Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This originated in New England, not Old England ... and is from the
Boston Sunday Globe, 22 February 1987, editorial page.
WHAT THE COMPUTER KNEW
The Reagan presidency may become the first to be done in by a
computer. While legislators, investigators and reporters go sniffing
down the money trail, trying to track the flow of funds from Tehran to
Geneva to Honduras, an electronic archive in the White House has been
leaking the most embarrassing facts to the Tower Commission.
It is an irony of the computer age that an administration
obsessed with secrecy allowed many of its secrets to be saved in an
electronic memory bank. All the computer messages Oliver North and his
collaborators in covert action sent each other since Nov. 8 have been
preserved.
A nonpartisan system of software is now telling the Tower
commission not only about the hardware sent to Ayatollah Khomeini, but
also abut frantic White House efforts to save the president from scandal.
The backup system for the White House computer reportedly shows that the
president's men tried to alter the history of what they did in order to
distance Reagan from his ill-considered policies.
The computer messages are being compared to the tape recordings
of Richard Nixon. If they demonstrate a White House attempt to design a
cover-up, they may play the role of the Nixon tapes in the Watergate
scandal.
Messages indicating that North passed military intelligence to
Tehran, for use in Khomeini's destabilizing war against Iraq, suggest
that even now the White House has not told the full story of Reagan's
concessions to the ayatollah.
By preserving the tamper-proof truth of what government officials
did or did not do, the electronic archive in the White House may add an
unforeseen dimension to the system of checks and balances bequeathed by the
Founding Fathers.
This computer was not user-friendly.
[Several readers noted that Alan Wexelblat meant NSC and not NSA in
his message in RISKS-4.50. However, I recall that several key NSC
phone conversations had been monitored by NSA fairly early in the game.
The NSC archives remaining even after on-line copies were deleted and
hard-copies shredded is of course another instance of the hidden-residue
problem in (allegedly) secure systems, i.e., a deletion is a deletion
is not a deletion! By the way, the assumption that the archives are
tamperproof is of course bogus. PGN]
I once spoke to someone who helped set up the fire brigade database in
Melbourne. The system they use is to specify the intersection of two
streets. Initially there were various integrity constraints in the
database, such as street names had to be at least two characters long,
streets didnt cross each other more than once etc. Two streets violated
both conditions: S street (shaped like an S) crossed another street in three
places and Y street (shaped like a Y) crossed another stree in two points
(numbering must be rather confusing in Y St.!). (The real world is not
designed for computers; pity :-)
lee
Is there anyone on this list who knows whether the air traffic control
radar systems have automatic collision alert systems? And if they do, do
they work? It seemed to me that if everyone were required to have Mode C
transponders (which automatically report the plane's altitude to the nearest
100 feet to the ATC computer), then it would be simple to write a program
which would detect possible collisions. Arguments against this may include
that the controller would have much too many targets on his screen to handle
-- as it is now they often screen out all traffic that they are not working
with so that the planes do not even appear on their radarscope. However, a
program such as I suggested could work on all planes, whether actually being
displayed on the scope or not, and maybe bring to the controller's attention
two planes on a collision course and altitude which were not being displayed
and would not have been noticed.
[It is my understanding that the ground-based AUTOMATED collision alerts
will be a part of the new system (currently in procurement). But the
expense of the on-board equipment seems to mitigate against its use in
small private planes, which preset a very serious gap in the on-line
information. 3-D radar might be more appropriate, especially since a
Mode-C transponder could be faulty... PGN]
Another thing: what are people's opinions about autoland[ing]? This
system, installed on many of the large passenger jets, will take over
control of eveything — rudder, ailerons, and throttles — from up to 20
miles out from the airplane, fly the approach, flare the plane, and actually
touch down, all automatically. At present I believe only several thousand
complete autoland cycles have been flown at all. I read in an aviation
magazine an article written by a 30,000 hour airline pilot about it; he said
when he went along for a demonstration of autoland it flew a flawless
approach, and he rated it well above the average human approach. Plus it
can do this is any weather at all (in terms of visibility and cloud layers).
Certainly computers are not infallible, but neither are humans. It may be
true that if pilots always used autoland they would not retain the flying
skills to take over in case of failure, but in some cases I can certainly
see a use. For instance, a common time for minor incidents is when a plane
is nearing its destination after a long international flight. After the
crew has spent maybe 4 hours acting only as "system monitors," now they must
suddenly start talking to people and actually flying the plane. If one
would say that autoland is not good because pilots' skills would
deteriorate, is this not true of the autopilot, which does the flying for a
large part of most flights?
-Matthew Machlis
[For the AI community, I could not resist pointing out that
whether or not this message got included might be determined
by a variable "MachlisP". PGN]
Seems to me a point that the other respondents missed here is that in a
military system, people are prepared to accept a certain number of deaths
due to failure, in order to have a higher performance system. Look at the
number of military planes that crash while on maneuvers, and no-one thinks
much about it. Similarly, one might put electronic steering on a race car,
if it was felt to offer a competitive advantage, and if the car crashed
during the race, "them's the breaks".
