The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 26

Tuesday 12 January 1993

Contents

o Florida Rental Car Scam
Dewey Coffman
o Computer games may endanger your health
Olivier MJ Crepin-Leblond
o Ford's honesty saves county $2 million
John Cigas
o Name+birthdate=no drivers license
Bruce Hayden
o Student Load Errors Blamed on Computer
Steve Peterson
o "Softkiller" as Arts?
Klaus Brunnstein
o Computer Theft of Criminal Records
Gary McClelland
o Computer hacking of flight details "was illegal"
Jonathan Bowen
o Upcoming Telephone Number problems
Rob Horn
o FAA prohibits pilot knowing GPS altitude in IFR flight
Jim Easton
o Risks of networks
Larry WB Ching via Monty Solomon and Jerry Leichter
o Version numbers
Andrew Marchant-Shapiro
o About Computer Expense...
Paul Robinson
o Re: Large Foreign Exchange Rates
Mark Brader
Peter Trei
Dik Winter
o Correction on Computers, Freedom and Privacy 1993
Bruce Koball
o 1993 Complex Systems Engineering Synthesis and Assessment
C.A. Meadows
o Info on RISKS (comp.risks)

Florida Rental Car Scam

Dewey Coffman <dewey@sooner.ctci.com>
Sun, 10 Jan 93 18:16:35 CST
Ex-Car Rental Owners Indicted, FORT LAUDERDALE, Fla. (AP)
   Value Rent-A-Car Inc. rigged its COMPUTER system to set up a scam
overcharging customers who returned their cars with less than a full tank, a
federal indictment says.  The indictment returned Friday says Steven M. Cohen,
one of three former owners charged, fixed Value's computer system in 1988 to
add five gallons to the fuel tank capacity of every vehicle in Value's fleet.
This allowed the company to overcharge customers who turned in the car with
less than a full tank.
   Federal prosecutor Lothar Genge said that through 1991, about 47,000
customers were slapped with the phony charge, which ranged from a couple of
dollars to $10 or $15. Mitsubishi Motor Sales bought the company in 1990 and
is looking for ways to pay back the overcharges, Genge said.


Computer games may endanger your health

Olivier MJ Crepin-Leblond <o.crepin-leblond@ic.ac.uk>
Thu, 7 Jan 1993 22:47:24 +0000
  Nintendo Inquiry Launched

  The Government is probing claims of health hazards to children playing
  computer games like Nintendo.  The informal inquiry follows reports that two
  boys in Cardiff had been struck down with epileptic fits.

  Baroness Denton, junior Consumer Affairs Minister, has called for an urgent
  report: `It is important to know if there are any health risks.
  [From Teletext service on Carlton TV & Channel 4 (UK), Thursday 7th Jan 93]

Olivier M.J. Crepin-Leblond, Digital Comms. Section, Elec. Eng. Department
Imperial College of Science, Technology and Medicine, London SW7 2BT, UK


Ford's honesty saves county $2 million

"I. LOVTUSKI" <CIGAS@RCKHRST1.BITNET>
07 Jan 1993 16:59:41 -0500 (CDT)
Here is an excerpt from an article in the Kansas City Star, January 7, 1993:

Ford's honesty saves county $2 million, by Anne Lamoy

  An alert bookkeeper at the Ford Claycomo assembly plant saved Clay County
  from cheating itself out of $2 million.  When paying the county's business
  personal property taxes recently, Ford's bookkeeper realized that the
  plant's two tax bills were much smaller than in previous years.  Much, much
  smaller.  "When the original bills were printed, they left off a digit,"
  Clay County Assessor Shirley Quick said Wednesday.  "And that digit meant $1
  million."  In fact, both tax bills were exactly $1 million short, thanks to
  a computerized data entry error.

The article goes on to state that Ford is the only company that owes more than
1 million in business personal property taxes in the county.  It doesn't say
whether this is the first time their bill contained 7 digits.

