The RISKS Digest
Volume 5 Issue 12

Thursday, 16th July 1987

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Another computer-related prison escape
Andrew Klossner
o New York Public Library computer loses thousands of book references
o Risks of being a hacker
o Re: Old News from New Olds: Check that Backup!
Henry Spencer
o Tax fraud by tax collectors
Jerry Harper
o Re: Hardware faults and complete testing
Richard S. D'Ippolito
o Re: Sprint Access Penetration
Dan Graifer
o Phone access charges
o Risks in Fiction [Book Report]
Martin Minow
o The Other Perspective?
o Info on RISKS (comp.risks)

Another computer-related prison escape

Andrew Klossner <>
Mon, 13 Jul 87 09:16:04 PDT
Diane Downs, a convicted murderer of some notoriety (she shot her three
children, killing one, allegedly to rid herself of the responsibility for
them), escaped from the medium security Oregon women's prison last Saturday.
While in the recreation yard, she scaled two fences and walked away.  Budget
money is tight, so there was no guard assigned to watch inmates in the yard;
instead they depended on an alarm system in the outer fence.  The alarm did
go off, but little attention was paid to it because it goes off every day,
usually because of strong winds or birds.

  -=- Andrew Klossner   (decvax!tektronix!tekecs!andrew)       [UUCP]

    [This is the problem of the system that cried "wolf!".  When a system
    gives that many false alerts, it is time to change something to improve
    the false-positive discrimination.  It is amazing how often this
    problem occurs.  My neighbors next to the local high-school football
    field had a burglar alarm that went off whenever the home team scored a
    touchdown.  (An intelligent thief might notice such behavior rather
    quickly and find safety.  [2 points])  PGN]

New York Public Library computer loses thousands of book references

Peter G. Neumann <>
Thu 16 Jul 87 10:26:28-PDT
The computerized reference numbers for thousands of NYPL books were mistakenly
erased when data was transferred from one computer to another.  The books
are still on the shelves, but have vanished from the reference system.  How
many are in this limbo state is unknown.  A patron was quoted as having been
told "by the head of research that the staff has made no attempt to retrieve
them because they are afraid they might lose more if they go into the system."

Risks of being a hacker

Peter G. Neumann <>
Thu 16 Jul 87 10:32:31-PDT
Hackers 3.0 (by invitation only) is scheduled for October near Silicon
Valley.  The invitations indicate that the hacker community is resorting to
uncharacteristic stringencies.  This is from the registration form:

  "I hereby waive all claims against the organizers of the Hackers
  Conference, their contractors, or employees, for loss of or damage to
  any property or injury to or death of any person at or enroute to this
  conference...  This indemnification obligation shall include reasonable 
  attorney's fees, investigation costs and all other reasonable costs and

Tax fraud by tax collectors

Jerry Harper <mcvax!euroies!jharper@seismo.CSS.GOV>
Mon, 13 Jul 87 14:47:22 BST
Last year in Dublin the beginnings of a major fraud were uncovered in an
department of our revenue service solely concerned with rebating a Value
Added Tax (VAT) paid by companies for materials they purchased.  The
approach adopted by the perpetrators was enviously simple due to the low
security pervading the data entry operations.  Basically, the clearance
system for rebates consisted of entering a company's name plus a clearance
code for payment of the rebate.  This information is fed to the central
revenue computer for issuing cheques and what not, where a number of
elementary verification procedures were invoked, e.g. was the company a
database entry, etc.  At this point one of the perpetrators (working with
this system) could easily authorise payment blamelessly.  Input from a
remote terminal was overseen at the host and payment authorised.  Remarkably
simple.  So what went wrong?  The implementors of the scheme didn't manage
the fictitious companies' accounts properly.  When one bank manager noticed
that only rebate cheques were coming into one account, he became suspicious.
His suspicions were confirmed when one member of the gang demanded the
withdrawal of practically the entire contents of the account.  The resultant
police investigation showed that the central flaw in the automatic rebating
system was human.  Usually before a company is granted an automatic rebate
it must be in good standing with the revenue.  It must prove, over a
considerable period of time, that it has in fact bought the materials
against which it is claiming the tax rebate.  But there was no security
which prevented someone administering the rebates from directly attaching a
clearance code to a company.  Unfortunately the system was tailor-made for
criminal violation.  Two more worrying aspects of the situation are that (a)
due to the vast number of transactions undertaken in a year, an audit (based
on sampling) would probably not have picked up any deficit; (b) if the gang
had been a little less naive they could have maintained the operation for a
comfortable period of time and then simply erased all record of their
transactions (ok, there is the problem of backup tapes).  This didn't get a
lot of reportage here, but most people with any computer experience were
surprised at the apparent naivete of the input/clearance system design.  It
was rumoured that a major review of security procedures was initiated in the
aftermath of the affair.
   [Note that the problem of backup can sometimes be circumvented by
   selectively blocking the writing of backup, or — in some systems --
   tampering with the backup copies, although that requires a little more
   system experience.  PGN]

