus was in the Iraqi computer
network, ``each time an Iraqi technician opened a `window' on his computer
screen to access information, the contents of the screen simply vanished.''
       The InfoWorld article also said the virus was designed to attack
``window'' technology in which an operator gains access to information in the
computer by use of an electronic pointing device rather than typing in
commands.
       John Gantz, who wrote the InfoWorld article, said in a telephone
interview Monday that it was fictional and that he had no knowledge of any such
intelligence operation.
       Duffy said he had not heard of the InfoWorld spoof. In response
to an inquiry by The Associated Press, he said a U.S. News reporter
in Tokyo got the ``initial tip'' on the computer virus story, which
the reporter then confirmed through ``a very senior official'' in
the U.S. Air Force.
       Duffy said he personally confirmed the story through a senior
official in the Air Force and a senior intelligence official. He said he could
not reveal the three sources' names because they had spoken to U.S. News on
condition of anonymity.
       Both the U.S. News and InfoWorld articles stressed that the reason
for placing the virus in the printer was to circumvent normal anti-tampering
systems in mainframe computers.
       Some private computer experts said, however, that it seemed highly
unlikely that a virus could be transferred to a mainframe computer from a
printer.
       ``A printer is a receiving device. Data does not transmit from the
printer to the computer,'' said Winn Schwartau, executive director of the
International Partnership Against Computer Terrorism.

     [The original report was also noted by
                    Roland Ouellette 

Re: PC virus infects UNIX system (Bear Giles, RISKS-13.03)

A. Padgett Peterson <padgett%tccslr.dnet@uvs1.orl.mmc.com>
Fri, 10 Jan 92 21:03:46 -0500
>We were configuring the ethernet card on our new 486 UNIX (SVR5) box ...

Please note that this does not mean UNIX systems are infectable by PC viruses,
rather computers that use PC BIOSes can be damaged (not infected) by a
certain class of PC viruses known as Master Boot Sector Infectors of which
the STONED is probably the best known example.

This has been known by people who understand the architectures involved for
some time. It does not mean that the STONED can infect a SPARC-station
or HP/Apollo (it cannot).

What happened is that when the machine was booted with a DOS disk, the STONED
being unintelligent, found the fixed disk, assumed it was another DOS disk,
copied itself to absolute sector 1 and the original sector 1 to sector 7.

At this point the question becomes one of whether this actually overwrote
any important data or, since the STONED changes the fixed disk access in a
manner incompatible with UNIX, prevented the re-boot from acting properly
(in this case all that is needed for recovery is to copy sector 7 back to
sector 1. In the first case it would be necessary to rebuild sector 7 also).

For some time I have been distributing as FREEWARE two technology
demonstrators: SafeMBR and NoFBoot directed at stamping out this kind of
problem in the DOS world by making it impossible for MBR infectors like
STONED or its clones AZUSA, MICHELANGELO, NOINT, or EMPIRE to spread. Both
are tiny and only one (NoFBoot) requires any RAM (c.a. 500 bytes). They
would not have prevented the damage caused to the Unix system by booting
from an infected DOS disk. They would have prevented the machine "across
the hall" from infecting the disk in the first place.
                            Padgett Peterson

      ps I know they can be found on urvax.urich.edu, 141.166.1.6


Ohio justices fight over computer snooping

Dave Harding, x2971 <HARDING@MDTF00.FNAL.GOV>
Wed, 15 Jan 1992 16:03:48 -0600 (CST)
Ohio justices probed over alleged fight (Chicago Tribune, 8 November 1991)

COLUMBUS, Ohio - An investigation is under way into allegations that an Ohio
Supreme Court justice angrily wrestled a fellow justice to the floor over
complaints about computer file snooping, state police said Thirsday.  Associate
Justices Craig Wright and Andrew Douglas scuffled in front of fellow Justice
Alice Robie Resnick until two of her clerks separated the pair.  The witnesses
said that Douglas confronted Wright over comments he reportedly had made about
Douglas' secretary, Sue Pohlman.  Wright said Wednesday that he and Douglas had
a "little disagreement."  He would not comment further Thursday.  Douglas said
he has been told that the State Highway Patrol is investigating.

