University of Bielefeld - Faculty of technology | |
---|---|
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D. |
|
Back to Abstracts of References and Incidents | Back to Root |
This page was copied from: http://catless.ncl.ac.uk/Risks/11.95.html |
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
I was East for a week, culminating in my COMPASS '91 Risk-of-the-Year talk at NIST on failures (both correlated and independent) that resulted in far-reaching problems, including the recent telephone cable cuts and switching problems. On the way back across the Cabin John Bridge toward Dulles Airport on Wednesday (having experienced enormous traffic delays in the opposite direction on Monday night due to construction), I heard the report of the 7-state east-coast phone slowage plus the simultaneous but presumed independent L.A. problem, both attributed to Switching System 7 protocol implementations. (See below.) From the airport Wednesday, I tried a bunch of calls that would not go through. Having returned home, it is clear that from a RISKS point of view this was a bad time to have been away (there were over 250 messages awaiting me in the RISKS directory alone). This issue is the first to try to catch up with the backlog in hopes of not generating the exponentially increasing backlog in response. We will as usual favor exciting new business, and go very slow on nth-order incrementals. I will also jack up the relevance razor ('n' Occam Dead?). Some of the items in this issue will be "old hat" to those of you who are avid media mavens, but they are included anyway for archival purposes... and have been greatly foreshortened by the PGN Abstracting Service.
In San Diego, the former General Dynamics Corp. computer programmer, Michael John Lauffenburger, was arrested for allegedly planting a ``logic bomb,'' a type of virus that would have destroyed vital rocket project data. Lauffenburger's goal, according to a federal indictment, was to get rehired as a high-priced consultant to fix the damage he created. He quit May 29. A fellow General Dynamics worker defused the plot by accidentally stumbling onto the logic bomb. Lauffenburger was charged with computer tampering and attempted computer fraud. If convicted, he faces up to 10 years in prison and a $500,000 fine. He pleaded innocent and was released on $10,000 bail. [Source: Article by Laura Myers, AP Business Writer, 26 June 91]
Excerpts from an article headlined PHONE OUTAGES SHOW HAZARDS OF NEW TECHNOLOGY by Jonathan Weber in the 28 June 1991 `Los Angeles Times': "The massive telephone failures in the Los Angeles and Washington areas earlier this week stemmed from glitches in ... a specialized computer network that shuttles information about calls between telephone company switching offices.... The inherent complexity of an increasingly software-based phone system ... raises the prospect that the public telephone service may be inherently less reliable in the future than it has been in the past. Pacific Bell said Thursday that it had suspended further deployment of ... Signaling System 7 until the exact cause of the problem could be identified. It appeared ... that the [LA and Washington] problems ... were not identical, but both [were] attributed to breakdowns [in the] SS-7 equipment supplied by DSC Communications of Dallas." [Explanations of expected benefits from the SS-7, including improved efficiency, capacity, speed, security, and new service possibilities such as "the controversial Caller ID."] "The flip side of all this ... is that if the SS-7 system malfunctions, it begins sending incorrect information all over the network. Ross Ireland, general manager for network services at Pacific Bell, said Wednsday's incident was caused by a signaling system unit in downtown Los Angeles that inexplicably began sending out a flurry of wrong information about problems in the network, and ultimately shut itself down. Then there was a cascade effect, in which the other signaling system units began acting on the incorrect information. Finally, when people tried to make calls and couldn't, they kept trying, which created an abnormally high level of calling traffic and thus further exacerbated the problem. "Because a phone network is so tightly integrated -- akin to one big computer -- it's very hard to locate and fix problems...." [See also `Los Angeles Times,' John Kendall and Paul Lieberman, 27 June 1991: "By coincidence, service also was disrupted to 6.7 million telephone customers Wednesday in the District of Columbia, Maryland, Virginia, and parts of West Virginia.... [T]he trouble began in Baltimore during a routine modification of equipment procedure." [sic]] [Officials at Chesapeake and Potomac said the problems were probably unrelated. Asked if hackers could have caused the problems, Ellen Fitzgerald, a spokeswoman for Chesapeake and Potomac, said she she had been assured that the system could not be penetrated. [!!!] But, she added, ``a few days ago I would have told you that what happened yesterday wouldn't happen.'' Terry Adams, a spokesman at the DSC Communications Corp., which made both systems, said company officials also discounted any connection between the failures. {From the NY Times article, 28 Jun 91. PGN}]
[...] May we be seeing here a situation in which market pressures to implement a complex new protocol is affecting design and test cycles for switching software? According to the WSJ, the equipment and software in question are made by DSC Communications Co. The new protocol supports all those new services we hear so much about, such as caller ID, return call, call trace and various new business services. It's interesting to note that the January 1990 disruption in the AT&T network, involving an implementation of the same protocol, involved different (AT&T) hardware (4ESS) and software. Fernando Pereira, 2D-447, AT&T Bell Laboratories, 600 Mountain Ave, Murray Hill, NJ 07974 pereira@research.att.com
According to an AP story carried in the 18 June '91 `New York Times', Mitsubishi is suing AT&T over a pbx system that was broken into by hackers who made thousands of illegal calls worldwide. Mitsubishi contends that AT&T's System 85 Private Branch Exchange is not secure and that AT&T failed to warn Mitsubishi of the potential for unauthorized use. Mitsubishi seeks $10 million in punitive damages and a dismissal of $430,000 billed for 30,000 phone calls which Mitsubishi attributes to unauthorized users. The pbx system, installed in 1988 and disconnected last year, permitted Mitsubishi employees to make calls on the company lines no matter where they were by using a 6-digit personal password. According to Mitsubishi, AT&T failed to diagnose the problem, and it was New York Telephone which finally told Mitsubishi of the possibility of system crackers. Andrew Myers of AT&T declined to comment on the suit but said that under federal communications law, "customers are clearly responsible for both authorized and unauthorized service."
