The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 64

Tuesday 14 July 1992


o RISKS (and CSL.SRI.COM) outage
o Phreaking/Blue Box program
Klaus Brunnstein
o Five `Hackers' Indicted
o Huge credit card record theft uncovered
Norm deCarteret
o Risks quotation
Jonathan Bowen
o Re: Newsweek Vincennes article
Dan Sorenson
o Re: Airbus
Mark Brader and Keith Barr
o Re: When Cryptography is Outlawed...
Fran Litterio
Arthur L. Rubin
o Info on RISKS (comp.risks)

RISKS (and CSL.SRI.COM) outage

RISKS Forum <>
Tue, 14 Jul 92 17:19:10 PDT
Due to a major disk crisis early Saturday from which RISKS has just recovered,
some mail to CSL.SRI.COM may have been rejected.  Please resubmit NOW if that
was the case with anything you sent to RISKS or RISKS-REQUEST.  When I finally
was able to check my mail, a big gap on send dates is evident.  Thanks.  PGN

Phreaking/Blue Box program

Mon, 6 Jul 1992 21:42:49 +0200
CAPITAL, a German monthly specialized in financial aspects of economy, had a
story, in it's July edition, about a phone phreak "Kimble" who offers an
AMIGA-based program with built-in frequencies to switch your telecom connection
over more than 20 countries. In June, he demonstrated this program in CAPITAL's
office in Duesseldorf, in the presence of some experts from a criminal agency
and an IT security experts. German Telecom was informed days ahead the
presentation but could not trace his dialling experiments which lead him from
Duesseldorf to Canada (known as normal entry of European Phreaks to the New
World), and so on. Kimble said that non-traceability be a major new feature of
this blue-boy program "Unlimited Assess (Multi-Frequency Dialler)".

Phreaking was practiced, for some time, also in Hamburg's Chaos Club. In last
year's Chaos Congress, they once more held a seminar on Phreaking (given by
the Dutch Hac-Tic group; the German report on this part is available, with the
Chaos Congress' documentation, either from CCC or from Virus Test Center's ftp
site).  CCC and Hac-Tic freely distributed information on blue box programs
for PCs and 68000 systems. Due to this action, the price of a blue box program
went down significantly (from about 500 DM to about 100 DM), and one can
upload blue box programs together with games from ordinary BBS. But German
Telecom said that the holes which these programs exploit have been patched.

When CAPITAL first contacted me (before the experiment), I was not very
impressed. But the the experiment continued, and some really shocking results
were reported: when German Telecom could also neither trace nor intercept a
second experiment, they reportedly asked some Canadian experts for assistance.
When they watched and tried to close the hole, they observed that somebody just
worked in their "system" to implant some Trojan horse (don't ask me how,
because if I believe Telecom, there is ***no connection to the outside*** When
they patched the holes in changing some frequencies, this evidently was
immediately "mediated" (path unknown) to the phreaks (organised in a group
"Dope", evidently working internationally). Unlimited Access comes with a
1-year guarantee of free updates of frequencies: this is different from other
blue-boy programs and may verify the unusual price (15,000 DM, about 10,000 $),
but remember that this program excludes being traced by Telecoms!  And the
group evidently "received" the updated frequencies immediately and distributed
them to their "clients".

Just for *caution and clarification*: due to the stress of end-of-semester, I
couldnot personally observe the experiment. My report is based on some
telephone discussions (not bluebox-dialled) with the journalist, on the
assessment of a participating colleague which I trust, as well as on some
discussions which I had with Telecom on related matters, and with some phreaks
in my neighbourhood *:)

Klaus Brunnstein

Five `Hackers' Indicted

"Peter G. Neumann" <>
Thu, 9 Jul 92 11:36:11 PDT
  Articles in the NY Times, Washington Post, and elsewhere on 9 July 1992 gave
details of federal grand jury indictments on 8 July of five New York City area
computer ``hackers''.  The five, who call themselves ``Masters of Disaster''
and ``Masters of Deception'' (MOD), are Julio Fernandez, 18 (``Outlaw'' --
Bronx), John Lee, 21 (``Corrupt'' — Brooklyn), Mark Abene, 20 (``Phiber
Optik'' — Queens), Elias Ladopoulos, 22 (``Acid Phreak'' — Queens), and Paul
Stira, 22 (``Scorpion'' — Queens).  The 11-count indictment accuses the
defendants of computer tampering, computer fraud, wire fraud, illegal
wiretapping and conspiracy — including system disruptions and stealing data,
including 176 confidential reports on consumers' credit ratings (which they
sold), and breaking into computer-communication systems (e.g., a Southwestern
Bell 5ESS switch in El Paso, ITT, and TYMNET, Bank of America,
Martin-Marietta), credit reporting services (TRW), databases (Trans Union Corp,
Information America), and universities (NYU, U.Washington).  On Nov. 28, 1989,
they allegedly wiped out nearly all of the information in a computer used by
the Educational Broadcasting Corp., public television station WNET, Channel 13
in New York.  They face up to 5 years in prison for each count, or 55 years in
total, plus a maximum fine of $250,000 for each count.  Court-ordered wire-taps
were used (apparently the first time for data transfers).

