The RISKS Digest
Volume 2 Issue 45

Monday, 28th April 1986

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

HBO gets Hacked:: We Interrupt This Program ... for a Viewer Protest.
Geoff Goodfellow
Frank J. Wancho
Ball's contribution on Polaris and SDI
from Dave Parnas
SDI Reliability Testing - Offensive deterrent vs SDI
Jon Jacky
What are the limits to simulation?
Eugene Miya
Reference on admissibility of computer records
Bill Cox
Phone billing error at Pacific Bell, etc.
John Coughlin
Cracked Libya Defense
Udo Voges
Challenger article
Ron Minnich
Info on RISKS (comp.risks)

HBO gets Hacked:: We Interrupt This Program ... for a Viewer Protest.

the tty of Geoffrey S. Goodfellow <Geoff@SRI-CSL.ARPA>
27 Apr 1986 15:51-PDT
    NEW YORK (AP) - A video hacker calling himself ''Captain Midnight''
startled cable television viewers from Maine to the Plains early
Sunday when he interrupted a movie on Home Box Office with a printed
message protesting HBO's scrambling of its satellite-to-earth TV
signals.
    ''It's a criminal, willful interference of a government-licensed
satellite broadcast,'' fumed David Pritchard, an HBO vice president,
who said the cable system had received sabotage threats in recent
months.
    Pritchard said HBO planned to report the incident to the Federal
Communications Commission.
    ''It's kind of like terrorism of the airwaves,'' said Greg Mahany,
who was watching in Middletown, Ohio, when the message interrupted
''The Falcon and The Snowman.''
    The message, printed in white letters on a color-bar test pattern
background, read: ''Goodevening HBO from Captain Midnight. $12.95 a
month? No way! (Showtime-Movie Channel Beware.)''
    Mahany said that at first the picture flipped back and forth between
the message and the movie, making it seem like ''HBO was trying to
get its signal back. ... It looked like a fight for control of the
microwave beam.''
    The message appeared at 12:30 a.m., Eastern time, and remained on
the air about five minutes. It was seen in the eastern two-thirds of
the nation, which accounts for more than half of HBO's 14.6 million
subscribing households.
    Pritchard said the hacker, apparently with the use of a satellite
dish and a powerful transmitter, effectively replaced HBO's signal
with his own.
    For some reason - possibly because Captain Midnight's signal was
better-timed or more powerful - HBO's satellite received the hacker's
signal instead of HBO's and beamed it down to HBO's earth relay
stations.
    Sunday's intrusion was immediately noticed at HBO's communications
center in Hauppauge, N.Y., but it was not clear whether the hacker
ended his own message or was forced off by HBO.
    Pritchard said HBO would have no comment on that. ''We have
implemented some technical remedies, and we're pursuing others,'' he
said. ''This represents a clear danger to every satellite user.''
    Pritchard said action like Sunday morning's had been threatened in
letters to HBO and in magazines read by dish owners.
    ''We'd been threatened for the last four or five months with
something like this if we didn't reconsider our plan to scramble,''
he said. ''They said they'd do something. They didn't say what.''
    The HBO cable signal is scrambled to prevent reception in homes
wired for cable television but not equipped with an HBO converter.
Until earlier this year, satellite dish owners were able to intercept
the unscrambled signal HBO bounces off satellites to the earth
stations that relay the signal via cable.
    In January, however, HBO began scrambling all its satellite-to-earth
signals. HBO told dish owners who had been watching for free they
would have to buy a descrambler for $395 and pay $12.95 a month.
    Another leading pay cable service, Showtime, announced plans for a
similar system.
    Pritchard said about 6,000 dish owners put down the cash for the
decoder and signed up for HBO or its sister service, Cinemax. But the
proposal has been unpopular with others.
    ''They say things like, 'The airwaves are free,' and 'They (HBO) are
using government satellites that our taxes pay for,''' Pritchard
said.
    Pritchard said HBO's programs are its property, and it leases space
from privately owned satellites.


