The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 86

Saturday 24 October 1992


o Software Bombs Out -- Ark Royal revisited
Simon Marshall
o Erased Disk used against Brazilian President
Geraldo Xexeo
o The NSF Net cable-cut story
Steve Martin via Alan Wexelblat
o Risks in Banking, Translation, etc.
Paul M. Wexelblat
o Re: 15th National Computer Security Conference
Dorothy Denning
o Re: Vote Early, Vote Often
Louis B. Moore
o T*p S*cr*t
Berry Kercheval
o Book Review: The Hacker Crackdown
David Barker-Plummer
o Filling station POS terminals: credit card users beware!
Steve Summit
o Int Workshop on Fault and Error Models of Failures in Comp Sys
Ram Chillarege
o Computer Security Foundations Workshop VI call for papers
Catherine A. Meadows
o Info on RISKS (comp.risks)

Software Bombs Out -- Ark Royal revisited (Re:RISKS-13.44)

Simon Marshall <>
Sat, 24 Oct 1992 10:55:28 +0000
From Sat 24 Oct 1992 `Guardian', no author given.  It is perhaps not too
surprising that this has not received the attention that it deserves, given the
political situation in the UK at the moment.  The British Government is
currently in the process of lurching from one crisis to the next.  [See Brian
Randell's contribution in RISKS-13.44 for background.  PGN]

        Computer software blamed as RAF pilot bombs Ark Royal.

  An RAF Harrier jump-jet pilot on exchange with the Royal Navy bombed the
  carrier Ark Royal, injuring five crew, because of a computer software
  anomaly, it was disclosed yesterday.  Four of the injured have returned to
  work following the [20 April 1992] incident when the 28lb practice bomb tore
  through the flight deck and exploded in one of the mess decks.  The fifth ...
  is still receiving medical treatment.

  The incident happened when four Sea Harriers were practicing dropping bombs
  on a target towed 600 yards behind Ark Royal during training ....  The RAF
  Flight Lieutenant, described as highly experienced, lost radar contact twice
  with the ship.  He `locked on' for a third time just seconds before going
  into the loft manoeuvre.  He did not know that the automatic aim-off was not
  programmed to cut in within such a short period of time because of an anomaly
  in the computer software.  The bomb was aimed at the ship and not the target.
  The pilot will receive a formal warning and training using loft-mode attacks
  has been `put into abeyance'.''

What interested me in particular was that, in a roundabout way, the pilot is
being faulted, even though the software is blamed.  It is worrying that the
evaluation of the software (which I assume took place) did not pick this up.
Of course, it could well be that the real problem was much more complicated
than the article suggests.  It would not be the first time the press has
simplified a story involving modern technology.  Does anyone know more on this?
It does, however, bring home the reality that computers control life and death

Simon Marshall, Dept. of Computer Science, University of Hull, Hull HU6 7RX, UK
Email:    Phone: +44 482 465181    Fax: 466666

Erased Disk used against Brazilian President

Geraldo Xexeo <>
Thu, 22 Oct 1992 18:58:52 GMT
In the investigation of the process against the Brazilian President (Fernando
Collor de Mello), the Federal Police found (and confiscated) an IBM-PC clone in
the enterprises of Paulo Cesar Farias.

In the hard disk of this computer were found dozens of indications of the
corruption of Collor de Mello and P.C. Farias.

The "folklore" that runs in Brazil now is that the disks were actually erased,
but the FP bought in USA a software that allowed the examination of the disk
and the recovery of the files. It seems that this tale is true.

I would like to know which software was used, and what kind of work the FP did.

