The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 35

Monday 6 March 1989

Contents

o NASA to replace top-level personnel with Expert Systems
Dave Davis
o A Touching Faith in Technology
Ruaridh Macdonald
o Computer catches thief
Randall [!] Davis
o Computer espionage: 3 `Wily Hackers' arrested
Klaus Brunnstein
o Re: West German Hackers
Dana Kiehl
o The word "hacking"
Geoffrey Knauth
Rao V. Akella
o 747 Simulators Can't Simulate Flight 811 Failures
Scot E Wilcoxon
o Viruses in the comics
Peter Merel
Tom Parker
Len Levine
Guy Robinson
o Info on RISKS (comp.risks)

NASA to replace top-level personnel with Expert Systems

dave davis <davis@community-chest.mitre.org>
Mon, 06 Mar 89 12:52:29 -0500
From the 6 March New York Times, page 1, comes a news item that NASA faces
the possibilty of retirement of ALL of its senior and top-level managers,
engineers and scientists within five (5!) years.

To address this, NASA plans to continue a trend that it has already been
implementing.  That is, it will seek to capture expert knowledge via expert
systems, and where it can, replace people with embedded systems containing this
expertise.  Currently, NASA is utilizing such systems to perform Space Shuttle
fueling and monitoring, countdown diagnostics (some risks there...), and
telemetry monitoring and interpreting.  For example, NASA says that it can take
two years to train an individual to interpret a data stream from a satellite
(after which he/she is probably a bit warped).  NASA was able to completely
replace the console operator in an example of this with an embedded system
which included friendlier user display and interpretive knowledge.

The article points out that not all of those elegible for retirement will take
it, however, if this program is successfull, the decision may be made for some
of them.

Many of the technical risks of such a program are numerous and obvious.  One
which may not be quite so obvious is stagnation, that is, how will NASA
incorporate new knowledge into its systems and how will such knowledge be
developed and recognized.  This may be a non-problem, in that previous
technological advances (see the steam engine) taught us more than was ever
expected when they were invented.

Dave Davis, MITRE Corp., 7525 Colshire Dr, McLean, VA 22102


A Touching Faith in Technology

MACDONALD@hermes.mod.uk <Ruaridh Macdonald>
6-MAR-1989 12:15:22 GMT
     The question of whether we in the U.K. should carry identity cards is
currently being debated, particularly in the press. It has been stirred up by
the Government's intention to introduce identity cards for attendees at
football matches, as part of an attempt to curb hooliganism.

     The following appeared as the leading article in The Times on 10th
February (reproduced without permission), and shows a touching, if misplaced,
faith in technology by non-technologists. (The highlighting is my own.)

"British suspicion of identity cards is deeply rooted. But it is not as
profound as is commonly supposed, according to a survey out today.

"Identity cards were compulsory during and immediately after the Second World
War.  ...  57 per cent of those questioned in today's survey were in favour ...

". . . everyone has a unique collection of official numbers, including a health
service number, a national insurance number, a passport number, another on
their driving licence and one issued by the Inland Revenue.  However free and
libertarian people might feel, they are deeply enmeshed by 20th century
bureaucracy - and for the most part accept their fate without complaint.

"The adoption of an identity card, at least on a voluntary basis, which would
carry such numbers - name, date of birth, nationality, signature and perhaps
blood group - would surely be an advantage for everybody. In one sense it would
be a master key. GIVEN THAT TECHNOLOGY SHOULD MAKE IT IMPOSSIBLE TO FORGE THEM,
such cards could quickly establish one's bona fide. . . ."

Ruaridh Macdonald


Computer catches thief

Sun, 5 Mar 89 15:25:10 est
In Risks 8:31, Michael C Polinske gives us the newspaper story of two men
caught stealing long distance telephone service, that ran with the headline:

        2 MEN ACCUSED OF `HACKER' CRIME

Interesting that the theft of service via hacking gets all the attention, when
part of the story (reproduced below) makes it clear that the headline could
equally well have been:

        COMPUTER CATCHES TWO STEALING PHONE SERVICE
    ...
    The company's computer keeps track of all calls that are rejected
    because of an improper access code.  Clients dialing incorrectly would
    cause 10 to 30 rejected calls a month, but sometime last year the
    number jumped to 1,000 or 2,000 per month.

    Computer printouts showed the unknown parties were repeatedly dialing
    the computer and changing the access code sequentially, Reddin said.


