The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #036 [NYT on "virus" [sic]] (1 message, 3592 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/036.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Paul A Vixie <vixie@decwrl.dec.com>
To: phage
Date: Fri 15:18:15 04/11/1988 EST
Subject: NYT on "virus" [sic]
References: [Thread Prev: 066] [Thread Next: 392] [Message Prev: 037] [Message Next: 041]


------- Forwarded Message

Date: Fri, 4 Nov 88 09:35:43 PST
From: geoff@Fernwood.MPK.CA.US (the tty of Geoff Goodfellow)
Subject: NYT on The VIRUS.
Message-Id: <8811040935.5.UUL1.3#948@Fernwood.MPK.CA.US>
To: Hubcap@hubcap.clemson.edu, rnj@sem.brl.mil, Milunovic@sri.com,
        hxwy@cornella.ccs.cornell.edu, dle@csl.sri.com, Vixie,
        GeoffM@usafa.arpa, Grimm@urz.unibas.ch, Lynch@a.isi.edu

A2005  3-Nov-88  18:10
u a BC-VIRUS-COMPUTER-NYT-50     11-03 0566
BC-VIRUS-COMPUTER-NYT-500&add<
COMPUTER NETWORK DISRUPTED BY `VIRUS'<
By JOHN MARKOFF=
c.1988 N.Y. Times News Service=

	   In an intrusion that raises new questions about the
vulnerability of the nation's computers, a nationwide Department of
Defense data network has been disrupted since Wednesday night by a
rapidly spreading ``virus'' software program apparently introduced
by a computer science student's malicious experiment.
	   The program reproduced itself through the computer network,
making hundreds of copies in each machine it reached, effectively
clogging systems linking thousands of military, corporate and
university computers around the country and preventing them from
doing additional work. The virus is thought not to have destroyed
any files.
	   By late Thursday afternoon computer security experts were
calling the virus the largest assault ever on the nation's
computers.
	   ``The big issue is that a relatively benign software program can
virtually bring our computing community to its knees and keep it
there for some time,'' said Chuck Cole, deputy computer security
manager at Lawerence Livermore Laboratory in Livermore, Calif., one
of the sites affected by the intrusion. ``The cost is going to be
staggering.''
	   Clifford Stoll,^ @a computer security expert at Harvard
University, added: ``There is not one system manager who is not
tearing his hair out. It's causing enormous headaches.''
	   The affected computers carry routine communications among
military officials, researchers and corporations.
	   While some sensitive military data are involved, the nation's
most sensitive secret information, such as that on the control of
nuclear weapons, is thought not to have been touched by the virus.
	   Computer viruses are so named because they parallel in the
computer world the behavior of biological viruses. A virus is a
program, or a set of instructions to a computer, that is
deliberately planted on a floppy disk meant to be used with the
computer or introduced when the computer is communicating over
telephone lines or data networks with other computers.
	   The programs can copy themselves into the computer's master
software, or operating system, usually without calling any
attention to themselves. From there, the program can be passed to
additional computers.
	   Depending upon the intent of the software's creator, the program
might cause a provocative but otherwise harmless message to appear
on the computer's screen. Or it could systematically destroy data
in the computer's memory.
	   The virus program was apparently the result of an experiment by
a computer science graduate student trying to sneak what he thought
was a harmless virus into the Arpanet computer network, which is
used by universities, military contractors and the Pentagon, where
the software program would remain undetected.
	   A man who said he was an associate of the student said in a
telephone call to The New York Times that the experiment went awry
because of a small programming mistake that caused the virus to
multiply around the military network hundreds of times faster than
had been planned.
	   The caller, who refused to identify himself or the programmer,
said the student realized his error shortly after letting the
program loose and that he was now terrified of the consequences.
	   A spokesman at the Pentagon's Defense Communications Agency,
which has set up an emergency center to deal with the problem, said
the caller's story was a ``plausible explanation of the events.''
	   As the virus spread Wednesday night, computer experts began a
huge struggle to eradicate the invader.
	   A spokesman for the Defense Communications Agency in Washington
acknowledged the attack, saying, ``A virus has been identified in
several host computers attached to the Arpanet and the unclassified
portion of the defense data network known as the Milnet.''
	   He said that corrections to the security flaws exploited by the
virus are now being developed.
	   The Arpanet data communications network was established in 1969
and is designed to permit computer researchers to share electronic
messages, programs and data such as project information, budget
projections and research results.
	   In 1983 the network was split and the second network, called
Milnet, was reserved for higher-security military communications.
But Milnet is thought not to handle the most classified military
information, including data related to the control of nuclear
weapons.
	   The Arpanet and Milnet networks are connected to hundreds of
civilian networks that link computers around the globe.
	   There were reports of the virus at hundreds of locations on both
coasts, including, on the East Coast, computers at the
Massachusetts Institute of Technology, Harvard University, the
Naval Research Laboratory in Maryland and the University of
Maryland and, on the West Coast, NASA's Ames Research Center in
Mountain View, Calif.; Lawrence Livermore Laboratories; Stanford
University; SRI International in Menlo Park, Calif.; the University
of California's Berkeley and San Diego campuses and the Naval Ocean
Systems Command in San Diego.
	   A spokesman at the Naval Ocean Systems Command said that its
computer systems had been attacked Wednesday evening and that the
virus had disabled many of the systems by overloading them. He said
that computer programs at the facility were still working on the
problem more than 19 hours after the original incident.
	   The unidentified caller said the Arpanet virus was intended
simply to ``live'' secretly in the Arpanet network by slowly
copying itself from computer to computer. However, because the
designer did not completely understand how the network worked, it
quickly copied itself thousands of times from machine to machine.
	   Computer experts who disassembled the program said that it was
written with remarkable skill and that it exploited three security
flaws in the Arpanet network. The virus' design included a program
designed to steal passwords, then masquerade as a legitimate user
to copy itself to a remote machine.
	   Computer security experts said that the episode illustrated the
vulnerability of computer systems and that incidents like this
could be expected to happen repeatedly if awareness about computer
security risks was not heightened.
	   ``This was an accident waiting to happen; we deserved it,'' said
Geoffrey Goodfellow,'' president of Anterior Technology Inc. and an
expert on computer communications.
	   ``We needed something like this to bring us to our senses. We
have not been paying much attention to protecting ourselves.''
	   Peter Neumann, a computer security expert at SRI International
Inc. in Menlo Park International, said: ``Thus far the disasters we
have known have been relatively minor. The potential for rather
extraordinary destruction is rather substantial.
	   ``In most of the cases we know of, the damage has been
immediately evident. But if you contemplate the effects of hidden
programs, you could have attacks going on and you might never know
it.''
NYT-11-03-88 2115EST<
- -------



------- End of Forwarded Message

END OF DOCUMENT