RISKS-LIST: RISKS-FORUM Digest Thursday 8 June 1989 Volume 8 : Issue 77 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Second elevator death (Walter Roberson) Electronic card spots hooligans (Martyn Thomas) Big Brother is watching your magnetic card (Amos Shapir) May you live in interesting times (High-tech Chinese revolution)(Martin Minow) "Core-Walker" that crashed SABRE (Rodney Hoffman) Airbus A320 (Brian Randell) Re: Power outages (Peter Scott) One of Cliff Stoll's `Wily Hacker' dead (suicide?) (Klaus Brunnstein) Computer Virus Catalogue (Aims and Scope) (Klaus Brunnstein) ---------------------------------------------------------------------- Date: Mon, 05 Jun 89 17:48:03 EST From: Walter_Roberson@CARLETON.CA Subject: Second elevator death Early last week, we had a second elevator fatality in Ottawa. In this case, the person was caught by the doors closing as they were stepping in. The elevator went up and down several floors before they were able to stop it and get the fellow out. The problem was apparently an electrical problem with the door interlock circuits that allowed the elevator to move with only one of the doors closed. The elevator (made by Otis in about 1954) had been serviced earlier that same day. Those of you that remember the incident earlier this year in Ottawa, wherein a 13 year old girl was killed, might recall that -that- elevator had been serviced earlier the same day. The local paper never did, though, publish the results of the inquest into that death, so I still don't know what the problem was in that case. People have been rumbling louder about the politics in that case (the building was largely populated by people waiting for their immigration applications to be heard) than about the mechanics of the elevator. Walter Roberson ------------------------------ Date: Tue, 6 Jun 89 10:45:16 BST From: Martyn Thomas Subject: Electronic card spots hooligans The following article appeared in the June 1st issue of Electronics Times, a respected trade newspaper of the UK electonics industry. It raises many questions, ranging from technical feasibility to security, privacy, and admissability of evidence. Have RISKS readers any information on this technology? ELECTRONIC CARD SPOTS HOOLIGANS Football hooligans could find their activities curbed by electronics, thanks to a new surveillance system developed in Italy. The Hooligan Stopper can pick out individual trouble makers and warn of impending violence. Manufacturers AGM Electronica and MEG Italia designed the system with UK football fans in mind. They claim it can cope with crowds of up to 130 000 and could replace 10 000 police officers. Supporters gain access to the stadium with an electronic personal card (epc), while transponders sense the occurrence of disturbances and relay information back to a central tranceiver and data processing system. Franco Bertuzzi, the system's inventor, declined to identify the West german electronics company that is manufacturing the device and refused to give details of the ics and sensors used. "All I can say is that the microchip in the epc starts to function when the card owner becomes violent, lashing out at other spectators or running amok", he said. Bertuzzi said the card did not even have to be in direct contact with the owner to pick up 'agitation signals'. "It is already used in high level security systems in the civilian and military sectors," he said. "By reading the data the interceptors pick up from the magnetic strip, all the personal details of the card's owner can be known immediately." The epc could be sold for #20 [UK pounds] and be used to gain admission to several matches. By charging for the card, fans would be discouraged from throwing it away, which they might be tempted to do if it exposed them to detection if they became violent or unruly. Installation costs for a stadium the size of Wembley would be around #1.5 million [UK pounds]. Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: ...!uunet!mcvax!ukc!praxis!mct [``WEMBLEY? I thought this was TUESDAY.'' ``Oh, you're right. How do we get the cards TO STAY in people's pockets?'' PGN] ------------------------------ Date: 1 Jun 89 14:37:41 GMT From: amos@taux01.UUCP (Amos Shapir) Subject: Big Brother is watching your magnetic card Remember all those articles in RISKS about governments and institutions being able to track people using data about their magnetic ATM or credit cards? Well, the nightmare has come true: a system specifically designed to track people will be in use shortly. The military government of Israel's occupied territories announced that all residents wishing to work in Israel will be given magnetic-striped work permit cards. An electronic turnstyle will keep track of their movements across the border at all entry points. Amos Shapir, National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 TWX: 33691, fax: +972-52-558322 ------------------------------ Date: 5 Jun 89 11:23 From: minow%thundr.DEC@decwrl.dec.com (Repent! Godot is coming soon! Repent!) Subject: May you live in interesting times (High-tech Chinese revolution) I wonder whether DARPA (and other governmental sources of funding) ever thought that "the network" would be used to organize a revolution? To see the process unfolding, you might consider reading through the Usenet soc.culture.china, which currently has a combination of news, rumor, fax and telephone numbers for university student unions in China, polemics, speculation, and the telephone/internet address of student committees all over the world. Martin Minow ------------------------------ Date: 5 Jun 89 14:32:06 PDT (Monday) From: Rodney Hoffman Subject: "Core-Walker" that