The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 37

Thursday 4 March 1993


o Power Outage Locks Up Jail System
Jennifer Smith
o Hacker disables cancer database
Jonathan Bowen
o Smells like Green Spirit...
Jeffrey S. Sorensen
o Evacuation plan, generators fail in World Trade Center blast
Jay Elinsky
o Bank account problems
Jeremy Epstein
o The White House Communication Project
Shellie Emmons via David Daniels
o Re: your permanent record
Richard A. Schumacher
o New York Telephone's newest dis-service
Jeffrey S. Sorensen
o Phone Company Writes to a Public Telephone
Warren via Mark Brader
o Cohen/Radatti on Unix and Viruses
Pete Radatti
o London Ambulance Service - the Report
Brian Randell
o Bank machine glitch leaves users poorer, but empty-handed
Randal Schwartz
o Does Publisher's Clearinghouse Use Information America?
Jane Beckman
o Info on RISKS (comp.risks)

Power Outage Locks Up Jail System

Jennifer Smith <>
Fri, 26 Feb 93 19:59:44 CST
by Judy Kuhlman, Daily Oklahoman, 26 Feb 1993

  An attempt by Oklahoma County officials to fix their troubled jail's
malfunctioning computer system failed Thursday.  Prisoners remained locked
inside their cells for the fourth consecutive day in the $54 million, 12-story
jail that opened in November 1991, Oklahoma County Sherrif J.D. Sharp said.
"Everything is just like it was. The computers are still down. We have an open
facility.  Some doors are locked open and others are locked closed, both
inside and outside the facility," Sharp said.  Twenty-two jailers were trapped
from 10 am to 6:30 pm Monday inside a jail control room when the controlling
computer shut down following a five-minute power outage. Guards since then
have been manually opening and closing the prisoners' cell doors, Sharp said.
  Computer software purchased by jail officials at a cost of $4,836 and
installed Thursday did not fix the jail's problems, Capt. James Rouse said.
  Oklahoma County commissioners had an emergency meeting Wednesday to approve
the purchase of that computer diagnostic equipment and to consider additional
equipment needed to deal with the county's latest jail crisis.  Officials were
not certain what caused the computers to shut down, Oklahoma County engineer
Ted McCourry said.  "We're taking it one step at a time. But every time we
round one corner, we run into another problem. Slowly but surely we're getting
it back. But we will still need outside help," Rouse said.  The technician who
built the computer system is supposed to fly into OKlahoma City from Denver
today to assess the problem and recommend a solution, Sharp said.  "I'm
extremely frustrated. I have never seen anything like it. It is a real touchy
situation here," Sharp said.  Sharp said there was no danger of prisoners
escaping.  "We have called in extra people and are taking extra precautions
which I cannot talk about at this time," Sharp said.
  Commissioners have also authorized the purchasing agent to immediately go
out for bids for a power-surge protector, expected to cost about $80,000, to
prevent electrical surges and a battery back-up system for the computers that
could cost an estimated $500,000.  McCourry said the power-surge protector and
back-up system was never included in the original jail plans and
specifications.  Commissioner Shirley Darrel asked the purchasing agent to
find out who took the surge protector out of the specifications and why it was
taken out in the first place.
  Sharp has said the problems might have been averted if the county jail
had been provided with a back-up system or a power-surge protector.
  McCourry said the jail has a back-up generator to supply power in the
advent of a power outage. The computer back-up system would act as a third
source of power for computers.
  County Clerk John Garvey has also suggested the sheriff hire a full-time
computer expert.

