VIRUS-L Digest Monday, 21 Nov 1988 Volume 1 : Issue 16 Today's Topics: "hacker" paper anncmnt CSI [who?] Standpoint on Internet worm Correction on previous posting (V1 I14) Nightline Transcript available RE: Letter to U.S. attorneys Re: Viruses doing hardware damage RE:Can virii cause hardware damage (1) Military virus targets; (2) voting fraud by computer. --------------------------------------------------------------------------- Date: Mon, 21 Nov 88 02:19 CST From: Gordon Meyer Subject: "hacker" paper anncmnt I've been enjoying the on-going debates about just who and what hackers are. I've devoted quite a bit of time and energy studying this question and I thought I'd make some of the results available to those of you that might be interested. I am in the process of writing a Master's thesis on the social organization of the computer underground. It's a participant observation/ethnographic project, so the conclusions I draw and the illustrations I present are taken from the hackers, phreakers, and pirates themselves....not the media and other usual sources. The paper I have available (about 10 pages) is a revision of a work-in-progress presentation made earlier this month. Titled "Hackers, Phreakers, and Pirates: The Semantics of the Computer Underground"<{ it discusses the use of such terms and offers some classification guidelines in order to help resolve the "anyone with a modem is a hacker" finger-pointing that often occurs. If you would like a copy please respond directly to me, not this list. Your feedback and criticisms are most welcome as well. - -=->G<-=- PS: This note is being cross posted to Virus-l and Ethics-l. Gordon R. Meyer, Dept of Sociology, Northern Illinois University. GEnie: GRMEYER CIS: 72307,1502 Phone: (815) 753-0365 Bitnet: tee-kay-zero-gee-are-em-one at enn-eye-you Disclaimer: Grad students don't need disclaimers! I'll have an opinion when I get my degree. - --- BE YE NOT LOST AMONG PRECEPTS OF ORDER... (book of Uterus) --- ------------------------------ Date: Mon, 21 Nov 88 10:15:36 EST From: roskos@ida.org (Eric Roskos) Subject: CSI [who?] Standpoint on Internet worm > In the > wake of the recent attack of the ARPANET virus, it was necessary > to close down our usual computer operations and devote _______ > hours of debugging and testing before we could safely resume > normal operation. > > This represents a significant interruption of our business, and > deprived us of an estimated $_______ of employee time. This past Saturday evening's "Communications World" broadcast on the Voice of America devoted a significant amount of time to discussing the Internet virus. An interesting point, made by an AT&T researcher who was interviewed by VOA, was that the ARPAnet began as a research network (note the "R" in ARPA), which unfortunately many people had become dependent on despite the fact that its software was not designed for this type of usage. This is, in fact, why the ARPAnet per se is being discontinued, to be replaced by other networks; to quote from the bulletin "Death of the ARPAnet and Other Paranoia," published by the management of the ARPAnet, > In addition to being heavily loaded, the ARPANET is no longer able to > support its other prime function, that of a research base. To conduct > any kind of experiment on the ARPANET causes too much service > disruption to the community. The solution to this, the authors (Mark Pullen and Brian Boesch of DARPA) say, is "to eliminate the source of the problem" by "outgrowing" the current network, replacing it with an "experimental" network, funded by DARPA to promote network research, and an "operational" network, paid for by the users and run by a contractor. [Note: the complete text of this bulletin was posted by its authors to the Usenet's TCP-IP newsgroup a few months ago.] In fact, if one carefully reads the regulations for use of the ARPAnet, and then considers how the ARPAnet is used in practice, it is much easier to see why the above recommended letter is simplistic. Given this fact, and the fact that the author of the virus clearly did not intend to do damage, and in fact was successful at causing a service degradation only at sites which had not corrected known security problems in their software, the proposed actions seem somewhat extreme; it seems as if the suspected author of the virus is being made a "scapegoat" for the unknown authors of the many intentionally harmful and malicious viruses. This is not intended to advocate the writing of such viruses. However, considering especially that all the blame has fallen on the virus writer, and seemingly none on the programmer who coded the "back door" into Sendmail -- and which could be and perhaps may have been used to gain access to systems many times before this virus publicized its existence -- the recommended letter seems somewhat extreme. Overreaction, rather than straightforward correction of the technical problems