Jerry / Xexeo

Geraldo Xexeo, CERN - PPE Division, 1211 Geneve 23, Switzerland
FAX: (41)(22)785-0207   gxexeo@cernvm.bitnet

The NSF Net cable-cut story

Alan Wexelblat <wex@MEDIA-LAB.MEDIA.MIT.EDU>
Tue, 20 Oct 92 00:15:02 -0400
Date: Mon, 19 Oct 92 23:49:18 -0400
From: Doug Humphrey <digex@ACCESS.DIGEX.COM>
Subject: .0045 mbits/sec

Article <> Oct 17 23:37
Subject: T3 Cable Cut
From: martin@NISC.JNVC.NET (Steve Martin)

        This is to inform you that Merit (NSF) has experienced a fiber cut in
East Orange, New Jersey.  As a result of this, JNvCnet's T3 access to the NSF
net is temporarily out of service till repairs can be made.

        All traffic to the NSF net is now being routed through the
9.6k backbone node and will be returned to the T3 as soon as possible.

Risks in Banking, Translation, etc.

Thu, 22 Oct 92 23:24:34 EDT
  [The following message came from Pandora Berman at MIT via Jerry Leichter
  <>, John Robinson <>, Clark M. Baker) <cmb>, and
  originally from Paul M. Wexelblat <>, who noted the
  original CACM item ...  PGN]

I stumbled across this little item in the current (October 1992) CACM:

  BANKS UNDERDRAWN... The banking industry spent over a billion dollars on
  technology last year, yet they are not even close to employing leading-edge
  tools.  A new survey ... indicates that over 75% of bank computer programs
  are still written in Cobol and 84% of banking software is designed for
  mainframes, not PCs.  Moreover, 80% of the software used by banks is over six
  years old and only 37% of their locations are networked.  The report reveals
  most banks are simply not investigating new advances in computer applications.
  [Communications of the ACM, Vol 35, No 10, NEWSTRACK, p.9]

Here is a rough translation:

  BANKS CONSERVATIVE... The banking industry spent over a billion dollars on
  technology that works, rather than the latest glitzy play toy.  A new survey
  ... indicates that over 75% of bank computer programs are written in a
  language appropriate to the task as opposed to trying to force their models
  into the latest Object Oriented fad and 84% of banking software is designed
  to run on systems that have low mean time between failures, juggle hundreds
  of users, handle huge databases, and push megabytes at high rates, not tiny
  little machines that crash with great regularity, are designed for a single
  user, if even that, have minuscule disks, and have bandwidth the
  approximating that of a sclerotic soda straw.  Moreover, 80% of the software
  used by banks has been fairly well debugged and only 37% of their locations
  are open to attack by thirteen year olds with modems and a lot of time on
  their hands.  The report reveals most banks are simply not chasing the latest
  fad in confuser science and piddling their money away on recoding working
  applications unnecessarily.

Paul Wexelblat

Re: 15th National Computer Security Conference (RISKS-13.85)

Dorothy Denning <>
Tue, 20 Oct 92 14:41:43 EDT
David Willcox said

  Dorothy Denning suggested that anyone using high-level encryption over a public
  network be required to register their encryption keys with some agency.  This
  agency would then distribute the keys when an appropriate court order was
  presented.  The risks of this are fairly obvious.

I believe this risk can be reduced to about zero.  For example, using a
public-key system, your key could be encrypted under the public key belonging
to, say, the Justice Dept.  The encrypted key would be given to and held by an
independent agency.  But, the key could be decrypted only by Justice.  Thus, if
somone gains access to a key held by the key agency, they wouldn't be able to
decrypt it.

To use a key, law enforcers would have to go through these steps:

1.  Get a court order.
2.  Submit the court order to the key agency and get the encrypted key.
3.  Deliver the encrypted key to Justice with the court order; get back
    the plaintext key.
4.  Take the court order to the service provider in order to activate the tap
    and get the bits.
5.  Listen in and decrypt the communications.

I believe this scheme is pretty tight.  Silvio Micali has evidently invented
another method of safeguarding the keys in a registry, called "fair
cryptography", but I don't know the details.
                                                 Dorothy Denning

RE: Vote Early, Vote Often

"Louis B. Moore" <>
Tue, 20 Oct 1992 11:09:22 MDT
>It took the action of citizens banding together to file a civil lawsuit to halt
>the abuses after their complaints were rebuffed by the Colorado secretary of
>state's office and the local district attorney.

