RISKS-LIST: RISKS-FORUM Digest  Friday, 18 September 1987  Volume 5 : Issue 37

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
  Another prison inmate spoofs computer, this one gains freedom (Bill Weisman)
  detroit flaps flap (Barry Nelson)
  AT&T Computers (PGN)
  Hackers enter nasa computers (Mike Linnig)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious.  Diversity is welcome. 
Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM.
FTP back issues Vol i Issue j from F4.CSL.SRI.COM:<RISKS>RISKS-i.j.  
Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97).

----------------------------------------------------------------------

Date: Mon, 14 Sep 87 14:58:44 PDT
From: <cit-vax!elroy!billw%jplpub1.jpl.nasa.gov@RUTGERS.EDU> (Bill Weisman)
To: risks@csl.sri.com
Subject: Another prison inmate spoofs computer, this one gains freedom

From the Los Angeles Herald Examiner, date unknown

FAKE COMPUTER MESSAGE FREED DRUG KINGPIN
By Bill Johnson, Herald staff writer

One or more Sheriff's deputies or civilian employees inside the Los
Angeles County Jail aided an alleged cocaine dealer's escape from
custody, Sheriff Sherman Block said yesterday.

Block said a computer message directing jailers to release William
Londono could only have been generated by one of the nearly 70
deputies and civilians assigned to the jail the morning of Londono's
Aug. 25 escape.

It is also clear, Block said, that someone inside the jail assisted 
Londono once he left his jail cell to avoid a series of checkpoints
where his release would have been reviewed and found to be in error.

"The most troubling aspects of this [are that] we don't know exactly how
this happened, and the apparent complicity of someone in this building,"
Block said.

A team of twelve investigators hasn't yet determined who sent the computer
message or how Londono, 23, was able to slip out of the jail virtually 
unnoticed.  Ordered held in lieu of $3 million bail on charges of conspiracy
and possession of narcotics for sale, Londono wasn't discovered missing
until Monday, six days after his escape.

Any jail employee who could have been even remotely involved is being
interviewed, Block said.  No action has been taken.

Exactly how Londono was able to bypass as many as five security checkpoints
unnoticed remains a mystery, Block said.

"We are able to trace Londono's exodus to a particular point, but haven't
been able to go any farther," Block told reporters as he led them from
Londono's former jail cell to a holding area where inmates are released.
Clothes Londono wore into the jail, for example, are missing, but there
isn't any record of him or anyone else retrieving them, Block said.

Investigators on Wednesday determined that the jail's computer system could 
not have been accessed from outside the building, Block said.  It is 
"highly unlikely" that the release message was sent in error, the sheriff 
added.

There have been two escapes from the maximum security Central Jail during
the past two years.  In both instances, inmates switched identification
wristbands with soon-to-be-released prisoners, and walked out.

Block said the department has conducted an "almost X-ray type evaluation"
of the inmate release process, and have added additional security measures
to ward against a similar escape.

"No one is going to leave here today, tomorrow, or at any time in the near
future by the same method," the sheriff said.

------------------------------

Date: Fri, 18 Sep 87  8:40:10 EDT
From: Barry Nelson <bnelson@ccb.bbn.com>
Subject: detroit flaps flap
To: risks@csl.sri.com

According to a Boston Globe article, relatives of persons killed in the recent
Detroit crash have filed a suit against the airline.  Part of their filing
apparently contains claims that the Cockpit Voice Recorder reveals not only the
omission of the flap setting during pre-flight checklists (in violation of FAA
and nature's rules) but also a discernible voice shouting at the last second,
"Oh, [expletive deleted] flaps!"  (as in, "oops")

The interesting part is that they go on to discuss the 'circumvention' of a
circuit breaker which had de-activated the automatic flaps warnings.  Does this
mean they could have had multiple systems fed throught the same breaker but
that the flaps warning is the only one that was inadvertently shut off?

In my experience with Aviation Electronics (Avionics), most modern indicators
have a big 'OFF' flag, usually orange or red-and-white-striped, dropped across
the face when required power is missing (or a blank CRT).  Being unfamiliar
with complete jet panels, I can only speculate that there is an observable
flaps-setting indicator which might be a good place to show subsystem outages.
(I recall at one Aerospace company where I worked, they went to great lengths
 to run test signals through EVERY required harness, connector and subsystem so
 as to detect outages at various points and interlock man/mission-critical
 processes, not to mention announcing alarms.)

Is there a System Safety Engineer in the house?  Who is responsible for getting
the data from one system to the other so as to be easily interpreted as a
hazard?  Are we to expect an obviously fallible checklist to overcome this?


"This document contains statements of opinion by the author which are not
 attributable to BBN Communications Corporation or its management."