Re: Old News from New Olds: Check that Backup!

Tue, 14 Jul 87 13:33:07 EDT
> ...examination of the backup tapes revealed that they were blank.

For a long time now, one of our post-backup activities is to run a "table
of contents" program on selected backups.  The original reason was mundane:
users often request retrieval of files without knowing the exact complete
correct pathname and the exact date when the file vanished, so it's useful
to have on-line lists that we can check.  However, it also gives us a running
check on the quality of our backups, which has proved particularly useful
in coping with recent tape-drive problems.

Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry

Re: Hardware faults and complete testing

Monday, 13 July 1987 16:55:00 EDT
Perhaps one subtle point should be made in reference to generating a set of
test vectors to 'completely' fault test a chip: I agree that it is possible
to derive a test vector set when the gate-level diagram is known. But, one
stumbling block that arises (and has its analog in software) is that
parasitic capacitances formed due the physical layout of the IC sometimes
cause the chips to have 'phantom' gates that do not appear on the schematic.
We have these stray coupling problems in software — they aren't evident
from looking at our seemingly disconnected source listings, and we rarely
take the time to review the operating system code with ours.

Mon, 13 Jul 87 23:38:00 PDT
      (Dan Graifer)
Subject: Re: Sprint Access Penetration (RISKS DIGEST 5.9)
Organization: UCSD Office of Academic Computing

I have had two interesting experiences with Sprint Access Penetration:

In December, 1986, I received a MailGram from Sprint stating that their 
computers had noticed a sudden, enormous increase in my travelcode usage.
Having tried unsuccessfully to contact me, that had suspended the code on
the assumption that it was being abused.  I subsequently received a bill
for about $800 in unauthorized charges.  The Sprint customer service 
people were very helpful about issuing me a new code and advising me on
how to straighten out my account.  Neither they nor I were able to 
successfully communicate with the billing people however.  It took 4 months
of threatening letters in both directions to clear the matter.  Apparently,
GTE Sprint and U.S. Telecom were in the process of merging their billing 
operations, and the abuse flag on my account got lost in the shuffle.

A client of mine had a neat "deal" on long distance telephone rates.  An
outfit had sold them "unlimited" long distance dialing on a flat per month
fee.  Each day the client would call this supplier and receive a new Sprint
access code to use.  It wasn't until many months later that an investigator
from Sprint came by asking questions.  As several close friends were officers
of this company, I was horrified.  Does anyone out there know enough of 
the relevant law to comment on this?  Could they be accused of receiving
stolen property?

Do we have any independent estimates of how large a problem theft of long
distance service is?  Are the other providers having as much trouble as
Sprint?  (I.e., is the problem generic, or does Sprint have a uniques
security hole?)  My experience would seem to indicate that they are at least
trying to detect patterns of unauthorized usage.
                                                         Dan Graifer

Southern Methodist University <Leff>
Wed, 15 Jul 1987 19:16 CST
Subject:      Phone access charges

According to a posting on the FCC matter in the local legal bulletin
board, the FCC access charge affects only public data providers such
as CompuServe and Telenet.  It does not affect
  a) private users of modems
  b) private databases such as airline reservation systems.

The theory is that long distance providers have to pay something for
using the phone system.   In order to compensate the local Bell Operating
Company for all the calls coming in from long distance, they are given
a fee.  At the time this was instituted, the FCC decided to exempt such
organizations as Telenet as they were relatively new services.  Now
that their revenue is approaching seven billion dollars a year, it
was decided to a) make them pay their fair share, b) stop subsidizing
them or c) tax them depending upon your point of view.

