The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 3

Sunday 8 January 1989

Contents

o Computer-related accidental death
Gegg
o Re: Danish Home Companion, Kierkegaard, and Feynman
David E. Leasure
o "NO CARRIER"
Jef Poskanzer via David Sherman
o Re: Tales from the Vincennes tape
Maj. Doug Hardie
o "Hand-written" letters
Gary Chapman
o Dark Side Hacker, an Electronic Terrorist
Rodney Hoffman
o The risks of trusting CBS
Phil Goetz
o Hackers - pure and simple
Travis Marlatte
o Viruses of all kinds
Travis Marlatte
o Henry Cox's "Supercomputer used to `solve' math problem"
John C. Bazigos
o Info on RISKS (comp.risks)

Computer-related accidental death

<USER=GEGG@ub.cc.umich.edu>
Sun, 8 Jan 89 15:27:28 EST
COMPUTER-RELATED ACCIDENT RESULTS IN WOMAN'S DEATH

JOHANNESBURG, SOUTH AFRICA, 1988 DEC 28 (NB) -- According to the Associated
Press, a South African woman was killed Tuesday in a freak computer-room
accident. The death occurred when 1 1/2-ton steel doors closed on Renata Espach
as she stood in their path but out of sight of optical sensors intended to
detect obstructions. The accident took place at the computer facilities of
Liberty Life in Johannesburg as the 23-year-old woman was handing a document to
a colleague in the course of her employment.

found on usa today distribution bbs fido104/555 303-973-4222
 1/7/89 by anonymous guest (no replies pls)


Re: Danish Home Companion, Kierkegaard, and Feynman (RISKS-8.1)

<hou2d!del@att.att.com>
Fri, 6 Jan 89 14:05:51 EST
  R. P. Feynman in his recent book "What do you care what other people
  think" adapted a Buddist (possibly Shinto, I can't remember) story to
  explain dangers and benefits of technology.  His explanation went something
  like this:  There is a key that opens the gate of heaven and it's the same
  key that opens the gate of hell.  The two gates cannot be distinguished from
  the outside and the only way to tell which is which is to open it.
  Obviously, it's very desirable to have this key because it allows us to
  experience wonderful things, but there's also the risk of hell.  That key is
  technology.

David E. Leasure - AT&T Bell Laboratories - (201) 615-4169


"NO CARRIER"

David Sherman <dave@lsuc.UUCP>
6 Jan 89 07:57:49 EST (Fri)
| From: jef@ace.ee.lbl.gov (Jef Poskanzer)
| Newsgroups: comp.misc,comp.dcom.modems
| Subject: NO CARRIER
| Message-ID: <1595@helios.ee.lbl.gov>
| Date: 4 Jan 89 18:38:50 GMT
| 
| Some terminal emulator programs have an amusing bug.  When they see the
| text "NO CARRIER" at the beginning of a line, they stop listening to
| the modem.  Like this:
| 
| NO CARRIER
| 
| If your emulator has this bug, you are no longer on line, and are not
| reading this.  Yes, this sounds far-fetched, but I can personally
| assure you all that it's not just another chain-letter variation like
| the modem virus story.  I discovered this on the WELL a while back when
| I opened a topic called "NO CARRIER", and then got mail from a user
| complaining that whenever he tried to read the topic his modem hung
| up.  He was not computer-literate enough to have been making a joke.
| Recently another user reported the same problem.

Forwarded from Usenet by David Sherman, lsuc!dave@ai.toronto.edu


Re: Tales from the Vincennes tape

"Maj. Doug Hardie" <Hardie@DOCKMASTER.ARPA>
Thu, 5 Jan 89 14:43 EST
I am not surprized by these relevations.  I have observed the same behavior
from my son when he is playing a video game on the computer.  Once people get
into these games, it is as if it was real, as if their life was threatened by
whatever scenario is there.  Perhaps games of that sort based on the particular
equipment and expected mission could be used both in the development of systems
to find out what strange things people will do under pressure, and to help
train the eventual users to understand how to respond when those pressures do
occur.
                                        Doug


"Hand-written" letters

Gary Chapman <chapman@csli.Stanford.EDU>
Thu, 5 Jan 89 09:14:37 PST
Jerry Leichter reported this item in an editorial of the New York Times:

        The tide of progress, in other words, sometimes flows backward.
        There's probably only one sure way now to write letters that 
        are, and look, personal: by hand.