The Times article included this:

   In the 11-count indictment, the men were accused of holding a conversation
   on Nov. 6, 1991, in which they discussed obtaining information on how to
   alter TRW credit reports adding or removing credit delinquency statements,
   for example to ``destroy peoples lives or make them look like saints.''

   They are also accused of a conversation on Nov. 14, 1991, of discussing a
   lengthy list of institutions with computers that one of them said, ``We've
   just got to start hitting these left and right.'' These institutions
   included government offices, private companies and an Air Force base.

   The federal indictment was handed down in Manhattan and was the result of a
   joint investigation by the U.S. attorney's office, the Secret Service and
   the FBI.

"Huge credit card record theft uncovered"

Norm deCarteret 813-878-3994 (TL 438) <>
Sun, 12 Jul 92 19:45:05 EDT
Source:  St Petersburg Times, 7/11/92, pg B1, Jane Meinhardt

A Time Inc. employee offered detectives computer records on thousands
of credit cards - for a price...on the street for $1 each

Pinellas County sheriffs detectives on Thursday arrested a Time employee who
they said had information on more than 3,000 credit cards, including account
numbers, expiration dates...A tipster reported the fraud scheme mid-June to
detectives who met the man 4 buy computer discs and lists of credit
card numbers...Detectives found additional computer discs and other credit card
information in Ferguson's apartment...the data in his apartment would yield
information on 80,000 more credit cardholders, Ferguson told Pinellas County's
Lt. Rick Wilfong.

"There were credit cards numbers from people all over the country.  The
detectives made certain requests for credit card numbers from certain regions.
He told us he had to manipulate the Time system to get them, and he was able to
produce them.  He's not a polished criminal in this type of activity.  But from
what he sold us, he had unusual access to a lot of information he used
fraudulently", Marianne Pasha, sheriffs office [...?].

Thomas Ferguson was charged with 4 counts of trafficking in credit cards.
"We're reasonably sure he didn't sell to anyone else.  He was making attempts
to sell to others but we believe we were the first to buy."  Wilfong Ferguson
had no record of credit card [fraud].  He had been convicted of aggravated
assault in 1988...and sentenced to 3 years in prison and one year probation.

Peter Costiglio, Time VP and spokesman:

- Ferguson was a computer analyst for Time for 1.5 years.
- He's been suspended pending the outcome of the criminal investigation.
- Costiglio refused to discuss Fergusons job or Time's security system.
  "Any company property has been recovered.
  There's been no breach of the security system."

That's a reassuring statement?  Sigh.
                                                  Norm deCarteret

Risks quotation

Thu, 9 Jul 92 10:19:58 BST
Recently I found the following quotation that may be of interest to RISKS

  "To err is human but to really foul things up requires a computer."
             — Farmers' Almanac for 1978 (1977) `Capsules of Wisdom'

This is the only quotation on computers to have made it to `The Oxford
Dictionary of Modern Quotations', Oxford University Press, 1991.

Jonathan Bowen, Oxford University

Re: Newsweek Vincennes article (Frankston, RISKS-13.63)

Dan Sorenson <>
Thu, 9 Jul 1992 05:49:41 GMT
    In the modern battlefield, be it on land or at sea, there is little to
no time for a positive visual ID of the incoming.  A likely RISK is matching
a flight profile or radar pattern to a known threat and firing before being
fired upon.  In this case, few real details have emerged for armchair analysis.
I seem to remember the attacking Japanese flight at Pearl Harbor being
dismissed as a flight of friendly, and unarmed, B-17's when spotted on radar.
One wonders if the system designer remembered this incident when he wrote the
software for the AEGIS system.  When there are billions of warship to protect,
and civilian lives in the area, which do you choose to protect at all costs?

>One is the image of a technician madly scanning through a dog-eared issue of
>the OAG (the article didn't mention a brand name) to find the Iranian flight.
>It's hard enough to not miss an entry when in a quiet airport in a single time
>zone.  I realize that tracking civilian flights was not part of the normal
>battle plan, but I presume that the system has still not been updated to link
>to the civilian airline reservation systems or other such sources of
>information.  One change in warfare, which I think the Gulf War illustrated,
>is how the commercial technology has, in many ways, surpassed the military.
>Of course, the online airline info might not be accurate which means a delayed
>flight could still have been missed.

    Do not forget that an F-14 or even a B-2 can be listed as a civilian
727 in normal civilian reservation logs.  If it was my ship, I wouldn't trust
that logbook farther than I could throw it.  If it was on an attack profile,
I'd open fire.  Note that this profile was under investigation for quite a
few days, but I don't remember any conclusive findings being published.