There is an interesting point related to this particular story.  The Colorado
Secretary of State does not have criminal powers.  So in the case of vote fraud
like that in Costillo County, the Secretary of State may have to turn the case
over to the District Attorney.  The District Attorney may have been elected
with the aid of the vote fraud (s)he is supposed to prosecute.  The other
choice of prosecuting authority would be the Attorney General (depending on who
had jurisdiction), another elected official.

It is difficult to see how telephone voting will do anything but further
exploit existing problems in authenticating voters and prosecuting vote fraud.

Louis B. Moore, Systems Programmer, The Children's Hospital of Denver Denver,
Colorado USA 80218      +1 303 837 2513

T*p S*cr*t

Berry Kercheval <>
Wed, 21 Oct 92 15:34:30 PDT
"Anonymous" mentions in RISKS DIGEST 13.84 that the Department of Defense
conducted an investigation when an message marked "T*p S*cr*t" was found on an
unclassified computer system.  (The asterisks are a way of ensuring that the
investigation is not triggered by the words in *his* message, I guess.)

I don't think merely putting the words "Top Secret" in a message is the
problem; putting it in in such a way that it appears to be classified data

I have, in the past, held both Department of Energy and Department of Defense
clearances, and if I learned anything it is that the security personnel of both
agencies take their jobs very seriously and do not have much of a sense of
humor where security violations are concerned.

In my initial briefings for these clearances it was emphasized that classified
information must be strictly controlled, and in fact we were given specific
procedures for what to do if we found unattended classified documents lying

It appears that [the author] thinks that the "system wide disclaimers that said
systems are not to be used for classified work" should have been sufficient to
prevent action.  I feel that the exact reverse is true -- the appearance of an
APPARENTLY classified message on an insecure* computer is exactly the kind of
security violation that needs to be investigated immediately.

In fact, I can remember one company that sent out "Top Secret" press releases
to their customers -- which included some DoE and DoD sites -- getting an
unpleasant visit from men with dark suits and sunglasses that didn't smile
much.  (The gist was "Don't *do* that".)

Book Review: The Hacker Crackdown

David Barker-Plummer <>
Sat, 24 Oct 1992 12:06:23 -0400
"The Hacker Crackdown: Law and Disorder on the Electronic Frontier", Bruce
Sterling, Bantam Books, November 1992, ISBN 0-553-08058-X, 328pp, US$23.

Book Review by Dave Barker-Plummer (

"The Hacker Crackdown" is Bruce Sterling's term for a series of seizures of
computer equipment which took place during the summer of 1990.  The
circumstances surrounding these raids, the individuals and communities affected
by them, and the consequences for the computing community and society at large,
are the subjects of this book.

Sterling, a cyberpunk author, is at his best when he is telling stories.  He
adopts a revelatory style and writes in a tone of wonder and bemusement as
events take one unexpected turn after another.  Particularly intriguing is his
telling of the Craig Neidorf/Knight Lightning story.  Neidorf was prosecuted
for electronically distributing an edited version of a document copied without
permission from a BellSouth computer.  Sterling documents the history of the
document as it was sent across the Internet many times, its publication in the
"Phrack" newsletter, the arrest of Neidorf, the charges against him and the
eventual collapse of the trial.  As the story unfolds, one realises that truth
is indeed stranger than even Sterling's bleak cyberpunk fiction.

There are many other stories in the book: the story of Steve Jackson, whose
legitimate games company was raided under sealed warrant, and all of his
computers seized; the story of The Legion of Doom, a group of hackers who
assemble in cyberspace to brag about breaking into computers and sharing stolen
access codes and credit card numbers; the story of the founding of the
Electronic Frontier Foundation by Mitch Kapor, author of Lotus 1-2-3, and John
Perry Barlow, sometime lyricist for The Grateful Dead; and closing the book,
the story of the Computers, Privacy and Freedom conference of 1992, in which
hackers, law enforcement, and civil libertarian groups met to talk about these
issues with unprecedented openness.

