####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 31 Release Date: March 12, 1988 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ This entire issue will concern itself with one article. The article comes out of the New York Times. Section #3. Pages 1 and 8. The date of the article is January 31, 1988.... the main topic of the article: computer viruses. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ * Computer Systems Under Siege * 'Virus' programs that can elude most barriers have begun to infect computers around the world. by Vin McLellan BOSTON It could be a science-fiction nightmare come to life. In the last nine months, computer viruses- which could subvert, alter or destroy programs of banks, corporations, the military and the Government- have infected personal computer programs at several corporations and universities in the United States as well as in Israel, West Germany, Switzerland, Britain and Italy. Security experts say they fear terrorists, hackers or even practical jokers could invent viruses that would wreak havoc in the computer world- and in the business and military operations that have become so dependant on it. "The dangers of viruses and some of these other computer attacks are just unbelievable," said Donald Latham, executive vice president of the Computer Sciences Corporation and former Assistant Secretary of Defense who ran a Reagan Administration program to increase security in civilian and Government computer systems. "The threat is more serious than most people think; no one can say enought about it." Like its biological counterpart, a computer virus can be highly contagious. It has the capability of instantaneously cloning a copy of itself and then burying those copies inside other programs. All infected programs then become contagious and the viruse passes to other computers that the software comes into contact with. Virus infections also can be transmitted between computers over telephone lines. A single strategically placed computer with an infected memory- say a personal computer bulletin board - can rapidly infect thousands of small computer systems. The most virulent outbreaks so far have occurred in personal computers. But security experts say the greatest risk would come from infected large computers, such as those governing the air traffic controllers' system or the Internal Revenue Service. "The basic rule is, where information can go, a virus can go with," said Fred Cohen, a University of Cincinnati professor who has been doing research oruses since 1983. According to Dr. Cohen, research that he did in 1983 and 1984 has shown that most mainframe computers can successfully be subverted within an hour. And networks- even a huge international network with thousands of computers spread over continents- can be opened up to an illicit intruder within days, he said. The possibility of computer networks becoming a primary medium for subverion and warfare- the "softwar" depicted in a dozen classic science-fiction thrillers- "has become much more real," Dr. Cohen said. What further complicates the problem is the fact that the virus can evade the normal controls and barriers that all computers, even those at secure military installations, use to control who has access to information availiable through the computers. "A viruse is deadly because it can jump- actually slide right through - the barriers everyone uses to control access to valuable information," said Kenneth Weiss, technical director at Security Dynamics Technology Inc., a computer security company in Cambridge, Mass., and chairman of the computer security division of the American Defense Preparedness Association. "The solution is to put a wall with good solid gates around the jungle- most computers still have the equivalent of a sleepy guard at the door. But the larger problem is how to secure the system against people who have legitimate work inside." One of the early warnings about the threat of computer viruses was raised in a paper given by Dr. Cohen at a computer conference in Toronto in September, 1984. It drew wider public attention in March 1985, when Scientific American magazine published a letter from two Italien programers in the Computer Recreations column that gave a virtual blueprint for virus that could attack small personal computers. Only in the last nine months, however, have actual reports surfaced concerning virus infections, including infections striking poersonal computer programs used by I.B.M. employess on the East Coast, and others at Hewlett-Packard, Apple Computer and several small companies in the San Francisco area, according to security consultants. College administrators report widespread virus infection in personal computers used by students and faculty at the University of Delaware and Lehigh University in Bethlehem, Pa. Other reports of infections have come from the University of Pittsburge, the University of Maryland and George Washington University. Personal computer userr groups have also reported infections in Florida, Colorado, new Jersey and New York. "It's apparently going to be the game this year to see who can come up with the deadliest virus," said Dennis Steinaur, a senior security specialist at the National Bureau of Standards, which promotes computer security in npn-military Federal agencies and the private