The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 46

Tuesday 6 April 1993

Contents

o Sound of the Fury: Sub-liminal highway monitoring...
Peter Wayner
o Computer company helps students with fake IDs
Phil Haase
o Mangled zip code leads to collection agency
Ken Hoyme
o NREN WRAP [Joe's Final Houston Chronicle NII Story]
Joe Abernathy
o Danny Dunn, Automatic House, Automatic Electric Post Office
Jerry Bakin
o Teenage Hackers
Jim Haynes
o Re: If they mention flying saucers
Ian Phillipps
Olaf Titz
Robert VanCleef
o Re: FORTRAN-hating gateway
Nick Andrew
o Re: FORTRAN-hating gateway, Hayes Sequence Triggered
A. Padgett Peterson
o Re: Correcting computer information ...
Roger D Binns
o Re: Dutch hacker in jail for another month
Ralph Mooonen
o Internic Registration Services Security Compromised
Mark Boolootian
o Call for Papers, PSAM II (System-Based Models)
Charlie Lavine
o Info on RISKS (comp.risks)

Sound of the Fury: Sub-liminal highway monitoring...

Peter Wayner <pcw@access.digex.com>
Mon, 5 Apr 1993 18:00:02 -0400
The April 5th 1993 edition of the Washington Post contains a short item
describing how AT&T is modifying some of the technology it developed for
submarine warfare to smooth traffic flow on the highways.  They are currently
testing the system on the New Jersey Turnpike where they've installed
"SmartSonic" sensors that ... ``measure the speed of passing vehicles by
listening to their individual sounds or `acoustical signatures' just as they
have been used to listen to other submarines.''

The RISKS? The system will supposedly control ramp access and offer
alternative, less-congested routes.  This means we are effectively replacing a
low-level system with one that is high-level and if not drive-by-wire, at
least navigate-by-wire.  I have no ideas whether the highways obey/mimic
differential equations that are potentially chaotic, but I hope they will
check these things out.

Naturally, the privacy arguments about electronic tollbooths apply to this
situation.  I can imagine the 21st century crook on the lam (and lambs
avoiding the crook): he hacks his carburetor chip to change the distinctive
signature of his car.  Or better yet, he hacks his DSP-controlled
sonic-muffler to change the signature regularly.  Gotta love technology...
The 21st century is going to be a great one for nerds like us.

                                           [Must be sub-laminal?  PGN]


Computer company helps students with fake IDs

<FPHAASE@delphi.com>
05 Apr 1993 20:45:31 -0400 (EDT)
This article appeared in the New Orleans Times Picayune on Thursday,
April 2. It in interesting to note that a software company
unknowing helped these teenagers in their escapade.

Four 16-year-old students were issued misdemeanor citations by Slidell (a
suburb of New Orleans) police for unlawful use of a license.  Apparently they
had made phony driver licenses using one of the student's father computer and
a desk top publisher program.  The driver licenses were from the states of
Minnesota, Wisconsin and Washington.  The 4 students would manufacture these
IDs and sell them for $30.  The students were all honor students from one of
the local high schools.

The police seized a computer disk, a cutting board and a lam

Mangled zip code leads to collection agency

Ken Hoyme <hoyme@src.honeywell.com>
Tue, 6 Apr 93 10:12:18 CDT
Here is a classic example of the screw-ups that can happen when a simple
number gets mangled in a computer database.

I am a member of the Columbia House CD Club.  The way such clubs work is you
get a bunch of (nearly) free CDs at the beginning of your membership, with an
obligation to purchase a certain number within a specified time.  They reserve
the right to bill you for unpurchased CDs if you do not fulfill the
obligation.

