The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 9 Issue 92

Thursday 17 May 1990

Contents

o Army chafes under Congress' robot weapons ban
Jon Jacky
o Re: [London] Tube train leaves ... without its driver
Gavin Oddy
o Re: First Hubble Images Delayed To Conduct Focusing Tests
Karl Lehenbauer
o ANI for the criminal as well as the private citizen
Brad Templeton
o Computer Virus Solicitation
Andy Warinner
o Feds Pull Plug On Hackers
Bob Sutterfield
Rick Clark
o Re: Military Viruses
Jim Vavrina via David Brierley
o Re: Magnetic ID cards for all Israeli citizens
Amos Shapir
o Risks of Laser Printouts
David Tarabar
o Info on RISKS (comp.risks)

Army chafes under Congress' robot weapons ban

Jon Jacky <JON@GAFFER.RAD.WASHINGTON.EDU>
Tue, 15 May 1990 11:48:19 PDT
The following dialog occurred in hearings before the U.S. Congress' House
Appropriations Committee in March, 1989:

Mr. (Martin Olav) Sabo (Rep. from Minnesota): I am curious about robotics
and what you see as its future.  I forget particular programs as we go along,
but I was involved in discussions last year with the other body on a program.
They seemed very negative on robotics research, which struck me as something we
should be aggressively pursuing.

Mr. (George T.) Singley (Director of Army Research and Technology):  We have a
problem about restrictions placed on us, but not on the Marine Corps, relative
to Army robotic vehicles, so our robotics program does not include weapons on
unmanned ground vehicles. ...

Mr. (John P.) Murtha (Rep. from Pennsylvania): Restrictions by whom?

Mr. Singley: By Congress.

Mr. Murtha: We put restrictions ---

(Lt.) General (Donald S.) Pihl (Deputy to the Assistant Secretary of the Army
for R&D):  To put a weapon on a robot vehicle.  We were told to restrict our
robotic vehicle work to reconnaissance and surveillance.

Mr. Sabo: Generated by the other body?

General Pihl: Yes, sir.

Mr. Murtha: Staff tells me that in the conference last year, that the Senate
wanted to go forward with robotics research and make sure you got the bugs
worked out before you started working out systems with weapons; does that make
sense?

General Pihl: Yes, sir.  It is a logical approach as long as you don't have a
restriction on weaponizing the unmanned ground vehicle forever.

Mr. Murtha: What would you recommend we do this year?

General Pihl: Sir, I think you should allow the Army to proceed with a
roboticized look at a ground-launched Hellfire system in conjunction with the
Marine Corps.  I think that would be a good thing to do.

Mr. Murtha: Let's move on ... [ to other topics...]

The reference is: Department of Defense Appropriations for 1990, Hearings
Before a Subcommittee of the Committee on Appropriations, House of
Representatives, One Hundred First Congress, First Session, Subcommittee on the
Department of Defense.   (Superintendent of Documents "Su Docs" number: YkAp6/1
 D36/5/990/pt. 7), pages 132-133.

Jonathan Jacky                            University of Washington


[London] Tube train leaves ... without its driver

gco <gco@gec-mrc.co.uk>
16 May 1990 10:43:49-BST
Regarding Stephen Page's contribution of 16 Apr 90...

This incident was used as an example at a colloquium on Systems Engineering
which I attended yesterday, where it was referred to as the handbag problem.
It seems that the system designers had succeeded in optimising the controls on
the train to two buttons: one to close the doors and another to start the
train.  An interlock prevented the train starting until the doors were indeed
closed.

The driver of the train in question decided to optimise the system design
further (to one button) by taping the second of these buttons permanently
down so that (s)he only had to press the button to close the doors.  The
train would then go once they had closed as the second button was always
depressed.  This worked satisfactorily until a handbag became trapped in
the doors and, as reported, the driver (following his training) went to
the doors and prised them apart, freeing the handbag, allowing the doors
to close and completing the set of events required for the train to
depart (without the driver).

The driver had failed to realise and/or take into account that the second
button (for making the train go) was implementing the requirement that the
driver should be in the cab before the train could go.

