The RISKS Digest
Volume 18 Issue 17

Tuesday, 4th June 1996

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


MARTA train jumps track
Stephen Cohoon
Taipei subway computer crash
New book by Peter Wayner on crypto and steganography (hide and seek)
Report Opposes Administration's Cryptography Plans
New form of harassment; third-party paging
Joe Smith
Cyber-terrorists blackmail banks and financial institutions
The Dodger
"Secret lie-detector test from a distance"
Daniel P. B. Smith
MIME bites equations
Geoff Kuenning
Loopy Mail
Kevin Rainier
Risks of insufficient concept design
Andrew Pam
Election "Glitch" in Capetown
David Kennedy
Roundoff error on Detroit Edison bills
Jim Rees
Info on RISKS (comp.risks)

MARTA train jumps track

Stephen Cohoon <>
Mon, 3 Jun 1996 11:02:23 -0400 (EDT)
On Saturday, June 1, 1996, a commuter train operated by the Metro Atlanta
Regional Transit Authority (MARTA) had one car leave the track causing
injuries to 19 people and much embarrassment for the "Official Spectator
Transportation System" for the Olympic games.

According to local TV news and newspaper reports, the train had stopped
before a red signal apparently on automatic control.  The operator called
dispatch requesting permission to go to manual.  Permission was granted and
the operator proceeded *through the red signal* setting off alarms.  The
train was stopped and put into reverse.  As one of the middle cars passed
over a crossover switch some or all of its wheels were lifted and displaced.
The train stopped very suddenly tossing the operator and 18 passengers from
their seats.  MARTA does not consider this a derailment because no cars fell
on their sides.

A MARTA person interviewed on camera said there is no time that any train on
manual or automatic should pass a red signal.  The operator, the supervisor
on duty and the dispatcher have been suspended pending a review.

Personal opinion: this is a familiar scenario often repeated in RISKS but
apparently not yet learned by those responsible for critical safety systems.
Operator training and supervision must exceed the the capacity of a system
to cause harm to people.  Manual overrides must be designed to increase
safety not allow safety systems to be subverted.  In 47 days over a million
people will come to Atlanta.  There is no way MARTA can repair the public
relations damage caused by this incident in that time.

I ride the line on which this happened every day.  In the 4 years I have
been here I have found MARTA to be a safe and reliable system compared to
the alternative of driving through the daily carnage of the freeways.  I
will continue to use MARTA even though this incident has been a
disappointment to me.  Perhaps this will cause heightened vigilance and
improved supervision which may help prevent a larger disaster while every
news reporting organization in the world is in town.

Stephen M. Cohoon  BellSouth Telecommunications  675 W. Peachtree St. NE
Room 41G70  Atlanta, GA 30375  (404)332-2275

   [You wouldn't want to be a MARTA to the cause-way!  PGN]

Taipei subway computer crash

Tue, 4 Jun 1996 19:13:28 -0700
Taipei's only subway line service was completely disrupted on Monday
morning, 3 June 1996, due to the simultaneous shutdown of both the main
computer and the backup system.  The control center ordered an emergency
shutdown of the entire system, which did not cause any train accidents or

The subway company reported that at 9:27am on that morning, the main control
computer suddenly printed out 14 pages of extraneous program code.  Eight
minutes later, both the main control computer and the backup system went
down.  Maintenance engineers, with the help of a Matra engineer (the company
that supplied the control software), were unable to reboot either system.
Digital engineers (the company that supplied the hardware) arrived shortly
and discovered that one of the rebooting programs was missing.  They
reloaded the rebooting program from backup media and the subway line/system
returned to normal functions after four hours and thirty-four minutes.

The situation is complicated by the recent breakdown in contract
negotiations between the subway company and Matra for maintenance.  Matra
has taken back most of its maintenance personnel, but the subway company has
not fully acquired the capability for maintaining the entire system,
including the computing system, particularly the proprietary control
software written by Matra.