crashed SABRE THE 'CORE WALKER' THAT STALLED AMERICAN AIRLINES (`Business Week' 12-June-89, page 98C) The computer foul-up that shut down American Airlines Inc.'s Sabre ticketing system for 12 hours after midnight on May 12 [see related notes RISKS 8.71, 8.74, and 8.76] was not caused by human error or sabotage, the company's investigators have found. Instead, it was apparently the result of a glitch that was written into the system but never showed up until now. "We call it a core-walker," says an American spokesperson, "because it literally walked through the system." The problem began when American tried to add a pair of mammoth disk drives to the nation's largest computerized reservations system. Suddenly, the program accompanying the new disk drives changed a piece of information in the software directing the activities of the 1,080 existing Sabre disk drives. Once embedded, this new bit of data jumped from one disk drive to another and stripped away the names of files stored on them, making it impossible for American's computers to retrieve the information on the drives. To solve the problem, American is revamping its disk-drive software. According to the airline, revenue losses during the Sabre shutdown were minimal. ------------------------------ Date: Fri, 2 Jun 89 18:27:25 BST From: Brian Randell Subject: Airbus A320 (Updating earlier report in RISKS-8.57) The Observer, which is a well-respected UK Sunday newspaper, on 28 May 1989 carried a lengthy article about the A320. It contains more explicit allegations about computer-related problems than I had seen before, so below I quote relevant sections. [Brian Randell, Computing Laboratory, University of Newcastle upon Tyne] AIRBUS CRASH: WAS THE PILOT THE FALL GUY Open File: Jim Beatson finds that the evidence points to computer failure. "On June 26, 1988, Air France's new European A320 Airbus, delivered only two days previously, crashed into trees at an airshow near Mulhouse in France while performing a low-level pass. Three passengers - a woman and two children - were killed. The pilot, Michel Asseline, a senior Air France captain and the man inaugurating the new model, as well as being its chief instructor, escaped unhurt. After the accident, the European aircraft industry waited intently for a verdict on whether the Airbus' new and controversial computerised control system was to blame. The day after the crash Louis Mermar, the French Transport Minister, exonerated the aircraft. Asseline was stood down, accused of flying dangerously, dismissed and stripped of his pilot's licence. But the crash is far from being an open-and-shut case of pilot error. [Several paragraphs about the flight recorder, and the fact that four seconds of recording, from just before the crash, were lost because the tape was (it is claimed unnecessarily) cut to remove it from the box.] Captain Asseline is also at odds with Airbus over alleged defects in the aircraft. The pilot claims he was misled on the aircraft's true height by a bug in the software. Normally an aircraft's height is calculated after entering the local barometric pressure into its altimeter. Local ground control provides this to aircraft regularly so that, with each change in barometric pressure, the correct altitude can be displayed. The A320 has a history of occasionally selecting a barometric reading from memory, rather than a current reading, when switching from one flying mode to another. Both British Airways and Air France have experienced this problem with their A320s. [Paragraphs describing Asseline's claims that he was misled into thinking he was flying at 100 feet, when it was actually 50 to 60 feet, though he admits that there were back-up aural warnings that he failed to heed.] Finally the pilot claims that the aircraft failed to respond to its throttle. `I began to push forward the throttle to stabilise my speed reduction', he told Open File. `At that point I gave the order to disconnect the (automatic) throttle and I'm sure that this movement put a mess in the computer. I push forward the throttles . . . and I had no answer. So I pulled back throttles to zero because I did that many times in training. I knew that if we had any problems with the power, the only thing to do was to close the throttle and then to give full power. That's exactly what I did.' [Paragraph confirming that, a month before the crash, Airbus put out such instructions.] [Paragraphs about `a young Air France Boeing 747 Pilot, Norbert Jacquet who shared Asseline's belief that the computer fly-by-wire system was partly to blame' and who after going public on this was suspended on `psychological grounds' - disbelieved by fellow pilots - and has since been fired by Air France.] Two facts are now established about the accident. First, Asseline was asked to fly at 100 feet above the ground - 70 feet less than the normally authorised level. Second, the operational direction and plan supplied by Air France for the display was based on a longer adjoining airstrip than the one Asseline was asked to fly over. On the originally chosen strip, there would have been ample time for the aircraft to throttle up safely over the trees. Since the crash, other Airbus A320 pilots have also had trouble with their computer controls. One spoke of near disaster flying into Berlin: another of his altimeter `going crazy' on a descent into Geneva. British Airways' inaugurating chief pilot, George Hallett, says BA has experienced similar problems. So, was Captain Asseline misled over the aircraft's height, or are they merely claims which he has advanced after the crash to take advantage of known software problems? Even the aircraft's