Barry C. Nelson /Network Consultant/Product Liability and Certifications Group
BBN Communications Corporation / 150 Cambridge Park Drive, Cambridge, MA 02140

------------------------------

Date: Fri 18 Sep 87 11:06:48-PDT
From: Peter G. Neumann <Neumann@csl.sri.com>
Subject: AT&T Computers
To: RISKS@csl.sri.com

Today's Washington Post and yesterday's Chicago Tribune had articles
on Herbert Zinn, who apparently broke into a variety of AT&T UNIX systems
and copied some sensitive files -- including a pre-release version of an
artificial-intelligence program valued at $1,000,000 in potential sales.
The articles contain considerable misinformation but again indicate the
intrinsic difficulties in making systems secure.

------------------------------

Date: Tue, 15 Sep 87 20:40 CDT
From: Mike Linnig <LINNIG%eg.ti.com@RELAY.CS.NET>
Subject: Hackers enter nasa computers
To: risks@csl.sri.com

Ft. Worth Star Telegram:

Reports say West German hackers broke into NASA computer system

  FRANKFURT, West Germany (AP) -- Computer hackers broke into NASA's worldwide
data network throughout the summer and gathered secret information on space
shuttle projects and rocket failures, West German media said Tuesday.
  News reports said young West Germans gained regular access to at least 20
computers of the U.S. space agency and had the ability to paralyze the entire
network.
  The ARD television network said a flaw in the network's security system
allowed the hackers to enter the network from May to September.
  Hackers are computer enthusiasts who often try to break into private computer
systems for the challenge or for criminal gain.
  The NASA system connects more than 1,600 computers worldwide that share
information on space research, nuclear physics and molecular biology, ARD said
in a report broadcast Tuesday night. The network includes U.S. atomic research
facilities in Los Alamos, N.M.
  In Washington, the National Aeronautics and Space Administration said in a
statement that the tapped network provides unclassified information to
university and industry researchers.
  "We know of no classified information which can be accessed through the
network," the statement said.
  The statement said NASA uses a number of computer networks with varying
degrees of security to provide "appropriate inviduals" with access to data.
  The Hamburg-based magazine Stern reported information similar to the ARD
report in an advance telexed to news media Tuesday.
  "When I saw "Welcome to the NASA headquarters . . . installation' on my
screen, I was a little shocked, to say the least," the magazine quoted one
youth as saying.
  The Hamburg-based "Chaos Computer Club" said in a statement to news media
Tuesday that the youths turned to the club for help when they realized the
enormity of their discovery.
  The statement said the hackers penetrated the network to show the
"unbelievable weaknesses" of the security system and had no interest in the
secret data.
  The reports did not say how many hackers were involved or where they lived.
  Stern said the youths obtained NASA memos to employees on daily space shuttle
program updates and on how to deal with the media.
  The magazine, quoting one youth's records of computer transactions, said the
hackers were able to read users' electronic mail and had the ability to
paralyze the entire network.
  In one of the most serious security breaches, the hackers obtained NASA
information on space shuttle projects, computer security studies and rocket
boosters, the television network said.
  Scientists in at least eight other countries besides the United States are
linked to the computer network. Stern said the system is called the "Space
Physics Analysis Network," or SPAN.
  Michael Butz, a spokesman for the West German Interior Ministry, said his
office had no information about the incidents. The Interior Ministry supervises
many police functions in West Germany.
  In addition to the NASA computers, the hackers gained access to computers at
some of Europe's most sophisticated research institutions, including the
European Space Agency in Darmstadt, West Germany; the European Nuclear Research
Center in Geneva, an the European Laboratory for Molecular Biology in
Heidelberg, West Germany.
  Lennart Philipson, director of the molecular biology laboratory, said the
institute is re-evaluating its use of the computer network.
  "We are considering whether we should restrict our exchange of data with
other institutes, even if that might hinder our research," Philipson told ARD.
  The hackers said they gained access to the NASA computers by asking for files
stored under such key words as "shuttle," "challenger," and "secret," ARD said.
  Under those categories, the hackers said they saw data reports on "Shuttle C
Study Contracts," a "System Security Study" on computer security, and a study
on "Booster Rocket Incidents," the television network said.
  The hackers described a step-by-step process of gaining more and more access
to the network's computers until they achieved "unlimited access" to all data
banks and the ability to "manipulate at will" all information stored there,
according to ARD.
  ARD said the hackers provided more than 200 pages of documents pertaining to
entry into the NASA computers for Tuesday night's television broadcast.
  The computer club said the penetration was discovered in August and all
organizations who use the network were notified.
  So far, no charges have been filed in the case.
  Justice Ministry spokesman Henning Gehl said the hackers' actions are
punishable by up to three years in prison and fines. 

------------------------------

End of RISKS-FORUM Digest
************************