The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 23

Thursday 9 February 1989

Contents

o Self-Taught Space Craft
Brian Randell
o Still a few bugs in the system, as they say
Mark Brader
o Multi-gigabuck information "theft"
Mark Brader
o Risks of letting key people leave employment?
David A. Curry
o Phone Risks
Greeny
o Virus Technical Review
David J. Ferbrache
o Re: WORM storage and archival records
Curtis Abbott
o Info on RISKS (comp.risks)

Self-Taught Space Craft

Brian Randell <Brian.Randell@newcastle.ac.uk>
Thu, 9 Feb 89 13:01:01 WET DST
SCIENTISTS TO BUILD SELF-TAUGHT SPACE CRAFT

By Mary Fagan, Technology Correspondent
The Independent, 9 February 1989 (in its entirety)

 Work by British scientists will enable future space craft to control
themselves in flight without pilots, learning by trial and error in the way
humans learn to walk or ride bicycles. 

 Technology being developed at the Turing Institute in Glasgow will allow
satellites, space planes and space stations to learn to cope with the
unexpected, including equipment failure and atmospheric changes.

 Hotol, the British space plane which is involved in a long-running funding
row, is to be at the heart of a one-year project to apply a form of
artificial intelligence known as machine learning to flight control systems. 
This will allow Hotol to learn from its own experience, improving and
adjusting flight performance as flight conditions change or things go wrong. 

 Although modern control theory for spacecraft is fine as long as nothing
unpredicted happens, it cannot always cope with turbulence, if sensors fail
or parts of the craft fall off.

 Professor Donald Michie, of the Turing Institute, said: "The best analogy is
a human riding a bike - if the handlebars fall off or something goes wrong,
they can adjust their actions to regain balance. Balance is also very
important for spacecraft and for satellites in orbit."

 The work on Hotol, which will take off and land from airport runways,
concentrates on machine learning for its initial ascent into space.

 The concept, Professor Michie says, can also be applied to satellites
subjected to unforeseeable fluctuations in solar winds and changes in air
density. On large craft the huge solar panels could also be a source of
instability.

 The project is being launched by British Aerospace, which in spite of the
Government's lack of support, has kept a large team on the Hotol project. The
contract is the first signed under the Hotol Enabling Technology Club
programme, which involves a group of companies which feel that software
developed for Hotol could be valuable in other industrial areas.

    Brian Randell, Computing Laboratory, University of Newcastle upon Tyne
    JANET = B.Randell@uk.ac.newcastle  ARPA  = B.Randell@newcastle.ac.uk
    PHONE = +44 91 222 7923


Still a few bugs in the system, as they say

Mark Brader <msb@sq.sq.com>
Wed, 8 Feb 89 18:00:06 EST
(Information from a Canadian Press wire service article carried in
 the Toronto Star, February 7.  Wording is mine except for quotes.)

The Owner-Drivers Radio Taxi Service Ltd. of London, known as
Dial-a-Cab, contracted to Mobile Data International Inc., of Richmond,
B.C., Canada, for a computerized dispatching system at a cost of $5.4 
million (Canadian).  Dial-a-Cab milked this for publicity and netted
embarrassment.  You guessed it.  As Alf, one of their drivers, put it:
"We'd made such a business saying we'd be the first in Europe to use
this computerized system and it broke down within four hours."

And it's still sitting idle.  Company chairman Ken Burns said:  "It's
not working ... A microchip has to be changed."

Another driver, Ben, said:  "There was an overload.  ... They hadn't fore-
seen the amount of traffic on it."  (That'd be 6,000 calls per day.)
"We're blowing our tops about it.  ... Everything was going to be action,
action, action.  But [it's] sitting in the cabs doing nothing."

Mobile Data's European sales director, Eric Dysthe, admitted the problems,
but noted that Dial-a-Cab was "pushing for an early startup" before their
annual general meeting.  "That ... did not allow us to do the testing we
should normally do."

Burns says Mobile Data says the problem is fixed but requires two more
months for testing.  The system has been installed in 1,450 cabs and the
company, despite the problems, has ordered an additional 320 units.

Similar systems are widely used in Canada; the one in Toronto, which is
reported to work well, is from a different supplier.

