Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From the 6 March New York Times, page 1, comes a news item that NASA faces the possibilty of retirement of ALL of its senior and top-level managers, engineers and scientists within five (5!) years. To address this, NASA plans to continue a trend that it has already been implementing. That is, it will seek to capture expert knowledge via expert systems, and where it can, replace people with embedded systems containing this expertise. Currently, NASA is utilizing such systems to perform Space Shuttle fueling and monitoring, countdown diagnostics (some risks there...), and telemetry monitoring and interpreting. For example, NASA says that it can take two years to train an individual to interpret a data stream from a satellite (after which he/she is probably a bit warped). NASA was able to completely replace the console operator in an example of this with an embedded system which included friendlier user display and interpretive knowledge. The article points out that not all of those elegible for retirement will take it, however, if this program is successfull, the decision may be made for some of them. Many of the technical risks of such a program are numerous and obvious. One which may not be quite so obvious is stagnation, that is, how will NASA incorporate new knowledge into its systems and how will such knowledge be developed and recognized. This may be a non-problem, in that previous technological advances (see the steam engine) taught us more than was ever expected when they were invented. Dave Davis, MITRE Corp., 7525 Colshire Dr, McLean, VA 22102
The question of whether we in the U.K. should carry identity cards is
currently being debated, particularly in the press. It has been stirred up by
the Government's intention to introduce identity cards for attendees at
football matches, as part of an attempt to curb hooliganism.
The following appeared as the leading article in The Times on 10th
February (reproduced without permission), and shows a touching, if misplaced,
faith in technology by non-technologists. (The highlighting is my own.)
"British suspicion of identity cards is deeply rooted. But it is not as
profound as is commonly supposed, according to a survey out today.
"Identity cards were compulsory during and immediately after the Second World
War. ... 57 per cent of those questioned in today's survey were in favour ...
". . . everyone has a unique collection of official numbers, including a health
service number, a national insurance number, a passport number, another on
their driving licence and one issued by the Inland Revenue. However free and
libertarian people might feel, they are deeply enmeshed by 20th century
bureaucracy - and for the most part accept their fate without complaint.
"The adoption of an identity card, at least on a voluntary basis, which would
carry such numbers - name, date of birth, nationality, signature and perhaps
blood group - would surely be an advantage for everybody. In one sense it would
be a master key. GIVEN THAT TECHNOLOGY SHOULD MAKE IT IMPOSSIBLE TO FORGE THEM,
such cards could quickly establish one's bona fide. . . ."
Ruaridh Macdonald
In Risks 8:31, Michael C Polinske gives us the newspaper story of two men
caught stealing long distance telephone service, that ran with the headline:
2 MEN ACCUSED OF `HACKER' CRIME
Interesting that the theft of service via hacking gets all the attention, when
part of the story (reproduced below) makes it clear that the headline could
equally well have been:
COMPUTER CATCHES TWO STEALING PHONE SERVICE
...
The company's computer keeps track of all calls that are rejected
because of an improper access code. Clients dialing incorrectly would
cause 10 to 30 rejected calls a month, but sometime last year the
number jumped to 1,000 or 2,000 per month.
Computer printouts showed the unknown parties were repeatedly dialing
the computer and changing the access code sequentially, Reddin said.
Today (February 2nd,1989), 3 hackers have been arrested in Berlin, Hamburg and
Hannover, and they are accused of computer espionage for the Soviet KGB.
According to TV magazine `Panorama' (whose journalists have first published the
NASA and SPANET hacks), they intruded scientific, military and industry
computers and gave passwords, access mechanisms, programs and data to 2 KGB
officers; among others, intrusion is reported of the NASA headquarters, the Los
Alamos and Fermilab computers, the US Chief of Staffs data bank OPTIMIS, and
several more army computers. In Europe, computers of the French-Italian arms
manufacturer Thomson, the European Space Agency ESA, the Max Planck Institute
for Nuclear Physics in Heidelberg, CERN/GENEVA and the German Electron
Accelerator DESY/Hamburg are mentioned. Report says that they earned several
100,000 DM plus drugs (one hacker evidently was drug addict) over about 3
years.
For the German Intelligence authorities, this is `a new quality of espionage'.
The top manager said that they had awaited something similar but are
nevertheless surprised that it happened so soon and with such broad effects.
Summarizing the different events which have been reported earlier - NASA and
SPANET hacks, Clifford Stoll's report of the `Wily Hacker' - I regard this as
essentially the final outcome of the Wily Hackers story (with probably more
than the 3 which have now been imprisoned). It is surprising that the
Intelligence authorities needed so long time (after Cliff's CACM report, in May
1988!) to finally arrest and accuse these crackers. Moreover, the rumors
according to which design and production plans of a Megabit chip had been
stolen from Philips/France computers seems to become justified; this was the
background that CCC hacker Steffen Wernery had been arrested, for several
months, in Paris without being accused. CAD/CAM programs have also been sold to
KBG.