Computer espionage: 3 `Wily Hackers' arrested

Klaus Brunnstein <brunnstein%rz.informatik.uni-hamburg.dbp.de@RELAY.CS.NET>
02 Mar 89 21:43 GMT+0100
Today (February 2nd,1989), 3 hackers have been arrested in Berlin, Hamburg and
Hannover, and they are accused of computer espionage for the Soviet KGB.
According to TV magazine `Panorama' (whose journalists have first published the
NASA and SPANET hacks), they intruded scientific, military and industry
computers and gave passwords, access mechanisms, programs and data to 2 KGB
officers; among others, intrusion is reported of the NASA headquarters, the Los
Alamos and Fermilab computers, the US Chief of Staffs data bank OPTIMIS, and
several more army computers. In Europe, computers of the French-Italian arms
manufacturer Thomson, the European Space Agency ESA, the Max Planck Institute
for Nuclear Physics in Heidelberg, CERN/GENEVA and the German Electron
Accelerator DESY/Hamburg are mentioned. Report says that they earned several
100,000 DM plus drugs (one hacker evidently was drug addict) over about 3
years.

For the German Intelligence authorities, this is `a new quality of espionage'.
The top manager said that they had awaited something similar but are 
nevertheless surprised that it happened so soon and with such broad effects.

Summarizing the different events which have been reported earlier - NASA and
SPANET hacks, Clifford Stoll's report of the `Wily Hacker' - I regard this as
essentially the final outcome of the Wily Hackers story (with probably more
than the 3 which have now been imprisoned). It is surprising that the
Intelligence authorities needed so long time (after Cliff's CACM report, in May
1988!) to finally arrest and accuse these crackers. Moreover, the rumors
according to which design and production plans of a Megabit chip had been
stolen from Philips/France computers seems to become justified; this was the
background that CCC hacker Steffen Wernery had been arrested, for several
months, in Paris without being accused. CAD/CAM programs have also been sold to
KBG.
                    Klaus Brunnstein           University of Hamburg/FRG

     [There were numerous articles on this topic over the weekend.  Because
     almost every paper had a little something, our coverage here will
     remain light until we have some more definitive reports.  PGN]


re: West German Hackers

Dana Kiehl <Kiehl@DOCKMASTER.ARPA>
Fri, 3 Mar 89 09:36 EST
Regarding today's (3rd of March) news on the West German Hackers who got
money and drugs from the KGB:

 If the story is accurate, this brings up another point about hacking: they
could be working for the enemy. Some people consider hackers as harmless
pranksters or not much of a threat but this story shows that the bugger
running around your system may very well be working for your competitor or
even the other side. Scary thought


The word "hacking" (RISKS-8.33)

Geoffrey Knauth <lloyd!sunfs3!geoff@hscfvax.harvard.edu>
Fri, 3 Mar 89 10:14:09 EST
I object strongly to Peter Large's use of the words "hacking" and "hacker" in a
continually negative context, especially since he proposes to outlaw "hacking."

Much hacking is wonderful for society.  Take Richard Stallman, for example, the
driving force behind GNU and the Free Software Foundation.  He is a dedicated
hacker in the best sense of the word, and I only wish I could hack so well.  I
cannot accept statements which confuse productive hacking with harmful acts.


[RISKS] `Hey...Who are you calling a "hacker"?' (RISKS-8.33)

"Rao V. Akella" <CCCSRAO@UMNHSNVE.BITNET>
03/03/89 19:28:42
> Computer hacking should be made a criminal offence, the CBI said yesterday...

Hey, hey, wait a minute...since when has the term "hacker" become synonymous
with "criminal"?  I strongly object to the insinuation that ALL hackers are
criminals.  I personally consider the appellation "hacker" to be a badge of
honour.  I would dearly like to call myself "hacker", but in my own opinion I'm
not good enough yet.  I would love it if anyone called me a "hacker" (I badly
want someone to, but no one has - yet.)

According to Steven Levy's "Hackers", the term "hacker" was coined at MIT in
the 1950s, and it implied 'serious respect','innovation, style and technical
virtuosity' and 'artistry'.  Why has this word come to stand for serious
wrong-doing today?  Today's (March 3rd, 1989) NBC Nightly News with Tom Brokaw
had a story about 3 West German "computer hackers" being convicted (and 5 other
"hackers" being charged) for providing the Soviets with sensitive computer
passwords.  Why is it that a computer programmer automatically becomes a
"hacker" when it involves a crime?  Why couldn't they have reported '...3 West
German computer programmers have been convicted...'?  If some of you think that
I'm making a mountain out of a molehill, then I demand that all programming job
classifications be renamed to "Applications Hacker", "Systems Hacker", and so
on.  It would make at least me very happy.  In my humble opinion, this much
maligned word is becoming as overused and abused as that other overloaded
operator of the late 1980s: "computer virus".

