The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 2 Issue 49

Tuesday, 6 May 1986

Contents

o Perrow on reactor containment vessels
Richard Guy
o Captain Midnight
Scott Dorsey
MRB
o NSA planning new data encryption scheme - they'll keep the keys
Jon Jacky
o Espionage
Mike McLaughlin
o The Star Wars Swindle
Dave Weiss
o Backups
Will Martin
o Interpreting Satellite Pictures
Lindsay F. Marshall
o Word-processing damages expression
Niall Mansfield
PGN
o Proofreading vs. computer-based spelling checks
Dave Platt
o Info on RISKS (comp.risks)

Perrow on reactor containment vessels

Richard Guy <guy@LOCUS.UCLA.EDU>
Wed, 7 May 86 17:27:54 PDT
I found the following paragraph to be particularly prophetic: (p.40-1)

"We can be glad that we have containment buildings.  These are concrete
shells that cover the reactor vessel and other key pieces of equipment, and
are maintained at negative pressures--that is, at a lower air pressure than
the atmosphere outside of them--so that if a leak occurs, clean air will
flow in rather than radioactive air flowing out.  The Soviet Union, which
did not begin a large nuclear generating program until about 1970, is far
less concerned about the chance of large accidents, so they did not build
containment structures for their early reactors, nor do they yet require
emergency core cooling systems.  Had the accident at Three Mile Island
taken place in one of the plants near Moscow, it would have exposed the
operators to potentially lethal doses, and irradiated a large population."

How is negative pressure maintained?  By pumping the contents of the
containment building outside?  Into a tank somewhere?  It seems to me that
a leak in the reactor vessel would be releasing very hot gases at very high
pressure into the containment building, and even though the building is much
larger than the vessel, the pressure differential could be eliminated very
soon.  To answer my initial question, it seems that the only safe place to
pump the (possibly contaminated) building contents is into tanks inside
the containment building.  Does anyone know if this is how its done?

Richard Guy         Excerpt from: Normal Accidents, by Perrow
UCLA Computer Science                   1984, Basic Books

    [The Soviets are putting the blame on human error.  But that may
     be the case only because they are not very computerized.  However,
     as in TMI, one can put some blame on the absence of computers!
     In nuclear power, you seem to run the risk of losing either way!]


Captain Midnight

Scott Dorsey <gatech!gitpyr!kludge@seismo.CSS.GOV>
Sat, 3 May 86 18:30:55 edt
   Assuming that Captain Midnight was not an employee of HBO, the trouble
required to override a satellite signal is still pretty complex.  A
significant amount of power is required, probably from some travelling wave
tube or klystron.  High-power microwave stuff is often sold government
surplus at pretty low prices, and a kilowatt or so would certainly do the
job.  Modulation of equipment designed for pulse and similar radar
applications would not be simple, though, and from the look of the bad
signal that the Captain put out, that may well have been the method used.
Large dish antennae are pretty common, and mesh antennae can be put up and
taken down in an hours time, and constructed of wood and chicken wire.

    In addition, it is possible that the signal originated from somewhere
inside HBO.  Several examples exist of the wire feed from a radio station's
studio to their transmitter being cut and replaced with casette players,
etc.  In addition, if the studio/transmitter feed is a 2.6 GHz micro link,
it is pretty trivial to intercept and jam....  It is possible that
off-the-shelf Gunnplexers, and similar low-cost low-power transmission
equipment could be used.

    Of course, there is always the possibility that a disgruntled HBO
employee had a little bit of fun...