HBO gets Hacked:: We Interrupt This Program ... for a Viewer Protest.

"Frank J. Wancho" <WANCHO@SIMTEL20.ARPA>
Sun, 27 Apr 1986 22:39 MDT
    Until earlier this year, satellite dish owners were able to
    intercept the unscrambled signal HBO bounces off satellites to the
    earth stations that relay the signal via cable.

It is interesting to note that while protective "alledgedly" and similar
words are freely sprinkled in newsprint, the writer of the above chose
"intercept" over "receive".  The word "intercept" implies "theft", a
criminal act.  That "intercept" was unmodified and not a quote implies the
allegation was accepted as fact proven in court.  Is this indeed the case,
or simply the viewpoint held by the programming services?  If the latter,
then it was inappropriate and perhaps biased to use "intercept".

Just asking...

--Frank


Ball's contribution on Polaris and SDI (from Dave Parnas)

<Neumann@SRI-CSL.ARPA>
Tue, 22 Apr 86 07:37:13 pst
Dave Parnas is now on his way to Australia for almost two months, so
please don't expect him to reply.  But on his way out, he sent me this
(which I include with his permission):

    As I read the first part of Ball's contribution, I was sure he
  was agreeing with me, but no, as I read on I saw that he was on the
  SDIO side.  His arguments are simple and they are the arguments that
  the other defenders of the program make.

  (1) The weapon systems that we have now have not been adequately tested and
  probably won't prove reliable so we can build another one with those
  properties.  It's "business as usual".

  (2) Its quite alright to allow the President, the Coalition for Star Wars,
  and High Frontiers to tell the public and congress that they are "making
  nuclear weapons impotent and obsolete" , "ending the fear of nuclear
  weapons" and trying to end the "immoral" policy of deterrence, while using
  those funds to do something quite different.  Misrepresentation is "business
  as usual".

  His message reconfirms my assertion that there is no doubt about the
  technical facts.  We cannot build a system that does what the president
  asked us to do and what the supporting public wants.  Almost nobody
  working on it believes we can.  Its not a question of perfection.  It is a
  question of effectiveness and reliability.  The reliability of such a system
  will always be in question; its effectiveness will always be unknown.  We
  will always know that there are effective countermeasures.  It will not lead
  to increased security.  It will lead to "business as usual".

  Dave


SDI Reliability Testing - Offensive deterrent vs SDI

Jon Jacky <jon@uw-june.arpa>
Mon, 28 Apr 86 00:13:10 PDT
> (Dan Ball writes)
> The issues concerning whether SDI can be made to work perfectly or even
> well enough the first time since it can't be tested in a realistic
> environment and there would be no second chance would appear to apply
> equally well to both the US and Soviet offensive systems.
>
> During my four years with the Polaris Test Program, I know of no test
> involving more than a single live missile ... I'm relatively certain that
> the numbers of warheads actually reaching the target following the
> initiation of an attack would be far less than the numbers in the
> inventories. ... In addition ... I would expect that the command and
> control problems would be formidable.

This point is well taken.  Still, I think there are two important differences
in degree, if not in principle:

1.  To have the desired deterrent effect, at least given today's very large
arsenals, it is not necessary that most weapons work especially well.
It is only necessary to create the impression that something pretty awful
would happen if we attempted to use some of them.

2.  The coupling between each weapon and other systems appears to be weak.
In particular, it is my understanding that once a missile is fired, it is
entirely self-guided, and does not depend on the correct functioning of any
other systems.  This is in contrast with your typical SDI scheme, which
depicts a ground based laser bouncing its beam off two aiming mirrors on
opposite sides of the planet, with various observation and battle-management
satellites hovering nearby.  Without this being an explicit design goal, the
present offensive system seems to have achieved the desirable quality of
having a "system behavior which can be inferred from its components" in
the Eastport panel's words.

My point is that testing a missile defense system is a much tougher job
than testing the offensive system it is supposed to defeat, if an equivalent
level of confidence is desired.

