Copy Link
Add to Bookmark
Report
Tolmes News Service 31
#######################################
# #
# #
# ======== =\ = ====== #
# == = \ = = #
# == = \ = ====== #
# == = \ = = #
# == = \= ====== #
# #
# #
# <Tolmes News Service> #
# ''''''''''''''''''''' #
# #
# #
# > Written by Dr. Hugo P. Tolmes < #
# #
# #
#######################################
Issue Number: 31
Release Date: March 12, 1988
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
This entire issue will concern itself with one article. The article comes out
of the New York Times. Section #3. Pages 1 and 8. The date of the article is
January 31, 1988.... the main topic of the article: computer viruses.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
* Computer Systems Under Siege *
'Virus' programs that can elude most barriers have begun to infect computers
around the world.
by Vin McLellan
BOSTON
It could be a science-fiction nightmare come to life. In the last nine months,
computer viruses- which could subvert, alter or destroy programs of banks,
corporations, the military and the Government- have infected personal
computer programs at several corporations and universities in the
United States as well as in Israel, West Germany, Switzerland, Britain and
Italy.
Security experts say they fear terrorists, hackers or even practical
jokers could invent viruses that would wreak havoc in the computer world- and
in the business and military operations that have become so dependant on it.
"The dangers of viruses and some of these other computer attacks are
just unbelievable," said Donald Latham, executive vice president of the
Computer Sciences Corporation and former Assistant Secretary of Defense
who ran a Reagan Administration program to increase security in civilian
and Government computer systems. "The threat is more serious than most people
think; no one can say enought about it."
Like its biological counterpart, a computer virus can be highly
contagious. It has the capability of instantaneously cloning a copy of
itself and then burying those copies inside other programs. All infected
programs then become contagious and the viruse passes to other computers that
the software comes into contact with. Virus infections also can be
transmitted between computers over telephone lines. A single strategically
placed computer with an infected memory- say a personal computer
bulletin board - can rapidly infect thousands of small computer systems.
The most virulent outbreaks so far have occurred in personal computers.
But security experts say the greatest risk would come from infected large
computers, such as those governing the air traffic controllers' system or the
Internal Revenue Service.
"The basic rule is, where information can go, a virus can go with,"
said Fred Cohen, a University of Cincinnati professor who has been doing
research oruses since 1983.
According to Dr. Cohen, research that he did in 1983 and 1984 has shown
that most mainframe computers can successfully be subverted within an
hour. And networks- even a huge international network with thousands of
computers spread over continents- can be opened up to an illicit intruder
within days, he said. The possibility of computer networks becoming a primary
medium for subverion and warfare- the "softwar" depicted in a dozen classic
science-fiction thrillers- "has become much more real," Dr. Cohen said.
What further complicates the problem is the fact that the virus can
evade the normal controls and barriers that all computers, even those at
secure military installations, use to control who has access to information
availiable through the computers.
"A viruse is deadly because it can jump- actually slide right through -
the barriers everyone uses to control access to valuable information," said
Kenneth Weiss, technical director at Security Dynamics Technology Inc., a
computer security company in Cambridge, Mass., and chairman of the computer
security division of the American Defense Preparedness Association. "The
solution is to put a wall with good solid gates around the jungle- most
computers still have the equivalent of a sleepy guard at the door. But the
larger problem is how to secure the system against people who have
legitimate work inside."
One of the early warnings about the threat of computer viruses was
raised in a paper given by Dr. Cohen at a computer conference in Toronto in
September, 1984. It drew wider public attention in March 1985, when
Scientific American magazine published a letter from two Italien programers in
the Computer Recreations column that gave a virtual blueprint for virus that
could attack small personal computers.
Only in the last nine months, however, have actual reports surfaced
concerning virus infections, including infections striking poersonal computer
programs used by I.B.M. employess on the East Coast, and others at
Hewlett-Packard, Apple Computer and several small companies in the San
Francisco area, according to security consultants.
College administrators report widespread virus infection in personal
computers used by students and faculty at the University of Delaware and
Lehigh University in Bethlehem, Pa. Other reports of infections have come
from the University of Pittsburge, the University of Maryland and George
Washington University. Personal computer userr groups have also reported
infections in Florida, Colorado, new Jersey and New York.
