America Online Inc went off-line at 11:15 a.m. PST on 29 Oct 1997, for almost two hours. Although some already logged-in users received partial service (but not e-mail), others attempting new access were denied. This outage was attributed to a hardware glitch, complicated by subsequent systemwide software problems. Users could not send or receive e-mail until after 4 p.m. [This was the worst AOL outage since the 19-hour outage on 7 August 1996 reported in RISKS-18.30.]
Someone spammed Pacific Bell Internet using a forged QueerNet address on 21 Oct 1997. Using anti-spam filtering in retaliation, Pac*Bell Internet blocked all subsequent messages from QueerNet, for at least a week. QN normally sends 150,000 messages a day to some 24,000 subscribers, and about 5000 messages were blocked to about 100 PBI subscribers. [Source: Martin Crutsinger, *San Francisco Chronicle*, 1 Nov 1997, D1. Martin quotes Jeff Lawhorn of Software Design Associates, who noted that half to three-fourths of all spam has forged reply addresses, estimating that the spam volume is now up to 1 billion messages a year.]
The *Minneapolis Star Tribune* reported on 27 October 1997 on the likely reasons behind the escape of a prisoner from the Carver County jail on 2 Oct. When a guard pressed buttons to let another guard through a door, he also bumped the button for an external emergency exit. The external door became unlocked, and air pressure popped it open. Several prisoners chose to stay in the room, and one escaped for a day. Opening that external door was supposed to require pressing a "door open" button, two "interlock open" buttons and then the button for the specific door. Somehow that door did unlock when its door button was bumped while an internal door that requires only pressing two buttons was being opened. Authorities were later able to open the door that way several more times. An internal investigation has not been completed, but three explanations were offered: 1. Reprogramming of operational software controlling internal doors may have inadvertently changed functions affecting the door. 2. Lightning struck the jail this past summer, which resulted in a power failure and a computer-system crash. Some of the software may have been damaged when the system was rebooted. 3. All the functions were tested when the system was installed over two years ago, but tests were not made to see if the door could be opened by hitting other buttons. Doors are also serviced after they've been opened 5,000 times, which makes it easier to detect if one isn't working. But this external emergency door has only been opened five times, with a key, for maintenance. Scot E. Wilcoxon firstname.lastname@example.org [Another Risk of trying to test things that are rarely used. PGN]
Web sites open companies to computer fraud risk 30 Oct 1997 http://www.zdnet.com/zdnn/content/reut/1030/199007.html Multi-national companies that establish sites on the Internet open themselves to the growing risk of computer crimes such as extortion and fraud. "Computer fraud is growing at a rate of 500 percent a year," Alexander Baugh, senior vice president of professional indemnity at AIG Europe, said on Wednesday at a seminar on "The Internet and Crisis Management." "The Internet makes you visible worldwide, and it makes you easier to find," he said. "As you increase your connections, you increase the threat of attack." Fraud makes up 44 percent of computer crime, according to statistics from the U.S. National Centre for Computer Crime. An American Bar Association survey of 1,000 companies in 1996 showed that 48 percent had experienced computer fraud in the last five years, with respondents each reporting losses of $2 million to $10 million. Extortion is also becoming increasingly popular. "Extortion is probably one of the safest crimes around and is carried out by extremely sophisticated criminals," Baugh said. "The FBI estimates the odds on a successful prosecution are 22,000-to-1." The problem is made worse because companies are reluctant to talk about vulnerabilities in their computer systems. "Computer crime in the UK amounted to 250 million pounds (US$417.7 million) in 1996, according to the Association of British Insurers, but they estimate this is only 20 percent of actual losses," Baugh said. [PGN Stark Abstracting]
>From http://www.cnn.com/US/9710/29/briefs/snow.death.ap/index.html : A seven-year-old girl died in Lakin, Kansas after a blizzard set in and cut power to life-support machines in her home. The girl was a recipient of heart and lung transplants in 1994 and needed the machines to stay alive. According to the article, snow drifts that closed roads prevented her parents from taking her to the hospital and blocked help from reaching their home." I'm assuming that a helicopter either wasn't available or couldn't be dispatched in time to help. M. Welsh, UC Berkeley, http://www.cs.berkeley.edu/~mdw