Note that this is true only if the offensive missile system is for deterrence.
If it is supposed to carry out a first strike, or any other highly-coordinated
activity - "counterforce," "countervailing response" or whatever you call it
-- the difficulty of obtaining confidence in the offensive system becomes
much greater.   There is a huge literature of analysis and simulation
devoted to highly coordinated offensive attacks.  I have no idea whether
policy makers regard these at all seriously, but I think it is
important for technical people to point out that very little of this
has been tested in realistic conditions and it is anybody's guess what would
happen if anyone actually tried to carry out such plans.

> The briefing from SDI office that I heard didn't promise perfection ...
> I think there's far too much uninformed speculation and political opinion
> on this subject in risks-forum already ...

People hear various things from people associated with SDI.  As far as I know,
there is still no official statement of what SDI's performance requirements
are.  Until there is, discussion is necessarily limited to speculation and
generalities.  What is required, of course, is some quantitative requirement
such as, "The defense must stop at least 90% of an attack by 1000 ICBM's," or
"The defense must preserve at least 50% of our land-based missile silos."
Then, we could discuss what tests, if any, could make us confident that the
requirements would be met in a real attack.  Discussion of whether the
requirements were consistent with earlier promises to render missiles
impotent, etc., do include political opinion and could be forbidden by the
editor.

-Jonathan Jacky
University of Washington


What are the limits to simulation?

Eugene Miya <eugene@AMES-NAS.ARPA>
23 Apr 1986 1518-PST (Wednesday)
> Subject: Why Simulation Is A Good Thing...
> From: Lynne C. Moore
>    Description of a tracking system.

The Subject field described is certainly well intended, but I really wonder
what simulation's various limits are.  Simulation is really only an extension
of human intellect, not the way things behave in Nature.  While I do not
take issue that some simulation is a good thing, I wonder where this ends?
What are limits: first social, next might be performance related.  I think
there has been an penchant towards things like simulation and non-destructive
testing, etc. of late, but we have recently seen with the Challenger
incident, that our best laid plans run into problems.  I wonder if we have
not taken these techniques, too far?  Perhaps we have to keep extra margins
for error and destructive testing (however expensive) in tact.  Consider:

Would YOU step into a plane which has only been simulated and never
test flown?

Consider that chemistry classes uses dangerous chemicals, should we
or should we not replace such chemicals with computers and `simulate'
reactions?  An educational point.

Would you trust YOUR life to a system like MYCIN?  Suppose I infected you
with a disease like Anthrax, and said, identify it.  [Note the US Army did
and does infect volunteers with various fatal diseases to test vaccines and
treatments.]

I've had people say, after seeing the first computer graphics planetary
flybys: "Hey that's really neat! Why send expensive spacecraft up there when
you can generate simulations like this?"

Do computer scientists sometimes have difficulty in distinguishing "reality?"

While it is true that computers can and will do somethings better than humans,
I wonder where and how we will describe that limits.  What about dissent?

I think the people with the greatest humility (and perspective)
in simulation are the physicists who do weather prediction and analysis.
[Note early simulations took 27 hours to run a 24 hour forecast.]
Nothing like running a weather code, then looking out the window.

--eugene miya


Reference on admissibility of computer records

Bill Cox <bill@crys.wisc.edu>
Wed, 23 Apr 86 00:50:40 CST
This is a copy of an article submitted to mod.legal on usenet.

Subject: Re: Admissabilty of computer files as evidence
Newsgroups: mod.legal
To: info-law@sri-csl.arpa
Summary: article in ACM TOOIS on admissibility of computer-generated records
References: <8604171858.AA03202@taurus>

There is an article in ACM TOCS that has some relevance to the subject.

        Roger King and Carolyn Stanley, "Ensuring the Court Admissibility of
        Computer-Generated Records", ACM Transactions on Office Information
        Systems, Vol 3, Number 4, pp398-412.

The focus is on issues related to accounting records, e.g., "What does Smith
owe my company", but also discusses issues in conspiracy cases where
"computer-generated records to prove essential elements of [the government's]
case."