Last Summer, the US Post Office gave us a new zip code (the population in our
community had grown to the point where this was necessary).  I sent a change
of address form in with the change (55369 -> 55311).  After this, their
monthly mailings stopped.  Last week, I received a letter from a collection
agency due to my unfulfilled agreement.  The address was so incredibly
mangled, I am amazed that the post office was able to route it.  The zip code
had only one digit right (54762).  The city and street names were mangled as
well.  Apparently their data entry operator damaged the record when entering
the change of address.

My guess is that Columbia House attempted to send their bulk-class mailings to
this mangled address and never got them routed (or a proper response to the
"Address Correction Requested" notation).  I don't suppose the Post Office
spends a lot of time trying to route misaddressed bulk mail.  Rather than
trying to send me anything by 1st class mail, they turned it over to a
collection agency to make this attempt.  Seems pretty inefficient, since the
cost of the collection agency has to be more than a 1st class letter.

Finally, I called Columbia House's 1-800 (toll-free) number to clear this up.
The operator corrected the address on-line, but made the comment that he had
to make sure that the change 'took'.  Apparently they have experienced regular
problems with entering an address change, only to have the system not actually
make the change to the database record.  They either have a software or
training problem there.

The simple change of two zip code digits led to far more chaos than it should.

Ken Hoyme, Honeywell Systems and Research Center, 3660 Technology Dr.,
Minneapolis, MN 55418      (612)951-7354       hoyme@src.honeywell.com


NREN WRAP [Joe's Final Houston Chronicle NII Story]

Joe Abernathy <Joe.Abernathy@houston.chron.com>
Thu, 1 Apr 93 14:54:12 CST
NREN Wrap -- This is my last story for the Houston Chronicle. It is to appear
on April 4, 1993. Please feel free to redistribute it for any non-commercial
use.
    To those of you who have provided so much help these past four years,
thanks. It's been a real education. I've accepted the job of Senior Editor-
News at PC World magazine, and I'll still be writing the Village Voice
Technocracy column, so I hope you'll all stay in touch. My new contact
information is P.O. Box 572390, Houston, Texas 77257-2390, joe@blkbox.com.

   By JOE ABERNATHY
   Houston Chronicle Staff Writer

   The specters of class struggle and international economic warfare are
casting a shadow over administration hearings on how to build a sophisticated
national computer network.  Billed as an engine of job growth, a central
concern is emerging that the ``data superhighway'' promised by Vice President
Al Gore and President Bill Clinton during the campaign could produce a large
underclass of ``information have-nots.''

   Based on an emerging global computer network known as the Internet, which
links up to 12 million people in more than 30 nations, the National Research
and Education Network (NREN) is a decade-long project of former Sen. Gore.
Gore envisions a future in which oceans of data, including libraries of
movies, books and other creative works, would be readily avail able to every
home.  In selling a $5 billion spending plan focused on the network in 1992,
Gore held forth the image of classrooms without walls, sophisticated medical
collaborations, and globally competitive small businesses.  ``The NREN is at
all odds the most important and lucrative marketplace of the 21st century,''
he said in a recent statement.

   But in trying to make it work, it has become apparent that the NREN remains
in many ways a captive of its privileged institutional heritage.  Some
Americans don't even have telephone service, and many still don't have
computers with which to access the net.

     Two congressional hearings were held in late March concerning the
National Information Infrastructure, and a bill has been introduced that would
take up where Gore's 1992 High-Performance Computing Act left off _ bringing
the net to classrooms, small business and other potentially disenfranchised
Americans. Clinton's budget includes an additional $489 million over six years
for the network.  And while the regional Bells, newspapers and other
information giants have been struggling for years over the future of the
medium, congressional insiders say that with the in creased attention, a
resolution seems likely to be found during the current session of Congress.

    ``What I think is really getting squeezed out is that there hasn't been a
genuine, public interest, bottom-up grass roots voice. It's a huge, huge
issue,'' said Marc Rotenberg, director of the Washington offices of Computer
Professionals for Social Responsibility, the primary champion of civil rights
in the new electronic medium.  ``It's about people, it's about institutions,
it's about who gets to connect and on what terms.''