  [This is, I believe, the same "escape-proof" jail that had 2 escapees within
  a month of its becoming operational.  Having computer-controlled doors with
  not even a surge protector, not to mention no one in the state running the
  system, is unfortunately quite typical.  Jennifer Smith]

     [We previously reported the effects of a failure of automatic
     jail-doors in El Dorado, California, in 1988.  PGN]

Hacker disables cancer database

Thu, 25 Feb 93 14:16:52 GMT
Following is an abridgement [by JB and PGN] of an article that appeared in the
Home News section (page 4) of the Guardian newspaper in the UK on 25 Feb 1993:

  A schoolboy computer hacker caused chaos when he dialed into a vital
  database at a Brussels-based centre for cancer research and treatment.
  Paul Bedworth allegedly ran a rogue program that generated 50,000 phone
  calls, and caused the computer system at the European Organisation for
  the Research and Treatment of Cancer to "crash".  In the process, Mr.
  Dedworth, now 19 and a student of artificial intelligence at Edinburgh
  university, left the centre with a 10,000 pound [c. US$14,000] phone bill.
  His trial is in progress.

Jonathan Bowen, Oxford University Computing Laboratory

     [A Reuters story noted by "Mich Kabay / JINBU Corp."
     <> says Bedworth also broke into the
     British Telecom telephone network, a Lloyds Bank computer, and the
     Financial Times of London.   PGN]

Smells like Green Spirit...

Jeffrey S. Sorensen <>
Fri, 26 Feb 1993 14:42:03 GMT
In the Jan/Feb issue of _Health_ magazine p. 53:

  Talk About Paying Through the Nose

  Bill-collection agencies in England began lacing their invoices with a
  product containing androstenone, a chemical secreted from men's armpits and
  groins that is known to be a sex attractant in some species.  In one
  preliminary study, mailed invoices treated with the product resulted in a
  14 percent higher payment rate than untreated bills.

and from the Art of User Interface design:

  The Less Care She Got, The Less She Cared

  A patient in Manchester Royal Infirmary in England was found unconscious
  after she mixed up the nurse's call button with the one to give herself more
  painkiller and pressed the latter button impatiently for several minutes.

Jeffrey Sorensen

Evacuation plan, generators fail in World Trade Center blast

"Jay Elinsky" <>
Sat, 27 Feb 93 20:43:30 EST
The New York Times, in its morning-after coverage of yesterday's huge
explosion in the World Trade Center garage in downtown Manhattan, reported
that the blast destroyed the complex's operations center and severed cooling
lines for the emergency generators.  The result was that there was no
organized leadership in evacuating 50,000 people down the stairwells of the
110-story twin towers, and the ventilation system was unable to suck out
smoke.  As of tonight, the toll stands at 5 killed, 2 missing, and over 1,000

The former director of the agency that runs the center said that studies in
the mid-80's showed it could withstand a car bomb.  "'They said you could
sustain a car bomb', he said.  'What they didn't tell us was you couldn't
sustain it if it was perfectly placed.'"

Jay Elinsky, IBM T.J. Watson Research Center, Yorktown Heights, NY

   [NOTE ADDED 1 MAR 1993: Maybe my submission was a bit hasty.  Today's Times
   says that the Port Authority *did* know in 1985 that a car bomb could
   disable building systems, but they decided not to implement the recommended
   changes because of the expense.  Jay]

       [An old story, eh?  Security is almost always considered
       too expensive until AFTER the disaster.  An 3 March 1993 AP
       report suggests that that the closure would last for at least a
       month, and the city of NY speculated that the "initial disruption
       is costing $100 million daily" with second-order costs per day
       increasing daily.  PGN]

Bank account problems

Jeremy Epstein <>
Mon, 1 Mar 93 09:39:04 EST
According to a Washington Post article last week, the Resolution Trust
Corporation [the federal agency charged with cleaning up failed savings &
loans] generated incorrect data on Form 1099s [that's the form that tells the
Internal Revenue Service how much interest you earned for the year, so you pay
tax on it].

According to the article, there have been some serious glitches, including a
woman whose 1099 reported $152,000 in interest, rather than the $3,000 she
actually earned.  Other statements were off by a factor of 100 or more.
According to the article, the IRS was not sent the erroneous figure, although
about 2000 customers of the failed Trustbank received incorrect notices.

