RISKS-LIST: RISKS-FORUM Digest Friday, 18 September 1987 Volume 5 : Issue 37 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Another prison inmate spoofs computer, this one gains freedom (Bill Weisman) detroit flaps flap (Barry Nelson) AT&T Computers (PGN) Hackers enter nasa computers (Mike Linnig) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. FTP back issues Vol i Issue j from F4.CSL.SRI.COM:<RISKS>RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: Mon, 14 Sep 87 14:58:44 PDT From: <cit-vax!elroy!billw%jplpub1.jpl.nasa.gov@RUTGERS.EDU> (Bill Weisman) To: risks@csl.sri.com Subject: Another prison inmate spoofs computer, this one gains freedom From the Los Angeles Herald Examiner, date unknown FAKE COMPUTER MESSAGE FREED DRUG KINGPIN By Bill Johnson, Herald staff writer One or more Sheriff's deputies or civilian employees inside the Los Angeles County Jail aided an alleged cocaine dealer's escape from custody, Sheriff Sherman Block said yesterday. Block said a computer message directing jailers to release William Londono could only have been generated by one of the nearly 70 deputies and civilians assigned to the jail the morning of Londono's Aug. 25 escape. It is also clear, Block said, that someone inside the jail assisted Londono once he left his jail cell to avoid a series of checkpoints where his release would have been reviewed and found to be in error. "The most troubling aspects of this [are that] we don't know exactly how this happened, and the apparent complicity of someone in this building," Block said. A team of twelve investigators hasn't yet determined who sent the computer message or how Londono, 23, was able to slip out of the jail virtually unnoticed. Ordered held in lieu of $3 million bail on charges of conspiracy and possession of narcotics for sale, Londono wasn't discovered missing until Monday, six days after his escape. Any jail employee who could have been even remotely involved is being interviewed, Block said. No action has been taken. Exactly how Londono was able to bypass as many as five security checkpoints unnoticed remains a mystery, Block said. "We are able to trace Londono's exodus to a particular point, but haven't been able to go any farther," Block told reporters as he led them from Londono's former jail cell to a holding area where inmates are released. Clothes Londono wore into the jail, for example, are missing, but there isn't any record of him or anyone else retrieving them, Block said. Investigators on Wednesday determined that the jail's computer system could not have been accessed from outside the building, Block said. It is "highly unlikely" that the release message was sent in error, the sheriff added. There have been two escapes from the maximum security Central Jail during the past two years. In both instances, inmates switched identification wristbands with soon-to-be-released prisoners, and walked out. Block said the department has conducted an "almost X-ray type evaluation" of the inmate release process, and have added additional security measures to ward against a similar escape. "No one is going to leave here today, tomorrow, or at any time in the near future by the same method," the sheriff said. ------------------------------ Date: Fri, 18 Sep 87 8:40:10 EDT From: Barry Nelson <bnelson@ccb.bbn.com> Subject: detroit flaps flap To: risks@csl.sri.com According to a Boston Globe article, relatives of persons killed in the recent Detroit crash have filed a suit against the airline. Part of their filing apparently contains claims that the Cockpit Voice Recorder reveals not only the omission of the flap setting during pre-flight checklists (in violation of FAA and nature's rules) but also a discernible voice shouting at the last second, "Oh, [expletive deleted] flaps!" (as in, "oops") The interesting part is that they go on to discuss the 'circumvention' of a circuit breaker which had de-activated the automatic flaps warnings. Does this mean they could have had multiple systems fed throught the same breaker but that the flaps warning is the only one that was inadvertently shut off? In my experience with Aviation Electronics (Avionics), most modern indicators have a big 'OFF' flag, usually orange or red-and-white-striped, dropped across the face when required power is missing (or a blank CRT). Being unfamiliar with complete jet panels, I can only speculate that there is an observable flaps-setting indicator which might be a good place to show subsystem outages. (I recall at one Aerospace company where I worked, they went to great lengths to run test signals through EVERY required harness, connector and subsystem so as to detect outages at various points and interlock man/mission-critical processes, not to mention announcing alarms.) Is there a System Safety Engineer in the house? Who is responsible for getting the data from one system to the other so as to be easily interpreted as a hazard? Are we to expect an obviously fallible checklist to overcome this? "This document contains statements of opinion by the author which are not attributable to BBN Communications Corporation or its management." Barry C. Nelson /Network Consultant/Product Liability and Certifications Group BBN Communications Corporation / 150 Cambridge Park Drive, Cambridge, MA 02140 ------------------------------ Date: Fri 18 Sep 87 11:06:48-PDT From: Peter G. Neumann <Neumann@csl.sri.com> Subject: AT&T Computers To: RISKS@csl.sri.com Today's Washington Post and yesterday's Chicago Tribune had articles on Herbert Zinn, who apparently broke into a variety of AT&T UNIX systems and copied some sensitive files -- including a pre-release version of an artificial-intelligence program valued at $1,000,000 in potential sales. The articles contain considerable misinformation but again indicate the intrinsic difficulties in making systems secure. ------------------------------ Date: Tue, 15 Sep 87 20:40 CDT From: Mike Linnig <LINNIG%eg.ti.com@RELAY.CS.NET> Subject: Hackers enter nasa computers To: risks@csl.sri.com Ft. Worth Star Telegram: Reports say West German hackers broke into NASA computer system FRANKFURT, West Germany (AP) -- Computer hackers broke into NASA's worldwide data network throughout the summer and gathered secret information on space shuttle projects and rocket failures, West German media said Tuesday. News reports said young West Germans gained regular access to at least 20 computers of the U.S. space agency and had the ability to paralyze the entire network. The ARD television network said a flaw in the network's security system allowed the hackers to enter the network from May to September. Hackers are computer enthusiasts who often try to break into private computer systems for the challenge or for criminal gain. The NASA system connects more than 1,600 computers worldwide that share information on space research, nuclear physics and molecular biology, ARD said in a report broadcast Tuesday night. The network includes U.S. atomic research facilities in Los Alamos, N.M. In Washington, the National Aeronautics and Space Administration said in a statement that the tapped network provides unclassified information to university and industry researchers. "We know of no classified information which can be accessed through the network," the statement said. The statement said NASA uses a number of computer networks with varying degrees of security to provide "appropriate inviduals" with access to data. The Hamburg-based magazine Stern reported information similar to the ARD report in an advance telexed to news media Tuesday. "When I saw "Welcome to the NASA headquarters . . . installation' on my screen, I was a little shocked, to say the least," the magazine quoted one youth as saying. The Hamburg-based "Chaos Computer Club" said in a statement to news media Tuesday that the youths turned to the club for help when they realized the enormity of their discovery. The statement said the hackers penetrated the network to show the "unbelievable weaknesses" of the security system and had no interest in the secret data. The reports did not say how many hackers were involved or where they lived. Stern said the youths obtained NASA memos to employees on daily space shuttle program updates and on how to deal with the media. The magazine, quoting one youth's records of computer transactions, said the hackers were able to read users' electronic mail and had the ability to paralyze the entire network. In one of the most serious security breaches, the hackers obtained NASA information on space shuttle projects, computer security studies and rocket boosters, the television network said. Scientists in at least eight other countries besides the United States are linked to the computer network. Stern said the system is called the "Space Physics Analysis Network," or SPAN. Michael Butz, a spokesman for the West German Interior Ministry, said his office had no information about the incidents. The Interior Ministry supervises many police functions in West Germany. In addition to the NASA computers, the hackers gained access to computers at some of Europe's most sophisticated research institutions, including the European Space Agency in Darmstadt, West Germany; the European Nuclear Research Center in Geneva, an the European Laboratory for Molecular Biology in Heidelberg, West Germany. Lennart Philipson, director of the molecular biology laboratory, said the institute is re-evaluating its use of the computer network. "We are considering whether we should restrict our exchange of data with other institutes, even if that might hinder our research," Philipson told ARD. The hackers said they gained access to the NASA computers by asking for files stored under such key words as "shuttle," "challenger," and "secret," ARD said. Under those categories, the hackers said they saw data reports on "Shuttle C Study Contracts," a "System Security Study" on computer security, and a study on "Booster Rocket Incidents," the television network said. The hackers described a step-by-step process of gaining more and more access to the network's computers until they achieved "unlimited access" to all data banks and the ability to "manipulate at will" all information stored there, according to ARD. ARD said the hackers provided more than 200 pages of documents pertaining to entry into the NASA computers for Tuesday night's television broadcast. The computer club said the penetration was discovered in August and all organizations who use the network were notified. So far, no charges have been filed in the case. Justice Ministry spokesman Henning Gehl said the hackers' actions are punishable by up to three years in prison and fines. ------------------------------ End of RISKS-FORUM Digest ************************