The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 19 Issue 44

Saturday 1 November 1997

Contents

o AOL strikes again!
PGN
o Pac*Bell Internet cites sabotage for blockade
o Another computer-miscontrolled jail
Scot Wilcoxon
o Web sites open companies to computer fraud risk
Stevan Milunovic
o Girl dies after storm cuts power
Matt Welsh
o Stock-market overloads
Steve Bellovin
o Re: NY Stock Exchange system "glitches" this week
Frank Carey
o Re: NASDAQ
N Bender
o Rat Dog column reports new web/e-mail scam
Barry L Gingrich
o Re: End of daylight-saving time
Andy Marchant-Shapiro
o Internet Besieged, edited by Denning and Denning
PGN
o Info on RISKS (comp.risks)

AOL strikes again!

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 30 Oct 97 9:50:28 PST
America Online Inc went off-line at 11:15 a.m. PST on 29 Oct 1997, for
almost two hours.  Although some already logged-in users received partial
service (but not e-mail), others attempting new access were denied.  This
outage was attributed to a hardware glitch, complicated by subsequent
systemwide software problems.  Users could not send or receive e-mail until
after 4 p.m.  [This was the worst AOL outage since the 19-hour outage on 7
August 1996 reported in RISKS-18.30.]


Pac*Bell Internet cites sabotage for blockade

"Peter G. Neumann" <neumann@csl.sri.com>
Sat, 1 Nov 1997 9:03:31 PST
Someone spammed Pacific Bell Internet using a forged QueerNet address on 21
Oct 1997.  Using anti-spam filtering in retaliation, Pac*Bell Internet
blocked all subsequent messages from QueerNet, for at least a week.  QN
normally sends 150,000 messages a day to some 24,000 subscribers, and about
5000 messages were blocked to about 100 PBI subscribers.  [Source: Martin
Crutsinger, *San Francisco Chronicle*, 1 Nov 1997, D1.  Martin quotes Jeff
Lawhorn of Software Design Associates, who noted that half to three-fourths
of all spam has forged reply addresses, estimating that the spam volume
is now up to 1 billion messages a year.]


Another computer-miscontrolled jail

<sewilco@fieldday.mn.org>
Mon, 27 Oct 1997 20:17:37 -0600 (CST)
The *Minneapolis Star Tribune* reported on 27 October 1997 on the likely
reasons behind the escape of a prisoner from the Carver County jail on 2 Oct.

When a guard pressed buttons to let another guard through a door, he
also bumped the button for an external emergency exit.  The external
door became unlocked, and air pressure popped it open.  Several prisoners
chose to stay in the room, and one escaped for a day.

Opening that external door was supposed to require pressing a "door open"
button, two "interlock open" buttons and then the button for the specific
door.  Somehow that door did unlock when its door button was bumped while
an internal door that requires only pressing two buttons was being opened.
Authorities were later able to open the door that way several more times.

An internal investigation has not been completed, but three explanations
were offered:

  1. Reprogramming of operational software controlling internal doors
     may have inadvertently changed functions affecting the door.
  2. Lightning struck the jail this past summer, which resulted in a
     power failure and a computer-system crash.  Some of the software
     may have been damaged when the system was rebooted.
  3. All the functions were tested when the system was installed over
     two years ago, but tests were not made to see if the door could
     be opened by hitting other buttons.

Doors are also serviced after they've been opened 5,000 times, which makes
it easier to detect if one isn't working.  But this external emergency door
has only been opened five times, with a key, for maintenance.

Scot E. Wilcoxon  sewilco@fieldday.mn.org

  [Another Risk of  trying to test things that are rarely used.  PGN]


Web sites open companies to computer fraud risk

Stevan Milunovic <stevan@netscape.com>
Thu, 30 Oct 1997 10:00:06 -0800
Web sites open companies to computer fraud risk  30 Oct 1997
http://www.zdnet.com/zdnn/content/reut/1030/199007.html

Multi-national companies that establish sites on the Internet open
themselves to the growing risk of computer crimes such as extortion and
fraud.  "Computer fraud is growing at a rate of 500 percent a year,"
Alexander Baugh, senior vice president of professional indemnity at AIG
Europe, said on Wednesday at a seminar on "The Internet and Crisis
Management."  "The Internet makes you visible worldwide, and it makes you
easier to find," he said. "As you increase your connections, you increase
the threat of attack."
    Fraud makes up 44 percent of computer crime, according to statistics
from the U.S. National Centre for Computer Crime.  An American Bar
Association survey of 1,000 companies in 1996 showed that 48 percent had
experienced computer fraud in the last five years, with respondents each
reporting losses of $2 million to $10 million.  Extortion is also becoming
increasingly popular.  "Extortion is probably one of the safest crimes
around and is carried out by extremely sophisticated criminals," Baugh
said. "The FBI estimates the odds on a successful prosecution are
22,000-to-1."
    The problem is made worse because companies are reluctant to talk about
vulnerabilities in their computer systems.  "Computer crime in the UK
amounted to 250 million pounds (US$417.7 million) in 1996, according to the
Association of British Insurers, but they estimate this is only 20 percent
of actual losses," Baugh said.  [PGN Stark Abstracting]


