VIRUS-L Digest              Monday, 21 Nov 1988         Volume 1 : Issue 16

Today's Topics:
"hacker" paper anncmnt
CSI [who?] Standpoint on Internet worm
Correction on previous posting (V1 I14)
Nightline Transcript available
RE: Letter to U.S. attorneys
Re: Viruses doing hardware damage
RE:Can virii cause hardware damage
(1) Military virus targets; (2) voting fraud by computer.

---------------------------------------------------------------------------

Date:    Mon, 21 Nov 88 02:19 CST
From:    Gordon Meyer  <TK0GRM1@NIU>
Subject: "hacker" paper anncmnt

I've been enjoying the on-going debates about just who and what
hackers are.  I've devoted quite a bit of time and energy studying
this question and I thought I'd make some of the results available to
those of you that might be interested.

I am in the process of writing a Master's thesis on the social
organization of the computer underground.  It's a participant
observation/ethnographic project, so the conclusions I draw and the
illustrations I present are taken from the hackers, phreakers, and
pirates themselves....not the media and other usual sources.

The paper I have available (about 10 pages) is a revision of a
work-in-progress presentation made earlier this month.  Titled
"Hackers, Phreakers, and Pirates: The Semantics of the Computer
Underground"<{ it discusses the use of such terms and offers some
classification guidelines in order to help resolve the "anyone with a
modem is a hacker" finger-pointing that often occurs.

If you would like a copy please respond directly to me, not this
list.
Your feedback and criticisms are most welcome as well.
- -=->G<-=-

PS: This note is being cross posted to Virus-l and Ethics-l.

Gordon R. Meyer, Dept of Sociology, Northern Illinois University.
GEnie: GRMEYER  CIS: 72307,1502  Phone: (815) 753-0365
Bitnet: tee-kay-zero-gee-are-em-one at enn-eye-you
Disclaimer: Grad students don't need disclaimers!
           I'll have an opinion when I get my degree.
- --- BE YE NOT LOST AMONG PRECEPTS OF ORDER... (book of Uterus) ---

------------------------------

Date: Mon, 21 Nov 88 10:15:36 EST
From: [email protected] (Eric Roskos)
Subject: CSI [who?] Standpoint on Internet worm

> In the
> wake of the recent attack of the ARPANET virus, it was necessary
> to close down our usual computer operations and devote _______
> hours of debugging and testing before we could safely resume
> normal operation.
>
> This represents a significant interruption of our business, and
> deprived us of an estimated $_______ of employee time.

This past Saturday evening's "Communications World" broadcast on the
Voice of America devoted a significant amount of time to discussing
the Internet virus.

An interesting point, made by an AT&T researcher who was interviewed
by VOA, was that the ARPAnet began as a research network (note the "R"
in ARPA), which unfortunately many people had become dependent on
despite the fact that its software was not designed for this type of
usage.  This is, in fact, why the ARPAnet per se is being
discontinued, to be replaced by other networks; to quote from the
bulletin "Death of the ARPAnet and Other Paranoia," published by the
management of the ARPAnet,

> In addition to being heavily loaded, the ARPANET is no longer able to
> support its other prime function, that of a research base.  To conduct
> any kind of experiment on the ARPANET causes too much service
> disruption to the community.

The solution to this, the authors (Mark Pullen and Brian Boesch of
DARPA) say, is "to eliminate the source of the problem" by
"outgrowing" the current network, replacing it with an "experimental"
network, funded by DARPA to promote network research, and an
"operational" network, paid for by the users and run by a contractor.
[Note: the complete text of this bulletin was posted by its authors to
the Usenet's TCP-IP newsgroup a few months ago.]  In fact, if one
carefully reads the regulations for use of the ARPAnet, and then
considers how the ARPAnet is used in practice, it is much easier to
see why the above recommended letter is simplistic.

Given this fact, and the fact that the author of the virus clearly did
not intend to do damage, and in fact was successful at causing a
service degradation only at sites which had not corrected known
security problems in their software, the proposed actions seem
somewhat extreme; it seems as if the suspected author of the virus is
being made a "scapegoat" for the unknown authors of the many
intentionally harmful and malicious viruses.

This is not intended to advocate the writing of such viruses.
However, considering especially that all the blame has fallen on the
virus writer, and seemingly none on the programmer who coded the "back
door" into Sendmail -- and which could be and perhaps may have been
used to gain access to systems many times before this virus publicized
its existence -- the recommended letter seems somewhat extreme.
Overreaction, rather than straightforward correction of the technical
problems involved, might have the undesirable side effect of denying
beneficial research environments and communication provided to the
research community via the ARPAnet, of which the VIRUS-L mailing list
is just one example.

