The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 47

Saturday 1 April 1989

Contents

o Summary of recent news briefs on "hacker" activity
Anonymous
o "Free Fall" -- new book on 1983 Air Canada near-disaster
Rich Wales
o Farm worker killed by conveyor
Walter Roberson
o Hackers dictionary in Japanese?
Les Earnest
o Undetected Monitoring Programs and Privacy Rights
Donald B. Wechsler
o Re: Ada and Airbus
John Knight via A. Blakemore and Mike Linnig
o Galactic Hacker Party
Rop Gonggrijp
o Virus in PKARC software
Bob Kozlarek via Robert Casey via A-N-Onymouse
o Computer Documentation Course Queries
Stephen W. Thompson
o Info on RISKS (comp.risks)

Summary of recent news briefs on "hacker" activity

<[Anonymous]>
Sat, 1 Apr 89 00:00:00 -0000
  March 17, Newsweek: "I Must Set A Proper Example." Interviewed on the
MacNeil-Lehrer show yesterday, the president's nominee for head of the Office
of the War on Addiction said that if confirmed he will abstain from use of his
private Macintosh while he is in office.

  March 19, Wall Street Journal headline story: "HTH International announces
$20M Initial Stock Offering, opening a new chain of hacker treatment homes."

  March 20, AP, Murray Hill, NJ: At a meeting of Hackers Anonymous last
evening, well-known computer scientist C.A.R. Cudder declared, "I am a
hackaholic."

  March 23, San Francisco Chronicle: The head of one of the largest insolvent
savings and loan institutions (having lost $6 billion, with evidence of
substantial internal fraud) attributed its demise to "malicious hacker activity
by holders of student loans".

  March 24, Raleigh Times: RJ Reynolds Co today withdrew its newest product,
the Hackerette.  A spokesman explained that it features a program filter that
delivers a hacking-equivalent jolt with no provably harmful side-effects.  The
filter had apparently been infected by a tobacco virus.

  March 25, Charleston Gazette: In his weekly sermon, a noted TV evangelist
sharply condemned Hackers Anonymous for distributing sanitized workstations to
confirmed hackers.  He declined to comment on the new interactive video game,
Satanic Nurses.

  March 27, Los Angeles Times: Interviewed on a corner at Rodeo Drive
yesterday, the former first lady offered her advice to teen-age hackers: "Just
say Logoff!" One block away, a street vendor offered the reporter an updated
map of the movie stars' homes including modem phone numbers and passwords.

  March 28, CBS News: A notorious hacker, convicted of fraud earlier in the
week, was released with a suspended sentence.  He denied that it was he, using
his one post-arrest phone call, who had transferred $500,000 from the municipal
court's traffic-fine account into the judge's personal checking account.

  Number 1 on the NY Times best-selling book list for the week ending March 31:
The Six-Week Program-All-You-Want Crash Cure for Hacking, published by Hackers
Anonymous.

  April 1: According to advance promos, on `Nightline' tonight a noted TV
evangelist will admit to Ted Koppel that he paid a hacker to demonstrate
computer intrusion in his motel room.

         [Several items from the National Enquirer and the Weakly Whirled News
         were low on credibility, and have been omitted from this compendium.
         By the way, in general I do not like to accept anonymous messages,
         unless for some reason it is essential to protect the author or 
         his/her associations; furthermore, anonymous messages should have
         a higher level of accuracy and precise references than attributed
         contributions -- although ALL authors should follow the masthead
         guidelines.  PGN]


"Free Fall" -- new book on 1983 Air Canada near-disaster

Rich Wales <wales@CS.UCLA.EDU>
Fri, 31 Mar 89 16:49:02 PST
The April 1989 _Reader's Digest_ contains a condensed version of a new book,
_Free Fall_.  The subject is Air Canada Flight 143 (23 July 1983) from
Ottawa to Edmonton, which came extremely close to becoming a major disaster
when the airplane (a Boeing 767) ran completely out of fuel while in the air.  