    Observers also fear that the rush to wield the network as an economic
weapon could produce dramatic incursions into free speech and other civil
liberties.

   ``I'm very concerned that the rhetoric about national competitiveness is
transforming itself into a new cold war,'' said Gary Chapman, director of
CPSR's 21st Century Project in Cambridge, Mass. ``The concerns of intelligence
and other federal agencies including NASA has been to look at technology
resources that are not related to military security but to economic benefits
as being things that have to be protected by Draconian measures of security.''

   Recent disciplinary actions at NASA Ames Research Center in Northern
California seem to support Chapman's concerns.  Up to eight of the 11
scientists disciplined in December were targeted because of their
participation in politically oriented, international discussion groups hosted
on the Internet computer network, according to documents ob tained by the
Houston Chronicle under the Freedom of Information Act, along with subsequent
interviews of NASA Ames personnel.

   ``Some people there were accused of dealing with foreign nationals about
non-classified technology issues,'' said Chapman, whose organization also has
made inquiries into the matter.  ``NASA said the U.S. has to protect its
technology assets because of the global environment of competitiveness.''

   The issues are even simpler for Raymond Luh, a subcontracting engineer
fired by NASA.  Luh, an American of Chinese ancestry, feels that his career
was destroyed simply because he joined in one of the thousands of political
discussions aired each day over the Internet.  ``I feel I have been gravely
wronged by NASA,'' Luh said. ``I cannot possibly seek employment elsewhere. My
reputation as a law- abiding citizen and a hard-working researcher has been
tarnished almost beyond repair.''  NASA refused to comment on the matter.

    According to FOIA documents provided by NASA's Office of the Inspector
General, Luh was fired when ``a document containing Chinese writing was found
in (Luh's computer). ... Investigation determined that Luh's office computer
held a large volume of files relating to his efforts to promote Most Favored
Nation trade status for the People's Republic of China. ... Luh was not
authorized to use his computer for this activity.''

   To Luh, however, he was only one of the chorus of voices that joined in a
fiery debate surrounding fallout from the Tiananmen Square massacre. He wasn't
trying to make policy _ he was exercising intellectual freedom, in his spare
time.

    ``That's a very dangerous and disturbing kind of trend,'' said Chapman.
``The parallel is with the Cold War and transforming the modes of thinking and
the practices of these agencies into new forms of control, even in the absence
of militarily significant enemies. We'll start think ing about the Japanese or
whatever Pacific Rim country you want to pick as being `enemies,' and
intellectual commerce with these people will be a matter of economic security.
``The freedom of expression aspect of that is very critical. We want to make
sure that this is a system in which people can express themselves freely
without repercussions.''

     Observers fear that Luh may be only the first such casualty as federal
agencies and special interest groups reshape the Internet into their own
model, carving up a pie estimated to be worth $3.5 trillion.

    While Gore's vision implies the construction of a high-speed, high-tech
fiber optic network, a number of counter-proposals are being floated.

   The Electronic Frontier Foundation -- which earlier made a name for itself
with a successful court challenge to the conduct of the Secret Service in a
hacker crackdown -- is focusing on building a less powerful, less costly
network that could reach more people, more quickly.  ``Our central concern is
that we get from debate to doing something,'' said Jerry Berman, EFF director.

   EFF's approach _ endorsed by Rep. Edward J. Markey, D-Mass. _ is to build
an ISDN (Integrated Services Digital Network) service atop the telephone
network, making a modest level of digital computer transmission available
quickly to every home. The more sophisticated fiber optic approach implied by
Gore's NREN could be implemented as time and money allow.  But few voices have
been heard backing ISDN.

