16-Jul-87 17:48:57-PDT,17725;000000000000 Return-Path: Received: from csl.csl.sri.com (CSL.SRI.COM) by F4.CSL.SRI.COM with TCP; Thu 16 Jul 87 17:45:32-PDT Received: from F4.CSL.SRI.COM by csl.csl.sri.com (3.2/4.16) id AA28214 for RISKS-LIST@f4.csl.sri.com; Thu, 16 Jul 87 17:47:11 PDT Message-Id: <8707170047.AA28214@csl.csl.sri.com> Date: Thu 16 Jul 87 17:44:27-PDT From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 5.12 Sender: NEUMANN@csl.sri.com To: RISKS-LIST@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday, 16 July 1987 Volume 5 : Issue 12 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Another computer-related prison escape (Andrew Klossner) New York Public Library computer loses thousands of book references (PGN) Risks of being a hacker (PGN) Re: Old News from New Olds: Check that Backup! (Henry Spencer) Tax fraud by tax collectors (Jerry Harper) Re: Hardware faults and complete testing (Richard S. D'Ippolito) Re: Sprint Access Penetration (Dan Graifer) Phone access charges (Leff) Risks in Fiction [Book Report] (Martin Minow) The Other Perspective? (Baldwin) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. FTP back issues Vol i Issue j from F4.CSL.SRI.COM:RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- From: Andrew Klossner Date: Mon, 13 Jul 87 09:16:04 PDT To: RISKS@csl.sri.com Subject: Another computer-related prison escape Organization: Tektronix, Wilsonville, Oregon Diane Downs, a convicted murderer of some notoriety (she shot her three children, killing one, allegedly to rid herself of the responsibility for them), escaped from the medium security Oregon women's prison last Saturday. While in the recreation yard, she scaled two fences and walked away. Budget money is tight, so there was no guard assigned to watch inmates in the yard; instead they depended on an alarm system in the outer fence. The alarm did go off, but little attention was paid to it because it goes off every day, usually because of strong winds or birds. -=- Andrew Klossner (decvax!tektronix!tekecs!andrew) [UUCP] [This is the problem of the system that cried "wolf!". When a system gives that many false alerts, it is time to change something to improve the false-positive discrimination. It is amazing how often this problem occurs. My neighbors next to the local high-school football field had a burglar alarm that went off whenever the home team scored a touchdown. (An intelligent thief might notice such behavior rather quickly and find safety. [2 points]) PGN] ------------------------------ Date: Thu 16 Jul 87 10:26:28-PDT From: Peter G. Neumann Subject: New York Public Library computer loses thousands of book references To: RISKS@csl.sri.com The computerized reference numbers for thousands of NYPL books were mistakenly erased when data was transferred from one computer to another. The books are still on the shelves, but have vanished from the reference system. How many are in this limbo state is unknown. A patron was quoted as having been told "by the head of research that the staff has made no attempt to retrieve them because they are afraid they might lose more if they go into the system." ------------------------------ Date: Thu 16 Jul 87 10:32:31-PDT From: Peter G. Neumann Subject: Risks of being a hacker To: RISK@csl.sri.com Hackers 3.0 (by invitation only) is scheduled for October near Silicon Valley. The invitations indicate that the hacker community is resorting to uncharacteristic stringencies. This is from the registration form: "I hereby waive all claims against the organizers of the Hackers Conference, their contractors, or employees, for loss of or damage to any property or injury to or death of any person at or enroute to this conference... This indemnification obligation shall include reasonable attorney's fees, investigation costs and all other reasonable costs and expenses." ------------------------------ Date: Mon, 13 Jul 87 14:47:22 BST From: Jerry Harper To: risks@csl.sri.com Subject: Tax fraud by tax collectors Last year in Dublin the beginnings of a major fraud were uncovered in an department of our revenue service solely concerned with rebating a Value Added Tax (VAT) paid by companies for materials they purchased. The approach adopted by the perpetrators was enviously simple due to the low security pervading the data entry operations. Basically, the clearance system for rebates consisted of entering a company's name plus a clearance code for payment of the rebate. This information is fed to the central revenue computer for issuing cheques and what not, where a number of elementary verification procedures were invoked, e.g. was the company a database entry, etc. At this point one of the perpetrators (working with this system) could easily authorise payment blamelessly. Input from a remote terminal was overseen at the host and payment authorised. Remarkably simple. So what went wrong? The implementors of the scheme didn't manage the fictitious companies' accounts properly. When one bank manager noticed that only rebate cheques were coming into one account, he became suspicious. His suspicions were confirmed when one member of the gang demanded the withdrawal of practically the entire contents of the account. The resultant police investigation showed that the central flaw in the automatic rebating system was human. Usually before a company is granted an automatic rebate it must be in good standing with the revenue. It must prove, over a considerable period of