=Spencer ({ihnp4,decvax}!utah-cs!thomas, thomas@cs.utah.edu)
[Another message on this subject was received from William Swan: ...
Military planes undergo a lot of maintenance, logging, as I understand
it, as much or more service time than flight time (if I am wrong, please
provide the real numbers). ...]
[With respect to the WWN computer terminal story:] You might wish to read Stephen King's short story "Word Processor of the Gods" in his collection _Skeleton Crew_. ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720 From: bob@uhmanoa.UUCP (Bob Cunningham) Newsgroups: sci.misc Subject: Re: James Burke (what a real blackout is like) Date: 17 Feb 87 17:57:55 GMT Organization: Hawaii Institute of Geophysics On Thanksgiving evening 1984, Hurricane Iwa---essentially without warning---hit the islands of Kauai and Oahu, destroying major portions of the electrical grids on both islands and knocking out all electrical generation. It was several days before power was restored to portions of Honolulu (incidentally, the 11th most populous city in the United States), several weeks before power was completely restored. One of the reasons it took so long was that all of the generators were designed to be "jump-started" from another running generator on the grid, and no one knew how to bootstrap up a generator all by itself. The whole story is rather too long to go into here, but here are some of the key points... There was no satellite meteorological coverage for the central Pacific, because the GOES East satellite had failed, and the GOES West had been moved over to cover the Atlantic...which the Weather Service figured was more important. Weather observations from ships told of a strong hurricane developing west of the islands, but a military reconnaisance flight sent out on Thanksgiving day failed to accurately locate the storm. There was no historical precedence for the path it took that led right to the population centers. In the afternoon, winds started rising, and the Weather Service issued a Hurricane Watch, then quickly a Warning, but still didn't have a precise fix on Iwa, nor accurate information on speed or direction. Early in the evening, after dark the winds started gusting well above 60 mph, and the electrical grid went down, surprising the electrical utilities who had taken no precautions to isolate any of their systems...taking down all their generators. [This could be a separate story in itself, but suffice it to say that the Civil Defense Emergency Broadcast system didn't work. Besides all the TV stations, all the radio stations---except one--- went off the air that night. The single radio station that had an operating emergency generator was running "on automatic", playing religious music.] By the next day, one or two other radio stations were up (and the religious station had hastily converted to all-news), but power was still out... remaining out for days. The first thing people missed was water, the water distribution system being driven by electrical pumps...though some places that had gravity feed from tanks above in the hills were lucky for a while. Traffic was a shambles since no traffic lights were working... though that became less of a problem over the next day or so since no gas stations were pumping and people realized that they were stuck with just whatever gasoline they happened to have in the tanks of their cars, and started being very careful about how they used that up. Food in refrigerators and freezers spoiled. Long lines developed at grocery stores as people tried to buy more food...and clerks had to add up by hand. Most resturants stayed closed; the few that opened---cooking with gas---soon closed again as the city gas system began losing pressure. Electrical generators (even small ones) were not available for love nor money, ice and candles (when available) went for premium prices. The most-listened-to person in the islands was the spokesman for the electrical company who spent virtually all of his waking hours on one radio station or another detailing the repair work underway. Meanwhile, the electrical utility company crews worked around the clock to restore portions of the electrical grid, and devise ways to start up even one major generator. I don't know the full story behind the restart effort, except that lots of different techniques were tried, one of which finally worked on Oahu. The Navy dispatched a nuclear submarine to Kauai in an effort to "jump start" the main generator there. It seemed like forever, but it was only a few days until electricity was available to some parts of Honolulu. We lived with rolling blackouts for about a week more. Outlying areas on the islands weren't fully restored for over two weeks. There were some fatalities, due mostly to "freak" accidents of various kinds...and a small, but statistically significant "baby boomlet" some 9 months later. If this had happenedd to a major mainland city in winter there would have been considerably more fatalities, and the story would be much more widely known. As it was, if it had lasted too many more days, water would have become very critical... Bob Cunningham bob@hig.hawaii.edu
FUTURE TRENDS IN COMPUTER CRIME: THE POST-HACKER ERA
Dr. Sandy Sherizen is a criminologist and former information security
expert who consults with corporations, banks, and Government Agencies on
the prevention of computer crime. Dr. Sherizen began his discussion
by giving an impression based on the development of safes and safe
cracking. He talked about the overly technological nature by which
safes improved and safecrackers got better.
What is important about Sandy speaking is that criminology is a well-
founded science and that many of the patterns in computer security have
been studied already in criminology. (Sandy finds this shocking.) We
would do well to learn from it.
Let me try to reproduce the sequence. First, safe were created, and
crackers broke the locks. Locks got tougher. They went to combination
locks (and lock picking, separate area). Next, they resorted to drills, and
the countermeasure was stronger metal. Next came simple explosives again
followed by heftier metal, and more powerful explosives. Around this time,
they discovered nitroglycerin which as a liquid can be poured into cracks.