Klaus Brunnstein University of Hamburg/FRG
[There were numerous articles on this topic over the weekend. Because
almost every paper had a little something, our coverage here will
remain light until we have some more definitive reports. PGN]
Regarding today's (3rd of March) news on the West German Hackers who got money and drugs from the KGB: If the story is accurate, this brings up another point about hacking: they could be working for the enemy. Some people consider hackers as harmless pranksters or not much of a threat but this story shows that the bugger running around your system may very well be working for your competitor or even the other side. Scary thought
I object strongly to Peter Large's use of the words "hacking" and "hacker" in a continually negative context, especially since he proposes to outlaw "hacking." Much hacking is wonderful for society. Take Richard Stallman, for example, the driving force behind GNU and the Free Software Foundation. He is a dedicated hacker in the best sense of the word, and I only wish I could hack so well. I cannot accept statements which confuse productive hacking with harmful acts.
> Computer hacking should be made a criminal offence, the CBI said yesterday... Hey, hey, wait a minute...since when has the term "hacker" become synonymous with "criminal"? I strongly object to the insinuation that ALL hackers are criminals. I personally consider the appellation "hacker" to be a badge of honour. I would dearly like to call myself "hacker", but in my own opinion I'm not good enough yet. I would love it if anyone called me a "hacker" (I badly want someone to, but no one has - yet.) According to Steven Levy's "Hackers", the term "hacker" was coined at MIT in the 1950s, and it implied 'serious respect','innovation, style and technical virtuosity' and 'artistry'. Why has this word come to stand for serious wrong-doing today? Today's (March 3rd, 1989) NBC Nightly News with Tom Brokaw had a story about 3 West German "computer hackers" being convicted (and 5 other "hackers" being charged) for providing the Soviets with sensitive computer passwords. Why is it that a computer programmer automatically becomes a "hacker" when it involves a crime? Why couldn't they have reported '...3 West German computer programmers have been convicted...'? If some of you think that I'm making a mountain out of a molehill, then I demand that all programming job classifications be renamed to "Applications Hacker", "Systems Hacker", and so on. It would make at least me very happy. In my humble opinion, this much maligned word is becoming as overused and abused as that other overloaded operator of the late 1980s: "computer virus". Rao Akella, Research Assistant, University of Minnesota CCCSRAO@UMNHSNVE.BITNET
The Wall Street Journal of March 1 1989, page 1, had an article on United's
Flight 811 which mentions:
"The Role of Skill
Training prepares airline pilots for all sorts of emergencies,
but nothing like the one Flight 811 encountered. There aren't any
simulator programs for losing two engines on the same wing of a
747, let alone flying with a 10-by-25 foot hole in the fuselage."
The wording of "on the same wing" suggests there are simulators which
allow one engine on each wing to be lost, so the possibility of multiple
engine failure has not been completely overlooked.
The article later points out there is no way to prepare for all the
possible things that can go wrong.
Scot E. Wilcoxon sewilco@DataPg.MN.ORG {amdahl|hpda}!bungia!datapg!sewilco
Data Progress UNIX masts & rigging +1 612-825-2607 uunet!datapg!sewilco
Viruses and other nefarious hacker activities have been included as plot devices in DC's revival of 'The Shadow'. In this book The Shadow has returned from Shambhalla (sp?) to the West after an absence of over 40 years to carry on his war on the evil that men do. Two of the new agents recruited into his service belong to a hacker consortium calling itself 'The Shadownet'. While the book is not intended as any sort of explication of hacking activities or computer activities in general, I've not seen any outright mistakes in its presentation of hacking. Of course I'm not sure whether it is really that easy to hack into the Orbital Mind Control Lasers. Worth a read if you're interested in the RISKS to society of coordinated networks of technically competent people. Also hysterically funny. "The weed of crime bears bitter fruit..."
I can think of a few examples of computer virii in the comics. In a
semi-recent issue of "Alpha Flight", the story revolves around a virus who's
function is to "transfer credits to author". The virus is "written in
machine code so it can infect any machine". In a not so recent issue of
Iron Man, a "tapeworm" is introduced into the world's computer network to
erase certain blueprints where ever they might appear.
In both instances the virii are portrayed as invincible and able to
infect any computer. I'm afraid that any depiction of viruses in the comics
is going to be simplistic and pretty much out of touch with reality.
Tom
Kelly, a cartoonist in the San Diego Union posted a cartoon recently with several panels discussing the danger of swapping floppies with comments from the cartoon characters like: He: I think we should do it. She: No way, I hardly know you. He: Come on, you only live once. She: No way, there are too many viruses out there. He: You know you want to. She: The threat of infection mortifies me. He: _Please_! She: Well maybe, just this once. He: [he hands her a floppy] She: Trading software is so risky these days. This is good educational techniques. It gets the point across. Leonard P. Levine e-mail len@evax.milw.wisc.edu | Professor, Computer Science Office (414) 229-5170 | University of Wisconsin-Milwaukee Home (414) 962-4719 | Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 |
Marvel Comics traditionally deal with computers in a very intelligent way.
Very often the younger intelligent "super-heroes" are seen using computers for
both work and recreation. This is not to say something totally unfeasible
happens from time to time but this simply requires suspension of disbelief.
The example in point I want to use is the current storyline concerning the
Vision, an android. Due to a previous severe computer crime the Vision was
kidnapped and stripped bare of all software.
To prevent a simple back-up being taken a virus was used to destroy all
saved copies of the Vision's personality. This virus propogated itself
around several machines to ensure the task was completed.
One problem this situation raised was that the Vision's human WIFE was a little
distraught! Could this be a whole new type of RISK to bear in mind?
Guy
Please report problems with the web pages to the maintainer