University of Bielefeld -  Faculty of technology
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
Back to Abstracts of References and Incidents Back to Root
This page was copied from:

Previous Issue Index Info Searching Submit Article

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11, Issue 95

Friday 28 June 1991


o BackLogCabinJohnBridgeOutagesEtc.
o Programmer Accused of Plotting to Sabotage Missile Project
o Phone system becoming inherently less reliable?
Rodney Hoffman
Fernando Pereira
o Mitsubishi sues AT&T for unsecure system
Rodney Hoffman
o More on Cellular Phone Swindles
o Lauda Air crash
Pete Mellor
o Lauda Air and lithium batteries
o Videotape of the pilot discussing the crash of UAL 232
Mary Shafer
o Searching the RISKS archives via WAIS
Garrett Wollman


"Peter G. Neumann" < >
Fri, 28 Jun 91 15:29:25 PDT
     I was East for a week, culminating in my COMPASS '91 Risk-of-the-Year talk at
     NIST on failures (both correlated and independent) that resulted in
     far-reaching problems, including the recent telephone cable cuts and switching
     problems.  On the way back across the Cabin John Bridge toward Dulles Airport
     on Wednesday (having experienced enormous traffic delays in the opposite
     direction on Monday night due to construction), I heard the report of the
     7-state east-coast phone slowage plus the simultaneous but presumed independent
     L.A. problem, both attributed to Switching System 7 protocol implementations.
     (See below.)  From the airport Wednesday, I tried a bunch of calls that would
     not go through.  Having returned home, it is clear that from a RISKS point of
     view this was a bad time to have been away (there were over 250 messages
     awaiting me in the RISKS directory alone).  
     This issue is the first to try to catch up with the backlog in hopes of not
     generating the exponentially increasing backlog in response.  We will as usual
     favor exciting new business, and go very slow on nth-order incrementals.  I
     will also jack up the relevance razor ('n' Occam Dead?).  
     Some of the items in this issue will be "old hat" to those of you who are avid
     media mavens, but they are included anyway for archival purposes... and have
     been greatly foreshortened by the PGN Abstracting Service.

Programmer Accused of Plotting to Sabotage Missile Project

Peter G. Neumann < >
Thu, 27 Jun 91 01:05:04 PDT
        In San Diego, the former General Dynamics Corp. computer programmer, Michael
     John Lauffenburger, was arrested for allegedly planting a ``logic bomb,'' a
     type of virus that would have destroyed vital rocket project data.
     Lauffenburger's goal, according to a federal indictment, was to get rehired as
     a high-priced consultant to fix the damage he created. He quit May 29.
        A fellow General Dynamics worker defused the plot by accidentally stumbling
     onto the logic bomb. Lauffenburger was charged with computer tampering and
     attempted computer fraud.  If convicted, he faces up to 10 years in prison and
     a $500,000 fine. He pleaded innocent and was released on $10,000 bail.
     [Source: Article by Laura Myers, AP Business Writer, 26 June 91]

Phone system becoming inherently less reliable?

Rodney Hoffman < >
Fri, 28 Jun 1991 08:57:35 PDT
     Excerpts from an article headlined PHONE OUTAGES SHOW HAZARDS OF NEW TECHNOLOGY
     by Jonathan Weber in the 28 June 1991 `Los Angeles Times':
     "The massive telephone failures in the Los Angeles and Washington areas earlier
     this week stemmed from glitches in ... a specialized computer network that
     shuttles information about calls between telephone company switching
     offices.... The inherent complexity of an increasingly software-based phone
     system ... raises the prospect that the public telephone service may be
     inherently less reliable in the future than it has been in the past.  Pacific
     Bell said Thursday that it had suspended further deployment of ...  Signaling
     System 7 until the exact cause of the problem could be identified.  It appeared
     ... that the [LA and Washington] problems ... were not identical, but both
     [were] attributed to breakdowns [in the] SS-7 equipment supplied by DSC
     Communications of Dallas."
       [Explanations of expected benefits from the SS-7, including improved
       efficiency, capacity, speed, security, and new service possibilities such as
       "the controversial Caller ID."]
     "The flip side of all this ... is that if the SS-7 system malfunctions, it
     begins sending incorrect information all over the network.  Ross Ireland,
     general manager for network services at Pacific Bell, said Wednsday's incident
     was caused by a signaling system unit in downtown Los Angeles that inexplicably
     began sending out a flurry of wrong information about problems in the network,
     and ultimately shut itself down.  Then there was a cascade effect, in which the
     other signaling system units began acting on the incorrect information.
     Finally, when people tried to make calls and couldn't, they kept trying, which
     created an abnormally high level of calling traffic and thus further
     exacerbated the problem.
     "Because a phone network is so tightly integrated -- akin to one big computer
     -- it's very hard to locate and fix problems...."
     [See also `Los Angeles Times,' John Kendall and Paul Lieberman, 27 June 1991:
     "By coincidence, service also was disrupted to 6.7 million telephone customers
     Wednesday in the District of Columbia, Maryland, Virginia, and parts of West
     Virginia.... [T]he trouble began in Baltimore during a routine modification of
     equipment procedure." [sic]]
         [Officials at Chesapeake and Potomac said the problems were probably
         unrelated. Asked if hackers could have caused the problems, Ellen
         Fitzgerald, a spokeswoman for Chesapeake and Potomac, said she she had been
         assured that the system could not be penetrated.  [!!!] But, she added, ``a
         few days ago I would have told you that what happened yesterday wouldn't
         Terry Adams, a spokesman at the DSC Communications Corp., which made both
         systems, said company officials also discounted any connection between the
         failures.  {From the NY Times article, 28 Jun 91.  PGN}]