"It's apparently going to be the game this year to see who can come up
with the deadliest virus," said Dennis Steinaur, a senior security specialist
at the National Bureau of Standards, which promotes computer security in
npn-military Federal agencies and the private sector. "We're all very
vulnerable."
Yet he said that the bureau planned no immediate recommendation on
the virus threat. "With limiteed resources," he said,"we like to put our
priorities in areas wheresolution.
Other reports of viruses are coming in from other areas. Security experts
aat SRI International in Palo Alto, Calif. recently said they had learned
of a mainframe computer in San Francisco area being subverted by a virus.
Computer & Security, the journal of the security group IFIPS, a leading
international association of computer professionals, last winter reported
several major incidents of virus attacks on big mainframe systems "in
Wesstern Europe." Rumors regarding an alleged virus attack on two IRS Univac
computers in Philadelphia two weeks ago have been vehemently denied by IRS
officials. The system was taken offline they said, strictly for maintaneance.
Viruses now circulating in the Unitesd States were designed to
eventually destroy data in IBM and compatible personal computers, the
Appple Macintosh and Commodore Technology's Amiga, according to a
company officials and employees. In almost all o the reported cases, the
virus codes were overtly malicious.
One of the most troubling reports has come from Israel where an
infectioous virus code was spread widely over a two-month period last fall
and was apparently intended as a weapon of political protest. The code
contained a "timebomb" that on Friday, May 13, 1988, would have caused
infected programs to berase all stored files, according to Yuval Rakavy, a
student at Hebrew University, who first discovered, then dismantled the virus
code.
May 13 will be the 40th anniversary of the last day Palestine existed
as a political entity. Israel declared itself independant on May 14, 1948.
Mr. Rakavy said there had been rumors, that a virus was cirucalting in
Israel vefore he was asked on Dec. 30 to help a friend understand why his
personal computer was not working properly. When I got to see it," he
said, "I knew immediately what it was, I've known about viruses for several
years.," he added, referring to the Scientific American letter.
While it awaited its May 13 trigger date, said Mr. Rakavy, the Israeli
virus was already instructing the computer to slow to one-fifth its normal
speed some 30 minutes after it was turned on, and from "time to time put
garbage on the screen."
Yet it was not the irritation with the speed or screen problems that
finally called attention to the infected code, said Shmuel Peleg, a
professor of computer science at Hebrew University. The "code bomb" was only
discovered because of an error in the virus program caused it to mistake
previously infected programs as uninfected. Then, in error, it would
add another copy of itself to the program. "Supposedly unmodified programs were growing," floding disk
memories, he said. "We had programs which had been infected 300,400 times."
A spokkesman for Hebrew University, Yisrael Radai, called the
infection "the most devastating thing we have come across." He said ,"
thousands of computer files were at risk."
Israeli officials suggested a"Friday the 13th" coincidence, but Mr.
Rakavy said the virus was codcded to ignore Nov. 13, 1987. At the timeion, the Israeli press quoted many Israeli computer executives who
spoke of panic among cutomers and peers. That concern is still being
voiced, although the Israelis have widely cirulated an immunity program to kill
the virus.
Richard Schwartz, a visce president of ANSA Borland International Inc.,
a software company in Belmont, Calif. said he was visiting Israel at the end
f the year and was given software samples by an Israeli programmer. Days
later, he said the programmer called, warning that the program contained the
Isreali virus. "We were going to play wih the virus here," said Mr.
Schwartz,"just to see how it worked. But I finally decided I didn't want to
take any risk."
"The viruse discovered at Lehigh University was typical of others that
have surfaced in the United States. It attached itself to a few lines of the
operating system used on the IBM PC'S that the college provides for
studentuse . It then counted the number of new magnetic memories- hard or
floppy disks- that it infected. When the count reached four, it immediately
erased all programs and data it could reach. "IT was pretty juvenile coding,"
said Kenneth van yk, a Lehigh administrator, "but students may have
lost a lot of work."
Another university-rbased virus raised more questions. Buried within
the code of the virus discovered at the University of Delaware was an apparent
ransom demand: "Computer users who disvcovered the virus were to send
$2,000 to an address in Pakistan to obtain an immunity program, according
to Harol Highland, an Elmont, N.Y. consultant who studies viruses. The
Pakistani contact was not identified.