The subway company presumes the incident to be sabotage and has asked the
police authorities to investigate.  The police computer experts have
declared that it is difficult to investigate the control software consisting
of more than ten millions lines of code.  Furthermore, the police have not
ruled out the other possibilities such as operator error and software design

In the public opinion section of the same newspaper, several readers
discussed the risks involved in this kind of incident.  The section title
was "The important question is: who should be responsible for computer
security", subtitle "who sabotaged the computer is secondary."

(Source: digest/translation of news from United Daily News, Taipei, 5 June

  [5 June?  Oh, yes, remember the International Date Line.  But if you
  indulge in international dates in Taipei, be prepared for Matra-mony.
  And note that MARTA and Matra are anagrams.  They seemed to belong
  together.  PGN]

New book by Peter Wayner on crypto and steganography (hide and seek)

"Peter G. Neumann" <>
Mon, 3 Jun 96 16:42:10 PDT
Cryptography is certainly not the only way to hide information, and in some
cases perhaps not even the best way.  For a delightful easy-to-read book on
a range of related topics with particular attention to steganography (for
example, hiding information so that it perfectly naturally looks like
something else, such as making your encrypted PGP message look like a .gif
file of the Mona Lisa), consider Peter Wayner's new book.  It is a gold mine
full of fascinating nuggets, and they all seem to fit together into a
brand-new golden oldie.

  Peter Wayner, Disappearing Cryptography: Being and Nothingness on the Net,
  AP Professional (Academic Press), Chestnut Hill, Massachusetts, 1996.

Report Opposes Administration's Cryptography Plans

Edupage Editors <>
Sun, 2 Jun 1996 15:19:35 -0400 (EDT)
Rejecting Clinton Administration arguments that law enforcement efforts
would be hampered by cryptography technology now based on a "key escrow"
system allowing the government to decode any electronic communications after
obtaining a court order, a report prepared for the National Research Council
of the National Academy of Sciences says that unbreakable cryptography would
actually help prevent crime by preventing criminals from intercepting
legitimate business transactions.  The report recommends dropping steep
export controls currently placed by the government on products using the
56-bit key Data Encryption Standard, which offers significantly greater
communications security than the 40-bit-key code that may be freely
exported.  (*The New York Times*, 31 May 1996, p. C1; Edupage 2 June 1996)

  [The executive summary of the report can be found at .  PGN]

New form of harassment; third-party paging

Smith and O'Halloran <>
1 Jun 1996 18:14:36 -0700
Summary: Tricking pager owners to do the harassment for you

While trying to catch some Zs, my pager went off twice in quick succession.
The number was one I did not recognize, XXX-XXXX-911.  I called the number
and a limousine service answered.  Turns out that some guy had been
harassing the women there over the phone, and now he has gotten innocent
bystanders to help him unwittingly.  Apparently this guy obtained a list of
pager numbers (or found an exchange that is densely populated with pager
numbers) and is sending the limousine company's phone number out.  The
police are involved, but are having a difficult time tracking down the
culprit.  They believe he is using one or more pirated cellular telephones.


INWAP.COM is Joe and Sally Smith, John and Chris O'Halloran (and our cats).

Cyber-terrorists blackmail banks and financial institutions

The Dodger <>
Sun, 2 Jun 1996 14:52:03 +0100 (BST)
   The following article appeared on the front page of the *Sunday Times*
   (a British newspaper) on Sunday, 2 June 1996, under the banner
   headline 'City surrenders to 400m-pound gangs':

City of London financial institutions have paid huge sums to international
gangs of sophisticated "cyber terrorists" who have amassed up to 400m
worldwide by threatening to wipe out computer systems.  Banks, broking firms
and investment houses in America have also secretly paid ransoms to prevent
costly computer meltdown and a collapse in confidence among their customers,
according to sources in Whitehall and Washington.

An Insight investigation has established that British and American agencies
are examining more than 40 "attacks" on financial institutions in New York,
London and other European banking centres since 1993. Victims have paid up
to 13m a time after the blackmailers demonstrated their ability to bring
trading to a halt using advanced "information warfare" techniques learnt
from the military.