Sterling attempts to make these stories take second place to the culture, or
more correctly cultures, of cyberspace.  He chooses to structure his book in
four main parts, each dealing with one of these subcultures.  While hacker
stories have been told before, this examination of cultures has been neglected,
and Sterling is to be praised for attempting it.  However, Sterling does not
seem to comfortable in his self-appointed role.  Try as he might, the events
keep overtaking the people, and the book ends up feeling somewhat confused ---
but then the whole subject is rife with confusion: cultural, technical and

Although Sterling fails to give it the emphasis it deserves, the main theme of
this book is power.  In the first part of the book "Crashing the System",
Sterling describes the power of the telephone companies.  From the fledgling
technology of the telephone, through the rise of AT&T, and the significant role
that it played in government and industry, to the break up of the Baby Bells.
The picture that Sterling paints of the contemporary telcos is that of a power
base that is under threat, and which is struggling to preserve its grip on the
power that is being threatened by the more widespread availability of
technology, not to mention the breaking of the economic monopoly.  Lest this
sounds like dull reading --- there's not a sentence in this book that can be
described as dull --- I should mention that Sterling brings this history to
life by taking us in detail through the duties of a switchboard operator, and
observing that in the early days of the telephone teenage boys often played
this role until they were found to be "hacking", when they were ejected from
the system.  There are intriguing parallels between the time just after the
introduction of the telephone --- which Sterling identifies as the creation of
cyberspace --- and the contemporary era, which represents the settling of that

The second section of the book, "The Digital Underground", documents the hacker
subculture.  Sterling steers a journalistic middle course: on the one hand
stressing the illegality of hacking and debunking the myth of the talented
genius, while at the same time pointing out that the typical hacker is not a
hardened criminal but a teenage boy.  Sterling explains the feeling of
technical power for a hacker when he uses a computer to break into a voice mail
PBX, or to break into a password protected system, to gain access to hitherto
inaccessible regions of cyberspace.  Sterling makes much of the isolation and
cultural powerlessness of hackers: they are typically teenage boys who grew up
in the Reagan era and have come to believe that all institutions are corrupt,
and who see their computer and modem as weapons against those institutions,
even if it is only to steal insignificant documents, or do no more than
irritate those institutions.  He also describes the material available on
"underground" BBSs, illustrating the anarchistic stances adopted by these elite
children of elite families, and debunks the myth that there are "gangs" of
hackers working in concerted effort to bring about the downfall of the
technocracy as we know it, but asserts that their's is typically a solitary
"game".  This isolation leads to their need to brag of their exploits to other
hackers, in order to build a reputation, and often thereby to their swift
arrest.  Isolation also accounts for the fact that almost every hacker arrested
cooperated fully and informed on his contacts in cyberspace.  There is no
hacker community, Sterling implies, and no honour among hackers.

In the third section, "Law and Order", Sterling describes the world of the law
enforcement officers.  If one thing comes through from this picture it is that
the law enforcement agencies in this country were/are ill-prepared to
investigate and prosecute computer crime.  Sterling remarks that he, a not
particularly computer-literate, author has more computer power in his home than
the typical computer law enforcement officer (of 1990).  Sterling describes the
modus operandi of a typical hacker bust, the seizure of everything that looks
like it might be relevant including CDs (that might store data and be disguised
as music CDs), and Sony Walkmen (because they are electronics, I guess).  In
his article "Crime and Puzzlement", John Perry Barlow writes "In fairness, one
can imagine the government's problem.  This is all pretty magical stuff to
them.  If I were trying to terminate the operations of a witch coven, I'd
probably seize everything in sight.  How would I tell the ordinary household
brooms from the getaway vehicles?".  While Sterling's description of the
problems facing the under-funded, under-equipped and under-skilled government
agencies is sympathetic, he does not seek to justify the excesses in the events
of 1990.  He carefully makes and maintains the distinction between hackers from
legitimate computer users, and describes how members of both of these groups
were equally punished by the Hacker Crackdown.