Girl dies after storm cuts power

Matt Welsh <mdw@cs.berkeley.edu>
Thu, 30 Oct 1997 17:25:28 +0900
>From http://www.cnn.com/US/9710/29/briefs/snow.death.ap/index.html :

A seven-year-old girl died in Lakin, Kansas after a blizzard set in and cut
power to life-support machines in her home. The girl was a recipient of
heart and lung transplants in 1994 and needed the machines to stay alive.
According to the article, snow drifts that closed roads prevented her
parents from taking her to the hospital and blocked help from reaching their
home." I'm assuming that a helicopter either wasn't available or couldn't be
dispatched in time to help.

M. Welsh, UC Berkeley, http://www.cs.berkeley.edu/~mdw


Stock-market overloads

Steve Bellovin <smb@research.att.com>
Thu, 30 Oct 1997 22:36:00 -0500
Judging from assorted news reports (from *The New York Times*, the *Wall
Street Journal*, and the AP wire as carried by the *Times* Web site),
different parts of the stock market industry fared quite differently during
the turmoil on Monday and Tuesday.

As noted in RISKS, many people who use Web-based trading systems couldn't
get through.  But this problem wasn't unique to the online brokerages; a
number of conventional brokerages had trouble, too, even on their phone
lines -- they ran out of lines, people to answer the calls, and/or capacity
on their own internal systems.  (At that, everyone agrees that the situation
was much better than in the 1987 market crash.)

The worst problems, though, seem to have affected assorted mutual funds,
especially those that rely on NASDAQ.  Several funds reported incorrect
closing values; others were not able to report their closing prices in time
for the next day's newspapers.  Fidelity's problem, though, was the most
interesting.  The *Times* says that on Tuesday, they "tried to make a
routine adjustment in the Monday closing prices".  For some reason, NASDAQ
took that as the Tuesday closing prices instead, confusing all the summary
reports.  Fidelity blames an early shutdown by the NASDAQ computer system;
NASDAQ blames Fidelity's data.

The New York Stock Exchange, by contrast, had little or no trouble.  Their
systems are engineered to handle a load of five times the normal peak.  More
to the point, every weekend they take the actual recorded data from Friday,
quadruple it, and feed that into their system, to make sure it can really
handle that much of an overload.  Thus far, at least, they haven't mistaken
the test data as live data...


Re: NY Stock Exchange system "glitches" this week

"Carey, F E (Frank), NCIO" <fcarey@att.com>
Thu, 30 Oct 1997 21:48:45 -0500
*The New York Times* reported various problems at the New York Stock
exchange over the last few days:

 - for the second straight night Fidelity Investments was unable to
   calculate closing prices in time for newspaper deadlines.

 - Internet trading systems rebuffed some orders with cryptic messages like
   "server not available".

 - NASDAQ systems were overwhelmed at 3:17 PM and did not show correct last
   sale prices after that.

 - Brokerage firms reported trades executed on time but delays up to an
   hour getting confirmations.

 - The president of E*Trade said its customers' problems could be traced
   to the precarious nature of the Internet.

 - Many brokerage firms were satisfied that investors fared better than in
   1987.

 - The president of Charles Schwab credited technology with enabling them to
   handle as many transactions as they did.  Half of their transactions are
   handled by computer or touch-tone phone, systems that were not available
   ten years ago.

Bottom lines?

 - There weren't nearly as many problems as in 1987 - technology credited.

 - Internet trading doesn't seem ready for prime time.

Frank Carey


Re: NASDAQ

nbender <nbender@batterymarch.com>
Thu, 30 Oct 1997 11:01:47 -0500
Alas, not everything ran smoothly.  While the exchanges themselves handled
the volume, some of the downstream data vendors apparently did not escape
completely unscathed.  Attached is a note posted on FactSet (an online
financial data service).

     Nick Bender
     Batterymarch Financial Management

29 Oct 1997   Problems with October 28 NASDAQ Prices

Due to unprecedented trading volume on 10/28, end of day High, Low, Close,
and Volume data is unavailable for NASDAQ securities. End of day Bid and Ask
are available, however.

Interactive Data expects to have the October 28, 1997,  end of day High,
Low, Close and Volume data available at some point on October 29, 1997.
An exact time frame is not currently available.

Please read this message from our pricing supplier, Interactive Data:

Please be advised that NASDAQ end of day High, Low, Close and Volume data
for October 28, 1997, is not available due to processing problems caused by
the high volume of trades. The October 28, 1997, IDSI products contain the
end of day Bid and Ask quotes for all NASDAQ securities, including Bulletin
Board securities.

The NASDAQ documentation for their trade feeds (NMS) specifies a six
character sequence number. It is essential that this number uniquely
identifies a trade in order to handle correction and re-transmission
messages. Corrections contain the original sequence number and this is the
only way the original trade can be identified.