This posting also makes a statement regarding the right of Congress
to delegate its law making powers.  According to Kenneth Culp Davis
who wrote the legal text book, Administrative Law, attacks on
delegation or subdelegation "serve as a disservice to the client."
Subdelegation is when Congress says that the Attorney General or
some other official can make regulations and he in turn delegates
it to someone such as the Immigration and Nationalization Service.

Administrative agencies have been around since the 1700's in the United
States, the first handling pension issues arising out of the Revolutionary
War.  Mr. Davis makes compelling arguments in favor of administrative
agencies, the exercise of discretion, the necessity for regulations and a
balance between the "rule of law" and the "rule of men" but this is not the
place to discuss that issue.  I would recommend this book to anyone
interested in administrative agencies.

Tue, 14 Jul 87 17:42:31 PDT
      (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922  14-Jul-1987 2028)
To: ""%decwrl.DEC@src.DEC.COM,
Subject: Risks in Fiction [Book Report]

   From "Dirk Gently's Holistic Detective Agency," by Douglas Adams,
   New York: Simon and Schuster, 1987.

"Well," he said, "it's to do with the project which first made the software
incarnation of the company profitable.  It was called _Reason_, and in its
own way it was sensational."

"What was it?"

"Well, it was a kind of back-to-front program.  It's funny how many of the
best ideas are just an old idea back-to-front.  You see, there have already
been several programs written that help you make decisions by properly
ordering and analysing all the relevant facts.... The drawback with these is
that the decision which all the properly ordered and analyzed facts point to
is not necessarily the one you want.

"... Gordon's great insight was to design a program which allowed you to
specify in advance what decision you wished it to reach, and only then to
give it all the facts.  The program's task, ...  was simply to construct a
plausible series of logical-sounding steps to connect the premises with the
conclusion." ....

"Heavens.  and did the program sell very well?"

"No, we never sold a single copy.... The entire project was bought up, lock,
stock, and barrel, by the Pentagon.  The deal put WayForward on a very sound
financial foundation.  Its moral foundation, on the other hand, is not
something I would want to trust my weight to.  I've recently been analyzing
a lot of the arguments put forward in favor of the Star Wars project, and if
you know what you're looking for, the pattern of the algorithms is very clear.

"So much so, in fact, that looking at Pentagon policies over the last couple
of years I think I can be fairly sure that the US Navy is using version 2.00
of the program, while the Air Force for some reason only has the beta-test
version of 1.5.  Odd, that."

The Other Perspective?

Mon, 13 Jul 87 09:30:55 EDT
    Last night I wandered into the TV room while my wife was watching
Siskell and Ebert reviewing a movie called "Robocop" (the title should
tell readers pretty exactly what the film's about). The first scene they
showed involved a bunch of developers demonstrating a police robot to
a group of prospective buyers - unfortunately the machine had a "glitch"
that caused it to machine-gun one of the demonstrators. This scene was
clearly intended to be comic, and in a grim sort of way it was. The
really disturbing thing was Ebert's (I think, I don't really know which
is which) later comment on this scene: "I think there's something
basically funny about a machine ... blindly following instructions in
the face of logic" (quoted as nearly as possible from memory).

    Now I would have said that it's been known for a long time that
computers as we're building them now "blindly follow instructions" without
the slightest regard for common sense or "logic", and that this is one
of the fundamental sources of risks to society in their indiscriminant
use. Ebert's comment got me wondering though, whether there are a lot
of people out there who really do think this "feature" of machines
is "basically funny", and if so how soon or effectively society as
a whole is going to start demanding responsible design and use of
computerized machinery.

    I suppose it's not necessarily impossible to see both the humor
and the serious side in a situation, and there's also the "you can't
fight it, might as well laugh at it" attitude - either or both of these
might (though I have no evidence) have influenced the movie makers'
treatment of buggy software. From the way it was delivered and the context
though, I really think Ebert meant what he said - inflexible programmed
behavior is a source of humor more than of serious problems for him. I
find that kind of a scary perspective.

Please report problems with the web pages to the maintainer