The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 16

Thursday 26 January 1989


o Cable video piracy
o F-111 downed by EMI?
Gordon Davisson
o F-16 that can't stall falls from sky
Mike Tanner
o Re: Probability and Product Failure [common mode failures]
Bruce Hamilton
o Discrete probability and airplanes
Dave Settle
o Micro-cellular phones
Steven C. Den Beste
o Looking for Computer Folklore
Karla Jennings via Vernard C. Martin
o Info on RISKS (comp.risks)

Cable video piracy

Wed, 25 Jan 89 18:40:10 PST
Subject: Century Cable video "pirate" [RISKS-8.15]

It appears likely that this was not truly a case of piracy, but rather
an "inside job" of employee sabotage.

There are some pretty good reasons for suspecting this:

1) The content of the audio.  It consisted of one voice introducing the
   next as a person who is a manager/executive at Century cable.  The name
   used was indeed an actual person at Century, but of course that person
   himself was presumably not actually involved.  The introduced voice
   did a pretty poor Reagan imitation, by the way.

2) Technical evidence.  On the channel of the superbowl, and ONLY that
   channel, the normal audio was cleanly removed and replaced with the
   offending audio.  Without going into technical detail, it would be
   extremely difficult to REPLACE the audio on only one channel of the cable
   (through the cable itself) without interfering with other channels and
   in general disrupting other channels at least for short periods.  To
   replace audio requires a full demodulation/re-modulation, not just a
   "simple" RF insertion into the RF of the cable.

   The most likely point for insertion of the audio was WITHIN the cable
   company headend itself, where each channel video and audio is
   individually modulated onto the cable.  This would require physical
   access to the inside of the headend facility.

3) Century Cable has been having labor difficulties (note the use of a 
   company manager's name in (1) above).

F-111 downed by EMI?

Gordon Davisson <>
Thu, 26 Jan 89 00:26:04 PST
Copied without permission from the Seattle Times, Jan. 20, 1989:

by Mark Thompson, Knight-Ridder Newspapers

   WASHINGTON -- When U.S. warplanes were ordered to strike Libya in 1986,
they ran into an electronic blizzard the Pentagon now suspects might have
caused one of the fighters to crash and others to miss their targets.
   The disruption came not from the Libyans but from U.S. military
transmitters that filled the night sky with electronic signals designed to
jam Libya's anti-aircraft defenses, hunt down targets, guide weapons and
   The Pentagon is so alarmed by the problem that it has launched a $35
million effort to identify the interference and keep it from happening
again, according to Air Force Col. Charles Quisenberry, who is leading the
   During the Libyan strike, U.S. weapons "were interfering with each
other, and they (U.S. commanders) came back out of that and they said:
'Look, we've got some problems here, and we want to know if we're doing it
to ourselves, or if the bad guys did it to us,'" Quisenberry said in an
interview.  "The end result was we found out we did it to ourselves."
   President Reagan ordered the April 1986 strike after U.S. intelligence
linked Libya to the terrorist bombing of a West German nightclub in which
an American serviceman was killed.
   Quisenberry said the radiowave interference might have lead to the
downing of an F-111 warplane, whose two crew members were the only U.S.
fatalities in the attack.  "It could have," he said.  "We couldn't rule it
out or say that that was the cause."
   Last Friday, Libya returned the body of one of the fliers, Maj. Fernando
Ribas-Dominicci of Utuado, Puerto Rico.  The body of the other pilot, Capt.
Paul Lorence of San Francisco, is still missing.
   Numerous U.S. weapons, some of which were electronically guided, went
astray during the attack, damaging three foreign embassies and diplomatic
residences, including those of France and Japan.  Seven of the 32 remaining
planes -- including five F-111s -- aborted their missions without firing a
shot because of unspecified problems.
   Recent Pentagon studies have shown that some combinations of U.S.
weapons transmitting at certain frequencies can bring down American
warplanes, Quisenberry said.  "Some are very, very critical -- some cause
aircraft to crash."
   Quisenberry recently finished a classified seven-month investigation
of the problem, which led top Pentagon officials to order the new
   Research may yield embarrassment, Quisenberry acknowledged.  "Many
people have told us that a lot of people will not be happy with what we
find out because we'll actually uncover problems," he said.  "If there's
a problem with the B-1 that might not be politically acceptable, people
may have some heartburn with that."  In the past, Quisenberry said, the
Pentagon too often has ignored its own safeguards designed to protect
weapons from electromagnetic interference.  "EMI just got a low priority,"
he said.
   "In many cases, a program manager will get an exemption for getting a
weapon delivered without having EMI (electromagnetic interference) looked
at completely," Quisenberry said.
   The havoc radio waves can cause was first made public in 1987, when
Knight-Ridder reported that some Army safety officials believe the
phenomenon was responsible for up to five crashes of the Army's UH-60 Black
Hawk helicopters that had killed 22 servicemen since 1982.