Judging from assorted news reports (from *The New York Times*, the *Wall Street Journal*, and the AP wire as carried by the *Times* Web site), different parts of the stock market industry fared quite differently during the turmoil on Monday and Tuesday. As noted in RISKS, many people who use Web-based trading systems couldn't get through. But this problem wasn't unique to the online brokerages; a number of conventional brokerages had trouble, too, even on their phone lines -- they ran out of lines, people to answer the calls, and/or capacity on their own internal systems. (At that, everyone agrees that the situation was much better than in the 1987 market crash.) The worst problems, though, seem to have affected assorted mutual funds, especially those that rely on NASDAQ. Several funds reported incorrect closing values; others were not able to report their closing prices in time for the next day's newspapers. Fidelity's problem, though, was the most interesting. The *Times* says that on Tuesday, they "tried to make a routine adjustment in the Monday closing prices". For some reason, NASDAQ took that as the Tuesday closing prices instead, confusing all the summary reports. Fidelity blames an early shutdown by the NASDAQ computer system; NASDAQ blames Fidelity's data. The New York Stock Exchange, by contrast, had little or no trouble. Their systems are engineered to handle a load of five times the normal peak. More to the point, every weekend they take the actual recorded data from Friday, quadruple it, and feed that into their system, to make sure it can really handle that much of an overload. Thus far, at least, they haven't mistaken the test data as live data...
*The New York Times* reported various problems at the New York Stock exchange over the last few days: - for the second straight night Fidelity Investments was unable to calculate closing prices in time for newspaper deadlines. - Internet trading systems rebuffed some orders with cryptic messages like "server not available". - NASDAQ systems were overwhelmed at 3:17 PM and did not show correct last sale prices after that. - Brokerage firms reported trades executed on time but delays up to an hour getting confirmations. - The president of E*Trade said its customers' problems could be traced to the precarious nature of the Internet. - Many brokerage firms were satisfied that investors fared better than in 1987. - The president of Charles Schwab credited technology with enabling them to handle as many transactions as they did. Half of their transactions are handled by computer or touch-tone phone, systems that were not available ten years ago. Bottom lines? - There weren't nearly as many problems as in 1987 - technology credited. - Internet trading doesn't seem ready for prime time. Frank Carey
Alas, not everything ran smoothly. While the exchanges themselves handled the volume, some of the downstream data vendors apparently did not escape completely unscathed. Attached is a note posted on FactSet (an online financial data service). Nick Bender Batterymarch Financial Management 29 Oct 1997 Problems with October 28 NASDAQ Prices Due to unprecedented trading volume on 10/28, end of day High, Low, Close, and Volume data is unavailable for NASDAQ securities. End of day Bid and Ask are available, however. Interactive Data expects to have the October 28, 1997, end of day High, Low, Close and Volume data available at some point on October 29, 1997. An exact time frame is not currently available. Please read this message from our pricing supplier, Interactive Data: Please be advised that NASDAQ end of day High, Low, Close and Volume data for October 28, 1997, is not available due to processing problems caused by the high volume of trades. The October 28, 1997, IDSI products contain the end of day Bid and Ask quotes for all NASDAQ securities, including Bulletin Board securities. The NASDAQ documentation for their trade feeds (NMS) specifies a six character sequence number. It is essential that this number uniquely identifies a trade in order to handle correction and re-transmission messages. Corrections contain the original sequence number and this is the only way the original trade can be identified. At approximately 3:15 p.m. ET the sequence number rolled over to from 999999 to zero and subsequently NASDAQ sent duplicate sequence numbers. Interactive Data's line readers are written to recognize the unique sequence number and therefore ignored the messages. For vendors such as Interactive Data who look at the sequence number as part of their quality control work, NASDAQ messages sent after 3:15PM were not processed and were lost. Upon noticing the problem Interactive Data created a special line reader to attempt to compensate for this problem but NASDAQ was not able to re-transmit the post 3:15 p.m. messages. When it was determined that Interactive Data would not receive the missing, a decision was made to provide the Bid and Ask quotes which were not affected by this problem.