DISCLAIMERS: The above is my personal opinion, and does not
necessarily reflect the opinion of my employer nor those with whom my
employer does business.  The comments describing the ARPAnet and its
research function are based on my current understanding of its role in
the research community, and do not necessarily reflect the position of
DARPA or the management of the ARPAnet.

------------------------------

Date:     21 Nov 1988 11:09:29-WET
From:     Julian Daley <[email protected]>
Subject:  Correction on previous posting (V1 I14)

SORRY !  That message was posted to the WRONG LIST.
I am _very_ embarressed 8-(
If anybody IS interested in chaos try the frac-l list
which is held by the listserv @ gitvm1  ( where I was
trying to send the last message !)
Many apologies (the worm must have got to my brain),
Julian.

[Ed. My apologies also, for letting it slip by...]

------------------------------

Date:         Mon, 21 Nov 88 10:55:55 EST
From:         Scott Earley <SCOTT@BITNIC>
Subject:      Nightline Transcript available

After reading Doug Hunt's msg about Koppel I made an investigation
worth sharing.  Permission was granted by a telemarketer for this:

Show title:  Computer Viruses
Air Date:    Nov 10, 1988

Send $3.00 to Nightline Broadcasts
             267 Broadway
             NY, NY 10007

or phone 212 227-7323 for credit card orders

(Doug, I had them verify this date TWICE :-)

[Ed. Thanks for the info, Scott; I wonder whether they have
transcripts available on 5 1/4 " disk...  :-) ]

------------------------------

Date: Mon, 21 Nov 88 12:34 EST
From: Chris Bracy <[email protected]>
Subject: RE: Letter to U.S. attorneys

>       1. Send a letter to your local U.S. attorneys recommending
>    that the ARPANET virus situation be prosecuted to the full extent
>    of the law.  It may even be appropriate that your organization
>    take some form of independent legal action in this case; and,
>
>       2. Send a letter to your state and federal legislators
>    requesting that they aggressively pursue the development of
>    effective computer crime legislation.  You might even offer to
>    help evaluate drafts of pending bills.  Attached are sample of
>    letters you may wish to use as models to get this message to your
>    local U.S. attorneys and your legislators.

This will insure that only those people with actual criminal intent
will write a virus.  And that the code is better written so it cant be
found as easily.

Yes damage was done.  Many man hours of work was lost.  But if you
think about it, it could have been much, much worse.  If harm was
intended, it was very easy to do.  But the intent was obviously not
harm.

This just showed us that we have to be more careful.  We can't
legislate computer security, we have to program it in.

Chris.


*==============================*======================================*
|       Chris A. Bracy         |         Student Consultant           |
|       (215) 758-4141         |  Lehigh University Computing Center  |
|  [email protected]  |    Fairchild Martindale Bldg.  8B    |
|   [email protected]    |           Lehigh University          |
|       [email protected]     |          Bethlehem, PA 18015         |
*==============================*======================================*

------------------------------

Date:         Mon, 21 Nov 88 12:30:28 EST
From:         Jim McIntosh <MCINTOSH%[email protected]>
Subject:      Re: Viruses doing hardware damage

>     I believe I've read somewhere that viruses can cause hardware
>problems, like drives to fail.  Does anyone know what the specific
>problem with the drives could be if a virus would do this(cause one to
>fail.)?

If someone could get damaging code executed on my machine it could
damage data stored on hardware in such a way as to appear to be a
hardware error.  I have all VM priviledge classes, and can link to
fullpack minidisks that include system areas.  A good virus could
issue the DIRECT command, thereby preventing anyone from logging on,
and then issue some links and then do some physical I/O's to wipe out
areas like the VTOC on our disk packs.

We would get disk errors (NO RECORD FOUND, etc) which could appear to
be hardware errors, and if we tried to re-IPL we would find that the
system would be dead.  It might take some time to discover that that
it was a virus, and not a disk controller error (for example).

------------------------------

Date:     Mon, 21 Nov 88 13:14 EST
From:     <ACS045@GMUVAX> Steve Okay
Subject:  RE:Can virii cause hardware damage

>From:     Ain't no livin' in a Perfect World. <KUMMER@XAVIER>
>Subject:  Can viruses cause hardware damage?
>
>     I believe I've read somewhere that viruses can cause hardware
>problems, like drives to fail.  Does anyone know what the specific
>problem with the drives could be if a virus would do this(cause one to
>fail.)?
>Tom Kummer

This has been kicked around on here before and I believe that the
general consensus was "yes", but in a sort of roundabout way.  That is
to say, they can' t damage hardware directly, but by some rather
clever programming.  Also I don't recall any of the affirmative
messages mentioning anything about a virus program doing the damage.
Most, if I recall correctly, were just singular, albeit still
destructive, programmings.  To wit are several notices below from
VIRUS-L of the recent past.