involved, might have the undesirable side effect of denying beneficial research environments and communication provided to the research community via the ARPAnet, of which the VIRUS-L mailing list is just one example. DISCLAIMERS: The above is my personal opinion, and does not necessarily reflect the opinion of my employer nor those with whom my employer does business. The comments describing the ARPAnet and its research function are based on my current understanding of its role in the research community, and do not necessarily reflect the position of DARPA or the management of the ARPAnet. ------------------------------ Date: 21 Nov 1988 11:09:29-WET From: Julian Daley Subject: Correction on previous posting (V1 I14) SORRY ! That message was posted to the WRONG LIST. I am _very_ embarressed 8-( If anybody IS interested in chaos try the frac-l list which is held by the listserv @ gitvm1 ( where I was trying to send the last message !) Many apologies (the worm must have got to my brain), Julian. [Ed. My apologies also, for letting it slip by...] ------------------------------ Date: Mon, 21 Nov 88 10:55:55 EST From: Scott Earley Subject: Nightline Transcript available After reading Doug Hunt's msg about Koppel I made an investigation worth sharing. Permission was granted by a telemarketer for this: Show title: Computer Viruses Air Date: Nov 10, 1988 Send $3.00 to Nightline Broadcasts 267 Broadway NY, NY 10007 or phone 212 227-7323 for credit card orders (Doug, I had them verify this date TWICE :-) [Ed. Thanks for the info, Scott; I wonder whether they have transcripts available on 5 1/4 " disk... :-) ] ------------------------------ Date: Mon, 21 Nov 88 12:34 EST From: Chris Bracy Subject: RE: Letter to U.S. attorneys > 1. Send a letter to your local U.S. attorneys recommending > that the ARPANET virus situation be prosecuted to the full extent > of the law. It may even be appropriate that your organization > take some form of independent legal action in this case; and, > > 2. Send a letter to your state and federal legislators > requesting that they aggressively pursue the development of > effective computer crime legislation. You might even offer to > help evaluate drafts of pending bills. Attached are sample of > letters you may wish to use as models to get this message to your > local U.S. attorneys and your legislators. This will insure that only those people with actual criminal intent will write a virus. And that the code is better written so it cant be found as easily. Yes damage was done. Many man hours of work was lost. But if you think about it, it could have been much, much worse. If harm was intended, it was very easy to do. But the intent was obviously not harm. This just showed us that we have to be more careful. We can't legislate computer security, we have to program it in. Chris. *==============================*======================================* | Chris A. Bracy | Student Consultant | | (215) 758-4141 | Lehigh University Computing Center | | Kcabrac@Vax1.cc.Lehigh.Edu | Fairchild Martindale Bldg. 8B | | Kcabrac@LehiCDC1.Bitnet | Lehigh University | | CAB4@Lehigh.Bitnet | Bethlehem, PA 18015 | *==============================*======================================* ------------------------------ Date: Mon, 21 Nov 88 12:30:28 EST From: Jim McIntosh Subject: Re: Viruses doing hardware damage > I believe I've read somewhere that viruses can cause hardware >problems, like drives to fail. Does anyone know what the specific >problem with the drives could be if a virus would do this(cause one to >fail.)? If someone could get damaging code executed on my machine it could damage data stored on hardware in such a way as to appear to be a hardware error. I have all VM priviledge classes, and can link to fullpack minidisks that include system areas. A good virus could issue the DIRECT command, thereby preventing anyone from logging on, and then issue some links and then do some physical I/O's to wipe out areas like the VTOC on our disk packs. We would get disk errors (NO RECORD FOUND, etc) which could appear to be hardware errors, and if we tried to re-IPL we would find that the system would be dead. It might take some time to discover that that it was a virus, and not a disk controller error (for example). ------------------------------ Date: Mon, 21 Nov 88 13:14 EST From: Steve Okay Subject: RE:Can virii cause hardware damage >From: Ain't no livin' in a Perfect World. >Subject: Can viruses cause hardware damage? > > I believe I've read somewhere that viruses can cause hardware >problems, like drives to fail. Does anyone know what the specific >problem with the drives could be if a virus would do this(cause one to >fail.)