Another software-caused phone network problem

Fernando Pereira < >
Fri, 28 Jun 91 12:03:13 EDT
     [...] May we be seeing here a situation in which market pressures to implement
     a complex new protocol is affecting design and test cycles for switching
     According to the WSJ, the equipment and software in question are made by DSC
     Communications Co.  The new protocol supports all those new services we hear so
     much about, such as caller ID, return call, call trace and various new business
     services.  It's interesting to note that the January 1990 disruption in the
     AT&T network, involving an implementation of the same protocol, involved
     different (AT&T) hardware (4ESS) and software.
     Fernando Pereira, 2D-447, AT&T Bell Laboratories, 600 Mountain Ave, 
     Murray Hill, NJ 07974

Mitsubishi sues AT&T for unsecure system

Rodney Hoffman < >
Thu, 20 Jun 1991 09:49:43 PDT
     According to an AP story carried in the 18 June '91 `New York Times',
     Mitsubishi is suing AT&T over a pbx system that was broken into by hackers who
     made thousands of illegal calls worldwide.
     Mitsubishi contends that AT&T's System 85 Private Branch Exchange is not secure
     and that AT&T failed to warn Mitsubishi of the potential for unauthorized use.
     Mitsubishi seeks $10 million in punitive damages and a dismissal of $430,000
     billed for 30,000 phone calls which Mitsubishi attributes to unauthorized
     The pbx system, installed in 1988 and disconnected last year, permitted
     Mitsubishi employees to make calls on the company lines no matter where they
     were by using a 6-digit personal password.  According to Mitsubishi, AT&T
     failed to diagnose the problem, and it was New York Telephone which finally
     told Mitsubishi of the possibility of system crackers.
     Andrew Myers of AT&T declined to comment on the suit but said that under
     federal communications law, "customers are clearly responsible for both
     authorized and unauthorized service."

Cellular Phone Swindle

"Peter G. Neumann" < >
28 Jun 91 10:20:45 PST
     The old sell-illegal-calls-at-a-discount scam has reemerged in Elmhurst,
     Queens, NY.  High-tech mobile phone booths (cars) are very popular there, and
     draw crowds of people standing in lines to make their calls, often to Colombia
     or Peru.  Each car has a doctored cellular phone chip containing an ID
     illegally set to some poor sap's valid ID.  "The swindle has become so popular
     that legal cellular phone users in the area can rarely get access to an
     available phone line."  Law-enforcement officials say that many of the calls
     are made to high-level drug dealers in Colombia.  Many of the numbers dialed
     from Elmhurst match up with Colombian phone numbers that investigators have on
     file with the Federal Drug Enforcement Administration.
     Metro One in Paramus, N.J., one of the two cellular carriers for New York City,
     estimated that it has lost more than $1 million a month from illegal calls
     transmitted from Elmhurst.  Nationwide, such fraudulent calls cost the cellular
     phone industry about $700 million in 1990, according to Donald Delaney, an
     investigator for the NY state police. Industry officials put the figure much
     lower, at $100 million.  [Source: Cars Using Rigged Cellular Phones Sell
     Illegal Overseas Calls, By Donatella Lorch, N.Y. Times News Service, 28 Jun 91]

Lauda Air crash (from "The European")