John Cigas, Rockhurst College  cigas@rckhrst1.bitnet


Name+birthdate=no drivers license

Bruce Hayden <bhayden@csn.org>
Fri, 8 Jan 1993 05:33:14 GMT
Today on a trouble shooting talk show in Denver, a caller called in to
complain that his license had been revoked, and he had to leave his car since
he couldn't drive.

Apparently, he had renewed his drivers license recently (required every three
years in Colorado). At that time, a database check was made of the other 49
states. There was a match, based on birthdate and name. The other person with
the same name and birthdate, had a suspended Penn. drivers license, based on a
drunk driving conviction.

Based on that match, his license was summarily revoked, and notice was mailed
to him to that effect. (Which he apparently had not yet received). The license
showed revoked at a routine traffic stop some time later. It is not clear how
automatic the revocation process is. In any case, no hearing is offered before
the revocation.

The driver was especially upset because:
  1) he had had a Colorado drivers license for 25 years.
  2) he had never been to Pennsylvania, and
  3) he didn't drink.

The burden is apparently upon him to prove the the Colorado DMV that they had
the wrong man. At present he is still fighting the organization trying to get
his license reinstated.

Bruce E. Hayden  (303) 758-8400  bhayden@csn.org


Student Load Errors Blamed on Computer

Steve Peterson <peterson@fs.fs.com>
Tue, 12 Jan 93 10:57:50 CST
The following appeared in the Minneapolis Star Tribune, 1/12/92:

  STUDENT LOAD ERRORS BLAMED ON COMPUTER (AP)

  Because of a computer problem, thousands of college students have been sent
  notices ordering them to begin repaying loans that aren't due, a loan-
  processing company in St. Paul [Minnesota] says.

  Shirley Chase, an attorney for EduServ Technologies, formerly known as Hemar
  Corp., said problems with a new computer system caused a backlog in
  processing student requests to defer payments.  She said the company hopes
  to clear up the backlog by the end of February.  More than 10,000 deferment
  forms are backlogged, she said.

  Because of the backlog, some students who are entitled to postpone their
  loan payments have gotten notices urging them to pay and some have been
  contacted by a collection agency.  Chase said EduServ has "bent over
  backward" to make sure no adverse credit reports are filed with credit
  bureaus because of the delay.  EduServ processes loans issued by banks and
  other lenders and make sure payments are current.

Comment:  Given that they probably had a choice of whether to send dunning
notices to everyone or temporarily stop sending them, it shouldn't be
surprising which choice they made.

Steve Peterson, FOURTH SHIFT Corporation, 7900 International Drive,
                Bloomington, MN 55425 USA peterson@fs.com

    [My daughter reported in from Massachusetts that she had seen a
    message displayed in front of JD Auto Sales off Rte 128 in Swampscott
    MA, with something like the following message:

           TO ERR IS HUMAN.
           TO BLAME IT ON A
           COMPUTER IS EVEN MORESO.

    An old RISKS theme, worthy of reminder.  PGN]


"Softkiller" as Arts?

<brunnstein@rz.informatik.uni-hamburg.dbp.de>
Mon, 11 Jan 1993 13:41:30 +0100
FLATZ, leading performance artist from Munich (Bavaria) recently advertised
"SOFTKILLER - the first buyable computer art virus". For MS-DOS systems,
you may buy a diskette (in limited version: 20 diskettes each 1,800 DM equiv.
about 1,100$; or unlimited version: 500 diskettes each 300 DM equiv. 185$)
which after start will display some FLATZ head on the screen while formatting
the disk. Advertised shortly before xmas as "the ultimate donation for PC
owners", FLATZ explicitly warns that SOFTKILLER overwrites disks on data and
will overwrite itself after execution.

After publication of this advertisement, Bavarian Criminal Agency became
involved to analyse whether this might imply a crime of "computer sabotage"
(German Penal Code, section 303b) according to which the destruction of
programs and data which are essential for some person or institution will be
prosecuted. In the analysis, FLATZ admitted that his software was not
self-reproducing and therefore no virus. Moreover, his "attack on the
computerworld" is mentioned in capital letters on the envelope. On the other
side, distribution via BBS (though not foreseen by him) this warning is lost.

