The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 5 Issue 58

Sunday, 15 November 1987


o Son of Stark
Hugh Miller
o Follow-up to Black Hawk Failures article
Dave Newkirk
o Jamming the Chopper
Brint Cooper
o Computer systems hit by logic bombs
J.D. Bonser
o Risk of more computers
Arthur David Olson
o Reach out and (t)ouch!
Matthew Kruk
o Re: Password truncation and human interfaces
Mark W. Eichin
o Mobile Radio Interference With Vehicles
Ian Batten
o Computer terrorism
Brint Cooper
o Info on RISKS (comp.risks)

Son of Stark

Hugh Miller <>
Sun, 15 Nov 87 11:19:15 EST
The  following  appeared  in this morning's edition  of  the  *Toronto
Star*, Sunday 15 November 1987. Here we go again:

    WASHINGTON (AP) - Deficient radar equipment aboard the USS  Stark,
    and not the ship's crew, was chiefly responsible for the frigate's
    failure to defend itself against an Iraqi missile attack last May,
    the  ship's  captain  said in his first extensive comment  on  the

        Capt. Glenn Brindel acknowledged "deficiencies in  the  watch"
    aboard the ship,  but wrote,  "Their actions or inactions ...  are
    not  primary causes for Stark's failure to defend against the  ...

        "Unfortunately,  the  ship's  radars and electronics  did  not
    function as advertised."

        His  assertion directly contradicts the official US Navy board
    of inquiry findings, released in a censored version Oct. 15.

        It  also  raises new questions about the  ability  of  similar
    frigates  - at  least  six ships of the same  type  are  currently
    deployed  in  the  Persian  Gulf - to  defend  themselves  against
    such attacks.

        Brindel expressed his views in a lengthy letter to the editor,
    printed in tomorrow's editions of the weekly newspaper Navy Times.

        The  board of inquiry harshly criticized Brindel and  some  of
    his  top officers for failing to defend the Stark from two  Exocet
    missiles fired from an Iraqi jet May 17.

        Brindel  said  Stark's radar systems should have detected  the

        "They did not," he wrote.

        Brindel,  the board of inquiry concluded,  "failed to  provide
    combat-oriented  leadership,  allowing  Stark's  anti-air  warfare
    readiness to disintegrate to the point that his Combat Information
    Center team was unable to defend the ship."

        Thirty-seven sailors died in the attack.

Would someone who has quick access to Navy Times be so kind as to send in
extracts from Brindel's letter giving details?  Specifically, will we now
find out that the Phalanx was on after all, and pulled a Divad?  Capt.
Brindel, it appears, has been made to take a dive for a bad P-sub-k.  Hope
this doesn't hurt his pension.

Hugh Miller, Toronto, Ont.

Follow-up to Black Hawk Failures article

Sat, 14 Nov 87 17:33:16 PST

Wahington - The Army, alarmed by new test results showing that radio waves
can shut down the vital hydraulic system of its Black Hawk helicopter, will
shield the system's electronic controls from such interference, Army officials 
said Wednesday [November 11, 1987].  Radio waves triggered a ``complete
hydraulic failure'' on a UH-60 Black Hawk by generating false electrical
commands in the system, according to test results.  The Army's decision
comes after a series of crashes in which the helicopters nosedived into the
ground.  Since 1982, 22 servicemen have been killed in five Black Hawk crashes.

(From the Chicago Tribune, November 11, 1987 - dcn)
                                  Dave Newkirk, ihnp4!ihlpm!dcn

Jamming the Chopper

Brint Cooper <abc@BRL.ARPA>
Thu, 12 Nov 87 8:28:13 EST
From wire service reports:

    "The Army, alarmed by new test results showing that radio waves
can shut down the vital hydraulic system of its Black Hawk helicopter,
will shield the system's electronic controls from such interference, t
Army officials said yesterday.

    Radio waves triggered a "complete hydraulic failure" on a UH-60
Black Hawk by generating false electrical commands in the system,
according to the Army's latest test results.  When that happens, the
pilot can't control the aircraft.

    The Army's decision, disclosed at a private meeting this week
with officials from Sikorsky Aircraft Co., the Black   Hawk contractor,
comes after a series of crashes in which the helicopters nose-dived into
the ground.

    The Black Hawk's logic module...will be replaced with the
shielded version already used aboard the Navy Sea Hawk, a derivative of
the Army chopper, according to Army officials."

Two thoughts:

    1. If the Sea Hawk is a derivative of the Black Hawk, why is it
that the former has the shielded control module and not the latter?  Is
the Navy smarter than the Army?

    2. Didn't we have a discussion in RISKS of similar problems with
electronic anti-skid automotive braking systems some time ago?  Did it
conclude anything?

    [Yes.  Not really.  PGN]

Computer systems hit by logic bombs

"J.D. Bonser" <>
Fri, 13 Nov 87 16:37:35 EST
Excerpted without permission from the front page of the
Toronto Globe and Mail, 3 November 1987.

Computer systems hit by `logic bombs'

In another case involving a Toronto company, a similar ``logic bomb''
was activated the day the employee's termination notice was 
processed in the computer system.  ``It wiped out the whole system,'', 
said Sgt. Green, ... a specialist in computer crime. 