sector. "We're all very vulnerable." Yet he said that the bureau planned no immediate recommendation on the virus threat. "With limiteed resources," he said,"we like to put our priorities in areas wheresolution. Other reports of viruses are coming in from other areas. Security experts aat SRI International in Palo Alto, Calif. recently said they had learned of a mainframe computer in San Francisco area being subverted by a virus. Computer & Security, the journal of the security group IFIPS, a leading international association of computer professionals, last winter reported several major incidents of virus attacks on big mainframe systems "in Wesstern Europe." Rumors regarding an alleged virus attack on two IRS Univac computers in Philadelphia two weeks ago have been vehemently denied by IRS officials. The system was taken offline they said, strictly for maintaneance. Viruses now circulating in the Unitesd States were designed to eventually destroy data in IBM and compatible personal computers, the Appple Macintosh and Commodore Technology's Amiga, according to a company officials and employees. In almost all o the reported cases, the virus codes were overtly malicious. One of the most troubling reports has come from Israel where an infectioous virus code was spread widely over a two-month period last fall and was apparently intended as a weapon of political protest. The code contained a "timebomb" that on Friday, May 13, 1988, would have caused infected programs to berase all stored files, according to Yuval Rakavy, a student at Hebrew University, who first discovered, then dismantled the virus code. May 13 will be the 40th anniversary of the last day Palestine existed as a political entity. Israel declared itself independant on May 14, 1948. Mr. Rakavy said there had been rumors, that a virus was cirucalting in Israel vefore he was asked on Dec. 30 to help a friend understand why his personal computer was not working properly. When I got to see it," he said, "I knew immediately what it was, I've known about viruses for several years.," he added, referring to the Scientific American letter. While it awaited its May 13 trigger date, said Mr. Rakavy, the Israeli virus was already instructing the computer to slow to one-fifth its normal speed some 30 minutes after it was turned on, and from "time to time put garbage on the screen." Yet it was not the irritation with the speed or screen problems that finally called attention to the infected code, said Shmuel Peleg, a professor of computer science at Hebrew University. The "code bomb" was only discovered because of an error in the virus program caused it to mistake previously infected programs as uninfected. Then, in error, it would add another copy of itself to the program. "Supposedly unmodified programs were growing," floding disk memories, he said. "We had programs which had been infected 300,400 times." A spokkesman for Hebrew University, Yisrael Radai, called the infection "the most devastating thing we have come across." He said ," thousands of computer files were at risk." Israeli officials suggested a"Friday the 13th" coincidence, but Mr. Rakavy said the virus was codcded to ignore Nov. 13, 1987. At the timeion, the Israeli press quoted many Israeli computer executives who spoke of panic among cutomers and peers. That concern is still being voiced, although the Israelis have widely cirulated an immunity program to kill the virus. Richard Schwartz, a visce president of ANSA Borland International Inc., a software company in Belmont, Calif. said he was visiting Israel at the end f the year and was given software samples by an Israeli programmer. Days later, he said the programmer called, warning that the program contained the Isreali virus. "We were going to play wih the virus here," said Mr. Schwartz,"just to see how it worked. But I finally decided I didn't want to take any risk." "The viruse discovered at Lehigh University was typical of others that have surfaced in the United States. It attached itself to a few lines of the operating system used on the IBM PC'S that the college provides for studentuse . It then counted the number of new magnetic memories- hard or floppy disks- that it infected. When the count reached four, it immediately erased all programs and data it could reach. "IT was pretty juvenile coding," said Kenneth van yk, a Lehigh administrator, "but students may have lost a lot of work." Another university-rbased virus raised more questions. Buried within the code of the virus discovered at the University of Delaware was an apparent ransom demand: "Computer users who disvcovered the virus were to send $2,000 to an address in Pakistan to obtain an immunity program, according to Harol Highland, an Elmont, N.Y. consultant who studies viruses. The Pakistani contact was not identified. "It's like a fantasy of being a terrorist without the blood," said Eric Corley, editor of a national hacker newsletter, 2600, whose electionic bulletin board was infected. On a more theoretical level, viruses could bprovide weapons in corporate infighting and ould affect production. "The classic scenario is a vice president using a virus to taint the programs and tools the company the company uses to paln and make projects, making the president look bad and hoping that the'll replace him," Dr. Cohen said. "The same potentioal exists