At this time, no test or reverse engineering of SOFTKILLER has been done.
Probably, it is technically not worth the effort. But with some probability,
other artists may come up with similar "ideas". Happy,Healthy and Riskless 1993

Klaus Brunnstein (University of Hamburg, North Germany, January 10, 1993)


Computer Theft of Criminal Records

Gary McClelland <mcclella@yertle.Colorado.EDU>
Fri, 8 Jan 1993 11:22:59 -0700
An AP story in the Boulder Daily Camera (1/8/93) reports a familiar story with
a few new variations.

A private investigator and two police employees have been indicted by a Denver
grand jury for improperly obtaining the criminal histories of 8,559
individuals.  The Private Eye paid $3 to $5 per search and as much as $1,300
per week (he kept great records!).  The scheme unraveled when a co-worker of
the police employee who was doing the snooping became angry that her colleague
was spending so much time looking up names that she was falling behind in her
regular work.  So after seeing a "criminal history format" on her screen that
she was not supposed to be using, the co-worker turned her in.  A computer log
revealed that on the day she was caught, she had run checks on 95 people!  It
turns out that a transaction recording system allowed investigators to
reconstruct all 8559 criminal history searches.  With such a great logging
system it seems strange that no one noticed 8559 extra searches; if the
co-worker hadn't got the extra work dumped on her, these folks would still be
stealing criminal records.

gary mcclelland, univ of colorado, mcclella@yertle.colorado.edu


Computer hacking of flight details "was illegal"

<Jonathan.Bowen@prg.ox.ac.uk>
Tue, 12 Jan 93 15:04:24 GMT
Today's UK newspapers are full of the story on the British Airways (BA)
"dirty tricks" campaign against Virgin and their successful suing by
Richard Branson. Of particular relevance to "risks" is the following
extract from the Independent newspaper (p6, 12 January 1993):

  ... The [BA] team were told that in future, their key task would be
  to access highly confidential information from their rival's
  [Virgin's] computer system.
    "We were shown how to get the information by tapping into our computer
  terminals in the Helpline office. We tapped in with our regular BA code
  and called up the Virgin flight numbers".
    In common with many other airlines, Virgin rents out a segment of a
  vast computer known as Babs - British Airways Booking System. Mr Khalifa
  and his colleagues simply tapped into it. "We could see on the Babs
  computer system when flight is open [sic], when it closed, if it was
  delayed and how many passengers were due to board".
    For the next nine months the Helpline hackers provided BA with critical
  information on Virgin's flights.

Jonathan Bowen, Oxford University

              [A much longer version of this article was reported
              by Bob Dowling <rjd4@cus.cam.ac.uk>.  PGN]


Upcoming Telephone Number problems

rob horn <horn%temerity@leia.polaroid.com>
Fri, 8 Jan 93 11:48:27 EST
I don't recall mention on Risks of the impending problems with modem networks.
The North American telephone numbering plan is being changed.  This is going
to gradually lead to problems for all the people with long distance numbers
that are pre-stored in documents, files, programs, and modems.

The change (as I understand it) is that the leading 1 digit should be used
ONLY when dialing outside the area code, rather than the current system that
imposes the need when dialing outside the local calling area.  Then the area
code restriction to the form x0x or x1x will be removed.  I expect the change
to be done carefully by the telco's so that mistakes will cause failure to
connect rather than incorrect connection.

Just to make things interesting, this change is being staged area code by area
code.  So for people who plan to fix their internal stored numbers you need to
know when your area is being changed.

Rob Horn   hornr@mr.polaroid.com


FAA prohibits pilot knowing GPS altitude in IFR flight

Jim Easton <jim@mpl.UCSD.EDU>
Fri, 8 Jan 93 12:34:43 PST
I was recently informed that the KLN-90 GPS(Global Positioning System)
navigation unit used in airplanes was designed so that the pilot cannot
display the altitude the unit calculates from satellite data. It does display
the barometric altitude and will issue a warning if the barometric altitude
differs significantly from the GPS altitude.