   ``The current state of the discussion is turmoil and chaos,'' said the
CPSR's Rotenberg. ``It's a mistake to place too much emphasis on any
technological configuration. A lot of that energy and those resources would be
better spent talking about users and institutions rather than technology and
standards.  This is like trying to explain railroads in the 18th century or
cars in the 19th century. Here we are in the 20th century, and we know
something big is happening right under our feet and we know it has something
to do with these new telecommunications technologies.
     ``None of us knows where this is going to take us, but I think people
should have some sensitivity to the prospect that the future world we're going
to live in is going to be shaped in many ways by the decisions we make today
about the information infrastructure.''


Danny Dunn, Automatic House, Automatic Electric Post Office

Jerry Bakin <jerry@amex-trs.com>
Fri, 2 Apr 93 13:00:21 MST
Can you see the irony in this situation?  Here, the intelhouse usenet list, a
group interested in "intelligent" houses, and automated process control cannot
even get the net traffic automated and must return to a human tended process!
How can we rely on the intelligent houses we build?  More like a house of
cards....

Jerry Bakin.

> Bone-weary from travel and working 150 hours in two and a half weeks,
> the intelhouse mailing list administration wizard comes back into his
> office, blows the dust off of his aged keyboard, and urges his fingers
> back to their less-exhausted nimble selves. Quickly invoking mail, he soon
> discovers that in his absence wicked site administrators and fools in
> charge of Usenet mail maps have wrecked havoc on his precious mailing
> list. Yes, after all the spells, incantations, and perl scripts, a few
> site administrators had managed to bounce mail in a fashion not only
> non-RFC-compliant, but also so dastardly as to have never before been
> inflicted on his system. If only he hadn't spent the weekends working on
> excising an evil hardware demon from a large justice system computer, and
> his weekdays trying to promote his company's talents to a large maker of
> plastic money, he could have countermanded the errant mail going to
> hundreds of innocent mailing list readers. He could have eliminated the
> terror and confusion and misery needlessly inflicted on those people,
> after all, it was he that the wicked site administrators were after.
>
> Nevermore, he swore. Instead, he would personally see to it that his
> forwarding scripts would not inadvertently pass on these bounce messages
> to innocent bystanders. He lamented that it meant less timely delivery of
> mail, in that he would personally read each item and post only those of
> utility to all readers. Yes, he would become one of those dreaded wizards
> with incredible power at his fingertips. He would become ... a
> MODERATOR!
>
> Yes, readers of this mailing list, mail will cease to flow as quickly as
> it has in the past. It will pass a human's (??) eyes before being sped
> on its way. But for a worthy cause ... truth, justice, and the intelligent
> way!


Teenage Hackers

Jim Haynes <haynes@cats.UCSC.EDU>
Sat, 3 Apr 93 18:37:28 -0800
Saw this in the first quarter 1993 issue of "Miracles in Trust" the newsletter
of the Perham Foundation.  In a lengthy chronology of West Coast wireless
developments there is this item.

   July 1911: In Los Angeles, teenaged radio amateur operators, trained
   at Los Angeles Polytechnic High School, intercept and disclose
   collusion over the Catalina wireless circuit involving the Hearst
   newspapers, with much attendant publicity and a criminal prosecution
   later dismissed.  The Wireless Association of Southern California,
   of over 200 young Los Angeles amateurs, forms as a result of the
   incident.  It operates a 2kW spark transmitter using the call sign ALA.


Re: if they mention flying saucers, they're out to get you

Ian Phillipps <ian@unipalm.co.uk>
Fri, 2 Apr 93 13:50:27 BST
I don't know the name of the law, but in England, yes, it is an offence. There
is no assumed right here to listen to anything on the radio waves. So if you
realise that what you're listening to is not either a broadcast, licensed
amateur or CB operator, you must stop listening.

Not a lawyer etc.etc.etc.