critics acknowledge that most of its software bugs have now been ironed out. But Captain Xavier Barrell, technical vice-president of Air France's pilots union, SNPL, says the vertical navigation system is still not working properly. Captain Asseline is now in Los Angeles, trying to gain an American pilot's licence on a Boeing 737 200 series, the same aircraft type on which he did the acceptance launch flights for Air France. The final report of the accident enquiry is keenly awaited, not just by him and Norbert Jacquet, but also many others." ------------------------------ Date: Thu, 1 Jun 89 10:24:59 PST From: Peter Scott Subject: Re: Power outages And, on the subject of power outages (RISKS 8.75), _Science News_ reports that on May 11 a raccoon electrocuted itself at the University of Utah, causing a 20-second power outage that resulted in a loss of data on the computers being used by Fleischmann & Pons to verify their cold fusion experiments. 'coons have managed to cripple JPL more than once in the past (the last one survived, became a local hero). Obviously small furry animals pose a major threat to installations with single-point-of-failure power systems. Peter Scott (pjs@grouch.jpl.nasa.gov) ------------------------------ Date: 05 Jun 89 10:42 GMT+0100 From: Klaus Brunnstein Subject: One of Cliff Stoll's `Wily Hackers' dead (suicide?) According to German publications, the `Wily Hacker' Karl Koch, of Hannover, FR Germany, died Friday last week, probably by suicide. His body was found burnt (with gasoline) to death, in a forest near Celle (a German town near Hannover where he committed his hacks, as had been observed by German Post). Koch was one of the 2 hackers who confessed their role in the KGB hack to the public prosecutors, therewith bringing the case to public attention. As German newspapers report, he probably suffered from a psychic disease: he thought he was permanently observed by alien beings named Illimunates' which tried to kill him. Probably, he had internalized the role of `Captain Hagbard' (his pseudonym in the hacking scene), taken from a US book, who (like him) suffered from supervision by the Illuminates. Police officials evidently think that Koch committed suicide (though I learned, that there are `some circum- stances' which may also support other theories; no precise information about such moments are reported). According to German police experts, K. Koch's role in the KGB case as in daily life can properly be understood when reading this book (which I couldnot get until now, so I cannot control the adequacy of this theory!). Does anybody have more evidence about cases of 'hacking' connected to moments of psychic anomalies, where hackers internalize roles of artificial persons and live in worlds which they internalize after having read corresponding stories? Klaus Brunnstein University of Hamburg ------------------------------ Date: 02 Jun 89 14:37 GMT+0100 From: Klaus Brunnstein Subject: Computer Virus Catalogue (Aims and Scope) After having reverse-engineered several viruses on different PCs (AMIGA, Atari, MacIntosh and IBM), we have developped (and experimentally tested, in a German mailbox of the national Informatics society, since December 1988) a format in which we describe essential features of computer viruses: the Computer Virus Catalog. Thanks to Y.Radai, David Ferbrache and Otto Stolz, this Catalog is now available in a revised form. The goal is to describe all those features which a (not too well-informed) user needs to analyse whether and what virus may have reached his machine; moreover, the catalog should contain some hints which established tools help him to erase the virus. At this time, about 25 viruses (maybe some of which exist in German locations have been catalogued. At the Virus Test Center of Hamburg University/Informatics (with a group of students, who participate in my 4-semester course on Computer Security), we have concentrated on AMIGA and IBM PC viruses, but in the latter case, we have difficulties to get virus code 1) because the German IBM PC virus scene doesnot offer the internationally reported manifold, and 2) we refuse to exchange viruses, like stamps (we also don't publish virus code or the `dossiers' which we produced by reverse-engineering). We therefore appreciate any help which we can get from competent and cooperative experts in the field. [The following are in separate documents: 1st: the format of the Computer Virus Catalog, 2nd: the index on entries at this time.] To minimize the transfer problems to `remote locations' (seen from a Germano- centric world view), we try to find locations where the actual entries may be invoked (e.g. in US). Moreover, in order to guarantee some degree of complete- ness, we ask groups/persons with developped knowledge in the field, to take on the task of adding information about viruses not yet catalogued. We plan to establish a committee which controls new or updated entries; while Y.Radai, and D.Ferbrache have accepted to cooperate in this Virus Catalog Editorial Committee, we hope for a few more experts to cooperate in this task. Thank you in advance for comments. Klaus Brunnstein. Prof.Dr. Klaus Brunnstein, Faculty for Informatics, Univ.Hamburg, Schlueterstr.70, D 2000 Hamburg 13, Tel: (40) 4123-4158 / -4162 Secr. ElMailAdr: Brunnstein@RZ.Informatik.Uni-Hamburg.dbp.de FromINTERNET:Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@Relay.CS.Net FromBITNET: Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@DFNGate.Bitnet FromUUCP: brunnstein%rz.informatik.uni-hamburg.dbp.de@unido.uucp ------------------------------ End of RISKS-FORUM Digest 8.77 ************************ -------