The problem resulted from a combination of circumstances:

(1) Both the electronic sensor designed to measure the fuel supply, and
    its backup, failed, and the necessary replacement parts were not
    readily available.  This meant that the crew had no direct indica-
    tion in the cockpit of their fuel status; the fuel gauges were
    dependent on the plane's computer equipment and were thus blank.

(2) A "dipstick" procedure for measuring fuel supply by hand was done
    incorrectly, leading the mechanics to conclude that the plane had
    more fuel than was in fact the case (and, thus, that it was safe to
    fly the plane without working fuel gauges!).  The error was later
    traced to the fact that the airplane was one of the first Canadian
    767's built to metric specifications -- and the mechanics had com-
    mitted a simple math error because they were still used to measuring
    fuel in pounds instead of kilograms.

Further, when the plane finally ran completely out of fuel and both
engines failed, the entire instrument panel -- now bereft of electrical
power -- went blank.  The radar transponder also failed, making it
impossible for air traffic controllers to track the plane.  Fortunately,
an older radar facility in Winnipeg was still operational, enabling some
degree of tracking from the ground.

Fortunately as well, the pilot of the now powerless and instrumentless
767 had had extensive experience as a gliding instructor.  He managed to
land the jet -- without engines -- at an abandoned military airstrip
about 50 miles north of Winnipeg.  Although a small fire broke out in
the plane, it was quickly extinguished.  No one (either in the plane or
on the ground) was killed or seriously injured; the plane, however, nar-
rowly missed hitting several people camped on or near the long-abandoned
runway.  The plane sustained moderate damage, primarily because the nose
gear did not extend all the way to its "locked" position and collapsed
on landing; but it was eventually repaired and still flies today.

Air Canada initially laid the blame on the pilot, co-pilot, and mainten-
ance workers (the pilot had at one point tried to help the struggling
ground crew with the fuel calculations, but ended up making the same
math error).  Eventually, though, a board of inquiry commissioned by the
Canadian federal government overturned this ruling and cited Air Cana-
da's rush to introduce a new aircraft that weighed fuel in kilos (while
older planes continued to use pounds), without giving adequate training
to the maintenance personnel, as the major cause of the accident.  Both
pilot and co-pilot received numerous awards for the skills they dis-
played in saving Flight 143, and both continue to fly airplanes for Air
Canada.

My reporting of this story is not intended as a condemnation of the
metric system.  Indeed, I myself have long been a staunch advocate of
metrication.  But the RISK of confusion and error attendant with conver-
sion to a new and unfamiliar system of measurement -- coupled with the
RISK of depending on advanced electronic systems that leave one little
or no manual recourse if they should fail -- deserves note.

-- Rich Wales // UCLA Computer Science Department // +1 (213) 825-5683
   3531 Boelter Hall // Los Angeles, California 90024-1596 // USA
   wales@CS.UCLA.EDU      ...!(uunet,ucbvax,rutgers)!cs.ucla.edu!wales


Farm worker killed by conveyor

<Walter_Roberson@carleton.ca>
Thu, 30 Mar 89 22:24:29 EST
Tuesday (March 28), a 16 year old farm worker was killed "when he was caught
between a conveyor belt and a doorframe." The details aren't clear from the
article, but the article does say that an electrical breaker, a plug, a kill
switch, and a direction control were all within the worker's reach at the
time he was killed. The worker's overalls became snagged on the chain-type
conveyor, which was only moving at one foot per minute. The implication from
the article seems to be that the youth had never been taught how to turn off
the machine!

  Walter Roberson <Walter_Roberson@Carleton.CA>

     [There have been several computer/robot-related deaths in the past.
     This one gets included as a "related system" (see masthead) and the
     necessity of being trained to copy with exceptional situtations.  PGN]


Hackers dictionary in Japanese?

Les Earnest <LES@SAIL.Stanford.EDU>
30 Mar 89 2155 PST
I received an off-the-wall phone call last night from an editor who is
overseeing the translation of the Hackers Dictionary into Japanese.  That
amusing compilation was put together a decade or so ago by A.I.  grad students
at Stanford, MIT, and Carnegie-Mellon and recorded the then-current vernacular
of their shared cultures.  They did it for fun, but it somehow ended up getting
published.