time, that it has in fact bought the materials against which it is claiming the tax rebate. But there was no security which prevented someone administering the rebates from directly attaching a clearance code to a company. Unfortunately the system was tailor-made for criminal violation. Two more worrying aspects of the situation are that (a) due to the vast number of transactions undertaken in a year, an audit (based on sampling) would probably not have picked up any deficit; (b) if the gang had been a little less naive they could have maintained the operation for a comfortable period of time and then simply erased all record of their transactions (ok, there is the problem of backup tapes). This didn't get a lot of reportage here, but most people with any computer experience were surprised at the apparent naivete of the input/clearance system design. It was rumoured that a major review of security procedures was initiated in the aftermath of the affair. [Note that the problem of backup can sometimes be circumvented by selectively blocking the writing of backup, or -- in some systems -- tampering with the backup copies, although that requires a little more system experience. PGN] ------------------------------ Date: Tue, 14 Jul 87 13:33:07 EDT From: utzoo!henry@ai.toronto.edu To: CSL.SRI!RISKS@ai.toronto.edu Subject: Re: Old News from New Olds: Check that Backup! > ...examination of the backup tapes revealed that they were blank. For a long time now, one of our post-backup activities is to run a "table of contents" program on selected backups. The original reason was mundane: users often request retrieval of files without knowing the exact complete correct pathname and the exact date when the file vanished, so it's useful to have on-line lists that we can check. However, it also gives us a running check on the quality of our backups, which has proved particularly useful in coping with recent tape-drive problems. Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry ------------------------------ Date: Monday, 13 July 1987 16:55:00 EDT From: Richard.S.D'Ippolito@sei.cmu.edu To: RISKS@csl.sri.com Subject: Re: Hardware faults and complete testing Perhaps one subtle point should be made in reference to generating a set of test vectors to 'completely' fault test a chip: I agree that it is possible to derive a test vector set when the gate-level diagram is known. But, one stumbling block that arises (and has its analog in software) is that parasitic capacitances formed due the physical layout of the IC sometimes cause the chips to have 'phantom' gates that do not appear on the schematic. We have these stray coupling problems in software -- they aren't evident from looking at our seemingly disconnected source listings, and we rarely take the time to review the operating system code with ours. ------------------------------ Date: Mon, 13 Jul 87 23:38:00 PDT From: ucbcad!ames!sdcsvax!net1.UCSD.EDU!graifer@ucbvax.Berkeley.EDU (Dan Graifer) To: CSL.SRI!RISKS@sdcsvax.sdcsvax.ucsd.edu Subject: Re: Sprint Access Penetration (RISKS DIGEST 5.9) Organization: UCSD Office of Academic Computing I have had two interesting experiences with Sprint Access Penetration: In December, 1986, I received a MailGram from Sprint stating that their computers had noticed a sudden, enormous increase in my travelcode usage. Having tried unsuccessfully to contact me, that had suspended the code on the assumption that it was being abused. I subsequently received a bill for about $800 in unauthorized charges. The Sprint customer service people were very helpful about issuing me a new code and advising me on how to straighten out my account. Neither they nor I were able to successfully communicate with the billing people however. It took 4 months of threatening letters in both directions to clear the matter. Apparently, GTE Sprint and U.S. Telecom were in the process of merging their billing operations, and the abuse flag on my account got lost in the shuffle. A client of mine had a neat "deal" on long distance telephone rates. An outfit had sold them "unlimited" long distance dialing on a flat per month fee. Each day the client would call this supplier and receive a new Sprint access code to use. It wasn't until many months later that an investigator from Sprint came by asking questions. As several close friends were officers of this company, I was horrified. Does anyone out there know enough of the relevant law to comment on this? Could they be accused of receiving stolen property? Do we have any independent estimates of how large a problem theft of long distance service is? Are the other providers having as much trouble as Sprint? (I.e., is the problem generic, or does Sprint have a uniques security hole?) My experience would seem to indicate that they are at least trying to detect patterns of unauthorized usage. Dan Graifer ------------------------------ Date: Wed, 15 Jul 1987 19:16 CST From: Leff (Southern Methodist University) Subject: Phone access charges To: RISKS%CSL.SRI.COM@RELAY.CS.NET According to a posting on the FCC matter in the local legal bulletin board, the FCC access charge affects only public data providers such as CompuServe and Telenet. It does not affect a) private users of modems b) private databases such as airline reservation systems. The theory is that long distance providers have to pay something for using the phone system. In order to compensate the local Bell Operating Company for all the calls