among fighting among competing exeecutivess or competing comapnies. One company could infect the process controller a competitor uses to govern steel production- with the result that the steel would be of an inferior grade. That sort of subtle sabotage could be very very difficult to recognize." Concern about viruses has spread well beyond the computer industry. Officials at several affected colleges said they had been contacted by a representitive from the National Security Agengency, the Pentagon agency responsible for the security of classified Government computer systems and electronic spying abroad, and asked for details about virus codes. Since 1985, the N.S.A. and various military groups have spoken wi in several classified conferences about the risk of virus attacks at Government computer installations. The first, at the National Bureau of Standards in Janua"pretty much of an 'ain't it awful' affaid," recalled Andrew Goldstein, a senior consulting engineer at the Digital Equipment Corporation. "Then- and still - I'M afraid, no one really knows what to do about viruses. None of the existing mechanisms for security deal with them very well." William H Murray, a security consultant at Ernst & Whinney and former IBM spokesman on security issues, said efforst to contain viral infections were hampered by "all the things you have to do in the face of a viral attack.," such restricting the exchange and sharing of information. Those things, he said, "are almost as disruptive as the attack." Although he conceded that "there are no general defenses against the virus attack," he stressed that this doesn't the worst will happen ." For most people- even most businessmen - the world is a fairly benign place," he said. "Most of us want the world to work, or the temptation to bring it down is not so great that most people don't resist it." He stressed that although "the virus vulnerability results from our desire to share data and programs, vulnerabilities do not necessarily equate to problems. We've got all sorts of vulnerabilityies in our socieity that no one is exploiting." One reason viruses can thrive is that industry has widely adopted networks between compters to foster profitability , cooperation, and information sharing, despite the fact that these links have generally weakened security at each computer's point. Efforst to foster productivity also led to widespread adoption of personal computers, byt that has depended in large part on free distribution of thousands of public doman programs. There is a growing awareness of the virus threat among computer professionals, in part because publicity about an automatic chain letter that flooded a major IBM computer network late last year. Written by a West German student, the device looked like a computerized Christmas card. But when it was run, it secretly reached into computer files and sent copies to everyone who had exchanged messages with the person running it. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Security experts say they fear terrorists, hackers or even practical jokers could invent viruses that would wreak havoc in the computer world- and in the business and military operations that have become so dependant on it." Ohh... The fear of hackers is there as is the case with all viruses. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "The most virulent outbreaks so far have occurred in personal computers." This is of course due to the trading of software and the downloading of public domain software from bulletin boards. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "What further complicates the problem is the fact that the virus can evade the normal controls and barriers that all n those at secure military installations, use to control who has access to information availiable through the computers." Not really. The downloading of software and uploading of it can be controlled. And anti-virus programs can be implemented. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "College administrators report widespread virus infection in personal computers used by students and faculty at the University of Delaware and Lehigh University in Bethlehem, Pa." These reports have been covered in previous issues and will be covered in future issues of TNS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "'It's like a fantasy of being a terrorist without the blood,' said Eric Corley, editor of a national hacker newsletter, 2600, whose electionic bulletin board was infected." 2600 Magazine is the "Journal of the American Hacker." This magazine has been covered in detail in previous issues of TNS. The viral infection on 2600's bulletin board is unknown to me. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Other reports of viruses are coming in from other areas. Security experts at SRI International in Palo Alto, Calif. recently said they had learned of a mainframe computer in San Francisco area being subverted by a virus." Although SRI International was mentioned.. this article lacks a quote from Donn Parker. Donn Parker is the main spokesman for SRI International and it seems that whenever SRI is mentioned, Donn gets a quote... but not this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - .... well.. that's all for this issue of TNS. Later. . $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$