According to the American National Security Agency (NSA), they have
penetrated computer systems using "logic bombs" (coded devices that can be
remotely detonated) electromagnetic pulses and "high emission radio
frequency guns", which blow a devastating electronic "wind" through a
computer system.  They have also left encrypted threats at the highest
security levels, reading: "Now do you believe we can destroy your

The authorities have been unable to stem the attacks, which are thought to
originate from the United States. In most cases, victim banks have failed to
notify the police. "They have given in to blackmail rather than risk a
collapse in confidence in their security systems," said a security director
at one blue-chip merchant bank in the City.  A senior detective in the City
of London police said: "We are aware of the extortion methods, but the
banking community has ways of dealing with it and rarely reports to the

European and American police forces have set up special units to tackle the
cyber criminals who, Ministry of Defence sources believe, have netted
between 200m and 400m globally over the past three years. But law
enforcement agencies complain that senior financiers have closed ranks and
are hindering inquiries.

Experts in information warfare met in Brussels last month to discuss
defensive measures. Representatives included Captain Patrick Tyrrell,
assistant director of computer information strategy at the Ministry of
Defence; General James McCarthy, professor of national security at the US
Air Force Academy, General Jean Pichot-Duclos, director of the economic
intelligence department of the French Defence Council, and senior figures
from the civilian computer industries.

A separate closed meeting involving representatives from Whitehall and the
intelligence community was held to analyse the 40 attacks on British and
American financial centres since 1993. A further secret seminar took place
in Washington this weekend.

Kroll Associates, the international investigating firm, confirmed last week
that it had acted for financial institutions that have been blackmailed.
"One of the problems we face is that the potential embarrassment from loss
of face is very serious," said a spokesman in New York. Kroll had evidence
that firms in London and New York had been targeted.  "The problem for law
enforcement is that the crime is carried out globally, but law enforcement
stops at the frontier," he said.

Yesterday a Bank of England spokesman acknowledged the threat from
extortionists: "We are aware of this. It does exist. It is extortion and
fraud." But the spokesman also insisted: "It is not the biggest issue in the
banking market."

Scotland Yard is now taking part in a Europe-wide initiative to catch the
cyber criminals and has appointed a senior detective from it's computer
crime unit to take part in an operation codenamed Lathe Gambit. Such is the
secrecy that few details about the inquiry have emerged.

In America, the FBI has set up three separate units to investigate computer
extortion.  The NSA believes there are four cyber gangs and has evidence
that at least one is based in Russia. The agency is now examining four
examples of blackmail said to have occurred in London:

o January 6, 1993: Trading halted at a broking house after blackmail threat
  and computer crash. Ransom of #10m paid to account in Zurich.

o January 14, 1993: a blue-chip bank paid #12.5m after blackmail threats.

o January 29, 1993: a broking house paid #10m in ransom after similar threats.

o March 17, 1995: a defence firm paid #10m in ransom.

In all four incidents, the gangs made threats to senior directors and
demonstrated that they had the capacity to crash a computer system. Each
victim conceded the blackmailer's demands within hours and transferred the
money to off-shore numbered accounts, from which it was removed by the gangs
within minutes.

The techniques have varied. In London, criminals posing as marketing firms
have gained detailed knowledge of a target's system by interviewing the
heads of information technology departments. In some cases, they have even
issued questionnaires to unsuspecting officials. Armed with this
information, they have been able to breach security and leave encrypted
messages warning of their capability.

The gangs are believed to have gained expertise in information warfare
techniques from the American military which is developing "weapons" that can
disable or destroy computer hardware. Some are also known to have infiltrated
banks simply by placing saboteurs on their payroll as temporary staff.

Little is yet known about the identities of the gangs, but, according to the
NSA, America is the main source of the attacks. It believes that at least
one other group originates from Russia and has followed the movement of
money to the former Soviet States.

A spokesman for the Metropolitan police said: "There is potential for
extortion from those purporting to know how to damage computer systems. "The
computer crime unit liaises where necessary with it's Euro counterparts to
discuss cross-frontier crimes."