In another case Sgt. Green worked on, a bank branch decided on the
occasion of its 10th anniversary to honor the customer who had the
most active account.  It turned out to be an employee who had 
accumulated $70,000 funnelling a few cents out of every account into
his own.  ``He said: `Go ahead and charge me.  I will tell the public 
you have been doing this for years.'  It was true.  The bank had been
rounding off (customers') accounts and putting them into sundry

A man in southwestern Ontario acquired a printing press and ran off
thousands of bank deposit slips with the computerized code for his
own bank account on the bottom of each.  Then he discreetly left
piles of them on counters at a number bank branches ... [and] the
deposits went into his account. 

A number of employees of a Toronto-area machinery supplier extracted
computer lists of clients and blueprints in order to set up their
own rival company.  The scheme was discovered at the last minute and
a trial is scheduled to be held soon.

Sgt. Green said current legislation is adequate to deal with the
problem.  ``Our concern is people are reluctant to bring (information)
to us.'' 

Risk of more computers

Arthur David Olson <elsie!ado.UUCP@SEISMO.ARPA>
Sat, 14 Nov 87 14:06:27 EST
The November 11, 1987 Washington Post includes a UPI account of
President Reagan's proposed legislation on child pornography.
The proposal ". . .would give prosecutors the right to move against computer
networks and parents who permit their children to be used in pornography."

This newly discovered capability of computer networks to have children may
explain the volume of mail that's been overwhelming the moderator of late.
Had the computing community known earlier what the result of connecting
CSNET, BITNET, USENET, and friends would be. . .

Reach out and (t)ouch!

Fri, 13 Nov 87 20:10:18 PST
Source: Deutsche Presse-Agentur

BONN, West Germany - An elderly West German woman who failed to
replace her telephone receiver properly after a five-minute call to a
relative in Nairobi, Kenya, received a whopping telephone bill for

Because of a fault in the Kenya exchange, the connection was not cut
and since German telephone exchanges and billing are all computerized,
the live line went unnoticed. The meter ran 10 hours.

The 86-year-old woman asked the West German Telephone Agency to excuse
the debt, but the agency offered to deduct one third of the bill.

She then petitioned Parliament, which ruled this week that she would
have to pay one-third of the bill for carelessness.

Re: Password truncation and human interfaces

Mark W. Eichin <eichin@ATHENA.MIT.EDU>
Fri, 13 Nov 87 15:05:27 EST
What is especially interesting (in the BayBanks case) is that 
    1) It is only on DieBold machines (cross-network stuff needs
the whole string)
    2) The screens actually flicker visibly once you have pressed
the fourth digit, making this feature easy to suspect...

Mobile Radio Interference With Vehicles (RISKS-5.57)

Ian G Batten <BattenIG@CS.BHAM.AC.UK>
Fri, 13 Nov 87 12:43:43 GMT
There was some trouble a year or so ago I read of in one of the Car
magazines with engine management systems on several makes of car.  It
appeared that when driving near Daventry (about 25 miles south of here
on the road to London) their engines would die.  This was traced to RFI
from the powerful transmitter field there (Nationwide Radio Four, on
1500 metres is transmitted from there, along with the local Medium Wave
and FM stuff.  The level of transmissions around there certainly taxes
my car's radio!)

Computer terrorism

Brint Cooper <abc@BRL.ARPA>
Fri, 13 Nov 87 16:57:38 EST
Article 114 of comp.society:
Path: brl-adm!umd5!mimsy!oddjob!hao!ames!sdcsvax!ucsdhub!hp-sdd!hplabs!hplabsz!taylor
From: rhorn@infinet.UUCP (Rob Horn)
Subject: Computer usage by Solidarity in Poland
Date: 10 Nov 87 19:31:54 GMT

This is a sketch of the article, ``Of Systems, Solidarity, and
Struggle'' in Datamation, 1 November 1987.

  ``You know why there are so few sophisticated computer
terrorists in the United States?  Because your hackers have so
much mobility into the establishment.  Here, there is no such
mobility.  If you have the slightest bit of intellectual
integrity you cannot support the government.... That's why the
best computer minds belong to the opposition.''  - Anonymous

This opens a good article on how computers are being used by the
opposition in Poland.  Go find a copy of Datamation and read it.

Solidarity is now becoming computerized.  Computers are used to
write articles, track election fraud, maintain organizations, and
maintain communications.  Using computers for such illegal
purposes is not without penalties.  Typical sentences for
opposition activities are 1-2 years when the crimes are

The government has focused its efforts on severing the
communications that make opposition efforts effective.  When they
initially severed the public telephone system, computer
operators used internal private line systems to maintain
communications.  With martial law, these too were shut down.  Now
the primary modes of communication are either by mail or by
courier.  A floppy disk is easy to hide in a package or carry

Personal computers are now widespread in Poland, acquired both
legally and by smuggling.  There are an estimated 500,000
personal computers in Poland, with Sinclair and Amstrad being the
most popular.  There are an estimated 700 illegal publications
being generated by everything from matrix printers to
laserwriters.  Nearly two thirds of the non-violent crime in
Poland is associated with illegal press and opposition

The government has had to choose between the serious economic
damage that would result from eliminating computers and their
elimination as an opposition tool.  So far, they have been forced
to allow the continued use of computers.

The security capabilities of computers are also important to
Solidarity.  Telephone calls can be traced and monitored; floppy
disks are easy to smuggle around.  Paper is very bulky, hard to
conceal, and hard to destroy.  Floppies are very compact, easy to
hide, easy to encrypt, and easy to destroy.

``Every Solidarity center had piles and piles of paper ....
everyone was eating paper and a policeman was at the door.  Now
all you have to do is bend a disk.''
                                       Rob Horn

Please report problems with the web pages to the maintainer