The Hackers' Dictionary contains more than a few puns, jokes, and other things
that are hard to translate such as "moby," as in "moby memory", or "fubar" and
its regional variants "foo bar" and "foo baz".  While a Japanese version of
this dictionary might be of some limited value to a person who comes to the
U.S. for an extended visit, there are clearly some risks involved in attempting
such a translation.

The particular problem that prompted the call was the definition of "logical."
Apparently the dictionary gives as an example a statement something like "If
Les Earnest left and was replaced by another person, the latter would be known
as the logical Les Earnest."  This had been written when I was the principal
bureaucrat of the Stanford A.I. Lab. and was apparently intended to describe
some set of responsibilities that could be transferred from one person to
another.

The editor reported that the Japanese translator had been hopelessly confused
by this example; he found "earnest" in the dictionary but was unable to figure
out what a "Les Earnest" was.  The editor had tried to explain it to him but
was unable to get the idea across.  He finally called me to find out what my
official job title had been, so that he could describe the example in more
generic terms.

I hope that they manage to work it out, but I am not willing to bet that the
Japanese Hackers Dictionary will be fully comprehensible.
                                                                Les Earnest

    [If he were Less Earnest, this would have been Less Interesting.  PGN]


Undetected Monitoring Programs and Privacy Rights

Donald B. Wechsler <m17434@mwvm.mitre.org>
Friday, 31 Mar 1989 18:14:17 EST
PC WEEK (March 27, 1989) reports:

     "The recent rash of remote local area network software
     packages has thrust the PC industry into a national
     controversy over electronic monitoring and workers'
     rights to privacy.

     At question is whether or not products such as . . .
     Microcom Inc.'s Carbon Copy, which can be configured to
     allow undetected monitoring of PCs, violate workers'
     Fourth Amendment rights 'of people to be secure in
     their persons, houses, papers and effects, against
     unreasonable searches and seizures.'

     In answer to complaints from Massachusetts unions that
     workers' rights are being violated, the Massachusetts
     Coalition of New Office Technology (CNOT) plans to set
     up some guidelines to regulate employers who opt for
     electronic monitoring.  The group's first step is to
     file a bill with the Massachusetts Dept. of Labor that
     would force employers to notify job applicants of any
     electronic monitoring . . . and to inform workers when
     they are being monitored."

Carbon Copy is usually perceived as software which allows one PC to be
controlled from another remotely located one.  But programs like Carbon Copy
can be configured to observe network activity without a user's permission,
detection, or override.  Lisa Morel of Microcom reports that:  "the ones who
are asking about it [undetected monitoring] are the system managers."

While monitoring software can provide important network trouble- shooting and
tuning help, users may view its secret operation as "condoned tapping."
Monitoring differs from event logging.  More than recording what the user does,
monitoring software clones the user's activity on the observer's terminal.

Interest in using undetected monitoring programs may increase with growing
concern about network security and management.  These programs are not limited
to PC platforms.  Moreover, serious reservations reach beyond the nasty
business of how managers gather employee performance data.

o  The observer may monitor user access to organizationally
   sensitive information.

o  Secret monitoring conflicts with the Information Resource
   Management (IRM) principle of user data ownership.

o  From a lay legal view:

     -  In a Federal government environment (including
        contractors), secret monitoring of user access to
        personnel information could lead to violation of the
        Privacy Act of 1974 (Public Law 93-579).

     -  Undetected monitoring of a third-party's remote session
        could violate the Electronic Communications Privacy Act
        of 1986 (Public Law 99-508).

In efforts to preserve security and integrity, are system managers and their
parent organizations prepared to handle the ramifications of secret monitoring?


