The RISKS Digest
Volume 8 Issue 29

Wednesday, 22nd February 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Overloaded computer delays (overworked) commuters
Steve Graham
Chicago Phone Freak Gets Prison Term
Patrick Townson via Cliff Stoll
Computer Confinement
Joseph M. Beckman
Police officers sentenced for misuse of PNC
Nigel Roberts
The word "virus" causes panic
Nigel Roberts
Re: Faking Internet mail
Steve Bellovin
Kevin S. McCurley
Info on RISKS (comp.risks)

Overloaded computer delays (overworked) commuters

<Owen Plowman <> [Really Steve Graham]>
Tue, 21 Feb 89 14:31:14 EDT
This message actually comes to you from Steve Graham
(, and not from me (Owen Plowman).

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

You might find this interesting. It is a 'COMMUTER BULLETIN' published
by Government of Ontario [GO] Transit. I and everyone using the system 
was affected by it.

[GO Transit trains serve a wide area around Toronto, transporting
commuters between the downtown area and surrounding communities.  I
believe that the trains are operated for the Provincial Government by
Canadian National Railways]

February 15, 1989


Homebound GO Train riders were subjected to delays of up to 80 minutes
on Monday and Tuesday evenings.

The delays were caused by a shortage of capacity in the new computer
recently installed by CN Rail to control the signalling on its main line
between Toronto and Hamilton. In the late afternoon, this line is heavily
used over its entire length, and the computer has not been able to process
signal and routing requests as rapidly as the traffic requires.

GO's Lakeshore trains use this line and were seriously affected. Also
delayed were trains on the Milton, Georgetown, Bradford and Stouffville
lines, whose equipment encountered the signal problems between Union
Station and GO's maintenance facility in Mimico. Compounding the delays
were several locomotive malfunctions as well.

CN hopes to have the computer problem solved by the end of this week. In
the meantime, the railway is altering its operating procedures in order to
minimize further impact on GO riders.

GO apologizes for this inconvenience.

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Steve Graham, Oracle Corporation Canada, Toronto, Ontario, M5J 2M4
Opinions expressed in this message are those of the author.

Chicago Phone Freak Gets Prison Term

Cliff Stoll <>
Mon, 20 Feb 89 01:36:57 est
From: (TELECOM Moderator)        [From Patrick Townson]
Newsgroups: comp.dcom.telecom
Subject: Chicago Phreak Gets Prison Term
Date: 17 Feb 89 06:47:45 GMT
X-TELECOM-Digest: volume 9, issue 65, message 1 of 5

An 18 year old telephone phreak from the northside/Rogers Park community
in Chicago who electronically broke into U.S. military computers and AT&T
computers, stealing 55 programs was sentenced to nine months in prison on
Tuesday, February 14 in Federal District Court here.

Herbert Zinn, Jr., who lives with his parents on North Artesian Avenue in
Chicago was found guilty of violating the Computer Fraud and Abuse Act of
1986 by Judge Paul E. Plunkett. In addition to a prison term, Zinn must pay
a $10,000 fine, and serve two and a half years of federal probation when
released from prison.

United States Attorney Anton R. Valukas said, "The Zinn case will serve to
demonstrate the direction we are going to go with these cases in the
future. Our intention is to prosecute aggressively. What we undertook is to
address the problem of unauthorized computer intrusion, an all-too-common
problem that is difficult to uncover and difficult to prosecute..."

Zinn, a dropout from Mather High School in Chicago was 16-17 years old at
the time he committed the intrusions, using his home computer and modem.
Using the handle 'Shadow Hawk', Zinn broke into a Bell Labs computer in
Naperville, IL; an AT&T computer in Burlington, NC; and an AT&T computer at
Robbins Air Force Base, GA. No classified material was obtained, but the
government views as 'highly sensitive' the programs stolen from a computer
used by NATO which is tied into the U.S. missle command. In addition, Zinn
made unlawful access to a computer at an IBM facility in Rye, NY, and into
computers of Illinois Bell Telephone Company and Rochester Telephone Company,
Rochester, NY.

Assistant United States Attorney William Cook said that Zinn obtained access
to the AT&T/Illinois Bell computers from computer bulletin board systems,
which he described as '...just high-tech street gangs'. During his bench
trial during January, Zinn spoke in his own defense, saying that he took the
programs to educate himself, and not to sell them or share them with other
phreaks. The programs stolen included very complex software relating to
computer design and artificial intelligence. Also stolen was software used
by the BOC's (Bell Operating Companies) for billing and accounting on long
distance telephone calls.