? >Tom Kummer This has been kicked around on here before and I believe that the general consensus was "yes", but in a sort of roundabout way. That is to say, they can' t damage hardware directly, but by some rather clever programming. Also I don't recall any of the affirmative messages mentioning anything about a virus program doing the damage. Most, if I recall correctly, were just singular, albeit still destructive, programmings. To wit are several notices below from VIRUS-L of the recent past. #1:: From: "JOHN D. WATKINS" Subject: kill that drive! On the subject of damaging disk drives, a couple months ago I read (I think in Computers & Society Digest) about a prank you could play with drives; you figure out a good resonant frequency for the drive, then make the head(s) seek at just that rate. The drive starts vibrating (relatively) violently, enough so that it creeps across the floor, possibly unplugging itself and certainly puzzling the operators in the morning! I believe that this referred to mainframe drives, but it has interesting possibilities for micros as well; if you could make a drive vibrate for long enough you might be able to throw it out of alignment or something evil like that... Kevin #2: From: GREENY Subject: even *MORE* on hardware damage All this talk of "programs" causing damage to hardware has caused a few of the ole cobwebs to clear out of the history section of my brain which caused a story that I heard a long long time ago in a CS101 class to surface.. "...It seems that a programmer who delighted in taking excessively long lunch hours discovered a way to shut down the computer for hours at a time. It happened that the programmer -- in those days also being somewhat of an Electrical Engineer -- discovered exactly which MAGNETIC CORE was closest to the High-Temp shutdown sensor, and wrote a program which continously wrote an alternating pattern of binary 0's and 1's to *THE* core, until it got hot enough to trigger the High-Temp shutdown sensor. The sensor, being decieved into thinking that the entire machine was overheating, promptly shut it down" ...An oldie, but a goodie... Bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@cunyvm.cuny.edu Disclaimer: If you happen to still have some core memory machines being used and you pull this trick -- forget where you read this!:-> - -----------------------End Appended Messages------------------------------ Hope that Helps..... - ---Steve - ------------- Steve Okay/ACS045@GMUVAX.BITNET/acs045@gmuvax2.gmu.edu/CSR032 on The Source "Too Busy to think of a clever and witty Disclaimer" ------------------------------ Date: Mon, 21 Nov 88 08:44 EDT From: Jim Cerny Subject: (1) Military virus targets; (2) voting fraud by computer. Here are a couple of thoughts after virus/worm events of the last couple of weeks. BTW, I much appreciate the "reprinting" of selected items from RISKS and other lists that contain items of interest to VIRUS-L subscribers because I already attempt to scan too many list as it is. Military virus targets. - ---------------------- Even if the recent virus, or some other virus, did hit some military systems, I doubt that we would know it. Experience of the last decades shows that the federal government would go to great lengths to cover up such a fact. It would be classified before you could press RETURN! Another thought. If I worked for a technologically-advanced, hostile country and wanted to do evil things to the US military capability, it seems to me that very-early-on in a brainstorming session I'd have the idea of building my virus/worm/whatever-you-call-it into the actual chips that would be manufactured into the computer. I believe the military uses chips from the usual Asian source countries. If you say, nah, this could not happen, consider the problems being caused by counterfeit bolts. Asian suppliers are flooding the US with low-performance bolts made to look like high performance bolts and some of these have been built into military equipment. Now, it seems to me that the "correctness" of a bolt is relatively easy to do testing on, compared to a chip! Voting fraud by computer. - ------------------------ Coincident with all the uproar over the recent Unix-penetrating virus, there was an article published in The New Yorker, November 7, 1988, by Ronnie Dugger, titled "Annals of Democracy: Voting by Computer." The gist of the article is that computers are being used more and more to count votes, yet there are tremendous risks for rigging elections and that this strikes at the heart of our democracy. In the long run I think this is a much more vital and important topic than the occasional virus that gets loose and generates great publicity. The vote rigging might not be done by a VIRUS, but I think this is a subject that may interest many VIRUS-L subscribers. If this is discussed on RISKS, I'd appreciate it if a RISK subscriber would forward to me a copy of any such voter-fraud-by-computer comments. Jim Cerny, University Computing, University of New Hampshire J_CERNY@UNHH (BITNET) .. uunet!unh!jwc (UUCP) ------------------------------ End of VIRUS-L Digest *********************