>The other is that the tagging of the plane as an F-14 provided for no level
>of ambiguity.  Even in the heat of battle, can the system cope with multiple
>interpretations of data or does it mindless lock in on a worst case and then
>present it to the befuddled user as fact?

    In a military environment, I would hope so, given the caveat that the
user knows it's a worst-case scenario.  I always assume a worst-case scenario
in my daily network maintainence; would you do less when a warship is at stake?

    NOTE: my experience in the Navy has not given me any knowledge of the
AEGIS system beyond the general that may be found in Janes.  Do not interpret
my comments as being those of a technical expert in the AEGIS system.

Dan Sorenson, DoD #1066

Re: Airbus

Keith Barr <barr@hickory.mmm.ucar.EDU>
Thu, 9 Jul 92 16:50:00 MDT
Below is an excerpt from an article that I posted to rec.aviation, with a
cross posting to, which I didn't notice.  The text explains
why I am forwarding it to you.  Thanks.

BTW the single > are me, and the doubles are [Mark Brader].

>From Thu Jul  9 16:33:37 1992
To: barrk@tramp.Colorado.EDU
Subject: A-320

> > I find it rather disappointing — one has only to read comp.risks for
> > a while to gain a distrust of the A-320, or at least its overdose of
> > computerization.  Starting in November of 1993, when UA's first A-320
> > will be delivered, I'll be watching more closely over just what they
> > want to put me in.

I think comp.risks readers would be interested in the message you posted in
response to the above.  I enclose a copy below in case you didn't keep one.
You can post to comp.risks by mailing to

> As someone who is hoping and praying for a job with UAL someday, I too
> am rather disappointed that United will soon be flying these computerized
> aircraft.  I much prefer the Boeing concept of let the computer fly, but
> give the pilot the override capability.  I was speaking with a UAL pilot
> Tuesday night about the acquisition, and we chatted about the problems
> of putting all of your eggs in one basket.  He told me about two
> Airbus occurences that were interesting, and since I haven't seen them
> mentioned here before, I  will post them.  I apologize if they are repeats.
> #1  A Pan Am Airbus A300 or A310 (I don't remember which) was on final
> approach in VMC conditions.  All was looking well until the airplane
> reached minimums.  At that point the aircraft executed a go-around, and
> flew the entire missed approach procedure.  The pilots were not able
> to disengage the autopilot until they were well established in the
> hold.
> #2  Apparently as a safety feature derived from the crash of the
> Air Florida flight into the Potomac, a feature was installed on Airbusses
> to minimize/eliminate (hah!) the possibility of taking off without full
> takeoff thrust.  The system automatically pushes the throttles the
> rest of the way forward if they are not already there when the nose-wheel
> strut decompresses.   One time (type and whereabouts unknown to me) an
> Airbus was being pushed back from the gate after the pilots had started
> both engines.  As luck would have it the tow-bar snapped, and the airplane
> coasted backwards.  When the pilots realized they were just rolling backwards
> they stomped on the brakes.  The airplane of course, with its aft center of
> gravity, tipped back onto it's tail, thus decompressing the nose gear.  The
> computer took over, and jammed the throttles forward, sending the airplane
> racing towards the concourse.  The pilots realized what was happening just
> in time to avoid a nasty collision with the tug, and terminal building.

> Keith Barr, COMM-AS&MEL/INST/IGI, University of Colorado, Aerospace Engineering

Re: When Cryptography is Outlawed... (Guntheroth, RISKS-13.63)

Fri, 10 Jul 92 11:02:16 -0400
Suppose the Federal Government doesn't have trouble decoding encrypted
messages, but wants people to think it does.  If so, what's to stop the U.S.
from _loosening_ restrictions on cryptography?  Imagine the risk to privacy in
a world where encryption was legal, unrestricted, and widely used in the belief
that not even the U.S. government could decipher encrypted messages.  In the
land of the blind, the one-eyed man is king.
Fran Litterio, CenterLine Software R&D, 10 Fawcett St, Cambridge, MA, USA
02138-1110   uunet!centerline!franl   617-498-3255

Re: When Cryptography is Outlawed... (Guntheroth, RISKS-13.63)

Thu, 9 Jul 92 13:16:58 PDT
>Perhaps what the Feds are looking for is a new weapon of prosecution; use of

>cryptography is by definition a felony, and widespread use of cryptography
>is then by definition racketeering as defined by RICO.  It's like bagging
>Capone for tax evasion, when he was too slippery to be caught breaking the
>law.  I find this sloppiness unacceptable as a taxpayer.

Arthur L. Rubin: (work) Beckman Instruments/Brea (personal)

Please report problems with the web pages to the maintainer