The error occurred because "of a computer tape mishap" according to
an RTC spokesman.  No further details on the mishap were provided.

As more and more data is submitted to the IRS electronically, and the IRS does
more and more electronic cross-checking, it's easy to see how people could
have received automatic dunning notices for underreporting their income, had
the erroneous data been sent to the IRS.  I wonder whether the IRS's analysis
software (or auditors) would have noticed that for many people, the amount of
interest reported was highly unlikely given their historical tax data and

Jeremy Epstein, Trusted X Research Group, TRW Systems Division
Fairfax Virginia +1 703/803-4947

The White House Communication Project

David Daniels <>
Thu, 25 Feb 93 16:25 GMT

>Date:         Tue, 23 Feb 1993 22:55:18 GMT
>Sender:       Computers and Society ARPA Digest <COMSOC-L@AUVM.BITNET>
>From:         Shellie Emmons <>
>Organization: University of Illinois
>Subject:      The White House Communication Project
>I am currently involved in a research project that is trying to aid the
>Clinton Administration in making effective use of computer-mediated
>communication to stay "in touch" with the public.  Our coordinator has
>gotten in touch with Jack Gill, Director of Electronic Publishing and
>Public Access Electronic Mail for the Clinton Administration, and he
>(Gill) has embraced the efforts of the research group to lend a helping
>hand to this task.  Some questions he has posed to the researchers include
>the following:
>  (1)  When you get thousands of messages a day, how do you
>       respond effectively?
>  (2)  How do you make a public e-mail system inclusive
>       and accessible?
>  (3)  What would happen if e-mail became the primary
>       mode of(mediated) access to government?
>We would appreciate any insights and suggestions of possible solutions to
>these questions.
>Shellie Emmons

    [Respond to Shellie.  I sent a noted several weeks ago to Jack Gill,
    but have heard nothing.  I presume he is absolutely swamped.  PGN]

Re: your permanent record

Richard A. Schumacher <>
Thu, 25 Feb 1993 02:43:22 GMT
Forwarded to protect another's privacy.

>Some weeks ago, conversation on AFU turned to the existence of
>'permanent records' for grade school and high school students.
>It turns out that the state of OHIO has been keeping computerized
>records of Ohio primary and secondary students.  The local paper
>has exposed this mess in the past week.  I quote from the
>_Columbus Dispatch_:

>    Virtually all school districts are sending 93 categories of
>    information about each of Ohio's 1.8 million primary and
>    secondary school students to 25 regional data centers.

>    The information is linked to a student identification
>    number, which the state says should be the student's social
>    security number.  The computer data include test scores,
>    disciplinary action, medical details including pregnancy,
>    race, handicaps and family income.   [...]
>    Princeton [a Cincinnati HS] supplies the state with
>    statistics that do not identify students, but has never
>    given information linked to names or identification numbers.
>       As a result, the state has threatened to cut off the
>    district's funding, beginning with it's April payment of
>    about $288,000.

>    Princeton and other school are suing the state based on the
>    Federal Privacy Act.   [...]
>    Many districts don't even tell parents or students they are
>    sending information about students to the state.

>[many sordid details deleted for brevity]

>Ohio has also kept a database of accusations of child abuse
>with 200,000 names on it.  Ohio's population is about
>11,000,000.   It was, until recently, impossible to find out
>if you were on the list, and who accused you, and impossible
>to get your name removed.  If you worry at all about due
>process, facing your accuser, etc., don't bother to move here.

>I considered posting this information to COMP.RISKS or
>COMP.SECURITY.PRIVACY, but I didn't care to be "Jolted" by the FBI or CIA.

New York Telephone's newest dis-service

Jeffrey S. Sorensen <>
Mon, 1 Mar 1993 19:50:09 GMT
In the Feb '93 "Hello" notice distributed with our monthly phone bill is an
informative little piece about CIRCUIT 9(sm)  This service "allows business
subscribers to identify a caller's ``billing'' telephone number, even if the
number is not published in the telephone directory."