At approximately 3:15 p.m. ET the sequence number rolled over to from 999999
to zero and subsequently NASDAQ sent duplicate sequence numbers.
Interactive Data's line readers are written to recognize the unique sequence
number and therefore ignored the messages.  For vendors such as Interactive
Data who look at the sequence number as part of their quality control work,
NASDAQ messages sent after 3:15PM were not processed and were lost.

Upon noticing the problem Interactive Data created a special line reader to
attempt to compensate for this problem but NASDAQ was not able to
re-transmit the post 3:15 p.m. messages. When it was determined that
Interactive Data would not receive the missing, a decision was made to
provide the Bid and Ask quotes which were not affected by this problem.


Rat Dog column reports new web/e-mail scam

Barry L Gingrich <gingrich@indra.com>
Thu, 30 Oct 1997 20:44:42 -0700 (MST)
An expansion of an old scam given a wired twist was described by
author/investigator Fay Faron in her "Rat Dog" column.  The column is
syndicated by King Features. I read it in the 29 Oct 1997 *Denver Post*,
page 4G.  Ms. Faron is the owner of the Rat Dog Dick detective agency in San
Francisco, and answers reader questions in her column.

R.J.A. wrote an urgent memo to her, worried about a recent (e-mail?)
message (s)he had been sent: "I received a copy of my own Web page, along
with an invoice for $40.  The accompanying letter said my 'unsolicited
advertisement' had arrived at this person's e-mail address, in violation of
Section 227 (b)(3)(B) of US Code Title 47."  RJA was warned to pay up or
else "be turned over to the authorities".

Obviously concerned, but not completely naive, RJA asked "Rat Dog" if this
was a scam.  Her answer: "You bet!"  She describes it as the latest
incarnation of an age-old office supply scam, where, due to the problems
companies often have with internal communication about procurement,
unordered, inferior products are delivered and billed to an unsuspecting
company. ("Well, *somebody* must have ordered this stuff...we'd better
pay.")

In this new twist, the con artist preys on non-techno-savvy folk by forging
a quick cut-and-paste of the mark's web page into an e-mail message along
with the threats described above.  Note how the scam plays off recent
well-publicized stories about advertisers (ok, spammers) being attacked from
all legal angles.

The mark is expected to panic and rifle off a check for the not-so-huge
amount.  Apparently, the scam is becoming more common, so much so that it's
even been attempted on the folks at the Consumer Fraud Alert Network.  It
failed miserably, but it *was* attempted.

While the crooks who attempted to scam CFAN may not end up on "America's
Stupidest Criminals" anytime soon, the danger to unsuspecting and
unknowledgeable cyberians is (apparently) quite real.  The Federal Trade
Commission told CFAN that duped marks may end up on a widely-spread "sucker
list" or have legal problems associated with getting sued by the scammers
for having established a business relationship by paying the first time
around, then reneging on future extortion...er...fees.  Needless to say, the
FTC looks on the scheme with substantial disfavor.

CFAN's website is www.pic.net/microsmarts/fraud.htm .  I was unable to find
the "Rat Dog" column online, but CFAN has a nice article about their
experience with the (alleged) scammers at
www.pic.net/microsmarts/newscam.htm .

Barry L. Gingrich <gingrich@indra.com>


Re: End of daylight-saving time (RISKS-19.43)

"Andy Marchant-Shapiro" <am.shapiro@pti-us.com>
Thu, 30 Oct 1997 10:02:35 -0500
With all the reports about the DS time change, I was a little concerned
about my home machine.  I was working late on a project at home, and when I
went to bed, had only the OS (Win95B) running on my machine.  The changeover
worked just fine (Eastern US time zone) and the notice and acknowledgement
stuff was sitting on my desktop in the morning.  So Microsoft *may* be doing
SOMETHING right.

Is it possible that the various multiple clock resets we hear about are due
to network servers trying to update the time on their workstations?  If so,
there really should be a variable you can set in Win95 to avoid the problem,
but Win95 really is (it seems to me) targeted to home users, so I'm not sure
how much you should blame Bill Gates for this problem.  Or perhaps it was
just something that got fixed in OSR2...

Any similar complaints from NT 4.0 users?

Andrew Marchant-Shapiro, PC Porting/Support Specialist, Power Technologies,
Inc.  am.shapiro@pti-us.com www.pti-us.com (518) 395-5112


Internet Besieged, edited by Denning and Denning

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 30 Oct 97 9:28:18 PST
I just received a copy of the successor to Peter Denning's
``Computers Under Attack'':

  Dorothy E. Denning and Peter J. Denning
  Internet Besieged: Countering Cyberspace Scofflaws
  ACM Press, NY, and Addison-Wesley, Reading, Massachusetts, 1998
  ISBN 0-201-30820-7
  xii+545

This is a remarkably comprehensive collection of diverse viewpoints.
The list of contributors to the 34 chapters includes many individuals
who will be very familiar to RISKS readers.

Please report problems with the web pages to the maintainer

Top