"It's like a fantasy of being a terrorist without the blood," said Eric
Corley, editor of a national hacker newsletter, 2600, whose electionic
bulletin board was infected.
On a more theoretical level, viruses could bprovide weapons in
corporate infighting and ould affect production. "The classic scenario is a
vice president using a virus to taint the programs and tools the company the
company uses to paln and make projects, making the president look bad and
hoping that the'll replace him," Dr. Cohen said. "The same potentioal exists
among fighting among competing exeecutivess or competing comapnies. One
company could infect the process controller a competitor uses to govern
steel production- with the result that the steel would be of an inferior
grade. That sort of subtle sabotage could be very very difficult to
recognize."
Concern about viruses has spread well beyond the computer industry.
Officials at several affected colleges said they had been contacted by a
representitive from the National Security Agengency, the Pentagon agency
responsible for the security of classified Government computer systems and
electronic spying abroad, and asked for details about virus codes. Since 1985,
the N.S.A. and various military groups have spoken wi in several classified
conferences about the risk of virus attacks at Government computer
installations.
The first, at the National Bureau of Standards in Janua"pretty much of an 'ain't it awful' affaid," recalled Andrew Goldstein, a
senior consulting engineer at the Digital Equipment Corporation. "Then-
and still - I'M afraid, no one really knows what to do about viruses. None of
the existing mechanisms for security deal with them very well."
William H Murray, a security consultant at Ernst & Whinney and former
IBM spokesman on security issues, said efforst to contain viral infections
were hampered by "all the things you have to do in the face of a viral
attack.," such restricting the exchange and sharing of information. Those
things, he said, "are almost as disruptive as the attack."
Although he conceded that "there are no general defenses against the
virus attack," he stressed that this doesn't the worst will happen ." For
most people- even most businessmen - the world is a fairly benign place," he
said. "Most of us want the world to work, or the temptation to bring it
down is not so great that most people don't resist it."
He stressed that although "the virus vulnerability results from our
desire to share data and programs, vulnerabilities do not necessarily
equate to problems. We've got all sorts of vulnerabilityies in our socieity
that no one is exploiting."
One reason viruses can thrive is that industry has widely adopted
networks between compters to foster profitability , cooperation, and
information sharing, despite the fact that these links have generally
weakened security at each computer's point. Efforst to foster productivity
also led to widespread adoption of personal computers, byt that has
depended in large part on free distribution of thousands of public
doman programs.
There is a growing awareness of the virus threat among computer
professionals, in part because publicity about an automatic chain
letter that flooded a major IBM computer network late last year.
Written by a West German student, the device looked like a computerized
Christmas card. But when it was run, it secretly reached into computer files
and sent copies to everyone who had exchanged messages with the person
running it.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
NOTA:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Security experts say they fear terrorists, hackers or even practical
jokers could invent viruses that would wreak havoc in the computer world- and
in the business and military operations that have become so dependant on it."
Ohh... The fear of hackers is there as is the case with all viruses.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"The most virulent outbreaks so far have occurred in personal computers."
This is of course due to the trading of software and the downloading of public
domain software from bulletin boards.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"What further complicates the problem is the fact that the virus can
evade the normal controls and barriers that all n those at
secure military installations, use to control who has access to information
availiable through the computers."
Not really. The downloading of software and uploading of it can be controlled.
And anti-virus programs can be implemented.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"College administrators report widespread virus infection in personal
computers used by students and faculty at the University of Delaware and
Lehigh University in Bethlehem, Pa."
These reports have been covered in previous issues and will be covered in
future issues of TNS.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"'It's like a fantasy of being a terrorist without the blood,' said Eric
Corley, editor of a national hacker newsletter, 2600, whose electionic
bulletin board was infected."
2600 Magazine is the "Journal of the American Hacker." This magazine has been
covered in detail in previous issues of TNS. The viral infection on 2600's
bulletin board is unknown to me.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Other reports of viruses are coming in from other areas. Security
experts at SRI International in Palo Alto, Calif. recently said they had
learned of a mainframe computer in San Francisco area being subverted by a
virus."
Although SRI International was mentioned.. this article lacks a quote from
Donn Parker. Donn Parker is the main spokesman for SRI International and it
seems that whenever SRI is mentioned, Donn gets a quote... but not this time.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
.... well.. that's all for this issue of TNS. Later.
<Hugo>.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