Some years ago I was on the PBS television show *Computer Chronicles*, as part
of a panel discussion about the use of computers in U.S. politics.  The other
guest on the show was a gentleman from a large direct mail firm which
specializes in mailings for political causes and candidates.  He brought along
some of his samples to show us how sophisticated mailings are becoming.  One of
them was particularly interesting:  the mailing was sent out to about three
quarters of a million senior citizens in the state of Arizona.  It had to do
with some kind of issue that had an impact on senior citizens, and the polls
indicated the vote was likely to be close (direct mail can make the difference
only when votes are close).  The direct mail company had developed a mail-merge
program using handwriting instead of formed characters, and then had these
letters printed on vast machines that actually wrote out the letters with
high-speed pens, I gathered, so that the final product was virtually
indistinguishable from a handwritten letter.  The stationery the letters were
printed on had only a person's name and home address at the top of the page, as
if it were personal stationery.  The envelopes were printed with the same
handwriting sample and the same process so they appeared to be hand-addressed.
The company even went so far as to affix the stamps (first class of course) on
the outside of the envelope with a jig that rocked back and forth in a frame so
the stamp would only rarely be glued on exactly straight up and down.  

This gentleman from the direct mail company told us proudly that the campaign
headquarters had received something like 14,000 telephone calls the first day
after this mail was delivered, and the election was turned in their client's
favor.

I looked at his sample letters and envelopes and could eventually tell that
these were computer-generated.  But I would not expect senior citizens, who
typically don't imagine that technology is capable of simulating a hand-written
letter so well, to be so discriminating.  I would bet that a large majority of
the recipients were convinced they had received a letter that someone had
painstakingly written to them in a very personal fashion.

-- Gary Chapman, 
   Executive Director, Computer Professionals for Social Responsibility


Dark Side Hacker, an Electronic Terrorist

Rodney Hoffman <Hoffman.ElSegundo@Xerox.com>
8 Jan 89 15:09:41 PST (Sunday)
Kevin Mitnick, earlier characterized as "armed with a keyboard and
considered dangerous" [see RISKS 7.95] is the subject of a lengthy profile
by John Johnson in the 8 Jan 89 'Los Angeles Times', with the headline:

             Computer an 'Umbilical Cord to His Soul'
     'DARK SIDE' HACKER SEEN AS 'ELECTRONIC TERRORIST'

When a friend turned him in and Mitnick asked why, the friend replied,
"Because you're a menace to society."  Mitnick is described as 

   25, an overweight, bespectacled ... computer junkie known as a 
   'dark side' hacker for his willingness to use the computer as a 
   weapon.... whose high school computer hobby turned into a lasting
   obsession .... He allegedly used computers at schools and businesses
   to break into Defense Dept. computer systems, sabotage business 
   computers and electronically harass anyone -- including a probation
   officer and FBI agents -- who got in his way.  He also learned how
   to disrupt telephone company operations and disconnected the phones
   of Hollywood celebrities such as Kristy McNichol, authorities said.

   So determined was Mitnick, according to friends, that when he suspected
   his home phone was being monitored, he carried his hand-held keyboard 
   to a pay phone in front of a 7-Eleven store, where he hooked it up and
   continued to break into computers around the country.  "He's an electronic
   terrorist, said [the friend who turned him in], "He can ruin someone's 
   life just using his fingers."

   Over the last month, three federal court judges have refused at separate
   hearings to set bail for Mitnick, contending there would be no way to 
   protect society from him if he were freed.... Mitnick's lack ofconscience,
   authorities say, makes him even more dangerous than hackers such as Robert 
   Morris Jr., ... who is suspected of infecting computer systems around the 
   country with a "virus" that interfered with their operations.