>From the Land of Ted Turner

Scott Dorsey       " If value corrupts
kaptain_kludge         then absolute value corrupts absolutely"

ICS Programming Lab, Rich 110, Georgia Tech, Box 36681, Atlanta, Georgia 30332
...!{akgua,allegra,amd,hplabs,ihnp4,seismo,ut-ngp}!gatech!gitpyr!kludge


Capt. Midnight & HBO

<sdcsvax!sdcrdcf!burdvax!psuvax1!psuvm.bitnet!mrb@psuecl.BITNET@ucbvax.berkeley.edu>
3 May 86 03:54:44 GMT
Well, it takes a little more than just a home TVRO outfit to break in on HBO.
Capt. Midnight had two possible places of entry: 1.) on the microwave path(s)
between HBOs origination point and their uplink transmitter (which I think is
on Long Island, but not sure)......or, 2.) by double illuminating their
satellite transponder which is actually carrying the program.  Double
illuminating is a fancy way of saying "broadcasting over top of them".

During a double illumination, when both signals are about the same power
level as received by the satellite, they just mix together.  I suppose if
one was much more powerful than the other, it would "capture" the channel;
it is F.M., after all.  However, what most likely happened is that the
HBO uplink staff was monitoring their return signal from the satellite.  For
C-band satellites like Galaxy, Westar, Satcom, etc., you send the signal up
at 6 GHz. and the satellite rebroadcasts it back down at 4 GHz.  Uplinks
routinely send & receive simultaneously in order to monitor their signals.
In any event, they probably saw that somebody was uplinking on their
transponder.....this is not a totally unknown phenomenon; in fact, it
happened on a PBS show not too long ago (Sherlock Holmes, I think).
There are lots of video uplinks out there...some operated by Western Union,
RCA, etc....others by PBS stations in Hartford, Denver, Miami, Columbia S.C.,
etc. or the PBS Master Origination Terminal near Washington, D.C.......still
others by the bigger commercial stations for newsgathering, etc. (Metromedia,
INN, etc.).  Every once in a while, somebody in operations slips up and
starts transmitting on an occupied channel.  Well, standard procedure says
that you turn off your uplink signal to the satellite, which leaves just the
"bad guy".  Then it should be easy to identify who(m) it is.

This is most likely what happened when viewers saw a scrambled mess, and then
just the Capn's message.  Of course, he didn't stay on much longer after
that.  However, every uplink is a known quantity licensed by the FCC...I don't
know of any backyard ones (yet) due to the fairly high-power amplifier and
specialized microwave gear required.  So we can limit the possible suspects
down to the people who were working that night, or had access to the sites.
The type of character generator (electronic typewriter) used to produce the
message graphics limits it further...only a few uplinks probably have this
kind of character generator.  Also, many uplinks put an identification code
in the vertical interval (the black bar that rolls through the picture when
the vertical hold is messed up)...for example, PBS uses a binary number pulse
to identify their uplinks.  If the guy wasn't smart enough to disable or
delete the VITs, well...methinks they got him (not likely though).  Also,
all color bars are not alike when carefully examined, in terms of bar widths,
etc. and I'm sure those few seconds of signal are being pretty thoroughly
torn apart.

This of course presupposes that he did it on the uplink to the satellite,
not on the microwave path.  A good question that remains is: Was his signal
correctly scrambled so that all the descramblers would let it through (HBOs
video scrambling is not particularly sophisticated, unlike their digital
audio encoding...he didn't transmit any audio program)?  Or do descramblers
let "normal" signals through O.K. .... I don't think so.

Let's see some discussion on this! (Sorry the above was so lengthy.)
Personally speaking, it was a neat stunt but he better have covered his tracks
pretty well.

MRB@PSUECL


NSA planning new data encryption scheme - they'll keep the keys

Jon Jacky <jon@uw-june.arpa>
Sun, 4 May 86 22:20:58 PDT
The following excerpts are from a New York Times story "Computer code shift
expected - eavesdropping fear indicated," by David E. Sanger, April 15,
1986, pps 29 and 32.  The story described plans by the National Security
Agency (NSA) to replace the current Data Encryption Standard (DES) with a
new system of its own design.  The story said that the system would be
phased in beginning January, 1988.  Speaking of DES, the story said,

"While the government helped design (DES), it has no special advantage in
determining a particular key being used. ... Security experts say there have
been no known successful efforts to defeat (DES). ...  But NSA officials have
said that they do not want to entrust a rising volume of sensitive data to a
coding system whose major elements have been widely published for some time.