Ian Phillipps, Unipalm Ltd, 216 Science Park,           Phone +44 223 420002
Milton Road, Cambridge, CB4 4WA, England.               Phax  +44 223 426868

  [Brinton Cooper <abc@BRL.MIL> noted that the UK has a strange concept of
  civil liberties -- they seem to subordinate them to the needs of the state.
  Within their system, there may well be no question at all.  PGN]


Re: if they mention flying saucers, they're out to get you

Olaf Titz <olaf@bigred.ka.sub.org>
Thu, 1 Apr 1993 23:03:00 +0200
I don't know about Britain, but in Germany it has been in fact illegal to
listen, using whichever device, into frequencies not assigned to broadcasting
services. This rule was overturned by the German Supreme Court about two years
ago.

For every piece of telco equipment that is operated in Germany, a permission
has to be obtained (usually by the manufacturer) from a telco authority. This
permission could be granted with the provision to obey certain rules, whose
violation constituted a criminal offence in itself. (One of the rules on every
permission for radio equipment has been not to listen into non-broadcast
waves.) The latter rule was turned down for the reason that the telco
authority could in effect determine what was illegal and punishable, a power
that rests exclusively with the Parliament. But the fact that even a pocket
receiver has to be "licenced" remains.

Olaf Titz comp.sc.student  karlsruhe germany  olaf@bigred.ka.sub.org
uknf@dkauni2.bitnet  s_titz@ira.uka.de   49-721-60439


Re: If they mention flying saucers, ... (Maeda, RISKS-14.44)

Robert VanCleef <vancleef@garg.arc.nasa.gov>
Thu, 1 Apr 93 11:11:39 PST
... my brother-in-law is a German airlines pilot.  He has often discussed the
difference between American and German laws on monitoring the airways.  In
Germany you must have a license to listen! He discusses their use of tracking
vehicles to listen for leakage from illegal receivers and their active pursuit
of violations.

Bob Van Cleef                    vancleef@george.arc.nasa.gov
NASA Ames Research Center                  (415) 604-4366


Re: The FORTRAN-hating gateway (Karn, RISKS-14.45)

Nick Andrew <nick@kralizec.zeta.org.au>
3 Apr 1993 08:54:58 +1000
I encountered a similar problem whilst attending Uni. New X.25 concentrators
had been installed to speed up terminal access to the H*neywell mainframe in
the central computer room. Every so often, all terminals would crash.  After
experiencing it a few times, I realised that they were crashing at a
particular point in _my_ session. I was reading one of the online manuals.

I eventually narrowed it down to a simple sequence of 4 lowercase 'n's ...
just like nnnn nnnn ... the gateway could NOT send or receive this sequence in
a single packet. Unfortunately, nobody told that to the author of the online
manual.

The concentrators were eventually replaced with Ungermann-Bass terminal
servers. No further gotchas have been reported.

Nick.

Kralizec Dialup Unix (Public Access), Zeta Microcomputer Software
P.O. Box 177, Riverstone NSW 2765


Hayes Sequence Triggered (FORTRAN-hating gateway, Karn, RISKS-14.45)

A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Thu, 1 Apr 93 22:32:06 -0500
Sounds more like the the modem was skating the HAYES patent by using the
TIES (time-independent escape sequence) promoted by a competitor.  This
eliminates the "guard time" of 1 second that is an essential part of the
patent.  TIES proponents state that accidental triggering is statistically
unlikely 8*)
                        Padgett

ps Turning off the "in band" sequence & using DTR I can understand, but
   128 (80h) is just as likely as "+" (2Bh) in a binary file unless the
   Motorola firmware interprets it as "none".


Re: Correcting computer information ... (Mellor, RISKS-14.45)

Roger D Binns <cs89rdb@brunel.ac.uk>
Tue, 6 Apr 93 18:26:44 +0100
My university department (Brunel - computer science) gets around some problems
in what I regard as a devious way.  They do not wish for students to see what
their exam marks (ie percentages) are (grades are ok).  By law, any data
holder has 40 days to provide data on request.  The department only keeps
electronic copies of the records for 40 days, hence preventing any student
from seeing them.