   Mitnick's family and attorney accuse federal prosecutors of blowing the 
   case out of proportion, either out of fear or misunderstanding of the
   technology.  

The story details his "phone phreak" background, and his use of high school
computers to gain access to school district files on remote computers, where
he didn't alter grades, but "caused enough trouble" for administrators and
teachers to watch him closely.  He used the name `Condor,' after a Robert
Redford movie character who outwits the government.  The final digits of his
unlisted home phone were 007, reportedly billed to the name "James Bond."

   [He and a friend] broke into a North American Air Defense Command
   computer in Colorado Springs in 1979.... [The friend] said they did not
   interfere with any defense operation.  "We just got in, looked around,
   and got out."....

   What made Mitnick "the best" said a fellow hacker and friend, was his 
   ability to talk people into giving him privileged information....
   He would call an official with a company he wanted to penetrate and say 
   he was in the maintenance department and needed a computer password.  He
   was so convincing, they gave him the necessary names or numbers....

   He believed he was too clever to be caught.  He had penetrated the DEC
   network in Mass. so effectively that he could read the personal electronic
   mail of security people working on the case of the mysterious hacker and
   discover just how close they were getting to him.  But caught he was, again
   and again.... 

   Mitnick's motive for a decade of hacking?  Not money, apparently....
   Friends said he did it all simply for the challenge....  [His one-time
   probation officer says,] "He has a very vindictive streak.  A whole
   bunch of people were harassed.  They call me all the time." .... His
   mastery of the computer was his "source of self-esteem," said a friend.


The risks of trusting CBS

<PGOETZ@LOYVAX.BITNET>
Sat, 7 Jan 89 15:03 EST
From the Jan. 89 issue of The Institute (a supplement to IEEE Spectrum),
in an IEEE article by Tekla Perry:

  Saratoga, CA- Some 200 personal computer industry pioneers and current
  innovators met here Oct. 7-9 for the invitation-only fourth annual Hackers
  Conference...

  "Hackers," as defined by this group, are "artists of technology," people who
  "derive joy from discovering ways to circumvent limitations," or more
  simply, those who are willing to "hack at that computer keyboard until the
  computer does what you want it to."

[Note that people invited to the Hackers Conference include people like
Steve Wozniak, Bill Gates, Mitch Kapor, etc. (as well as CBS!). Imagine their
surprise when , according to the article:]

  CBS... seemed not to have taken the point. Its Oct. 8 national report led
  with these words: "A small revolutionary army is meeting in the hills above
  California's Silicon Valley this weekend, plotting their next attack on the
  valley below..."

Phil Goetz       PGOETZ@LOYVAX.bitnet


Hackers - pure and simple

<att!ihlpa!travis@ucbvax.Berkeley.EDU>
Fri, 6 Jan 89 14:05:08 PST
I hold a more elementary definition of "hacker". One that was applicable in the
early days and remains so. Very simply, a hacker is one who is keenly
interested in the full capabilities of a system. This implies that
experimenting is done to discover the undocumented features, the limits of the
controls, and the back doors that should not exist. This was and can be done in
a constructive way. This was and can be done in a malicious, irresponsible way.

We, as computer professionals have, then, two responsibilities. First, we must
begin to think of malicious hacking as socially unacceptable. This should not
require the demise of hacking (according to my definition) altogether. The
perpetrator of misdirected hacking must not be rewarded for his or her efforts.
As colleagues of the irresponsible hackers, we must view them with distaste for
they will destroy the profession.

Second, a system of licensing should be implemented. This need not be (but
could be) a knowledge certification. A general form of permission granted to
all who request it would suffice. This license can then be revoked or suspended
upon conviction of some computer related offense. The license number would be
put on resumes, employers would demand new employees to have valid licenses,
and the future of ones career would hinge upon keeping that license intact.