There are relevant legal citations, and references to the Federal Rules
of Evidence and their current application to computer-generated records.

I think this article is in the "must-read" category for anyone interested
in both law and computers.  I am a novice in the law [I've paid many dollars
to attorneys, and a little of the knowledge rubbed off], but I must say
that this article seems well-researched and quite thorough.


    William Cox
    Computer Sciences Department
    University of Wisconsin, Madison WI
    bill@wisc.crys.edu
    ...{ihnp4,seismo,allegra}!uwvax!bill


Phone billing error at Pacific Bell, etc.

John Coughlin <John_Coughlin%CARLETON.BITNET@WISCVM.WISC.EDU>
23 Apr 86 00:11:19 EST
> More than a million California telephone customers will be getting an
> unpleasant surprise in their April bills because of an equipment
> malfunction...No estimate given of how much revenue was lost.|

According  to  Computer  Chronicles  on  PBS  tonight the "reprogramming
error" cost  Pacific Bell $51 million.  In  a related story, students in
Arkansas  obtained  a  confidential  telephone  number from Southwestern
Bell's  computer system  which enabled  them to  place thousands of free
long distance calls.  Also, a long lineup at a particular pay phone in a
Sears store in  Hackensack tipped off police to the  fact that one could
use  it to  place international  calls free  of charge.   Apparently 400
phones were affected by this software bug.
                                                                 /jc


Unconfirmed information tells that the US-attacks on Libya on 24 March and
15 April were possible due to outmaneuver of the libyan air defense system
which is russia-provided. USS Caron and Yorktown were illegally crossing the
12-mile line in front of the military harbor Sewastopol in the Black Sea on
13 March 86. They alerted the russian defense system and collected all
relevant electronic data. (Some sources say that the Korean Jumbo which was
shut down over Sachalin in 1983 also was alerting the defense system, and a
satellite recorded the signals.) Knowing the signals the US were able to
circumvent the air defense system and get into the country without loss.
Now Gaddafi is not willing to pay Russia for the system. And Russia needs to
update its system for many millions.

What if espionage of the western defense system and circumvention
is as simple and possible??

     Udo Voges idt766%dkakfk3.bitnet@wiscvm.arpa


Challenger article

<Rminnich@dewey.udel.EDU>
Fri, 25 Apr 86 12:03:25 EST
   The following article appeared in the Phila. Inquirer of 4/24.
   Since the Challenger was discussed on Risks by people in the
know, I wondered if we could hear some more opinions. The writer
is William V. Shannon, with the Boston Globe.
   I am excerpting; it is a long article.

      "... It is now clear that there was no explosion ..."

      "... The astronauts ... were probably making frantic efforts
   to bring their craft under control as it hurtled downward. If the
   craft had been equipped, as it should have been, with parachutes and
   seat-ejection fail-safe systems they could have saved themselves. "
      "They died because of NASA's false economies and incompetence. "
      "... Dr. William Doering, professor of chemistry at Harvard, pointed
   out that ... was not an explosion at all. 'It is best described
   as a fast fire ... If the fuel tank had exploded ... it would be
   producing something much bigger ... They have stopped showing the
   space module [sic] but I am confident that it is intact also or
   was until it hit the water. '"
      "... Terry J. Armentrout, director of the NTSB investigation,
   told reporters that '... the shuttle Challenger, including the crew
   compartment, apparently survived the blast mostly intact'".
      Continues Shannon,
      " ... the astronauts died from the force of the impact as the
   craft hit the water ... There is no reason to believe that the crew died
   because of sudden decompression ..."

   He goes on to hint that the down-link was lost as part of a
cover-up rather than due to the fast fire.
   OK. I do not know if the Moderator wants to see replies
or comments about this on RISKS; if not, please send me
any thoughts you might have. I will send them on to the paper.
Maybe this guy is absolutely right, but I have my own thoughts on that.
   ron minnich

Please report problems with the web pages to the maintainer

x
Top