Finally, in "The Civil Libertarians" Sterling describes the response of the
Silicon Valley and Austin computer culture to the strange events of the hacker
crackdown, which culminated in the formation of the Electronic Frontier
Foundation.  In this very upbeat section, Sterling describes how the computer
elite used their technological power to network and organize, to seize the
public relations advantage, to file suit in defense of Steve Jackson and Craig
Niedorf and to set themselves up to defend civil liberties in cyberspace.  In
the view of the civil libertarians, the hacker crackdown was the first skirmish
in the battle for control of cyberspace.  The Electronic Frontier is a new
"place" that is currently being populated and the rules that will govern this
place are up for grabs.  The civil libertarians are concerned to guarantee
important rights for the citizenry of cyberspace, in particular: freedom of
expression, freedom of association and privacy: in effect a constitution for

"The Hacker Crackdown" taught me much about the events of the early 90s and it
is entertaining and provoking by turns.  I recommend it highly, for its
discussion of the contemporary struggle for technological power, illustrated by
unbelievable, but true, stories of law and disorder on the electronic frontier.

filling station POS terminals: credit card users beware!

Steve Summit <>
Wed, 21 Oct 92 13:08:15 -0400
Today I bought gasoline and discovered that the station had some fancy new
pumps with credit card readers built right in.  You can drive up, insert your
card, pump gas, and drive away, without even dealing with a clerk.  The pump
prints a little receipt when you're finished.

The problem is the receipt.  It comes out behind a small clear plastic door
(presumably the door is to protect the printer from the weather); you have to
slide it open so that you can fish the receipt out, slightly awkwardly, with
your finger.  If you don't notice the receipt at all, or if you're in a hurry,
or if you aren't in the habit of saving receipts anyway, you could easily leave
it behind.

On the receipt is printed not only your credit card number and type of card
(VISA, MC, etc.), but also your full name, as retrieved from the magstripe.

If Bonnie S. Thomason happens to read this, you forgot your receipt after
buying 13.855 gallons of unleaded at 7:59 this morning, but I promise I won't
use or disclose your credit card number.

Wandering around checking these receipt slots would be reminiscent of wandering
around checking pay telephone coin return slots, but potentially much more

Besides RISKS, I'm writing a letter to the oil company in question today.

     [This is of course an old problem for RISKS readers, but it is perhaps
     worth including here as a reminder that it recurs continually.  PGN]

Int Workshop on Fault and Error Models of Failures in Comp Sys.

"Ram Chillarege (914) 784 7375" <>
Fri, 23 Oct 92 08:51:13 EDT
Abstract Submission  :    NOVEMBER 2, 1992
Deadline Approaching :    ****************

    Call for Participation

    International Workshop on
    Fault and Error Models of Failures in Computer Systems

    January 25 - 26, 1993  o  Palm Beach  o  Florida


    Sponsor                           The  IEEE  Computer  Society and
                  IEEE Technical Committee on Fault-Tolerant Computing

          Abstract Deadline:                          November 2, 1992
          Acceptance Notification:                   December 15, 1992
          Session Foils/Agenda:                        January 8, 1993


The importance of understanding Computer System failures, in terms of their
fault and error models, failure patterns, and characteristics cannot be over
emphasized.  This understanding is critical in influencing the research and
practice of fault-tolerant computing.  It is the kernel upon which evaluation
methods, experimental verification, modeling, algorithms and techniques are
developed.  In recent years the relative mix in the causes of outage has
shifted from what it was a decade ago.  Studies indicate the dominance of
software as a cause of outage, closely followed by maintenance and environment.
However, the industry lacks data and understanding of faults, errors and
failures in these dimensions - severely impacting the progress of
fault-tolerant computing as a research discipline and a practice.