In retrospect, perhaps the action of depressing the second button (rather than
the state of depression) should have been required to start the train; but such
statements are easy to make with hindsight.
                                                       Gavin Oddy


First Hubble Images Delayed To Conduct Focusing Tests (RISKS-9.91)

Karl Lehenbauer <karl@sugar.hackercorp.com>
16 May 90 08:09:09 CDT (Wed)
A brief report in Aviation Week (May 14, 1990, page 42) says that the first
test pictures from the Hubble Space Telescope are being delayed until ground
controllers can conduct optical system focusing exercises.

Hubble engineers have been trying to determine why the telescope's guidance
sensors were not properly locking onto "guide stars."  They have since
determined that there was an error in the pointing data provided to the
telescope by the Space Telescope Science Institute.

    The error occurred because someone several years ago inserted
    a plus sign instead of a minus sign in a computer program
    being prepared to aid in early telescope checkout.

    The star data being used came from a 1954 star survey.
    Engineers realized the Earth's precession in relation to
    the 30-year-old star data would have to be accounted for
    in the Hubble checkout data.

    The precession equated to an 18 arc minute reduction in the
    coordinates of the star field, but a programmer accidentally
    added 18 arc minutes instead.

    That resulted in the telescope being a full 0.5 degrees off
    target in the initial pattern recognition tests.

Engineers are also working to solve a .1 Hz jitter problem the telescope has
for 20 to 30 minutes whenever it passes from the dark side of its orbit into
sunlight.  They believe the problem is related to thermal effects from the
telescope's solar arrays, but they doubt the problem will seriously affect
the telescope's mission.


ANI for the criminal as well as the private citizen

Brad Templeton <brad@looking.on.ca>
Mon, 7 May 90 16:53:53 EDT
The following article appeared in clari.tw.telecom, and I thought it was
appropriate for RISKS.  Reprinted with permission, for use within the RISKS
digest only.  (For more information on the ClariNet news service, write to
info@clarinet.com.)  While I have no sympathy for drug dealers, I don't feel
that this is a negative aspect of ANI.  I myself would like to know if a call
comes from the Police, Government or other enforcement agency, even if I have
done nothing wrong.

>Subject: Drug dealers find uses for Caller ID equipment
>Keywords: illegal drugs, legal, telecom, media

    BALTIMORE (UPI) -- Like telephone pagers and mobile cellular phones
before it, the latest in telephone technology, the Caller ID machine, is
proving a valuable tool for drug traffickers.
    Drug enforcement officials in Baltimore say that the Caller ID
machines are starting to turn up in drug raids, which may be proof that
once again, dealers find benefits in the communications revolution.
    Caller ID, which has been on the market for several months, has
been advertised as a means of crime prevention -- giving people receiving
harrassing calls a chance to see the phone number the call is being made
from even before they pick up the receiver.
    But such a service apparently also means that drug dealers, eager
to protect their business from undercover police operations, can screen
the phone calls they receive and refuse to answer a suspicious call.
    ``It's frightening,'' said Assistant U.S. Attorney Katharine
Armentrout, who has seen Caller ID equipment confiscated in drug raids.
    Even though an undercover police operation would have a different
phone number than a police station, dealers could worry about calls from
an unfamiliar exchange.
    ``The question then becomes, `Where are you calling from?''' a
federal surveillance expert told the Baltimore Sun, in an article
printed in Sunday's editions. ``Or more to the point, `Why aren't you
calling me from your usual pay phone?'''
    The problem has been much the same with other recent progress made
in the telecommunications industry. Pagers were developed for doctors,
lawyers and other professionals, but dealers have found them useful. And
mobile cellular telephones have created a myriad of surveillance
problems for police tracking drug dealers.
    Phone company officials in the Baltimore and Washington areas say
they are looking for ways to solve the problems law enforcement agencies
have with the Caller ID equipment.
    ``We're committed to finding solutions,'' said Al Burman, a
spokesman for C&P Telephone Co. ``There are a number of things that can
be done that aren't being done.''
    One solution may be to block certain numbers from being picked up
by the machines. Burman said there are enough numbers in the Baltimore
area not linked to the Caller ID system currently to avoid arousing any
suspicions.
    Police officials pointed out, however, that as more telephone
numbers become linked with the system, blocked numbers will become more
suspicious to traffickers.

Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473


Computer Virus Solicitation

Andy Warinner <andy@tasha.UUCP>
11 May 90 11:54:50 CDT (Fri)
There has been some discussion in the media and the net lately about the
Department of Defense sponsoring research into computer viruses.  Here is the
solicitation in question.  It is part of the government's Small Business
Innovative Research (SBIR) program.  The SBIR program is designed to help small
companies develop advanced technologies.  Up to $50,000 can be awarded in Phase
I and up to $500,000 can be awarded in Phase II.


Title:  Computer Virus Electronic Counter Measure (ECM)

Objective:  The objective shall be to determine the potential for using
"computer viruses" as an ECM technique against generic military communications
systems/nets and analyzing its effects on various subsystem components.

Description:  The purpose of this research shall be to investigate potential
use of computer viruses to achieve traditional communications ECM effects in
targeted communications systems.  These effects can include data (information)
disruption, denial, and deception, but other effects should also be researched
such as effects on executable code in processors, memory, storage management,
etc.  Research in effective methods or strategies to remotely introduce such
viruses shall also be conducted.  Efforts in this area should be focused on
RF atmospheric signal transmission such as performed in tactical military
data communications.

Phase I:  Phase I shall analyze the feasibility of using viruses as an ECM
technique.  Analysis shall include validity studies of the concept, types
of viruses suitable to be employed in this concept, strategies for virus
injection, and/or simulated predictions of effects.  Phase I shall culminate
with the submission of a final report that details the above analysis and
outlines a method that can validate the concept.

Phase II:  Based on analysis performed under Phase I, develop a demonstration
method that can validate the virus ECM concept and demonstrate various ECM
techniques or strategies.  Phase II shall culminate with this demonstration
and a final report describing demonstration methodology, results, and
analysis of effects compared with predicted effects from the Phase I effort.
The final report shall also summarize or make conclusions as to the future
potential of using virus ECM techniques or strategies.

Andrew Warinner, GIST, Inc.


Feds Pull Plug On Hackers (Huggins, RISKS-9.91)

Bob Sutterfield <bob@MorningStar.Com>
Tue, 15 May 90 14:52:17 GMT
   ...[the Secret Service agent] also said there was no evidence that
   the suspects were working together.  Rather, they probably were
   sharing information someone had put into a national computer
   "bulletin board".  [...]

Does our law enforcement community really think that "working together"
requires physical presence?  Don't they recognize that sharing information via
a cracker bulletin board is collaboration?  Isn't this the whole point of a
computer security case?


Re: "Feds Pull Plug On Hackers" (RISKS-9.91)

~XT6561210~Rick Clark~C24~H15~6011~ <rbc@cuuxb.ATT.COM>
15 May 90 14:13:31 GMT
Boy, do I hate sensationalism in journalism.

Does anyone besides me find it difficult to believe these 42 computers ran
up over a million dollars apiece in unpaid phone time?  You *could* do it in
a month or two if you had connect time 24 hours a day (very) long distance,
or a couple hours a day for two years. So, its possible, but I don't believe
it for all 42 systems.

It's also pretty colorful to refer to a "nationwide network" of people for
which "there was no evidence that [they] were working together".

Richard B. Clark, Lisle, IL


Re: Military Viruses [From VIRUS-L vol 3 issue 93]

<davidbrierley@lynx.northeastern.edu>
Sun, 13 May 90 21:16:22 EST
Date:    Thu, 10 May 90 13:43:15 -0500
From:    "Mr. J. Vavrina" <SDSV@MELPAR-EMH1.ARMY.MIL>
Subject: RE: Military Viruses (THE FACTS)

After reading, in astonishment, Nick DiGionanni's input regarding Military
Viruses, (VIRUS-L 3-90 8 May 90) the phone lines were burning up from my office
to the DOD Information Systems Security Management Office checking on the
validity of the story. No one had even heard of such a project being
undertaken. A few more phone calls later generated a FAX to my desk of an
article from the Phildelphia Inquirer titled, "Army Searches for new weapon:
Computer Virus", written by Rory J. O'Connor.  The article quoted an individual
as being the adminstrator of the project. Now the hunt started to locate her.
Within a few hours I had her on the phone.  Needless to say, the reporter
identified himself as a small businessman and was interested in this program.
The information given to him was completely turn around so that he could make a
big story out of nothing.