The Shadow Hawk — that is, Herbert Zinn, Jr. — operated undetected for at
least a few months in 1986-87, but his undoing came when his urge to brag
about his exploits got the best of him. It seems to be the nature of phreaks
that they have to tell others what they are doing. On a BBS notorious for
its phreak/pirate messages, Shadow Hawk provided passwords, telephone numbers
and technical details of trapdoors he had built into computer systems,
including the machine at Bell Labs in Naperville.

What Shadow Hawk did not realize was that employees of AT&T and Illinois
Bell love to use that BBS also; and read the messages others have written.
Security representatives from IBT and AT&T began reading Shadow Hawk's
comments regularly; but they never were able to positively identify him.
Shadow Hawk repeatedly made boasts about how he would 'shut down AT&T's
public switched network'. Now AT&T became even more eager to locate him.
When Zinn finally discussed the trapdoor he had built into the Naperville
computer, AT&T decided to build one of their own for him in return; and
within a few days he had fallen into it. Once he was logged into the system,
it became a simple matter to trace the telephone call; and they found its
origin in the basement of the Zinn family home on North Artesian Street in
Chicago, where Herb, Jr. was busy at work with his modem and computer.

Rather than move immediatly, with possibly not enough evidence for a good,
solid conviction, everyone gave Herb enough rope to hang himself. For over
two months, all calls from his telephone were carefully audited. His illicit
activities on computers throughout the United States were noted, and logs
were kept. Security representatives from Sprint made available notes from
their investigation of his calls on their network. Finally the 'big day'
arrived, and the Zinn residence was raided by FBI agents, AT&T/IBT security
representatives and Chicago Police detectives used for backup. At the time
of the raid, three computers, various modems and other computer peripheral
devices were confiscated. The raid, in September, 1987, brought a crude
stop to Zinn's phreaking activities. The resulting newspaper stories brought
humiliation and mortification to Zinn's parents; both well-known and
respected residents of the Rogers Park neighborhood. At the time of the
younger Zinn's arrest, his father spoke with authorities, saying, "Such a
good boy! And so intelligent with computers!"

It all came to an end Tuesday morning in Judge Plunkett's courtroom here,
when the judge imposed sentence, placing Zinn in the custody of the Attorney
General or his authorized representative for a period of nine months; to
be followed by two and a half years federal probation and a $10,000 fine.
The judge noted in imposing sentence that, "...perhaps this example will defer
others who would make unauthorized entry into computer systems." Accepting the
government's claims that Zinn was 'simply a burglar; an electronic one...
a member of a high-tech street gang', Plunkett added that he hoped Zinn
would learn a lesson from this brush with the law, and begin channeling his
expert computer ability into legal outlets. The judge also encouraged Zinn
to complete his high school education, and 'become a contributing member of
society instead of what you are now, sir...'

Because Zinn agreed to cooperate with the government at his trial, and at
any time in the future when he is requested to do so, the government made
no recommendation to the court regarding sentencing. Zinn's attorney asked
the court for leniency and a term of probation, but Judge Plunkett felt
some incarceration was appropriate. Zinn could have been incarcerated until
he reaches the age of 21.

His parents left the courtroom Tuesday with a great sadness. When asked to
discuss their son, they said they preferred to make no comment.

Patrick Townson

Computer Confinement

"Joseph M. Beckman" <Beckman@DOCKMASTER.ARPA>
Wed, 22 Feb 89 07:54 EST
     [Joseph included an article From the Washington Times (2-16-89) and
     commented thusly:]

It is interesting that the judge wants this person to reform with computers.
One would find it incongruous to direct, say, an alcoholic to work in a liquor
store (a legal outlet), or an embezzler to work in another financial
institution, etc.  Perhaps the penalty or terms of probation should call for
the abuser to stay away from that which he is abusing or using to break the law.

     [Article also noted by Rodney Hoffman <>.]

Police officers sentenced for misuse of PNC

Nigel Roberts <>
Mon, 20 Feb 89 02:48:11 PST

Three police officers hired by private investigators to break into the
Police National Computer received suspended prison sentences at Winchester
Crown Court. The private investigators also received suspended (prison) 
sentences, ranging from four to six months.

The police officers were charged under the Official Secrets Act of conspiring
to obtain confidential information from the Police National Computer at Hendon.

One of the police officers admitted the charge, but the other two and the
private investigators pleaded Not Guilty.