This workshop is intended to bring together experts from industry, academia,
and government.  The goal is to develop the needed insight, define and
calibrate models, and gain knowledge to guide research and practice in
fault-tolerant computing.  This workshop will be highly interactive.  It will
be run as a workshop, and will not have a conference flavor.  It is intended
that at the end of the two day meeting, there will evolve a substantial
accomplishment towards these goals.  These results are intended to be the
starting point of a sequel to this workshop, on fault-injection.  The
fault-injection workshop, also sponsored by the Technical Committee on
Fault-Tolerant Computing, is planned to be held in Sweden in June 1993.


To participate in this workshop, submit seven copies (or use email) of a two
page abstract describing the contribution you will make to the workshop.  The
program committee will review the abstracts and notify you of your acceptance.
To enhance interaction the attendance at the workshop will be limited to a
maximum of fifty.

    Workshop Chair

Ram Chillarege, IBM Research, USA

    Program Committee

          Bob Horst - Tandem Computers, USA
          Ravi Iyer - University of Illinois, USA
          Karama Kanoun - LAAS-CNRS, France
          Dan Siewiorek - Carnegie Mellon, USA
          Yoshihiro Tohma - Tokyo Institute, Japan
          Jan Torin - Chalmers University, Sweden

    Submit Abstracts to

          Ram Chillarege
          IBM T. J.  Watson Research Center
          30 Saw Mill River Road
          Hawthorne, NY 10532, USA
          (914) 784-7375   Fax: (914) 784-6201

    Important Dates

          Submission Deadline:     November 2, 1992
          Acceptance Notification: December 15, 1992
          Session Foils/Agenda:     January 8, 1993

    Ex Officio

          Jacob Abraham, FTC-TC Chair,
          University of Texas, Austin, USA

Call for papers, Computer Security Foundations Workshop VI

Catherine A. Meadows <>
Fri, 23 Oct 92 18:59:51 EDT
               CALL FOR PAPERS
              June 15-17, 1993
             Franconia, New Hampshire
        Sponsored by the IEEE Computer Society

The purpose of this workshop is to bring together researchers in computer
science to examine foundational issues in computer security, with emphasis on
formal models that provide a framework for theories of security and techniques
for verifying security as defined by these theories.

We are interested both in papers that describe new results in the theory of
computer security and in papers, panels, and working group exercises that
explore open questions and raise fundamental concerns about current theories of
security. Possible topics include access control, covert channels, information
flow, database security, secure protocols, verification techniques, integrity
and availability models, interactions of computer security requirements with
other system requirements such as dependability and timing, and the role of
formal methods in computer security.

The proceedings are published by the IEEE Computer Society and will be
available at the workshop. Selected papers will be invited for publication in a
special issue of the Journal of Computer Security.

Instructions for Participants:  Workshop attendance will be limited to
thirty-five participants.  Prospective participants should send four copies
of a paper (limit 7500 words), panel proposal, or working group exercise to
Catherine Meadows, Program Chair, at the address below. Please provide email
addresses and telephone numbers (voice and fax) for all authors.
The contact author should be clearly identified.

IMPORTANT DATES: Author's submission:        January 29, 1993
                 Notification of acceptance: March 10, 1993
                 Camera-ready final papers:  April 9, 1993

Program Committee

Marshall Abrams, MITRE          John Mclean, NRL
Simon Foley, University College, Cork   Jonathan Millen, MITRE
Li Gong, ORA                Robert Morris, DoD
James Gray, NRL             Ravi Sandhu, GMU
Jeremy Jacob, Oxford            Marv Schaefer, CTA

For further information contact:

General Chair
Ravi S. Sandhu
ISSE Department
George Mason University
Fairfax, VA 22030-4444
+1 703-993-1659

Program Chair
Catherine Meadows
Code 5543
Naval Research Laboratory
Washington, DC 20375
+1 202-767-3490

Publications Chair
Joshua Guttman
The MITRE Corporation
Burlington Road
Bedford, MA 01730
+1 617-271-2654

Please report problems with the web pages to the maintainer