The old sell-illegal-calls-at-a-discount scam has reemerged in Elmhurst, Queens, NY. High-tech mobile phone booths (cars) are very popular there, and draw crowds of people standing in lines to make their calls, often to Colombia or Peru. Each car has a doctored cellular phone chip containing an ID illegally set to some poor sap's valid ID. "The swindle has become so popular that legal cellular phone users in the area can rarely get access to an available phone line." Law-enforcement officials say that many of the calls are made to high-level drug dealers in Colombia. Many of the numbers dialed from Elmhurst match up with Colombian phone numbers that investigators have on file with the Federal Drug Enforcement Administration. Metro One in Paramus, N.J., one of the two cellular carriers for New York City, estimated that it has lost more than $1 million a month from illegal calls transmitted from Elmhurst. Nationwide, such fraudulent calls cost the cellular phone industry about $700 million in 1990, according to Donald Delaney, an investigator for the NY state police. Industry officials put the figure much lower, at $100 million. [Source: Cars Using Rigged Cellular Phones Sell Illegal Overseas Calls, By Donatella Lorch, N.Y. Times News Service, 28 Jun 91]
"The European" is a weekly news magazine published and distributed throughout Europe. Last week's issue carried the following article. Boeing skipped essential test on Lauda crash jet By Mark Zeller, Paris The Lauda Air 767 that crashed in Thailand last month was granted an airworthiness certificate without vital tests being carried out, the US Federal Aviation Authority has admitted. The FAA's administrator said that the aircraft's thrust reversers - which have been blamed for the crash - were only tested at low air speed with the engine set to idle because Boeing convinced the FAA that safety systems would prevent their accidental deployment in flight. Examination of the wreckage and the pilot's cockpit voice recorder have [sic] now shown that one of the thrust reversers - used to slow an aircraft after landing - failed to lock in place when the plane was gaining height and accidentally shifted to a high-power setting, causing the plane to turn so rapidly that the tail was torn off the aircraft. Under the FAA's rules, all jet aircraft which use the thrusters must be tested to ensure that accidental deployment would not cause the plane to crash. But the FAA's administrator, James Busey, in Paris for Le Bourget air show, said last week that the plane had not undergone a realistic in-flight test of the thrust reversers, which were designed and manufactured by Boeing and fitted to Pratt & Whitney engines. He disclosed that Boeing told the FAA that the plane's sophisticated flight control computers made an accidental inflight [sic] deployment of the thrust reversers impossible. The plane, owned by former Austrian racing driver Nikki Lauda, was en route from Bangkok to Vienna when it crashed in a Thai jungle three weeks ago, killing all 233 on board. P&W confirmed that if the reverse thruster had not locked properly there would have been an indicator light advising the pilots. This warning light was heard [sic] being discussed by the pilots on the cockpit recorder shortly before the crash. Reading instructions from the Boeing manual, they took no action and continued to ascend. Seconds before the crash, the co-pilot shouted that a thrust reverser had been activated. The tape concludes with a series of warning sirens, alarms, a snapping sound and then a bang. The wreckage of the plane was found in dense jungle in Thailand with one engine's thrust reverser deployed. The tail section was found several kilometres away. Asked about the possibility of an accidental deployment of a thrust reverser, Boeing spokesman Dick Kenny said: "It can't happen." But a P&W representative, who wished to remain anonymous, said it was possible. According to the engine-maker, Boeing was only now carrying out exercises to find out what would happen if the reverse thruster deployed at high power. Boeing has refused to comment on these tests. Before the crash, there had already been at least one incident involving partial in-flight deployment of a thrust reverser on a Boeing 767. There have also been several similar incidents on 747s, but none of these led to a crash. Peter Mellor, Centre for Software Reliability, City University, Northampton Sq.,London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 ]
Lauda Air disaster linked to potentially hazardous cargo London, 23 June 1991 (dpa) - A potentially hazardous cargo may have contributed to the engine thrust reversal which caused a Lauda Air Boeing 767 to crash in Thailand May 26, killing all 223 people aboard, according to a British report Sunday. The Sunday Times, citing aviation safety experts, said the Austrian plane was carrying a shipment of cheap Chinese-made watches in a cargo hold, and that lithium batteries in one or more of the watches could have discharged, resulting in heat and possibly fire. Fire in the cargo hold could have affected computer wiring, causing the plane's port engine to shift into reverse thrust in mid-air. The cockpit's in-flight voice recorder, and inspections of the wreckage, showed that the engine inexplicably went into reverse, creating aerodynamic stresses which pulled the aircraft apart. The wreckage also showed evidence of burn marks in one cargo hold, a phenomenon which specialists initially were unable to explain but later linked to the watch batteries, the report said. The Sunday Times said speculation about the potentially dangerous batteries has already prompted several major airlines to slap a ban on such shipments from Hong Kong. The report claimed that a South African Airways Boeing 747 was carrying a cargo of lithium-battery watches when it crashed into the Indian Ocean on a flight from Taiwan to South African in 1987, killing 159 people. Last year, a Cathay Pacific plane was forced to make an emergency landing after fire broke out in a cargo hold bearing a shipment of watches with lithium batteries, it said.