  I clipped this a while ago but didn't send it in, hoping that an Ohio
correspondent would report with more details than this digested wire service
bulletin offered.  It is not clear who was alleged to have been doing the
snooping in the others computer files.  Nor is it clear whether the scuffle was
over what was recorded in those alleged files or over the alleged snooping.

  The question for RISKS is, as it often is, whether the incident would have
happened without a computer.  Would the offending notes have been made and
retained?  Would the other party have snooped?  Would the parties gotten so
excited?


Rumor: No 1992 for AT&T?

Thomson Kuhn <70007.5444@compuserve.com>
11 Jan 92 11:11:52 EST
I have not confirmed this personally.  I heard it from an AT&T VAR.  He claims
that no AT&T PCs can have their system dates set to 1992 via the DOS DATE
command.  Something about some prom code only accepting an 8 year range which
ended in 1991.  Further, he claims that the patch, now shipping, only provides
for an additional 8 years!
                                              Thomson Kuhn


Another ATM Risk story, from AP

"josh quittner" <quit@newsday.com>
Fri, 17 Jan 1992 12:15:30 est
NOTE: Last graf. JQ [1.800.544.5410 (2806 at tone)]

    SYRACUSE, N.Y. (AP) _ Curtis Ratliff hit the jackpot when he stuck a stolen
credit card into an automatic teller machine four months ago, and it spit out
$5,600.  But Ratliff's luck ran out in court Thursday when he pleaded guilty to
third-degree grand larceny, the Syracuse Post-Standard reported.
    In September, Ratliff stole a woman's purse from her car. The woman had
left her personal identification number for the ATM in the purse along with the
card.  Ratliff inserted the stolen card into a grocery store ATM, which started
ejecting $20 bills, much to Ratliff's surprise.  Twenty minutes later, Ratliff
had stuffed $5,600 into his pockets.  ``He became blinded to the reality of
what he was doing, and the money just kept coming,'' Ratliff's lawyer, James
Hopkins, told the Post-Standard.
    Ratliff made similar thefts at several other Price Chopper grocery store
ATMs, stealing a total of $63,900.  Ratliff, 36, of Kirkville, was sentenced
Thursday to five years' probation for the theft.  ``I'm sorry for what I did,''
Ratliff told County Judge Patrick J. Cunningham. ``It won't happen again.''
    Ratliff, who was suspended from his job as an equipment salesman after his
arrest, has repaid all but $1,800 of the money he stole, Hopkins said.
    ATMs, which hold up to $20,000, usually limit withdrawals on a single card
to several hundred dollars in a 24-hour period, industry experts said.  The
Price Chopper machines were apparently incorrectly programmed.


words for theft of passwords

Mark R Cornwell -- Mind Tools Corp <cornwell@rock.concert.net>
Fri, 17 Jan 92 00:19:25 -0500
This from the February 92 Atlantic Monthly column, Word Watch by Anne H.
Soukhanov...

  shoulder surfing -- noun, slang, the theft of computer passwords or access
  codes, such as long distance telephone access codes, by reading the numbers
  over the shoulders of authorized users: "How do outsiders discover a
  company's codes? by '*shoulder surfing*,' 'dumpster diving', and stealing
  calling cards" (Investor's Business Daily).

  BACKGROUND: *Shoulder surfers* operating in the telephone marketplace are
  typically found in airports, train stations, and other crowded areas.  In
  some instances they position themselves on balconies above phone booths and
  use binoculars to read callers' access numbers, which they later sell for
  $5-$10 each.  Such fraud now costs long-distance companies some $1.5 billion
  a year -- triple the damages incurred in 1985.

       [Such fraud?  Well, NOT JUST shoulder surfing alone...   PGN]

Please report problems with the web pages to the maintainer

Top