Re: Ada and Airbus (Let's not start any stupid rumors) [RISKS-8.46]

<linnig@skvax1.csc.ti.com>
Thu, 30 Mar 89 12:10:58 CST
From: blakemor@software.ORG
Newsgroups: comp.lang.ada
Subject: Re: Ada and the airbus disaster

   I am forwarding this reply from John Knight at SPC -- AB

   Ada has not been used in any AIRBUS system that I know of that is in
production.   It has been used to develop a shadow AIRBUS flight control
system to evaluate Ada.   The system turned out very slow so they used a
faster CPU to ensure meeting deadlines (actually, 4 times faster).

             [However, stay tuned for an update on the Air France Airbus A-320
             story, expected to be published in this country on 2 April.  PGN]


Galactic Hacker Party

ROP GONGGRIJP <rop@neabbs.UUCP>
Thu Mar 30 02:00:20 1989
GALACTIC HACKER PARTY

                2nd, 3rd, 4th of August 1989
                                 PARADISO, AMSTERDAM, HOLLAND

During the summer of 1989 the world as we know it will go into overload.
An interstellar particle stream of hackers, phone phreaks, radioactivists
and assorted technological subversives will be fusing their energies into a
media melt-down as the global village plugs into Amsterdam for three
electrifying days of information interchange and electronic capers.

Aided by the advanced communications technology to which they are accustomed,
the hacker forces will discuss strategies, play games, and generally have a
good time.  Free access to permanently open on-line facilities will enable them
to keep in touch with home base -- wherever that is.

Those who rightly fear the threat of information tyranny and want to learn what
they can do about it are urgently invited to interface in Amsterdam in August.
There will be much to learn from people who know.  Celebrity guests with
something to say will be present in body or electronic spirit.

The Force must be nurtured.  If you are refused transport because your laptop
looks like a bomb, cut off behind enemy lines, or unable to attend for any
other reason, then join us on the networks.  Other hacker groups are requested
to organize similar gatherings to coincide with ours.  We can provide low-cost
international communications links during the conference.

For further information, take up contact as soon as possible with:

HACK-TIC                           PARADISO
P.O. box 22953                     Weteringschans 6-8
1100 DL  Amsterdam                 1017 SG  Amsterdam
The Netherlands                    The Netherlands

tel: +31 20 6001480                tel: +31 20 264521 / +31 20 237348
fax: +31 20 763706                 fax: +31 20 222721

uucp : ..!mcvax!neabbs!rop  fido : 2:280/1 Hack Tic  telex: 12969 neabs nl


Virus in PKARC software

<portal!cup.portal.com!A-N-Onymouse@unix.SRI.COM>
Fri, 31-Mar-89 03:44:01 PST
The following was posted on USENET:

From: rfc@briar.philips.com (Robert Casey;6282;3.57;$0201)
Newsgroups: rec.ham-radio,rec.ham-radio.packet
Subject: virus in PKARC software
Message-ID: <47960@philabs.Philips.Com>
Date: 27 Mar 89 14:34:24 GMT
Date-Received: 28 Mar 89 14:49:14 GMT
Sender: news@philabs.Philips.Com
Organization: Philips Laboratories, Briarcliff Manor, NY

copied from packet:
Date: 25 Mar 89 03:56:53 UTC (Sat)
From: wa2sqq@kd6th.nj.usa.hamradio (BOB        )

            WARNING ! WARNING ! WARNING !

From:    WA2SQQ Bob Kozlarek
Subject: Software Virus
    PKZIP/PKUNZIP .92
     AM40/AM41

Recent developments in the software world have required the famous PKARC
software to be replaced by a new version called PKZIP/PKUNZIP.

While several versions have been seen, the latest appears to be version .92
.  Usually listed on landline BBS's is a program which will provide a menu
driven screen for PKZIP, usually listed as AM-40 or AM-41.

After running these one time, the embedded virus allocated 13 meg of memory
to "never never land". It appears that this "strain" looks to see how much
memory is occupied on the HD and then proceeds to gobble up an equal amount
of unused memory.  The results are devastating if you have more than 50% of
the drives capacity in use.  With the assistance of Gary WA2BAU I was able
to retrieve the lost memory by using CHKDSK /f.  For those of you who are
not familiar with this DOS command, drop me a line @KD6TH and I'll
elaborate.  My sincere thanks goes out to Gary WA2BAU for saving me lots of
disk handling ! Please pass this on to your local BBS and be sure to include
the remedy.