CIRCUIT 9 services are assigned to 910 exchanges in the 212 and 718 area codes,
920 elsewhere in NY State, and 880 in area code 900.
Note that the CIRCUIT 9 exchange 880 is actually a fee-per-call 900, which have
long had the ability to receive calling number information.

Here's the juicy section:

  There are important limitations on the ways in which businesses that
  obtain your phone number through CIRCUIT 9 Service may use this information.
  For example, they may use your number to route or screen calls, or to obtain
  billing information about your account with them.

  However, subject to certain exceptions [?!], businesses that obtain your
  phone number through CIRCUIT 9 Service may not use your number to establish
  telemarketing lists or to conduct outgoing telemarketing calls without your
  consent. [!?]

  If you believe a business has misused the information they obtained through
  CIRCUIT 9 Service, you may call a special toll-free number.  Call
  1-800-729-8924 Monday through Friday 9am to 5pm.

The notice goes on to tell you that you can have these calls blocked by
calling you service representative, but doing so will also block exchanges
394, 540, 550, 970, and 976 and the area codes 700 and 900.  I guess privacy
is an all or nothing...

Further, the notice ends stating "Because CIRCUIT 9 service uses a different
technology [?] from Call ID, the restrict options [mandated by the PSC]
(per-call and all-call restrict) used to prevent number delivery through
Call ID cannot be used to prevent number delivery through CIRCUIT 9 service."

I am beyond confused at this point.  What do they mean "certain exceptions?"
What constitutes my "consent?"  It almost seems NY Tel is admitting they have
had an utter disregard for our privacy in the past and are just writing us to
say they will continue in the same vein in the future.

I wonder what horrible punishments will rain down upon and business that I
report to their 800 number...

Jeffrey Sorensen

Phone Company Writes to a Public Telephone

Mark Brader <>
Tue, 2 Mar 1993 01:49:00 -0500 writes in comp.dcom.telecom:

> The August 14 edition of Yerushalaim (a Jerusalem local newspaper)
> contains a copy of a letter that Bezeq, the Israeli telco, mailed to a
> phone booth which it owns.
> The form letter is addressed to "Bezeq, Inc." at the address at which
> the phone booth is located (155 Costa Rica Street), and informs the
> subscriber that while in the past, its bill was computed by reading a
> meter, which made it impossible to obtain a listing of calls made,
> this will now be possible (at a fee, of course, something that Bezeq
> did not mention to the phone booth).
> The letter-carrier delivered the letter by placing it inside the phone
> booth.
> Bezeq responded that the program that sends out mailings will be
> corrected.  The phone booth was unavailable for comment.

Mark Brader, SoftQuad Inc., Toronto, utzoo!sq!msb,

Cohen/Radatti on Unix and Viruses

Pete Radatti <>
Wed, 3 Mar 93 14:16:47 EST
The widely circulated paper by J. David Thompson entitled "Why Unix is Immune
to Computer Viruses" has been attracting controversy.  Due to this controversy
and the concern that this paper may be providing a false sense of security to
the Unix community, Doctor Fredrick B. Cohen and Peter V. Radatti have
published refuting papers.  These papers are too long to post here, however
they are available upon request.  Make your request by fax, email or post and
copies can be returned by fax or post.  Email copies are not available.

Address post to:
Peter V. Radatti, C/O CyberSoft, 210 West 12th Avenue
Conshohocken, PA. 19428 USA

FAX requests to: +1 (215) 825-6785

Email requests to:

Thank You,  Peter V. Radatti

London Ambulance Service - the Report

Sat, 27 Feb 1993 10:21:29 GMT
On Friday 26 February the UK national newspaper The Independent covered the
just-released report on the London Ambulance Service debacle very fully - it
was the main story on the front page (entitled "Report Prompts Departure of
Ambulance Boss"), with three more stories taking up a significant fraction of
page 3. These are entitled "Manager's `created an atmosphere of mistrust'",
"[Secretary of State for Health] Bottomley condemns `catalogue of errors'",
and "Father grieved for asthmatic son who died in his arms".  The first of
these three has the most detail, and is quoted below in its entirety.