[The Blackhawk problem was discussed in RISKS-5.56,58,59,60 and 7.8,9 -- GD]

Gordon Davisson  ( (uw-beaver!uw-june!gordon)
Computer Science Department, University of Washington.  Seattle, WA, 98195.

F-16 that can't stall falls from sky (RISKS-8.13)

Mike Tanner <>
23 Jan 89 23:11:12 GMT
This may not be a risk of computers, but maybe a risk that arises from
reporting technical subjects in the popular press -- inaccuracy.

Airplanes can be stalled in any attitude (angle with respect to the ground) at
any airspeed.  So I'm puzzled about this:

> The F-16 can stall at speeds of 230 mph or slower, depending on its weight
> and angle of flight, MacDill officials said.

It might mean that below 230 the computer anti-stall stuff doesn't work.
Though I can't see why it should be related to speed.  Stall is a function of
angle of attack, not of airspeed.  There is a certain speed (called
maneuvering speed in light airplanes, don't know about fighters) beyond which
the airplane will be damaged by a stall.  So maybe 230 is this speed for the
F-16.  That is, below 230 it's a stall, above 230 it's an in-flight breakup.

Then there's this:

> The report drawing depicts Johnson's jet in a near-vertical climb just before
> it stalled.  "That should never have happened," said Howard Acosta

Since Acosta is said to be an experienced pilot I assume "That" refers to the
stall, not the vertical climb.  Though the latter is implied by the context.
Again, stall is a function of angle of attack, not attitude (i.e., angle with
the ground).  Some reporter believes, or was led to believe, that "stall"
is caused by an extreme nose-high attitude.

Anybody know how the F-16's anti-stall stuff really works?
                                                                -- mike

Re: Probability and Product Failure [common mode failures]

26 Jan 89 13:11:50 PST (Thursday)
It's worth pointing out that common mode failures in software go beyond the
system specification -- programmers tend to make similar sorts of errors way
down in the implementation, even in so-called "independent" implementations.

Re: aircraft-specific common mode failures: exhausted fuel has happened
within the past two years; contaminated fuel would be another example.  I'm
sure an aircraft engineer could come up with dozens of other possibilities.

--Bruce      UUCP:!hamilton.osbuSouth     213/333-8075

Discrete probability and airplanes

Dave Settle <dave@ucms.UUCP>
Wed, 25 Jan 89 11:46:16 GMT
In RISKS 8.10 Steve Jay <> comments:
> > Even assuming that a 3 engined plane needs 2 engines to fly,
> > the odds of 2 engines failing on a 3 engined plane are much, much
> > smaller than the odds of 1 engine failing on a 2 engined plane.

Not true. It is MORE likely to happen.

In RISKS 8.12 Mike Olson <mao@blia.uucp> comments:
> If the probability of 1 engine failing is p, then the probability of one
> of 3 engines failing is 3p ...

Not true either. [ if 'p' is a probability, then '3p' isn't: suppose p = .5?]
        (mind you, you wouldn't sell many of them :-)
     [Wrong.  `3p' is an approximation that is perfectly good for small p. PGN]

To put things straight about probabilities: (assuming that the 2-engine plane
needs 1 engine to fly, and that the 3-engine plane needs 2)

A 2 engined plane will crash iff both engines fail - probability p^2.
Call this p2.

A 3 engined plane will crash iff any pair of engines fail, or if all 3 fail

The probability of a pair of engines failing is p * p * (1 - p): i.e.
FAIL FAIL OK. There are 3 DIFFERENT pairs to be considered: AB, BC, or AC.

The probability of all three engines failing is p^3.

Therefore the probability of at least 2 engines failing is:
    3p^2(1 - p) + p^3 = 3p^2 - 2p^3.    Call this p3.

p2 is the probability that the 2-engined plane will crash, p3 is the probability
that the 3-engined plane will crash.

Since p < 1, p2 < p3 (that is, the 2-engined plane is safer):
    p^2 < 3p^2 - 2p^3 
    0 < 2p^2 - 2p^3          (subtract p^2)
    2p^3 < 2p^2          (add 2p^3)
    p^3 < p^2            (divide by 2)

which is TRUE for p < 1.

So, what does all this mean? Well, basically it's safer to use a 2-engined plane
than a 3-engined plane: the 3-engined plane will crash more often, assuming
that it needs 2 engines to fly.

You can sort of make sense of this by thinking that the 2-engine plane needs
50% of its engines working, while the 3-engine plane needs 66%.
Of course, you could always travel by Greyhound.