On asking Bendix/King why they would deny a pilot information already computed
in the unit, the spokesperson explained that the calculated GPS altitude is
often several hundred feet different from the "officially correct" barometric
altitude, and that pilots might be so stupid as to try to fly by the GPS
altitude - thus putting themselves at risk of a collision. Accordingly, the
TSO(Technical Standards Order) by which the FAA defines approval of GPS
navigation systems for IFR(Instrument Flight Rules) prohibited them from
making GPS altitude information available to the pilot.

Last month I was flying in the clouds in mountains and experienced a failure
of the primary pressure altimeter in the aircraft. Cross checking a second
pressure altimeter with the GPS altitude on a non-TSO GPS navigator verified
that it was the primary altimeter that was wrong. Not having this information
could easily have resulted in my death.  I would much prefer to educate pilots
about GPS altitude errors than to deny them the possibility of having what
could be lifesaving information.

Jim Easton, Box 889, Bonita, CA 91908    (619)548-0138


Risks of networks

Jerry Leichter <leichter@lrw.com>
Sat, 9 Jan 93 08:03:32 EDT
[I pulled the following from a recent TELECOM Digest, and it may very well
have appeared elsewhere previously.  But if ever there was an indication that
the Internet is not the safe playground we like to think it is, it's this.
Not only do we have to face new risks; we have to face new forms of old ones.
                            -- Jerry]

Date: Thu, 7 Jan 1993 03:34:36 -0500
From: Monty Solomon <monty@proponent.com>
Subject: Sci.electronics Phone Fraud!

[Moderator's Note: Monty also passed this along for us today.  PAT]

 From: larryc@shell.portal.com (Larry WB Ching)
 Newsgroups: sci.electronics
 Subject: SCI.ELECTRONICS Phone fraud !!!
 Summary: A recent attempt to rip-off sci.electronics correspondents.
 Keywords: fraud, con artists, phone numbers
 Message-ID: <C077BC.GBn@unix.portal.com>
 Date: 1 Jan 93 23:16:23 GMT
 Sender: news@unix.portal.com
 Organization: Portal Communications  -- 408/973-9111 (voice) 408/973-8091

 At about 6PM Thursday evening, I got a phone call. The operator said
that he had a collect call to me from Charles Pooley in New York. The
name was familiar, but I didn't remember exactly why. I said I would
accept the call, but then the "operator" said the call couldn't get
through because I had the call collect option blocked. He then said he
could pass the call through if I gave him my calling card number. I
said that I'd rather call Mr. Pooley myself, and could the "operator"
give me Mr. Pooley's number.  There was a pause, then a phone number
with a San Jose area code! It didn't occur to me until later that , if
the call was from New York, why was the call-from number (408) !??!

 I remembered that Charles and I had been corresponding on a topic from
sci.electronics. I was lucky enough to have an old message from him lying
around, and emailed him a message about my mysterious phone call.

 Charles Pooley replyed to me today -- turns out the guy tried the same scam
on him too! But this time, the bogus operator said the collect call was from
me to Charles! Charles was also wary, and didn't give the crook his calling
card number.

 So - WATCH OUT! How this con artist chose my name and Charles' to try is
beyond me. As far as public postings in sci.electronics, I don't think Charles
and I had exchanged more than four public postings. Most of our correspondence
has been via "private" email.

 This has definitely raised my paranoia level. If, out of the millions of
public postings during 1992, someone should choose two correspondents who have
exchange only a slight amount of messages ....  I mean, why us?  Or, is there
a "boilerroom" operation going on, with a bunch of phony operators, armed with
USENET listings -- calling people with this con?

 OH! - I may have put my phone number in one of my public
sci.electronics postings - that's probably how the scamsters make
their selection. Makes sense ...