They then discovered the use of oxyacetylene torches to cut thru. Safe
makers retaliated with heat-conducting materials. During this time, people
started kidnapping bankers and their families (a totally non-technical
solution to the problem). This problem was "solved" using time-locks on
doors. (I enjoyed the last example.) Crime goes on.
In Sandy's thesis, there are 4 stages that we have to deal with in terms of
computers, and the talk itself was a series of rambling discussions. The 4
stages, by the way, which worked in the case of banks, safes, and vaults,
are detailed in a book in Criminology which we can get as a reference.
Sandy's concerns are first:
privacy, work, monitoring of work
computerization of crime
information property
Sandy also made some interesting comments, for instance, on the
development of laws — the concept of "moral entrepeneurship", a very
different kind of thing than most computer people are used to.
The Tylenol drug poisoning case is an interesting case — the point
is that no new laws were created, but a technological solution of tamper
proof packages came into use. That corporation on the whole had no
policy for dealing with problems of this kind to begin with, and had
inadequate protection in understanding them.
The reasons for commiting crime are interesting Criminological and
Sociological areas. Basically, the common threat is a "trusted embezzler"
with an "unsharable resource" or "unsharable problem", and there are what is
called the 3 B's starting with Booze as the reason why people do regular
crimes. The reason why people commit computer crimes is what is called the
3 C's:
cash
career
challenge
Sandy also mentioned the fact that the media basically regards
computer crimes as hi-tech soap opera. We make criminals folk heroes,
but at the same time we have to be able to protect whistle blowers.
The 4 stages in EDP growth have similar trends or patterns in the
nature of computer crime. This is called the Gibson-Noland Law on EDP
growth. The 4 stages:
initiation
expansion
formalization
maturity
as generalized to computer crime initiation begins with
first hit or miss crime
such as in Steven Levy's book, "Hackers" which is popular and we are
transitioning out of this phase into a phase of
expansion
which includes lots of people and undetectable crime with many rewards. [We
are] beginning "specialization," which is a formalization stage of crime
where the law gets into the act and the criminals themselves specialize in
criminal things like financial systems, or UNIX Systems, and so forth, but
in the formalization stages law gets interested and finally the fourth stage
of maturity there are a relatively predictable sequence of crimes. Such as,
there is measure and countermeasure on part of the law enforcement as well
as the criminals themselves.
Sandy's basis for this talk is that were going to see new types of
crime with a new series of targets: a new sense of how-to-do crime and
how-to prevent crime. Basically, they are categorized by the 414's
(the Milwaukee WI area code), teenagers who broke into computers.
When asked by a Congressional committee when he realized that he had
done something wrong, Neil Patrick pointed out "When the FBI was
knocking on my door" — there basically was hunt and peck computer crime.
So Sandy's predictions for future directions of computer crimes are
threefold:
First of all there will be fewer crimes on computers, but they
will be of a much more serious nature, because there is
survival of the fittest — and organized crime will get into it. We see
some people who won't quit but who have to learn about criminal
elements such as, laundering money, not leaving fingerprints, and so
forth which would basically defeat the older generation criminals.
The second thing will be more technological opportunities to
commit crime, such as photocopying with copying machines and money.
The third prediction is more internationalization of crime. (There was a
brief aside after the internationalization regarding viruses, and the
typical example of this was given in the piece of software known as
eggbeater and also by the book Soft War — eggbeater was a program
that literally ate up data and dropped away ...)
Another area of concern was the area of modes of learning about crime.
Sandy was concerned with the suicide epidemic noted by the Center for
Disease Control, and uses the name "copy-cat crime". (Example of copycat
crimes are in the movie "War Games" and in use of Automatic Teller Machines
(ATM).)
The professionalization of crimes involves such things as raids and
reverse-engineering files and records not just in a sense of building
things. But changing records — we're going to see more. Again, the
evolution of specialization — more collusion perhaps between individuals
who commit crimes. A good example of this is the Walker spy trial; this is
a serious crime but the public will not see it as a serious crime, just as
it does not see white collar as a serious crime.
Part of the problem is that we look upon things such as pens and pencils as
free, which come with the territory as far as working. Because of offices,
nobody thinks of it as a crime unless you come literally and haul the pens
and pads away using a truck; that's just like taking a disk for a computer
home, its not really regarded as a serious thing unless the entire payroll
is located on it. So a large part of this is public awareness and education
in terms of how to deal with crime.
Privacy is the issue that we really probably need to work on the most, Sandy
said — the needs and problems of technology invading privacy and that what
we should do (in particular) is worry about that as opposed to trying to
solve all computer crime problems.
Sandy is a friend of Dr. Lucy Suchman at the Xerox, Palo Alto Research
Center (PARC) and if we want to get in any further contact with him
the best thing to do is contact him through Lucy. I believe he's
teaching at MIT. Also in attendance was Donn Parker (SRI International)
who is also well known.
There was considerably more discussion than was involved on this
tape. Correspondents should send electronic mail to me, for further
information.
[Lightly edited. Garbles could be mine or Eugene's ...
This is included primarily for our newer readers, in that RISKS
has gone over much of this ground on various occasions in the past. PGN]
Please report problems with the web pages to the maintainer