Mark Brader     "Where is down special?" ...      "Good."
Toronto         "Do you refuse to answer my question?"    "Don't know."
utzoo!sq!msb, msb@sq.com


multi-gigabuck information "theft"

Mark Brader <msb@sq.sq.com> <utzoo:msb@sq.UUCP>
Wed, 8 Feb 89 17:41:08 EST
(Information from an article by Bob Mitchell in the Toronto Star,
 February 8.  Wording is mine except for the quoted matter, which
 is from Constable Craig Lewers.)

A man has been arrested and charged with unauthorized use of
computer information, following a 2-month police investigation.
The suspect was an associate of a "very big" Toronto company:
"a company that people would know ... with offices across Canada".
Police are keeping the company's name secret at its request.
They say the perpetrator acted alone.

A password belonging to the company was used to steal information
which the company values at $4 billion (Canadian): computer files
belonging to an American company, believed [sic] to contain records
from numerous companies, and used by large Canadian companies and
the U.S. government.

"We don't know what this individual was planning to do with the
information, but the potential is unbelievable.  ...  I'm not saying
the individual intended to do this, but the program [sic] contained
the kind of information that could be sold to other companies",
said Lewers.

Mark Brader             "Every new technology carries with it
SoftQuad Inc., Toronto           an opportunity to invent a new crime"
utzoo!sq!msb, msb@sq.com                -- Laurence A. Urgenson


Risks of letting key people leave employment?

<davy@riacs.edu>
Thu, 09 Feb 89 11:03:10 -0800
San Jose Mercury News, 2/8/89
TV editor charged in raid on rival's files
  TAMPA, Fla. (AP) - A TV news editor hired away from his station by a compet-
itor has been charged with unlawfully entering the computer system of his for-
mer employer to get confidential information about news stories.
  Using knowledge of the system to bypass a security shield he helped create,
Michael L. Shapiro examined and destroyed files relating to news stories at
Tampa's WTVT, according to the charges filed Tuesday.
  Telephone records seized during Shapiro's arrest in Clearwater shoed he made
several calls last month to the computer line at WTVT, where he worked as
assignment editor until joining competitor WTSP as an assistant news editor in
October.
  Shapiro, 33, was charged with 14 counts of computer-related crimes grouped
into three second-degree felony categories: offenses against intellectual
property, offenses against computer equipment and offesnes against computer
users.  He was released from jail on his own recognizance.
  If convicted, he could be sentenced to up to 15 years in prison and fined
$10,000 for each second-degree felony count.
  Bob Franklin, WTVT's interim news director, said the station's management
discovered several computer files were missing last month, and Shapiro was
called to provide help.  Franklin said the former employee claimed not to know
the cause of the problem.
  At a news conference, Franklin said: "Subsequent investigation has revealed
that, at least since early January, WTVT's newsroom computer system has been
the subject of repeated actual and attempted `break-ins.'  The computers con-
tain highly confidential information concerning the station's current and
future news stories."
  The news director said Shapiro was one of two people who had responsibility
for daily operation and maintenance of the computer system after it was in-
stalled about eight months ago.  The other still works at WTVT.
  Terry Cole, news director at WTSP, said Shapiro has been placed on leave of
absence from his job.
  Shapiro did not respond to messages asking for comment.
  Franklin said Shapiro, employed by WTVT from February 1986 to September,
1988, left to advance his career.
  "He was very good ay what he did," Franklin said.  "He left on good terms."


Phone Risks

GREENY <MISS026@ECNCDC.BITNET>
Thu 09 Feb 1989 15:23 CDT
...Just when you thought the phones were safe, here is something to make
you even more paranoid...

The other day I was on the phone with a collegue of mine discussing some things
when he realized that he had to make a quick call to someone else.  He placed
me on "Consultation Hold" [where you can put the person you're talking to on
hold, while calling another, and then go back to the first -- sorta like
Call Waiting..].  Before he put me on hold, he said "If you're on hold too long
then just hang up..."

Ten minutes later (I lost track of time typing something...), I was still on
hold, when I was suddenly brought back to reality by a beeping in the phone.  I
figured that it was simply the phone system trying to signal him that I was
still on hold and ignored it.  After five minutes of this beeping, I gave up
and hung up the phone.  Then I left my office for a while.

About an hour later, my girlfriend came to my office and said "Gee you've been
o the phone for a long time...".  I hadn't so I decided to check and see if I
might have left the phone off the hook, or if my modem had been automatically
turned on by someone calling it up.  Both turned out to be false, however, when
I picked up the phone I was presented with BOTH SIDES OF A CONVERSATION THAT
SOMEONE ELSE WAS HAVING.  Clear as a bell, as if we were in a three-way call.
So I tried to say something, but they couldn't hear me.  Wierd I thought, must
be a fluke, and hung up.  Then I picked up the phone about 5 minutes later and
they were still talking.  30 minutes later, this guy was talking to his
girlfriend.