HERE ARE THE FACTS:  The Department of Defense published a booklet titled,
"PROGRAM SOLICITATION 90.2  FY-1990 SMALL BUSINESS INNOVATION RESEARCH
(SBIR) PROGRAM".  On page 45 can be found the following:
A90-217  TITLE: Computer Virus Electronic Counter Measure (ECM)
CATEGORY:  Exploratory Development
OBJECTIVE: The objective shall be to determine the potential for using
"computer viruses" as an ECM technique against generic military
communications systems/nets.  The goal shall be to determine the
feasibility of remotely introducing a virus into a system/net and
analyzing its effects on various subsystem components.
DESCRIPTION: The purpose of this research shall be to investigate
potential use of computer viruses to achieve traditional
communications ECM effects in targeted communications systems.  These
effects can include data (information) disruption, denial, and
deception, but other effects should also be researched such as
executable code in processors, memory storage mamagement, etc.
Research in effective methods or strategies to remotely introduce such
viruses shall also be conducted.  Efforts in this area should be
focused on RF atmospheric signal transmission shch as performed in
tactical military data communications.

It continues on to explain what needs to be accomplished in each phase.

As you can see, this is nothing more than a feasability study to
answer the famous "WHAT IF WE COULD ?????" question.  Admittedly,
myself and many of my collegues are quite suprised that something of
this nature would be put on the streets for research and not using the
expertise internally available.

Jim Vavrina, Computer Security Specialist, Intelligence and Security Division,
US Army Information Systems Software Center.
     Comm 703-355-0010/0011 AV 345-0010-0011


Re: Magnetic ID cards for all Israeli citizens

Amos Shapir <amos@taux01.nsc.com>
14 May 90 15:11:26 GMT
(This is a repost from talk.politics.mideast, originally posted
by HANK@BARILVM.BITNET (Hank Nussbacher))

>From the Jerusalem Post, May 7, 1990:
>
>The Director-General of the Ministry of the Interior announced yesterday
>that within 3 months all Israeli citizens will be issued magnetic id
>cards.  He stated that with the new cards it will take only 10 minutes
>to issue a new passport and that all future elections will no longer have
>manual balloting.
[End quote]

Though the current method of balloting is very cumbersome and wasteful,
I wonder if anyone at the Ministry of the Interior ever read comp.risks...

Amos Shapir, National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel


Risks of Laser Printouts (More on RISKS-9.89)

David Tarabar <dtarabar@hstbme.mit.edu>
Thu, 17 May 90 09:47:12 -0400
In the New England Journal of Medicine dated May 3, 1990, there is a letter to
the editor titled: 'Laser-Printer Rhinitis' on page 1323. In this letter, the
authors report on a  single recent patient case.

     "A 51-year-old man was seen for nasal and systemic symptoms that developed
repeatedly after he handled documents from a laser printer. He had worked for
the same insurance company for 21, years spending an average of three to four
hours per day on computer and clerical work. In April of 1987 a new computer
system with a laser printer was installed at his work station. During the next
six weeks he had increasing intermittent nasal congestion, with a burning
sensation on his skin, headache, and diffuse retrosternal and epigastric
discomfort. He had no history of asthma, allergies, hay fever or eczema,
although his mother did." ...

     "Two substance-specific challenges were performed, each preceded and
followed by " [a computerized test] "On one occasion he shuffled laser-printed
paper for 10 minutes, when nasal and other symptoms developed. The " [test]
"demonstrated an increase of more than fourfold in nasal airflow resistance."
[The second test demonstrated a three-fold increase in nasal airflow resistance
when sitting next to an operating laser printer.]

Please report problems with the web pages to the maintainer

Top