Pete Mellor < >
Wed, 26 Jun 91 21:52:24 PDT
     "The European" is a weekly news magazine published and distributed throughout
     Europe. Last week's issue carried the following article.
     Boeing skipped essential test on Lauda crash jet        By Mark Zeller, Paris
     The Lauda Air 767 that crashed in Thailand last month was granted an
     airworthiness certificate without vital tests being carried out, the US Federal
     Aviation Authority has admitted.  The FAA's administrator said that the
     aircraft's thrust reversers - which have been blamed for the crash - were only
     tested at low air speed with the engine set to idle because Boeing convinced
     the FAA that safety systems would prevent their accidental deployment in
     Examination of the wreckage and the pilot's cockpit voice recorder have [sic]
     now shown that one of the thrust reversers - used to slow an aircraft after
     landing - failed to lock in place when the plane was gaining height and
     accidentally shifted to a high-power setting, causing the plane to turn so
     rapidly that the tail was torn off the aircraft.  
     Under the FAA's rules, all jet aircraft which use the thrusters must be tested
     to ensure that accidental deployment would not cause the plane to crash.  But
     the FAA's administrator, James Busey, in Paris for Le Bourget air show, said
     last week that the plane had not undergone a realistic in-flight test of the
     thrust reversers, which were designed and manufactured by Boeing and fitted to
     Pratt & Whitney engines. He disclosed that Boeing told the FAA that the plane's
     sophisticated flight control computers made an accidental inflight [sic]
     deployment of the thrust reversers impossible. The plane, owned by former
     Austrian racing driver Nikki Lauda, was en route from Bangkok to Vienna when it
     crashed in a Thai jungle three weeks ago, killing all 233 on board.
     P&W confirmed that if the reverse thruster had not locked properly there would
     have been an indicator light advising the pilots. This warning light was heard
     [sic] being discussed by the pilots on the cockpit recorder shortly before the
     crash. Reading instructions from the Boeing manual, they took no action and
     continued to ascend. Seconds before the crash, the co-pilot shouted that a
     thrust reverser had been activated.
     The tape concludes with a series of warning sirens, alarms, a snapping sound
     and then a bang. The wreckage of the plane was found in dense jungle in
     Thailand with one engine's thrust reverser deployed. The tail section was found
     several kilometres away. Asked about the possibility of an accidental
     deployment of a thrust reverser, Boeing spokesman Dick Kenny said: "It can't
     But a P&W representative, who wished to remain anonymous, said it was possible.
     According to the engine-maker, Boeing was only now carrying out exercises to
     find out what would happen if the reverse thruster deployed at high power.
     Boeing has refused to comment on these tests. Before the crash, there had
     already been at least one incident involving partial in-flight deployment of a
     thrust reverser on a Boeing 767. There have also been several similar incidents
     on 747s, but none of these led to a crash.
        Peter Mellor, Centre for Software Reliability, City University, Northampton
        Sq.,London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 ]

Lauda Air and lithium batteries

Peter G. Neumann < >
Sun, 23 Jun 91 11:47:08 PDT
     Lauda Air disaster linked to potentially hazardous cargo 
        London, 23 June 1991 (dpa) - A potentially hazardous cargo may have
     contributed to the engine thrust reversal which caused a Lauda Air Boeing 767
     to crash in Thailand May 26, killing all 223 people aboard, according to a
     British report Sunday.  The Sunday Times, citing aviation safety experts, said
     the Austrian plane was carrying a shipment of cheap Chinese-made watches in a
     cargo hold, and that lithium batteries in one or more of the watches could have
     discharged, resulting in heat and possibly fire.  Fire in the cargo hold could
     have affected computer wiring, causing the plane's port engine to shift into
     reverse thrust in mid-air.  The cockpit's in-flight voice recorder, and
     inspections of the wreckage, showed that the engine inexplicably went into
     reverse, creating aerodynamic stresses which pulled the aircraft apart.
        The wreckage also showed evidence of burn marks in one cargo hold, a
     phenomenon which specialists initially were unable to explain but later linked
     to the watch batteries, the report said.
        The Sunday Times said speculation about the potentially dangerous batteries
     has already prompted several major airlines to slap a ban on such shipments
     from Hong Kong.
        The report claimed that a South African Airways Boeing 747 was carrying a
     cargo of lithium-battery watches when it crashed into the Indian Ocean on a
     flight from Taiwan to South African in 1987, killing 159 people.  Last year, a
     Cathay Pacific plane was forced to make an emergency landing after fire broke
     out in a cargo hold bearing a shipment of watches with lithium batteries, it