There's been a lot of discussion of the safety of fly-by-wire aircraft, so here's the discussion of an accident that very possibly would have been prevented were the DC-10 fly-by-wire rather than hydraulic. On July 18, 1989, while in cruise at 37,000 feet, United Airlines Flight 232 suffered an uncontained engine failure of the #2 engine. This ultimately disabled all three hydraulic systems, thus rendering the aircraft all but uncontrollable. The flight crew were able to guide the aircraft to Sioux City Gateway Airport by using a technique of "differential thrust." Approximately fifty feet above the ground, they lost control, which, when combined with a high descent rate, resulted in a violent crash. Of the 296 people on board, 184 survived. This included the flight crew. On May 24, 1991, the captain of the airplane, Al Haynes, gave a speech on the crash to a gathering at NASA's Dryden Flight Research Facility. It was primarily concerned with the mechanics of controlling the aircraft, as well as disaster preparedness. The speech was recorded on video tape, and, with the consent of Al Haynes, has been made available to the net community via a somewhat ad hoc distribution system. In the US: Eric Thiele (ericth@i88.isc.com) will make you a copy of your own for $4. Send a check to: Eric Thiele 2000 Crown Point Woodridge, IL 60517 Loaner copies will be distributed by a number of people. E-mail to the person closest to you to get on the list. Don't be too surprised if there's a little delay; this seems to be very popular. barney@usc.edu -- Barney Lum -- Southern California geoff@apple.com -- Geoff Peck -- Northern California jle@hpfcla.fc.hp.com -- Jerry Eberhard -- Colorado ericth@i88.isc.com -- Eric Thiele -- Illinois mahler@usl.edu -- Steve Mahler --Louisiana james@nueng.coe.northeastern.edu -- James Jones, Jr -- Massachusetts rjg@umnstat.stat.umn.edu -- Robert Granvin -- Minnesota gerry@n5jxs.jsc.nasa.gov -- Gerry Creager -- Texas gjh@galen.med.virginia.edu -- Galen Hekhuis -- Virginia A transcript has been made by Robert Dorsett (...cs.utexas.edu!cactus.org!rdd, rdd@cactus.org) and is available by anonymous ftp on rascal.ics.utexas.edu. It's located in the directory ~ftp/misc/av/safety-folder/SUX. A Macintosh Microsoft Word-formatted file is in that directory, as well as a text-readable version. The transcript has also been posted to sci.aeronautics, in two parts. Australian readers will be able to borrow a copy from Mark Ferraretto (mferrare@physics.adelaide.edu.au). There is some delay here, as I'm trying to get it converted to PAL and it's taking some time. If the demand is very heavy, I'll ask for a couple more volunteers and get more copies circulating. Mary Shafer shafer@skipper.dfrf.nasa.gov ames!skipper.dfrf.nasa.gov!shafer NASA Ames Dryden Flight Research Facility, Edwards, CA
The folks at Thinking Machines have provided what is (so far as I can tell) a complete archive of RISKS for access by users of the Wide-Area Information Server technology, on their public-access Connection Machine WAIS server. I have been fiddling with this for a few days now, and I think it's extremely useful. For example, I can ask about "Clifford Stoll Wily Hacker" and it will come back with 263 2K (01/12/89) : Name this book -- for a box of cookies! ^^^ ^^ ^^^^^^^^^^ ^^^^^^^^^^^^ Score Size Date Headline among others; I can then retrieve the *individual articles* from the server, save them on the local disk if I want, and much more! The server is only available from 9 to 9 ET, but it works really well, and is amazingly fast--there's more time spent on my end setting up question files and garbage-collecting in Emacs than during the actual search. Anyway, I thought you might want to mention this in the masthead... The "source description file" is called "risks-digest.src" and is available from quake.think.com: (:source :version 3 :ip-name "cmns.think.com" :tcp-port 210 :database-name "RISK" :cost 0.00 :cost-unit :free :maintainer "ephraim@think.com" :description "Connection Machine WAIS server. Operated between 9AM and 9PM EST. Risk Digest collection from the arpa-net list, but this is so far an unofficial archive server. It contains all issues, but is not updated automatically yet. " ) Garrett A. Wollman - wollman@emily.uvm.edu
This page was copied from: | http://catless.ncl.ac.uk/Risks/11.95.html |
COPY! | |
COPY! |
by Michael Blume |