The case arose out of a TV show called _Secret Society_ in which private
investigator Stephen Bartlett was recorded telling journalist Duncan 
Campbell that he had access to the Police National Computer, the
Criminal Records Office at Scotland Yard and the DHSS [Department
of Health & Social Security --nr] computer.

Bartlett said he could provide information on virtually any person on a few
hours. He said he had the access through certain police officers at
Basingstoke, Hampshire. Although an investigatation proved the 
Basingstoke connection to be false, the trail led to other police officers
and private detectives elsewhere.

Most of the information gleaned from the computers was used to determine
who owned certain vehicles, who had a good credit record — or even who
had been in a certain place at a certain time for people investigating
marital infidelity.

            — From _Personal Computing Weekly_
               dated 9/15-Feb-1989.

[Of course, the actions for which the officers and others were sentenced,
were not computer break-ins as such, but rather misuse of legitimate

It seems the phrase "break-in", applied to computers, is almost as 
fashionable as "virus" with the media at the moment --nr]

The word "virus" causes panic

Nigel Roberts <>
Mon, 20 Feb 89 02:41:19 PST

Sixth-form student [high-school--nr] and _Popular Computing Weekly_ reader
Michael Banbrook gave his college network managers a scare when he 
planted a message saying that a virus was active on the college system.

Banbrook's message appeared whenever a user miskeyed a password; the
usual message would be 
    "You are not an authorised user".

It was replaced by the brief but sinister:
    "A Virus is up and running".

When the message was discovered by the college network manager, Banbrook
was immediately forbidden access to any computers at the St. Francix Xavier
Collegs at Clapham in South London.

Banbrook, 17, told _Popular Computing Weekly_ that he believed the college
has over-reacted and that he had, in fact thrown a spotlight on the college's
lacklustre network security. The college has a 64 node RM Nimbus network
running MS-DOS.

"All any has to do is change a five-line DOS batch file" says Banbrook.
"There is no security at all"

Banbrook admits his motives were not entirely related to enhancing security:
"I was just bored and started doodling and where some people would doodle 
with a notepad, I doodle on a keyboard. I never thought anyone would
believe the message"

Banbrook was suspended from computer science A-level classes and forbidden to
use the college computers for a week before it was discovered that no virus
existed. Following a meeting between college principal Bryan Scalune and
Banbrook's parents, things are said to be "back to normal".

                — from Popular Computing Weekly
                   dated 9-15/Feb/89

[I think there are several lessons here. The college seems to have been using
networked PCs without realising that how an informed ordinary user could change
system messages for everyone on the network. The student himself doesn't 
seem to have been aware of the possible consequences of his "doodling" 
(echoes of the discussion of the need to educate people about ethics and 
"proper use"), and of course it is highly revealing to note the knee-jerk 
way everone reacted when they saw the currently fashionable buzz-word 
"virus" on their screens --nr]

Re: Faking Internet mail [Re: RISKS-8.27]

Sun, 19 Feb 89 21:10:07 EST
Yes, it's just as easy to fake netnews articles.  In fact, if you're a
bit careful, you can not only spoof someone, you can arrange things so
that the victim doesn't even see the forged article.

Back when we were designing the original protocols, we discussed the security
issue.  Since we were using a completely unauthenticated transport medium
(uucp), at least as far as the application layer was concerned, we felt that
there could be no real security; consequently, we elected to omit all control
messages.  That decision was subsequently changed by later implementors, and
there have indeed been a few problems, albeit mostly inadvertent.  But the
first public release of ``B netnews'' had some very serious security problems
indeed; a forged control message could be used to remove every file belonging
to the owner of netnews.  In the best case, that was ``merely'' every stored
netnews article; in the worst case — some implementation quirks in then-
current versions of the UNIX system — the recursive remove command would run
as root, and could wipe the entire file system.

I don't remember why we didn't adopt a public-key system during the initial
design phase; we certainly knew about them, and even had some code (the V7
xsend/xget commands) to model ours on.  Most likely, we didn't see the need; we
expected a maximum size of 50-100 sites, and 1-2 messages/day.
                                                               --Steve Bellovin

Faking Internet mail

"Kevin S. McCurley" <>
Sun, 19 Feb 89 22:15:54 PST
I guess a lot of people know about faking internet mail.  Since the National
Science Foundation now accepts reviews of proposals via email, I wonder whether
anybody there knows about this ?  It is rather farfetched to think that
somebody would try to fake their reviews, but I wonder if there are many other
examples where individuals or organizations are leaving themselves open to
fraud this way...

Kevin McCurley, IBM Almaden Research Center

Please report problems with the web pages to the maintainer