    Best 73 de WA2SQQ,     Bob Kozlarek,     @KD6TH in Wycoff, NJ


Computer Documentation Course Queries

"Stephen W. Thompson" <thompson@a1.quaker.in>
Thu, 09 Mar 89 13:53:13 -0500
Considering the dangers of using software and hardware for which doc is
poor, I think that the following, found on a distribution list I receive,
is very appropriate for this list.  Certainly RISKS readers are likely
to have many good suggestions, and a discussion of how we may
improve how we create/use/misuse documentation would be, to me,
quite useful.  Responses to Joel's query go, of course, directly to
him, but I'd think that discussion can go to RISKS.  (Subject to
the usual RISKS guidelines and our moderator's opinion, of course.)

>+++++++++++++++++++++++++ SCUP BITNET NEWS +++++++++++++++++++++++++++++
>  February 14, 1989      SCUP@TUFTS.BITNET           VOLUME 3, NUMBER 5
>      A service of the Society for College and University Planning
>         Edited by John A. Dunn, Jr., Vice-President, SCUP
>   Institutional Planning Office, Tufts University, Medford, MA  02155
>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   ...
>             COMPUTER DOCUMENTATION COURSE QUERIES
>    Joel Kahn, Southwest Missouri State University (JCD715T@SMSVMA)
>
>I am working on a proposal to add to the curriculum here a course in
>writing computer documentation.  The course, as currently envisioned,
>would deal with both hardware and software docs, and would focus
>primarily on satisfying the needs of the non-technical end-user.  The
>course would be offered by the English department but might be included
>in the degree programs of other departments such as Computer Science,
>Communication, etc.
>
>In order to provide evidence for the need for this course, I'm
>gathering information on the attitudes of users toward the state of
>computer documentation today.  Anyone who would like to assist me can
>do so by answering the following questions:
>
>1)  On the usual scale of F to A, what overall grade would you give
>    to the docs you've used over the past few years?
>
>2)  What is/are the most common, persistent, and/or destructive
>    problem(s) you've encountered in these docs?
>
>I would also be grateful if anyone who has had direct experience with this kind
>of course  --  as teacher, student, whatever  --  would give me useful advice.
> ....

I sent Joel mail asking for permission to submit his query to RISKS.
His response is also thought provoking.

>Date:    9-Mar-1989 09:13am EST
>From:    JCD715T@SMSVMA.BITNET
>Subject: Documentation Survey
>
>Dear Steve,
>
>I would be pleased if you would forward my docs survey to RISKS and to
>any other lists that you think might be suitable. In addition, I would
>like to start gathering data on this through the SnailNet, for a number
>of reasons that I won't go into here. The vital info:
>
>Joel Kahn
>534 E. Grand
>Springfield, MO 65807
>
>Please circulate this address to any and all interested parties,
>especially people connected with magazine and book publishing.
>I think I'm onto something big here, something that goes far beyond
>one course at one school. I seem to have tapped into a great wellspring
>of anger and frustration, and the material I've gathered should be good
>for at least an article, if not a whole volume.
>
>I thought you might be interested in an interim summary of the results,
>so here it comes.
>
>Overall average grade: C-. (Personally, I think they were too lenient.)
>
>Most common complaints (in no particular order):
>
>     Inability by writers to see non-technical end-user's viewpoint;
>     Lack of GOOD examples;
>     Lack of good index or any index at all;
>     IBM in general. [....]
>
>Usual disclaimers: SMSU bears no responsibility for anything in this
>letter; results are totally unscientific and informal; use only as
>directed; your mileage may vary; etc, etc, etc. . . .
>
>                                                    Joel Kahn

Stephen W. Thompson, 215-898-4585
Institute for Research on Higher Education
University of Pennsylvania, Philadelphia, PA  19104

------ End of Forwarded Message

Please report problems with the web pages to the maintainer

Top