Hope this makes sense (and I haven't made any mistakes :-) )

[Thanks to Martin Jeffries for help with the maths etc]

Dave Settle, Universal (CMS) Ltd, Thames Tower, Burleys Way, Leicester, UK.  (someday)      ...!mcvax!ukc!nott-cs!ucms!dave
dave@ucms.uucp    (today)

        <--- This way to point of view --->

Micro-cellular phones

Sun, 22 Jan 89 11:22:02 -0500
Excerpted from the 1/30/89 Business Week:

  "...Now the British are readying a novel mobile phone service based not on
cellular technology but on cordless phones. Customers will have to place
calls within range of a local transceiver, and they won't be able to receive
calls.  [The customer must stay near that transceiver for the duration of
the call.  SDB]
  "...The cordless phones will transmit signals to large transceivers tucked
away in key public places and connected by wire to the regular phone
network. As long as the caller is within 100 to 200 yards of a station, a
call can be placed to anywhere in the world by punching in a special code
and then the number.
  "...License applicants figure it will take no more than $70 million to
build a nationwide network of 20,000 base stations, placed in such busy
sites as train terminals and gas stations.
  "...Initially the phones will retail for about $275 in Britain..."
  "...Telepoint's boosters expect Britain to be a $1.4 billion market with 4
million subscribers by 1994.
  "...British consumers soon will be able to buy a small CT2 base station
[for their homes] for about $200, and use it in place of a regular phone and
expensive wiring to connect up to eight CT2 cordless handsets.
  "...On each call, a CT2 phone finds the first available frequency among 40
channels. Backers say its low power output means that up to 14,000 phones
could operate simultaneously per square mile.
  "...Telepoint's backers are betting that the new service will attract
enough cost-conscious consumers to turn a quid or two. [because CT2 costs
much less than a real cellular system SDB]"

This takes my breath away. Are there NO paranoids in the British telephone

1. What is to keep me from setting up a receiver in the London financial
district and listening in on important calls there? [Did someone mention
"inside trading"? How the heck are the authorities going to prove where I got
my information?]

2. The "special code" I have to enter is presumably a customer ID. [If they
expect an installed base of 4 million, it's probably going to be 11 digits. How
much you want to bet they make the phone do it automatically?] If I put my
receiver somewhere rich (the financial district again?) I should be able in
very short order to capture the access codes for literally hundreds of very
well-off people. All I have to do now is modify my own phone slightly, and next
time I want to chat with my girl friend in Singapore for a couple of hours,
there I am - free long distance!

If the phone company detects something funny going on with a normal line, they
know exactly where it is and can send the cops. But with one of these, all they
know is approximately where it is - and a 200 yard diameter is a big place to
search when you don't know what you are looking for and don't have warrants to
open doors and search.

These problems are fundamental in the design. Because they will have an
enormous installed base, they can't change the fundamental system at all - by
adding scramblers, for instance, or changing the tones for the keypad. Once the
system is installed, I don't see what they can do to handle these problems when
they pop up.

"Cost conscious consumers" indeed. If the engineering schools at Oxford and
Cambridge are anything like the ones at MIT and Caltech, they're going to tear
this system to shreds.

Steven C. Den Beste,   BBN Communications Corp., Cambridge MA    harvard!!denbeste(UUCP)

Looking for Computer Folklore

Vernard C. Martin <>
26 Jan 89 01:18:40 GMT
I'm interested in stories that might have started in actual fact but that have
become so popular that they keep popping up. For instance, did you hear about
the zero-sum check? Someone gets a computerized bill from a credit card company
saying they owe the company zero dollars and zero cents. They ignore it but
keep getting bills and increasingly nasty computerized notes, so they finally
write out a check for zero dollars and zero cents and send it in, and the
computer never bothers them again.

Or, there's the story about the guy who falls asleep in front of his
terminal with an ELIZA program running and his boss logs on and thinks he's
talking to him but is actually talking to the program, and gets pissed off.

OR, there's the dilemma in which computers keep crashing because an operator
wears a silk slip that gives off static electricity like nobody's business, OR
the bank teller who embezzles millions from his bank by creating a file to
collect the fractions of pennies that the bank rounds off from accounts.

Some story categories are: 
1. machines going physically berserk. 
2. women/computers/sex/sexism and/or romance. 
3. sabotage.
4. breaking security (no, I don't have classified clearance [...])
5. great hacks. 
6. computer gods (such as Norbert Weiner, a genius in AI who lost his family
   when they moved to a new house and he forgot where it was). 
7. tales of massive catastrophe due to seemingly mysterious means
   that turn out to be something strange, like magnetized pollen. 

Of course, there are more categories. Got a great tale you want to share? 
Reply to If you'd rather talk, leave your phone 
number and I'll try to give you a ring. 

Karla Jennings
This account is temporarily being used as a collection point for mail.  

  [The zero-dollars story appears among an old collection of anecdotes from
  an ACM SIGOPS Symposium on Operating Systems Principles, contained in
  ACM Software Engineering Notes vol 5 no 1 (Jan 1979) and augmented in vol 
  7 no 1 (Jan 1981).  I hope our readers will share their documentable true
  tales (that have become legends) with RISKS as well as Karla -- especially
  those that have not appeared here yet.  PGN]

Please report problems with the web pages to the maintainer