An expansion of an old scam given a wired twist was described by author/investigator Fay Faron in her "Rat Dog" column. The column is syndicated by King Features. I read it in the 29 Oct 1997 *Denver Post*, page 4G. Ms. Faron is the owner of the Rat Dog Dick detective agency in San Francisco, and answers reader questions in her column. R.J.A. wrote an urgent memo to her, worried about a recent (e-mail?) message (s)he had been sent: "I received a copy of my own Web page, along with an invoice for $40. The accompanying letter said my 'unsolicited advertisement' had arrived at this person's e-mail address, in violation of Section 227 (b)(3)(B) of US Code Title 47." RJA was warned to pay up or else "be turned over to the authorities". Obviously concerned, but not completely naive, RJA asked "Rat Dog" if this was a scam. Her answer: "You bet!" She describes it as the latest incarnation of an age-old office supply scam, where, due to the problems companies often have with internal communication about procurement, unordered, inferior products are delivered and billed to an unsuspecting company. ("Well, *somebody* must have ordered this stuff...we'd better pay.") In this new twist, the con artist preys on non-techno-savvy folk by forging a quick cut-and-paste of the mark's web page into an e-mail message along with the threats described above. Note how the scam plays off recent well-publicized stories about advertisers (ok, spammers) being attacked from all legal angles. The mark is expected to panic and rifle off a check for the not-so-huge amount. Apparently, the scam is becoming more common, so much so that it's even been attempted on the folks at the Consumer Fraud Alert Network. It failed miserably, but it *was* attempted. While the crooks who attempted to scam CFAN may not end up on "America's Stupidest Criminals" anytime soon, the danger to unsuspecting and unknowledgeable cyberians is (apparently) quite real. The Federal Trade Commission told CFAN that duped marks may end up on a widely-spread "sucker list" or have legal problems associated with getting sued by the scammers for having established a business relationship by paying the first time around, then reneging on future extortion...er...fees. Needless to say, the FTC looks on the scheme with substantial disfavor. CFAN's website is www.pic.net/microsmarts/fraud.htm . I was unable to find the "Rat Dog" column online, but CFAN has a nice article about their experience with the (alleged) scammers at www.pic.net/microsmarts/newscam.htm . Barry L. Gingrich <email@example.com>
With all the reports about the DS time change, I was a little concerned about my home machine. I was working late on a project at home, and when I went to bed, had only the OS (Win95B) running on my machine. The changeover worked just fine (Eastern US time zone) and the notice and acknowledgement stuff was sitting on my desktop in the morning. So Microsoft *may* be doing SOMETHING right. Is it possible that the various multiple clock resets we hear about are due to network servers trying to update the time on their workstations? If so, there really should be a variable you can set in Win95 to avoid the problem, but Win95 really is (it seems to me) targeted to home users, so I'm not sure how much you should blame Bill Gates for this problem. Or perhaps it was just something that got fixed in OSR2... Any similar complaints from NT 4.0 users? Andrew Marchant-Shapiro, PC Porting/Support Specialist, Power Technologies, Inc. firstname.lastname@example.org www.pti-us.com (518) 395-5112
I just received a copy of the successor to Peter Denning's ``Computers Under Attack'': Dorothy E. Denning and Peter J. Denning Internet Besieged: Countering Cyberspace Scofflaws ACM Press, NY, and Addison-Wesley, Reading, Massachusetts, 1998 ISBN 0-201-30820-7 xii+545 This is a remarkably comprehensive collection of diverse viewpoints. The list of contributors to the 34 chapters includes many individuals who will be very familiar to RISKS readers.
Please report problems with the web pages to the maintainer