The public has a right and, unfortunately, a need to regulate computer related
activity that affects the public. Some sort of licensing proclaims that society
agrees that this person is trustworthy (so far).  Mr. Morris, Jr. would not, in
my eyes, be eligible to receive a license to practice his trade.

Travis Marlatte       ihlpa!travis       312-416-4479    AT&T Bell Labs


Viruses of all kinds

<att!ihlpa!travis@ucbvax.Berkeley.EDU>
Fri, 6 Jan 89 14:44:20 PST
The analogy between computer viruses and medical viruses is appropriate.
Medical researchers are required to use approved methods for biological
research.  The leverage enacting those requirements comes in the form of:
licensing by a medical board with a list of expectations, laws that protect the
public's safety, and even laws that protect animal rights.

There is nothing to stop a researcher from suddenly going mad and applying his
or her knowledge for malicious purposes.  There is incentive to follow socially
approved channels for conducting legitimate research - fear of losing one's
license or being criminally charged. With these mechanisms and laws in place,
the public has a means to deal with malicious researchers who ignore the rights
of others.

Travis Marlatte       ihlpa!travis       312-416-4479    AT&T Bell Labs


Henry Cox's "Supercomputer used to `solve' math problem"

"John C. Bazigos" <bazigos@cd7.ics.uci.edu>
Thu, 05 Jan 89 19:59:44 -0800
> Date: Wed, 21 Dec 88 09:23:26 est
> From: Henry Cox  <cox@spock.ee.mcgill.ca>
> Subject: Supercomputer used to "solve" math problem (RISKS-7.97)

The "Montreal Gazette" errs by espousing the false belief that solving "a
theoretical mathematics problem so complex that it is beyond the capability of
the human mind to comprehend" implies, first, that scientists must "accept the
supercomputer's solution more or less on faith"; and second, that the proof is
not fully understandable for verification purposes.  The necessary and
sufficient condition for verifying a proof is ensuring that each step in the
derivation of the final result is valid -- i.e., follows from formal
definitions, postulates, rules, and validly derived results (i.e., lemmas
and/or theorems).  However, that condition is neither necessary nor sufficient
for understanding the problem: One can, trivially, logically derive a result
that one does not "comprehend"; and inversely, one can comprehend a result,
whether it is true or false, for which no derivation is known --e.g., P being a
strict subset of NP, or Fermat's "Last Theorem"-- or for which no derivation
exists -- e.g., Godel's reflexive assertion of not being a theorem.  The only
faith required to verify any proof is faith in, first, the logical system on
which the verification is based; and second, the verification's valid stepwise
application of that logical system.  Summarily, one not only can, but logically
must, accept the result of validly applying valid logic to premises that one
accepts, regardless of the extent to which (s)he "comprehends" the result.

Now, if my information that the (non-)existence of a finite projective plane of
order 10 does not qualify as "a theoretical mathematics problem so complex that
it is beyond the capability of the human mind to comprehend" is correct --which
seems likely, given that humans programmed the computer to (dis)prove it-- then
the article was blatantly inaccurate in characterizing the problem as
incomprehensible.  However, whether or not the argument was thus falsely
predicated, its logic was, as proven in the immediately preceding paragraph
above, invalid -- and non-trivially so, as Mr.  Cox's above inferences
therefrom demonstrate.

In response to Mr. Cox's terminal (parenthetic) sentence

> [ The RISKS are obvious. The willingness of people to accept a computer's
> answer on faith (whether at the cash register at the grocery store or in the
> university environment) remains disturbing.                  Henry Cox]

it would be disturbingly anti-progressive of people to continue to trust human
operators more than non-human machines to perform tasks (e.g., tabulating
grocery bills, and operating switching networks) that these machines have
proven themselves superior to humans at executing.

Verifiably yours,                                  -- John C. Bazigos

P.S. Given that the earth's present population is less than 5 billion; it
follows that 1 quadrillion possibilities represents 200,000 possibilities per
person -- which is 4 times the above article's claim of 50,000 per person.

Please report problems with the web pages to the maintainer

Top