CHILDREN BEWARE!!!

larryc@shell.portal.com

[Moderator's Note: I note the public access site you use for Usenet
(Portal Com) is located in area 408 (San Jose, CA).   PAT]

   [Also sent to RISKS by Mike LeVine,
   levine%fidler.decnet@chinalake.navy.mil]


version numbers

"MARCHANT-SHAPIRO, ANDREW" <MARCHANA@gar.union.edu>
7 Jan 93 14:35:00 EST
Alas, Microsoft isn't the only software company sliding corrections in without
notice -- there are (at least) two versions of Digital Research's (really
wonderful) DR-DOS 6.0 floating around out there as well.  In this case, the
problem isn't quite so critical: the early version will not run Windows 3.1,
apparently because of some hooks Microsoft inserted (rampant speculation).
Windows 3.0 will run, however.  The new version, which has been fairly freely
distributed, but which has the SAME version number, corrects the Windows
incompatibility (which some might call an advantage).  DR-DOS users should
check to make sure that their COMMAND.COM is dated 4-07-92 (or later?).

For me, this has created no serious problems, but I can forsee
situations in which failure to adhere to a reasonable numbering system
could lead to all kinds of headaches -- "What version of our software
are you using?" "Version 6.37a."  "Yes, but WHICH version 6.37a...?"

Andrew Marchant-Shapiro    Depts of  Sociology and Political Science
USmail: Union College, Schenectady  NY  12308   AT&T: (518) 370-6225
INTERNET:  marchana@gar.union.edu     BITNET:  marchana@union.bitnet


About Computer Expense...

"Paul Robinson, Contractor" <FZC@CU.NIH.GOV>
Mon, 11 Jan 1993 17:19:55 EST
The following item appeared on the Operations List on Bitnet, and I thought
I'd pass it on because it is unfortunately very true.

Date:     Sun Jan 10, 1993  1:09 am  EST
From:     Mainframe Operations Discussion List
          EMS: INTERNET / MCI ID: 376-5414
          MBX: OPERS-L@vm1.cc.uakron.edu

TO:       Multiple recipients of list OPERS-L
          EMS: INTERNET / MCI ID: 376-5414
          MBX: OPERS-L@akronvm.bitnet
Subject:  Re: Some Good Old Standbys

> I came across these in a Usenet post and found them quite relevant

And one I saw in a humor column recently:

   If the automobile industry were like the computer industry
   over the past 30 years, a Rolls-Royce would now cost $5.00,
   would get 300 miles to the gallon, and once a year would
   explode killing all passengers inside!
                         - tom

   mvac23!thomas@udel.edu  lapp@cdhub1.dnet.dupont.com (work)
   {ucbvax,mcvax,uunet}!udel!mvac23!thomas


Re: Large Foreign Exchange Rates (Kain, Risks-14.23)

Mark Brader <msb@sq.com>
Fri, 8 Jan 1993 01:28:00 -0500
> So in the face of unreasonable people (dictators, etc.), perhaps we
> need to use a floating point representation for the exchange rates
> - but I do think that one decimal digit for the exponent should be
> adequate.

He walks right into it!

According to the Guinness Book of World Records, in June 1946 the
Hungarian pengo [two acute accents on the o] reached a valuation of
1 / 1.3e20 of the gold pengo of 1931.  Now I don't know what *that*
value was, but I think we can assume that the exchange rates with
at least some other currencies must have exceeded 1e19.

The German inflation of 1923 also went well past the 1e10 mark --
no pun intended -- if I recall correctly.

Mark Brader, Toronto  utzoo!sq!msb, msb@sq.com


Re: Large Foreign Exchange Rates (R. Y. Kain, RISKS-14.23)

Peter Trei <ptrei@bistromath.mitre.org>
Thu, 7 Jan 93 15:08:41 EST
>So in the face of unreasonable people (dictators, etc.), perhaps we need to
>use a floating point representation for the exchange rates - but I do think
>that one decimal digit for the exponent should be adequate.
      ^^^
     I wouldn't be too certain. I don't have it hand, but I recall an
occasion when a South American currency (Paraguay?) depreciated to
billions (43 billion?) to one versus it's gold equivalent (it's in the
Guinness book of records).