Rao Akella, Research Assistant, University of Minnesota CCCSRAO@UMNHSNVE.BITNET


747 Simulators Can't Simulate Flight 811 Failures

Scot E Wilcoxon <sewilco@datapg.mn.org>
5 Mar 89 04:00:27 GMT
The Wall Street Journal of March 1 1989, page 1, had an article on United's
Flight 811 which mentions:
    "The Role of Skill
       Training prepares airline pilots for all sorts of emergencies,
    but nothing like the one Flight 811 encountered.  There aren't any
    simulator programs for losing two engines on the same wing of a
    747, let alone flying with a 10-by-25 foot hole in the fuselage."

The wording of "on the same wing" suggests there are simulators which
allow one engine on each wing to be lost, so the possibility of multiple
engine failure has not been completely overlooked.

The article later points out there is no way to prepare for all the
possible things that can go wrong.

Scot E. Wilcoxon  sewilco@DataPg.MN.ORG    {amdahl|hpda}!bungia!datapg!sewilco
Data Progress    UNIX masts & rigging  +1 612-825-2607    uunet!datapg!sewilco


Viruses in the comics

Peter Merel <pete@attila.oz.au>
Sun, 5 Mar 89 23:58:16 AES
Viruses and other nefarious hacker activities have been included as plot
devices in DC's revival of 'The Shadow'. In this book The Shadow has returned
from Shambhalla (sp?) to the West after an absence of over 40 years to carry on
his war on the evil that men do. Two of the new agents recruited into his
service belong to a hacker consortium calling itself 'The Shadownet'.

While the book is not intended as any sort of explication of hacking activities
or computer activities in general, I've not seen any outright mistakes in its
presentation of hacking. Of course I'm not sure whether it is really that easy
to hack into the Orbital Mind Control Lasers.

Worth a read if you're interested in the RISKS to society of coordinated
networks of technically competent people. Also hysterically funny. "The weed of
crime bears bitter fruit..."


Viruses in the comics

Tom Parker <firewind%xroads%sunburn@sun.UUCP>
3 Mar 89 22:33:25 MST (Fri)
 
     I can think of a few examples of computer virii in the comics.  In a
semi-recent issue of "Alpha Flight", the story revolves around a virus who's
function is to "transfer credits to author".  The virus is "written in
machine code so it can infect any machine".  In a not so recent issue of
Iron Man, a "tapeworm" is introduced into the world's computer network to
erase certain blueprints where ever they might appear.
     In both instances the virii are portrayed as invincible and able to
infect any computer.  I'm afraid that any depiction of viruses in the comics
is going to be simplistic and pretty much out of touch with reality.
                                        Tom


Viruses in the comics

"Len Levine" <len@evax.milw.wisc.EDU>
Fri, 3 Mar 89 11:27:38 CDT
Kelly, a cartoonist in the San Diego Union posted a cartoon recently with
several panels discussing the danger of swapping floppies with comments from
the cartoon characters like:

He:  I think we should do it.
She: No way, I hardly know you.

He:  Come on, you only live once.
She: No way, there are too many viruses out there.

He:  You know you want to.
She: The threat of infection mortifies me.

He:  _Please_!
She: Well maybe, just this once.

He:  [he hands her a floppy]
She: Trading software is so risky these days.

This is good educational techniques.  It gets the point across.

Leonard P. Levine               e-mail len@evax.milw.wisc.edu |
Professor, Computer Science             Office (414) 229-5170 |
University of Wisconsin-Milwaukee       Home   (414) 962-4719 |
Milwaukee, WI 53201 U.S.A.              Modem  (414) 962-6228 |


Intelligent treatment of viruses in comics

<"Guy_Robinson.SBDERX<"@Xerox.COM>
6 Mar 89 02:47:04 PST (Monday)
Marvel Comics traditionally deal with computers in a very intelligent way.
Very often the younger intelligent "super-heroes" are seen using computers for
both work and recreation.  This is not to say something totally unfeasible
happens from time to time but this simply requires suspension of disbelief.

The example in point I want to use is the current storyline concerning the
Vision, an android.  Due to a previous severe computer crime the Vision was
kidnapped and stripped bare of all software.

To prevent a simple back-up being taken a virus was used to destroy all
saved copies of the Vision's personality.  This virus propogated itself
around several machines to ensure the task was completed.

One problem this situation raised was that the Vision's human WIFE was a little
distraught! Could this be a whole new type of RISK to bear in mind?
                                                                      Guy

Please report problems with the web pages to the maintainer

Top