Enough was enough I decided, so I got on another extension and called the
campus operator.  She couldn't do anything of course, and recommended I
call the Campus Features People.  They also couldn't do anything, but said
that they would leave a note for the network people in the morning.
Just wonderful, I thought.  And went home.

The next day, the phone was working, so I called the Telecommunications
office on campus, and inquired as to what happened.  The lady there said
that she'd check it out and get back to me.  About 10 minutes later she did
and informed me that it was "a software problem in the switch" and to
"call back immediately if it happens again".  Oh great, I'm thinking.  How
can I ever be sure that my conversations are at least semi-private, and
not screwed up all the time.  This campus just recently had a multi-million
dollar phone system installed (at least the first phase of it -- Audio),
and I thought that it was relatively bug free.  But recently strange things
have been happening -- such as my phone playing "operator", and an ENTIRE
dorm being cut off from phone service for about 6 hours.

...Yet another software bug....*ho hum*  Does anyone out there know of a
good, inexpensive, voice scrambler?
                                               Greeny


Virus Technical Review

"David.J.Ferbrache" <davidf@cs.hw.ac.uk>
9 Feb 89 10:53:21 GMT
  This request has appeared on the bitnet virus-l mailing list, and has
  been crossposted to the appropriate comp.sys groups and to comp.risks.
  I apologise for any readers who receive duplicate copies.

       -------------------------------------------------------------
       A review of the threat posed to the security and integrity of
       microcomputer systems posed by self-replicating code segments
       -------------------------------------------------------------


I am in the process of compiling information on existing computer viruses,
with a view to the production of a technical paper reviewing the threat
to system security posed by both present computer viruses and likely
future developments.

To this end I would be very grateful for information on individual
infections, preferably detailing the symptoms observed, damage caused and
disinfection techniques applied. Naturally I am also interested in details
of the operation of the viruses, although I appreciate the reticence shown
by infected parties to disseminate any details of virus operation, on the
basis that it could lead to development of further viruses.

The technical report is part of a Doctoral research thesis in computer
security, and will be available in late May. Distribution of the technical
report will be restricted to people who have a legitimate interest
(ie systems managers, commercial concerns, research), as I expect to
review the techniques exploited by viruses in a fair degree of detail at
the BIOS/DOS interface level. The report will consider the techniques used by
virus to duplicate, the ways in which viruses gain control of the computer
system, the camouflage techniques adopted and a brief overview of the
existing computer viruses. Finally the report will consider the likely
development of the threat from viruses, and how this developing threat
can be addressed by protective software in both virtual and non-virtual
machine operating environments.

At the moment I know of the following viruses:

IBM PC MS/DOS 
1. Lehigh variant 1 and 2              2. New Zealand (stoned)
3. Vienna (Austrian, 648)              4. Blackjack (1701, 1704)
5. Italian (Ping Pong)                 6. Israeli variant 1 (Friday 13th, 1813,
                                          PLO, Jerusalem), variant 2, variant 3
                                          (April 1st), variant 4
7. Brain (Pakastani) and variants      8. Yale

Also potentially variant of the Rush Hour and VirDem viruses developed 
during the CCC's work on viruses.

APPLE MAC
1. NVir variant A and B, Hpat           2. Scores
3. INIT 29                              4. ANTI
5. Peace (MacMag)

APPLE II
1. Elk 

AMIGA
1. SCA                                  2. Byte Bandit
3. IRQ

ATARI ST
1. Boot sector                          2. Virus construction set viruses

Mainframe OS worms
1. Internet worm                        2. DECNET worm
2. BITNET Xmas chain letter

I would be grateful for any information on these, or any other viruses. 
Reports of infection may be given in confidence, in which case they will
only be used as an indication of geographical distribution of infection.

A summary of known viruses, their symptoms, geographic distribution and
known disinfection measures will be posted to the list as soon as 
sufficient information is available to prepare an interim report. 

As part of the paper I will also be reviewing the effectiveness of viral
disinfection software, and would thus be interested in details of any
software you use, its effectiveness, and availability.

Thanks for your time!