One merchant bank director said yesterday: "You will never get a financial
institution to admit it has an extortion policy, let alone that it has paid
money to blackmailers."

   Personally, I view this story with marked scepticism. I have no
   doubt that it is true to a certain extent, but the idea of banks
   forking out ten million pounds (circa $14m) to a blackmailer is
   one I find slightly unrealistic.

   In any case, I'm sure we'll hear more about this story in the

                        The Dodger

"Secret lie-detector test from a distance"

"Daniel P. B. Smith" <>
Tue, 4 Jun 1996 11:01:12 -0400 (EDT)
*Computerworld*, 3 June 1996, p. 4, "Patent Watch" says that patent
5,507,291 covers "a system for remote analysis of a person's emotional or
metabolic state, such as performing a secret lie-detector test from a
distance.  Energy waves are reflected off the object to determine blood
pressure, pulse rate, pupil size, respiration rate, and perspiration level.
A computer compares the readings with normal levels."

And HAL could only read lips!

Daniel P. B. Smith

MIME bites equations

Geoff Kuenning <>
Wed, 29 May 1996 12:57:36 -0700
A few days ago, a subscriber to Yacht-L (a sailing-related mailing list)
decided to post a few useful equations to the list.  Some of the equations
involved time/speed/distance conversions, with distance represented by "D".

Unfortunately, he used a MIME-enabled mailer to do the posting, and
MIME decided that the nasty old "equals" sign was a sufficiently weird
character that had best be encoded in hex.  It happens that the proper
hex is "3d", but MIME likes upper-case — and to make matters really
bad, it introduces the hex code with an equals sign.

So the equation:

    S = D / T


    S =3D D / T

to the great confusion of many list subscribers, who couldn't
understand why you would want to square and triple the distance in
such a simple equation.

The RISK?  When inventing a standard, one should consider the impact
on non-conforming systems.

    Geoff Kuenning

  [We have been around this basic problem before in RISKS on several
  occasions, but the problem keeps biting me in attempting to
  moderate RISKS, so I am not surprised to find new instances.  PGN]

Loopy Mail

Kevin Rainier <>
4 Jun 96 14:20:39 EDT
It all started innocently enough.  Last night somebody sent a message to the
recreational mailing list "".  This is an
infrequently used mailing list for the discussion of the Virtua Fighter
family of SEGA arcade games.  Since the last time somebody had used the list
a Microsoft employee left the company — perhaps he died — and the mail
address is no longer valid.  Microsoft is a helpful company and informed the
list (automatically, of course) that the address is not valid.  Netcom is a
helpful list server and sent the message to all recipients of the list,
including the late, lamented employee of Microsoft.  And so it continued.
And continued.

It's now morning.  I'm receiving a message every two or so minutes, the
subject line has maxed out with "Undeliverable: Undeliverable: ...".
Members of the list have just begun arriving at their desks and discovering
over 150 messages from via the virtua-fighter
mailing list.  Naturally, they panic and rush to unsubscribe from the list.
Not knowing how to do that, they send an "unsubscribe" message to — where
else — "".  Which sends a message to the user at
Microsoft.  So far we've had five attempts to unsubscribe.

As I've been composing this mail, the frequency of new mail has increased to
more than one message per minute.

Oh no.  There's a bad address at  It replied to the list too.
I suppose I can hope that it won't reply to its own replies.  But I'm sure
that Microsoft will.  And since the Dartmouth message is responding to a
Microsoft "Failed Mail" message, that part of the loop is working just fine.

Hmm, I just found out that our outgoing mail server isn't working, though our
incoming one is working just fine.

I love computers.

One final postscript: I just received a message (two hours after the above
portions were written) from the list maintainer — the list is now dead.  I
also haven't received any new autoreply messages for an hour.  Seems that
the storm has passed.