coming in from long distance, they are given a fee. At the time this was instituted, the FCC decided to exempt such organizations as Telenet as they were relatively new services. Now that their revenue is approaching seven billion dollars a year, it was decided to a) make them pay their fair share, b) stop subsidizing them or c) tax them depending upon your point of view. This posting also makes a statement regarding the right of Congress to delegate its law making powers. According to Kenneth Culp Davis who wrote the legal text book, Administrative Law, attacks on delegation or subdelegation "serve as a disservice to the client." Subdelegation is when Congress says that the Attorney General or some other official can make regulations and he in turn delegates it to someone such as the Immigration and Nationalization Service. Administrative agencies have been around since the 1700's in the United States, the first handling pension issues arising out of the Revolutionary War. Mr. Davis makes compelling arguments in favor of administrative agencies, the exercise of discretion, the necessity for regulations and a balance between the "rule of law" and the "rule of men" but this is not the place to discuss that issue. I would recommend this book to anyone interested in administrative agencies. ------------------------------ Date: Tue, 14 Jul 87 17:42:31 PDT From: minow%thundr.DEC@src.DEC.COM (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922 14-Jul-1987 2028) To: "ailist@stripe.sri.com"%decwrl.DEC@src.DEC.COM, "risks@csl.sri.com"@src.DEC.COM Subject: Risks in Fiction [Book Report] From "Dirk Gently's Holistic Detective Agency," by Douglas Adams, New York: Simon and Schuster, 1987. "Well," he said, "it's to do with the project which first made the software incarnation of the company profitable. It was called _Reason_, and in its own way it was sensational." "What was it?" "Well, it was a kind of back-to-front program. It's funny how many of the best ideas are just an old idea back-to-front. You see, there have already been several programs written that help you make decisions by properly ordering and analysing all the relevant facts.... The drawback with these is that the decision which all the properly ordered and analyzed facts point to is not necessarily the one you want. "... Gordon's great insight was to design a program which allowed you to specify in advance what decision you wished it to reach, and only then to give it all the facts. The program's task, ... was simply to construct a plausible series of logical-sounding steps to connect the premises with the conclusion." .... "Heavens. and did the program sell very well?" "No, we never sold a single copy.... The entire project was bought up, lock, stock, and barrel, by the Pentagon. The deal put WayForward on a very sound financial foundation. Its moral foundation, on the other hand, is not something I would want to trust my weight to. I've recently been analyzing a lot of the arguments put forward in favor of the Star Wars project, and if you know what you're looking for, the pattern of the algorithms is very clear. "So much so, in fact, that looking at Pentagon policies over the last couple of years I think I can be fairly sure that the US Navy is using version 2.00 of the program, while the Air Force for some reason only has the beta-test version of 1.5. Odd, that." ------------------------------ Date: Mon, 13 Jul 87 09:30:55 EDT From: baldwin@cs.rochester.edu To: RISKS@csl.sri.com Subject: The Other Perspective? Last night I wandered into the TV room while my wife was watching Siskell and Ebert reviewing a movie called "Robocop" (the title should tell readers pretty exactly what the film's about). The first scene they showed involved a bunch of developers demonstrating a police robot to a group of prospective buyers - unfortunately the machine had a "glitch" that caused it to machine-gun one of the demonstrators. This scene was clearly intended to be comic, and in a grim sort of way it was. The really disturbing thing was Ebert's (I think, I don't really know which is which) later comment on this scene: "I think there's something basically funny about a machine ... blindly following instructions in the face of logic" (quoted as nearly as possible from memory). Now I would have said that it's been known for a long time that computers as we're building them now "blindly follow instructions" without the slightest regard for common sense or "logic", and that this is one of the fundamental sources of risks to society in their indiscriminant use. Ebert's comment got me wondering though, whether there are a lot of people out there who really do think this "feature" of machines is "basically funny", and if so how soon or effectively society as a whole is going to start demanding responsible design and use of computerized machinery. I suppose it's not necessarily impossible to see both the humor and the serious side in a situation, and there's also the "you can't fight it, might as well laugh at it" attitude - either or both of these might (though I have no evidence) have influenced the movie makers' treatment of buggy software. From the way it was delivered and the context though, I really think Ebert meant what he said - inflexible programmed behavior is a source of humor more than of serious problems for him. I find that kind of a scary perspective. ------------------------------ End of RISKS-FORUM Digest ************************ -------