For those interested here is a summary of a few of the virus reports published
on virus-l and usenet,

   Subject, author and date                     Virus      Virus-l issue

   THE AMIGA VIRUS - Bill Koester (CATS)        SCA        LOG8805
       comp.sys.amiga, 13 November 1987

   New Year's Virus Report - George Robbins     IRQ        
       1 January 1989, comp.sys.amiga

   The Elk Cloner V2.0 - Phil Goetz             ELK        
       26 Apr 1988

   THE ATARI ST VIRUS - Chris Allen             ATARI ST   
       22 March 1988, comp.sys.atari 

   Features of Blackjack Virus, Otto Stolz      BLACKJACK  v2.24
       24 Jan 1989                              

   Comments on the "(c) Brain" Virus            BRAIN      LOG8805
       Joseph Sieczkowski, Apr 1988

   Brain and the boot sequence, Dimitri Vulis   BRAIN      v2.5
        5 Jan 1989

   The Israeli viruses, Y.Radai                 ISRAELI    LOG8805
       2 May 1988

   VIRUS WARNING: Lehigh virus version II       LEHIGH v2  v2.35
       Ken van Wyk, 3 Feb 1989

   The Ping-Pong virus, Y.Radai                 ITALIAN    v2.18
       17 Jan 1989

   Known PC Viruses in the UK and their effects MOST PC    v2.23
       Alan Solomon, 1989

   Yale Virus Info, Chris Bracy,                YALE       LOG8809a
       2 Sep 1988

   New Macintosh Virus, Robert Hammen           ANTI
       comp.sys.mac, 7 Feb 1989

   Hpat virus-it is a slightly modified nVIR    HPAT       
       Alexis Rosen, comp.sys.mac, 7 Jan 1989

   INIT 29: a brief description,                INIT 29    v2.18
       Joel Levin, 18 Jan 1989

   A detailed description of the INIT 29 virus  INIT 29    v2.30
       Thomas Bond, 27 Jan 1989

   The Scores Virus, John Norstad               SCORES     LOG8804
       info-mac digest, 23 Apr 1988

   Macintosh infection at Seale-Hayne College   TSUNAMI    LOG8808d
       Adrian Vranch, 8 July 1988

   DEFENCE DATA NETWORK MANAGEMENT BULLETIN,    DECNET     (see also v1.59a)
       50, 23 Dec 1988, 

   The internet worm program, an analysis       INTERNET   
       Gene Spafford, Nov 1988

I apologise for any researchers whose articles I have not cited, in what is
currently an incomplete list of references. Hopefully, this article
will be of some use in providing a general list of viruses which have
affected computer systems in the past.

Thanks for your time, and I look forward to any information you can
supply me with.

Dave Ferbrache                            Personal mail to:
Dept of computer science                  Internet <davidf@cs.hw.ac.uk>
Heriot-Watt University                    Janet    <davidf@uk.ac.hw.cs>
79 Grassmarket                            UUCP     ..!mcvax!hwcs!davidf 
Edinburgh,UK. EH1 2HJ                     Tel      (UK) 31-225-6465 ext 553


Re: WORM storage and archival records

<abbott.pa@Xerox.COM>
Wed, 18 Jan 89 15:43:23 PST
I think RAMontante <bobmon@iuvax.cs.indiana.edu>'s remarks deserve a
response.  Steve Phillipson's proposal of WORM devices for archival storage
surely had to do with preventing electronic tampering.  Physical tampering
is quite another matter.  Floppy disks and other electronic storage media
are physical objects, and therefore subject to the same controls on
authenticity and tampering as more traditional physical objects.  Thus, a
publisher of "authentic" Shakespeare could physically mark his disks in
such a way that I can tell if the disk I get from RAMontante is authentic.
Then what remains are problems like overwriting 0's with 1's (mentioned by
PGN, I believe).  There are lots of ways around this if you even believe
it's a problem.  (You might choose not to since only changing 0's to 1's
already greatly limits the edits you can make.)  For example, a single
parity bit gives you a lot of protection (or rather, detection).  Slightly
more elaborate, and hardly more costly, schemes can give you full
protection.  

A perhaps relevant observation about the difference between paper and
electronic media is that in the former, a certain degree of authenticity
and tamperproofness is intrinsically bound up with the medium.  It doesn't
cost more, and you don't have to think about it.  Those things aren't
generally true of the newer media, so if we don't think about it, and pay
for it, we sometimes get unpleasant surprises.

- Curtis Abbott

Please report problems with the web pages to the maintainer

Top