#1::
From:         "JOHN D. WATKINS" <WATKINS@UCRVMS>
Subject:      kill that drive!

 On the subject of damaging disk drives, a couple months ago I read
(I think in Computers & Society Digest) about a prank you could play
with drives; you figure out a good resonant frequency for the drive,
then make the head(s) seek at just that rate.  The drive starts
vibrating (relatively) violently, enough so that it creeps across the
floor, possibly unplugging itself and certainly puzzling the operators
in the morning!
 I believe that this referred to mainframe drives, but it has
interesting possibilities for micros as well; if you could make a
drive vibrate for long enough you might be able to throw it out of
alignment or something evil like that...

  Kevin

#2:
From:         GREENY <MISS026@ECNCDC>
Subject:      even *MORE* on hardware damage

All this talk of "programs" causing damage to hardware has caused a
few of the ole cobwebs to clear out of the history section of my brain
which caused a story that I heard a long long time ago in a CS101
class to surface..

"...It seems that a programmer who delighted in taking excessively
long lunch hours discovered a way to shut down the computer for hours
at a time.  It happened that the programmer -- in those days also
being somewhat of an Electrical Engineer -- discovered exactly which
MAGNETIC CORE was closest to the High-Temp shutdown sensor, and wrote
a program which continously wrote an alternating pattern of binary 0's
and 1's to *THE* core, until it got hot enough to trigger the
High-Temp shutdown sensor.  The sensor, being decieved into thinking
that the entire machine was overheating, promptly shut it down"

...An oldie, but a goodie...

Bye for now but not for long
Greeny

Bitnet: miss026@ecncdc
Internet: miss026%[email protected]
Disclaimer: If you happen to still have some core memory machines
  being used and you pull this trick -- forget where you read this!:->

- -----------------------End Appended Messages------------------------------

Hope that Helps.....
- ---Steve
- -------------
Steve Okay/[email protected]/[email protected]/CSR032 on The Source

               "Too Busy to think of a clever and witty Disclaimer"

------------------------------

Date:     Mon, 21 Nov 88 08:44 EDT
From:     <J_CERNY@UNHH> Jim Cerny
Subject:  (1) Military virus targets; (2) voting fraud by computer.

Here are a couple of thoughts after virus/worm events of the last
couple of weeks.  BTW, I much appreciate the "reprinting" of selected
items from RISKS and other lists that contain items of interest to
VIRUS-L subscribers because I already attempt to scan too many list as
it is.

Military virus targets.
- ----------------------
Even if the recent virus, or some other virus, did hit some military
systems, I doubt that we would know it.  Experience of the last
decades shows that the federal government would go to great lengths to
cover up such a fact.  It would be classified before you could press
RETURN!

Another thought.  If I worked for a technologically-advanced, hostile
country and wanted to do evil things to the US military capability, it
seems to me that very-early-on in a brainstorming session I'd have the
idea of building my virus/worm/whatever-you-call-it into the actual
chips that would be manufactured into the computer.  I believe the
military uses chips from the usual Asian source countries.  If you
say, nah, this could not happen, consider the problems being caused by
counterfeit bolts.  Asian suppliers are flooding the US with
low-performance bolts made to look like high performance bolts and
some of these have been built into military equipment.  Now, it seems
to me that the "correctness" of a bolt is relatively easy to do
testing on, compared to a chip!

Voting fraud by computer.
- ------------------------
Coincident with all the uproar over the recent Unix-penetrating virus,
there was an article published in The New Yorker, November 7, 1988, by
Ronnie Dugger, titled "Annals of Democracy: Voting by Computer."  The
gist of the article is that computers are being used more and more to
count votes, yet there are tremendous risks for rigging elections and
that this strikes at the heart of our democracy.  In the long run I
think this is a much more vital and important topic than the
occasional virus that gets loose and generates great publicity. The
vote rigging might not be done by a VIRUS, but I think this is a
subject that may interest many VIRUS-L subscribers.  If this is
discussed on RISKS, I'd appreciate it if a RISK subscriber would
forward to me a copy of any such voter-fraud-by-computer comments.

 Jim Cerny, University Computing, University of New Hampshire
 J_CERNY@UNHH  (BITNET)
 .. uunet!unh!jwc   (UUCP)

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.