Quite what the ethics and reasoning behind all this are, I'll leave to others.

Roger Binns   cs89rdb@brunel.ac.uk    Brunel University - UK


Re: Dutch hacker in jail for another month

<rmoonen@ihlpl.att.com>
Fri, 2 Apr 93 10:07 GMT
It might be interesting to note that in another article in the 'Volkskrant'
the designer of the new Dutch Computer Crime Law was quoted as saying:

   [The fact that this hacker's custody was prolonged with 30 days]
   requires the judicial order to be severely shocked.  Hacking a
   university computer does not fulfill that requirement.

Prof. Dr. H. Franken, who designed the law, also said that the law was not
meant to be used against students who where merely playing around with
computer systems, but was targeted for organised crime, and big-time fraud.
Franken himself is an honorary member of the 'Time-Wasters' a hackers-club
based in Eindhoven.

University officials have said that damages to their systems are small, but
it is also said that he used their computer so hack other systems. We'll just
have to wait and see what happens.....

--Ralph


Internic Registration Services Security Compromised

Mark Boolootian <booloo@framsparc.ocf.llnl.gov>
Fri, 2 Apr 1993 15:53:14 -0800 (PST)
From: Jim Lick <jim@pi-chan.ucsb.edu>
Message-Id: <199304022302.AA13439@pi-chan.ucsb.edu>
Subject: Internic Registration Services Security Compromised
Date: Fri, 2 Apr 1993 15:02:39 -0800 (PST)

INTERNIC REGISTRATION SERVICES SECURITY COMPROMISED

April 2, 1993

In what must be a great embarrassment to NSI officials, security at the
Internic host for Registration Services was compromised on the second
day of official service to the Internet community.  Through a series
of accidents, a user of their ftp service was able to access directories
normally off-limits to anonymous ftp services.

As a result of this access, the user was able to obtain a copy of the system's
/etc/passwd file that could be used to decode passwords of users on the system
through the use of a password cracking program.  The user was also able to
access system logs, including a log of anonymous ftp transactions by users
around the world.

In the course of this investigation the user was able to find numerous other
security holes including world-mountable filesystems.  Although no further
action was taken, these holes would enable a malicious hacker to easily
penetrate the system.

An Internic admin was in the process of fixing the security holes at the
time of this release.

The Internic Registration Services is funded by NSF to administer registration
of network numbers, domain names, autonomous system numbers, and other
functions crucial to the operation of the global Internet.

Note: This is NOT an April Fool's Joke.


Call for Papers, PSAM II (System-Based Models)

<lavine@aero.org>
Thu, 01 Apr 93 12:21:44 PST
                 PSAM - II

    An International Conference Devoted to the Advancement of
      System-Based Methods for the Design and Operation of
        Technological Systems and Processes

                 March 20-24, 1994
              San Diego Hilton Beach and Tennis Resort


The purpose of PSAM is to provide a forum for the presentation of scientific
papers covering both methodology and applications of system-based approaches
to the design and effective, safe operations of technological systems and
processes. These include nuclear plants, chemical and petroleum facilities,
defense systems, aerospace systems, and the treatment and disposal of hazard
wastes. The objective is to share experience to the benefit of all industries.
Some of the topics within the scope of the meeting are:

    - software dependability
    - computerized control systems and operator aids
    - automatic fault detection and diagnosis
    - AI in support of process safety management

Send four copies of a summary (800-1200 words, single-space) to the
Technical Program Chairman, George Apostolakis, by May 13, 1993.
Full papers will be October 10, 1993.

Professor George Apostolakis
Mechanical, Aerospace, and Nuclear Engineering Department
38-137 Engineering IV, UCLA
Los Angeles, CA 90024-1597

310-825-1300, 310-206-2302 (fax)

For more information, contact Charlie Lavine, The Aerospace Corporation,
lavine@aero.org, 310-336-1595.

Please report problems with the web pages to the maintainer