Details of the new system are still unclear.  But ... unlike the Data
Encryption Standard, the new algorithms will not be publicly available.
Instead, they will be buried in computer chips manufactured to NSA
specifications, and encapsulated so that any effort to read the code with
sophisticated equipment would destroy the chip.

... By some accounts, under the new system the NSA would distribute the
keys --  probably limiting them to companies in the United States. ..."

The story explained that NSA wanted the system to be adopted by industry as
well as the Federal government, and if institutions like the Federal Reserve
system adopted it, banks and other private institutions would be encouraged
to follow suit.

I know little about data security and encryption, but these points seem
interesting:

  1. NSA appears concerned that DES may become compromised in the near
  future.

  2. NSA apparently believes that greater security can be assured by
  keeping the encryption algorithm secret.  Could this not lead to a
  false sense of security by preventing independent researchers from
  pointing out weaknesses that NSA is unaware of or unwilling to divulge?
  Is it reasonable to assert that hardware can be built so that no test
  equipment can probe it?

  3.  What about keeping the keys under NSA control?  At the very least,
  it could create logistical difficulties; at worst, it seems to permit
  NSA to snoop at will.

-Jonathan Jacky University of Washington


Espionage

Mike McLaughlin <mikemcl@nrl-csr>
Mon, 5 May 86 08:45:37 edt
U.S. Naval Institute Proceedings, May, 1986 (Naval Review issue) has an
excellent article by Bamford on the Walker case.  Also has a summary of
Navy espionage cases since 1981.
-   About 20 Navy/Marines charged in last five years.
-   Not one was "recruited" - all approached the bad guys.
-   All did it for money.
-   Although no case involved "computers" a number were "computer-like",
    i.e. crypto & telecommunications.
Heartily recommend all compusec types read, and think.
    - Mike McLaughlin


The Star Wars Swindle

Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Sun 4 May 86 21:10:34-PDT
Dave Weiss passed along the following quote from Harper's, May 86, from an
article by Fred Reed entitled "The Star Wars Swindle":

  "The comprehensive vagueness of Star Wars is, insanely, allowing a
  technical question - Will it work? - to be answered by an ideological
  show of hands."


Backups

Will Martin <wmartin@BRL.ARPA>
Wed, 7 May 86 11:14:34 EDT
The issue of backup procedures, difficulties, and methodologies has been
discussed amongst those of us at this Activity and at other parts of the
Army Materiel Command for some time now, mainly in the context of our
acquiring and proliferating small workplace-automation computers which are
located in the users' offices (as opposed to being in traditional computer
centers), and where the systems administration tasks (which would include
backup) are performed by functional specialists who are (usually) not
computer experts or in computer-related job classifications. Though we have
discussed it, there really has been no good and elegant solution to the
problem(s). Most of these machines are backed up on cartridge tapes, with a
daily incremental and weekly full user-filesystem schedule (and monthly for
the entire system). When you then get into the issue of PC's, where you do
not have an assigned system administrator, the whole thing really breaks
down. If you have the luxury of having all your PC's on some network and can
run some sort of background task at odd hours, which backs up data to some
other storage system from each PC, that is great. (We don't have this, and I
don't know of anyone who does.)

One other thing I think we need more of, considering how the existence of
fresh backups cannot be relied upon, is more and better tools to get around
failures. Tools that will let a user get to the data on his hard disk even
after it has nominally been "deleted", or special hardware that will let
someone read data off a disk that has been damaged or trashed by some glitch
or another -- we all know that the bits are still there on the medium; it is
just the paths to get to them that are damaged and garbaged by failures. I
believe that there are firms who do this on a contract basis now; we
probably need to implement this expertise in devices and programs that are
usable by less-skilled people. Of course, the existence of such tools will
create security holes, also -- something that can dig down into the guts of
a disk this way would also bypass copy-protection or use-restriction, and
make the illicit recovery of data thought to be erased possible. I think we
will have to accept such risks to gain the capability to recover
irreplaceable data or work.