Brian Randell


The London Ambulance Service Crisis

By Susan Watts, Technology Correspondent, The Independent, 26 February 1993

It would be hard to paint a more damning picture of failed management than
that which emerged from the inquiry into the London Ambulance Service
yesterday.  The report said that the LAS management "created an atmosphere of
mistrust" with its over-aggressive style, born in part out of the desperation
to put right decades of poor performance.

The LAS made "virtually every mistake in the book" when implementing its
"ambitious" (pounds)1.5m computer system, one of the three-strong inquiry
team said. The computer-aided dispatch (CAD) system was seen as the only
hope the service had to put right its poor response times in dealing with
emergency calls. But the software was "not complete, not properly tuned,
and not fully tested", the report said.

The inquiry team was set up after the CAD system broke down on 26 and 27
October last year, then collapsed a second time on 4 November, forcing
controllers to revert to pen and paper to dispatch ambulances.

Managers took a high risk, "misguided" decision to have the CAD system up and
running in one phase. The system was developed and installed in "an impossible
timetable", the report said. The final system had known technical problems,
and the people who would have to use it were not properly trained to do so.
The team concluded that LAS management ignored advice to this effect "from
many outside sources".

One of the team members, Paul Williams, said management had concentrated on
getting the best price for its computer system rather than one which would be
best for the job.  He said he would have expected a system of this kind to
have cost at least twice as much as the LAS computer. The report said there
was "no evidence of key questions being asked about why the [final] bid was
substantially lower than other bidders". The report questioned the apparent
lack of accountability within the service itself, and upwards to managers at
regional level. This was exacerbated by the LAS operating at arm's length from
its health authority, which meant it was not subject to checks from regional

The team said that although the computer system did what it was supposed to
do, the design had "fatal flaws" that together would lead to all the
symptoms of a systems failure. It found that System Options, the software
company which supplied the system, had never before dealt with a system
this large and complex. "We believe that they [the software supplier]
rapidly found themselves in a situation where they were out of their depth.

The team believes that some parts of the failed software system can be
salvaged, although chunks of the applications software may need to be
substantially rewritten.

The report refutes earlier statements from the LAS that the two disastrous
days in October had been exceptionally busy. The number of calls was in
fact only a little above average. It was only when ambulances failed to
arrive, and duplicate calls came in, when things got out of hand.

LAS board members appeared to have been given a "misleading impression"
about progress with the computer system and regional members seemed to have
been given even less of an idea what was going on within LAS.

Last year's crisis prompted the resignation of John Wilby, the chief
executive of the service. Yesterday, South West Regional Health Authority
revealed that it had already decided to remove Mr Wilby from his post,
having first raised fears over his performance at a meeting with him six
months before the computer breakdown.

Jim Harris, LAS chairman, denied that this might have put pressure on Mr
Wilby to produce results. But the report concluded that "an important
factor was almost certainly the culture within LAS of `fear of failure'."

Professor Marion Hicks, the health authority's chairman, said Mr Wilby was
given a limited time to improve, but by mid-October "the decision had been
taken to terminate his contract". This would have gone ahead in November if
the LAS board had not been taken over [sic] by events, and Mr Wilby's
voluntary resignation.

Non-executive LAS board members who remain are Roddy Braithwaite, Victor
Paige, Mary Spinks, Janet Preston and Stephen Miles. The executive
committee comprises Martin Gorham (chief executive), Alan Kennedy (acting
director of operations), Simon Young (director of finance) and Bernadette
el-Hadidy (director of human resources).

  The front page story leads with a report that the chairman of the LAS, Jim
Harris has resigned, and repeats the union claim that up to 20 deaths resulted
from ambulance delays, but states that this allegation is hotly denied by
management, adding that: "Yesterday's document shies away from linking deaths
directly with ambulance delays caused by the computer crash.  It said an
examination of 26 cases at coroners courts since November 1991 showed that the
LAS had not been blamed for a single death. Two cases are outstanding."

Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne,
NE1 7RU, UK +44 91 222 7923 FAX +44 91 222 8232

Bank machine glitch leaves users poorer, but empty-handed

Randal Schwartz <>
Sun, 28 Feb 93 12:37:14 -0500
>From The Oregonian, Sunday, 28 Feb 93:

Bank machine glitch leaves users poorer, but empty-handed

For thousands of people last week, automatic tellers charge their
accounts without dispensing money

>From staff and wire reports

Customers who used an automatic teller machine in U.S. Bank's Exchange
system Thursday morning may want to take a close look at their next
monthly statement to make sure everything adds up.

Thousands of Oregon ATM users who tried to withdraw money between 4
a.m. and 10:30 a.m. Thursday came up empty-handed, even though the
machine's faulty computer software subtracted the money from their
accounts anyway. A U.S. Bank spokeswoman assured that all accounts
would be corrected by Tuesday.

Mary Ruble, corporate spokeswoman for the Portland-based company, said
the bank has what is called a redundant computer system that keeps
track of all transactions and has passed the information to all banks
who have customers who have been affected.

Ruble said Saturday that 18,000 transactions in Oregon, Washington,
Idaho, Nevada and California were affected Thursday.

"We are aware of the problem but we haven't been able to clear them all
up yet," Ruble said."We've shifted people from other responsibilities
to speed up the correction process."

John Kresge, vice president and manager of the U_S_ Bank's ATM network,
said the problem started when the bank was modifying the software in
its main computer in Portland. The computer links U.S. Bank with The
Exchange, a huge electronic clearinghouse that coordinates ATM deposits
and withdrawals for customers of banks throughout the Northwest.

The glitch affected only non-U.S. Bank customers who tried to make
transactions from U.S. Bank's ATM machines, Kresge said. It is not
known which banks were affected the most.

To safeguard from any account discrepencies [sic], Ruble recommends
that ATM users keep their receipts and compare them with their monthly
statements.  Problems should be reported to the customers' individual banks.

Kresge said all accounts will be properly credited, whether or not
customers noticed the problem.

"I hope there isn't too much anxiety out there," Kresge said. "I am certain
each one of those transactions will be reversed. We have an army of people
looking at it. They are manually going through all the transactions and making
corrections and reversing any charges that may have occurred."

Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095 (semi-permanent)

Does Publisher's Clearinghouse Use Information America?

Jane Beckman <>
Mon, 1 Mar 93 18:02:49 PST
I read the article on "Information America" with great interest, as it
would explain a great deal of things that have bothered me, wondering
how certain individuals got particular information.

In the first instance, we received a phone call from a law enforcement agency
looking for a "Mark Frates."  This individual has become known to us, as
arrest warrants, letters from lawyers, etc. have arrived on a regular basis,
to be returned "Not here."  Since his last name matches the previous owners'
name, we assume he (and his several aliases) is their son.  But HOW, I
wondered, did they get OUR phone number?  We moved into a house formerly
owned by his parents, but our phone number was not connected to the Frates.
Apparently, someone has used this, or a similar, service, trying to track
this guy down.

But the most worrying piece of mail came from the lowly Publisher's
Clearing House.  It was the standard hype, with "you may be the winner..."
and all, but it had a worrying piece of personalization.  "Although you
have not ordered anything from us since 1982..."  In the time in between,
my husband had moved five times, and had not even renewed the original
subscription.  Somehow, Publisher's Clearinghouse had tracked him across
the country, and from Washington State to California, through the course
of several moves, and had paired him with a magazine subscription from ten
years before.  Impressive tracking capability for a junk mailer!  Especially
one who, by implication, must have files on most of the residents of the
U.S.  Imagine what someone with more interest in you could do...

  Jane Beckman   []

Please report problems with the web pages to the maintainer