     It is easy to underestimate the size of data a program may be asked to
deal with, especially several years down the line. (See the Bank of New York
problems, recorded here several years ago, when a program suddenly had more
than 2^16 transactions/day). The cautious programmer will be generous to a
fault. The best case I've seen was in a banking program where dollar amounts
were stored as 96 bit integer quantities of pennies - this rolls over at
nearly $8E26, or about 792 trillion trillion dollars.
                                  Peter Trei


Re: Large Foreign Exchange Rates (Kain, RISKS-14.23)

<Dik.Winter@cwi.nl>
Fri, 8 Jan 1993 01:04:30 GMT
The lack of need for seven digit accuracy is correct, the single digit
exponent is not.  I have a German banknote of 1,000,000,000 Mark, barely
enough to buy a bread by one month after issue.  I have also seen German
stamps of 1,000,000,000,000,000,000 Mark (Eine Trillionen Mark, German
trillions of course).  That was in the early twenties of course.  And I add
that at that time Germany was a democratic country, no unreasonable people
were involved.

dik t. winter, cwi, kruislaan 413, 1098 sj  amsterdam, nederland
home: bovenover 215, 1025 jn  amsterdam, nederland; e-mail: dik@cwi.nl


Correction on Computers, Freedom and Privacy 1993 (RISKS-14.21)

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 7 Jan 93 14:34:46 PST
Bruce Koball reports that the net address for cfp93 information and
registration reported in RISKS-14.21 should have been cfp92@well.sf.ca.us.
However, Bruce's address was correct, so this should not have caused anyone
too much trouble.


CSESAW93 call for papers

Catherine A. Meadows <meadows@itd.nrl.navy.mil>
Fri, 8 Jan 93 10:49:36 EST
                                CALL FOR PAPERS

           1993 Complex Systems Engineering Synthesis and Assessment
                        Technology Workshop (CSESAW '93)

                                July 20-22, 1993
                                 Washington, DC

This is a call for papers to be presented at the 1993 Complex Systems
Engineering Synthesis and Assessment Technology Workshop (CSESAW '93)
which will be held July 20-22, 1993.  The theme of this year's workshop
is integration. This workshop will explore issues related to the design
synthesis and assessment of complex, computer-based, mission-critical
systems.  Many DoD related systems tend to be large, complex,
fault tolerant, distributed, real-time, time-critical systems.
Of interest is the development and enhancement of the system level
ability to specify, capture, synthesize, analyze, model, prototype,
test and implement such systems.  The emphasis is on developing forward
engineering capabilities; however, reverse engineering capabilities will
also be addressed.

                               TOPICS OF INTEREST

    INTEGRATION OF CAPTURE, OPTIMIZATION, AND ASSESSMENT TECHNOLOGIES
    INTEGRATION OF DEPENDABLE SYSTEM DESIGN INTO SYSTEM ENGINEERING
    INTEGRATION OF SECURE SYSTEMS DESIGN INTO SYSTEM ENGINEERING
    APPLICATION OF SIMULATION, MODELING, MEASUREMENT, METRICS,
                             AND PROTOTYPING WITHIN SYSTEM ENGINEERING
    REQUIREMENTS ELICITATION, SPECIFICATION AND TRACEABILITY

    Authors are requested to submit (5) copies of the paper of no more than
7,000 words (5 pages or less). Include a cover letter listing the author(s),
paper title, area of interest, and the name, address, FAX, telephone number,
and e-mail address (if available) of the author who is responsible for all
correspondence and preparation for the workshop by 15 April 1993.  The
accepted papers will be published as a Proceedings, which will be distributed
within the Government and also made available to the general public.

                      Submission Deadline:      15 April 1993
                      Acceptance Notification:  15 May   1993
                      Final Paper Submission:    1 June  1993

                  Submission Address:
                        Steve Howell
                        Naval Surface Warfare Center
                        Code B40
                        10901 New Hampshire Avenue
                        Silver Spring, MD 20903-5000

                        e-mail inquiries: showell@nswc-wo.navy.mil
                        phone inquiries: 301-394-3987
                        fax inquiries: 301-394-1175

Please report problems with the web pages to the maintainer

Top