Videotape of the pilot discussing the crash of UAL 232

Mary Shafer < >
Tue, 25 Jun 91 15:45:20 PDT
     There's been a lot of discussion of the safety of fly-by-wire aircraft, so
     here's the discussion of an accident that very possibly would have been
     prevented were the DC-10 fly-by-wire rather than hydraulic.
     On July 18, 1989, while in cruise at 37,000 feet, United Airlines Flight 232
     suffered an uncontained engine failure of the #2 engine.  This ultimately
     disabled all three hydraulic systems, thus rendering the aircraft all but
     uncontrollable.  The flight crew were able to guide the aircraft to Sioux City
     Gateway Airport by using a technique of "differential thrust." Approximately
     fifty feet above the ground, they lost control, which, when combined with a
     high descent rate, resulted in a violent crash.  Of the 296 people on board,
     184 survived.  This included the flight crew.
     On May 24, 1991, the captain of the airplane, Al Haynes, gave a speech on the
     crash to a gathering at NASA's Dryden Flight Research Facility.  It was
     primarily concerned with the mechanics of controlling the aircraft, as well as
     disaster preparedness.  The speech was recorded on video tape, and, with the
     consent of Al Haynes, has been made available to the net community via a
     somewhat ad hoc distribution system.
     In the US:
     Eric Thiele ( will make you a copy of your own
     for $4.  Send a check to:
          Eric Thiele
          2000 Crown Point
          Woodridge, IL  60517
     Loaner copies will be distributed by a number of people.  E-mail to
     the person closest to you to get on the list.  Don't be too surprised
     if there's a little delay; this seems to be very popular.
      -- Barney Lum -- Southern California -- Geoff Peck -- Northern California -- Jerry Eberhard -- Colorado -- Eric Thiele -- Illinois -- Steve Mahler --Louisiana -- James Jones, Jr -- Massachusetts -- Robert Granvin -- Minnesota -- Gerry Creager -- Texas -- Galen Hekhuis -- Virginia 
     A transcript has been made by Robert Dorsett (!!rdd, and is available by anonymous ftp on
     It's located in the directory ~ftp/misc/av/safety-folder/SUX.  A Macintosh
     Microsoft Word-formatted file is in that directory, as well as a text-readable
     version.  The transcript has also been posted to sci.aeronautics, in two parts.
     Australian readers will be able to borrow a copy from Mark Ferraretto
     (  There is some delay here, as I'm trying to
     get it converted to PAL and it's taking some time.
     If the demand is very heavy, I'll ask for a couple more volunteers and
     get more copies circulating.
     Mary Shafer  ames!!shafer
                NASA Ames Dryden Flight Research Facility, Edwards, CA

Searching the RISKS archives via WAIS

Garrett Wollman < wollman@emily.UVM.EDU >
Tue, 18 Jun 91 20:41:27 GMT-6:40
     The folks at Thinking Machines have provided what is (so far as I can tell) a
     complete archive of RISKS for access by users of the Wide-Area Information
     Server technology, on their public-access Connection Machine WAIS server.  I
     have been fiddling with this for a few days now, and I think it's extremely
     useful.  For example, I can ask about "Clifford Stoll Wily Hacker" and it will
     come back with
     263	2K	(01/12/89) :   Name this book  -- for a box of cookies!
     ^^^     ^^      ^^^^^^^^^^ ^^^^^^^^^^^^
     Score   Size    Date       Headline
     among others; I can then retrieve the *individual articles* from the server,
     save them on the local disk if I want, and much more!  The server is only
     available from 9 to 9 ET, but it works really well, and is amazingly
     fast--there's more time spent on my end setting up question files and
     garbage-collecting in Emacs than during the actual search.
     Anyway, I thought you might want to mention this in the masthead...  The
     "source description file" is called "risks-digest.src" and is available from
        :version  3 
        :ip-name ""
        :tcp-port 210
        :database-name "RISK"
        :cost 0.00 
        :cost-unit :free 
        :maintainer ""
     "Connection Machine WAIS server.  Operated between 9AM and 9PM EST.
     Risk Digest collection from the arpa-net list, but this is so far an unofficial
     archive server.  It contains all issues, but is not updated automatically yet.
     " )
     Garrett A. Wollman -

Previous Issue Index Info Searching Submit Article

Report problems with the web pages to
This page was copied from:
Last modification on 1999-06-15
by Michael Blume