  [If the RISKS experience is any indication, there are days on which
  I get 20 or 30 NEW bounces on addresses that worked the day before.
  One new bounce an hour would have added more to your enjoyment.  PGN]

Risks of insufficient concept design

Andrew Pam <>
Mon, 3 Jun 1996 23:37:12 +1000 (EST)
I've just seen the announcement for a new Web server facility called
SiteShield(tm) (see
>From their marketing information:

: SiteShield is an exciting new concept in Web content protection.
: SiteShield permits content providers to place copyright-protected images
: on web pages without the fear that they can easily be stolen and
: re-used. Employing proprietary server-based technology, SiteShield
: allows webmasters to simply indicate which images need protection.
: Finally, webmasters can feel confident that the images they are placing
: on web sites are being protected.

What it appears to do is send an intentionally corrupted image if the
Referer: header indicates that the page from which the image was
referenced is not on the same site as the image itself.

There are a number of problems with this concept, but the most glaring
is that once the image has been displayed on the screen it can easily
be captured and saved to a file, thus completely defeating the entire
purpose of the product.

The Xanadu solution is to transcopyright the images, granting prior
permission for them to be referenced online providing a link back to
the original site is maintained.

THE RISKS?  Well, apart from the obvious risk that the product may
well fail since it can be so easily defeated, it probably also won't
work with older browsers that don't return the Referer: header and
is known to have problems (as you would expect) with caches.

Andrew Pam, Coordinator, Xanadu Australia, Technical Editor, Glass Wings,
Manager, Serious Cybernetics   +61 3 96511511

Election "Glitch" in Cape Town

David Kennedy <76702.3557@CompuServe.COM>
03 Jun 96 18:08:45 EDT
Courtesy of Reuters News via CompuServe's Executive News Service:

         Counting glitch delays final Cape Town result

Reuters Financial Report  6/1/96 10:34 AM

<>    CAPE TOWN, June 1 (Reuter) - A computer error forced
<>officials on Saturday to award South Africa's ANC an extra seat
<>in Cape Town's first post-apartheid city election and the
<>glitch will delay the final outcome until next week.
<>    Election officials said 2,000 ANC votes and one seat in the
<>city's Tygerberg area, which includes the black township
<>Khayelitsha where the party is strong, had wrongly been given
<>to a tiny religious party.  [...]

<>    Results were expected on Friday or shortly thereafter but
<>the formula under which the council is elected — a mix of ward
<>seats and proportional representation — will now have to be
<>put through computers again.  [...]

[DMK: To see if the glitch is reproducible?  The article is chiefly about SA
politics, with no specific description of the "glitch" and actions to
prevent it from reproducing.]

<>    ANC officials said they wanted a swift explanation from the
<>chief election officer about what went wrong and would consider
<>court action over the election results if he failed to respond.
<>    "If they could make that mistake in one ward, the chances
<>are that other mistakes have been made elsewhere," Western Cape
<>ANC leader Chris Nissen told Reuters.

Dave Kennedy [CISSP] Information Security Analyst, National Computer Security

Roundoff error on Detroit Edison bills

Jim Rees <>
Fri, 17 May 1996 19:10:52 -0400
Detroit Edison's residential electric bill has a section titled "Energy Use
Report."  This section reports incorrect numbers due to improper integer

One of the fields gives the average daily energy use for the month in
Kilowatt-hours, rounded to the nearest integer value.  Another field gives
the percent change against the same month for the previous year.

The percent change is calculated using the rounded value for energy use.
This can result in large errors.  For example, my February 1996 use was
11.68 KWh/day, compared to 11.21 the previous year.  After rounding this
becomes 12 compared to 11, and the change is reported on the bill as 9
percent (12/11 - 1) instead of the correct 4 percent (11.68/11.21 - 1).

I wrote to Detroit Edison about this.  Their only response was an offer to
"assist [you] in understanding how the percentage ... is calculated."  Since
I already know how it is calculated (incorrectly), I declined the offer.

One RISK would be to assume that the entire bill is correct just because
part of it (the billed amount) is subject to government regulation.

Please report problems with the web pages to the maintainer