Will Martin
USArmy Materiel Command Automated Logistics Mgmt Systems Activity

UUCP/USENET: seismo!brl-smoke!wmartin  or  ARPA/MILNET: wmartin@almsa-1.ARPA


Interpreting Satellite Pictures

"Lindsay F. Marshall" <lindsay%cheviot.newcastle.ac.uk@Cs.Ucl.AC.UK>
Wed, 7 May 86 10:12:02 gmt
Sir - "We have never had to interpret this kind of satellite picture
before...... we may have got it wrong" (U.S. Government scientist, in the
Guardian Letters, Sat. 3rd May 1986)

(Could this be relevant to SDI?)


Word-processing damages expression

Niall Mansfield <MANSFIELD%DHDEMBL5.BITNET@WISCVM.WISC.EDU>
Tue, 06 May 86 13:14:59
In RISKS-2.48, Bruce A. Sesnovich asked whether word processing and
electronic mail are helping to proliferate bad writing.  Surely, YES! The
following is a list of the more interesting spellings noticed on the net,
excluding what I thought were obviously typos.

   [I have used the words on Bruce's list to write a nonsense paragraph:

    I beleive Britian is definately not compatable reguarding cleen
    explainations.  I was woundering if it is truely nessesary to let lose a
    concious warrantee which is to periferal too guarentee a miscellaney of
    usefull ideas.  The kernal idea is a distructive facination for
    publically loosing ones bargins.  (No Deniall)?

    By the way, I added the hyphen in the SUBJECT: line, to remove one of
    its several ambiguities...  PGN]


Re: Word-processing damages expression

Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Wed 7 May 86 10:33:54-PDT
One way of judging RISKS contributions is by how sloppy the spelling is.
One might assume that a miserable speller would be a sloppy thinker.
However, there is grave danger therein -- as some of our most intuitive and
forward-thinking (right-brained) folks are miserable spellers.  As someone
who has always been a good speller, a good grammarian, and so on, I resist
an instinctive suspicion of miserable spellers, mantaining the patience to
dig beneath the surface to seek worthwhile ideas lurking.  But please try
harder to make my task easier -- by writing more coherently and spelling
halfway decently.

Peter


Proofreading vs. computer-based spelling checks

Dave Platt <Dave-Platt%LADC@HI-MULTICS.ARPA>
Tue, 06 May 86 13:10 PST
There has been some discussion in the SF-Lovers digest of late about this
basic subject... people have been submitting mention of their "favorite
typos".  Several people have noted that some recent books have been coming
out with some glaring errors:  words that are correctly spelled, but are
entirely wrong for the context in which they appear.  Frequently, these
words are either (a) similar in sound to the word that "should have" been
there, or (b) can be generated from the correct word via a simple
permutation of letters, addition or deletion of a letter, etc.

It appears that some publishers are accepting manuscripts in machine-
readable form (disk or download), running them through a spelling checker,
and then printing them without actually having them proofread by a
reasonably literate reviewer.  I don't know the details... perhaps they have
completely eliminated the author's galley copies, or perhaps some authors
just aren't taking the time to proofread the galleys (or having someone
other than themselves do the proofread to catch errors of this sort).

I seem to recall a passage in "Imperial Earth", by Arthur C. Clarke,
concerning the pitfalls of cybernetic voice-to-type memowriters about 150
years in the future.  He wrote that everybody who uses (will use?) such
systems was careful to proofread the output of the voice-recognition
modules, as some "hilarious" malaprops had occurred during the early years
of these systems' availability.

Please report problems with the web pages to the maintainer

Top