------------------------------------------------------------------------
From: geoff@fernwood.mpk.ca.us (the tty of Geoff Goodfellow)
Subject: Computer Network Disrupted by `Virus'
Date: Thu, 3 Nov 88 21:30:19 PST

COMPUTER NETWORK DISRUPTED BY `VIRUS'
By JOHN MARKOFF=
c.1988 N.Y. Times News Service=

    In an intrusion that raises new questions about the vulnerability of
the nation's computers, a nationwide Department of Defense data network
has been disrupted since Wednesday night by a rapidly spreading
``virus'' software program apparently introduced by a computer science
student's malicious experiment.

     The program reproduced itself through the computer network, making
hundreds of copies in each machine it reached, effectively clogging
systems linking thousands of military, corporate and university
computers around the country and preventing them from doing additional
work.  The virus is thought not to have destroyed any files.

    By late Thursday afternoon computer security experts were calling
the virus the largest assault ever on the nation's computers.

    ``The big issue is that a relatively benign software program can
virtually bring our computing community to its knees and keep it there
for some time,'' said Chuck Cole, deputy computer security manager at
Lawerence Livermore Laboratory in Livermore, Calif., one of the sites
affected by the intrusion.  ``The cost is going to be staggering.''

    Clifford Stoll, @a computer security expert at Harvard University,
added: ``There is not one system manager who is not tearing his hair
out.  It's causing enormous headaches.''

   The affected computers carry routine communications among military
officials, researchers and corporations.

   While some sensitive military data are involved, the nation's most
sensitive secret information, such as that on the control of nuclear
weapons, is thought not to have been touched by the virus.

   Computer viruses are so named because they parallel in the computer
world the behavior of biological viruses.  A virus is a program, or a
set of instructions to a computer, that is deliberately planted on a
floppy disk meant to be used with the computer or introduced when the
computer is communicating over telephone lines or data networks with
other computers.

   The programs can copy themselves into the computer's master software,
or operating system, usually without calling any attention to
themselves.  From there, the program can be passed to additional
computers.

   Depending upon the intent of the software's creator, the program
might cause a provocative but otherwise harmless message to appear on
the computer's scrm.o.  Or it could systematically destroy data in the
computer's memory.

   The virus program was apparently the result of an experiment by a
computer science graduate student trying to sneak what he thought was a
harmless virus into the Arpanet computer network, which is used by
universities, military contractors and the Pentagon, where the software
program would remain undetected.

    A man who said he was an associate of the student said in a
telephone call to The New York Times that the experiment went awry
because of a small programming mistake that caused the virus to multiply
around the military network hundreds of times faster than had been
planned.

   The caller, who refused to identify himself or the programmer, said
the student realized his error shortly after letting the program loose
and that he was now terrified of the consequences.

   A spokesman at the Pentagon's Defense Communications Agency, which
has set up an emergency center to deal with the problem, said the
caller's story was a ``plausible explanation of the events.''

   As the virus spread Wednesday night, computer experts began a huge
struggle to eradicate the invader.

   A spokesman for the Defense Communications Agency in Washington
acknowledged the attack, saying, ``A virus has been identified in
several host computers attached to the Arpanet and the unclassified
portion of the defense data network known as the Milnet.''

   He said that corrections to the security flaws exploited by the virus
are now being developed.

   The Arpanet data communications network was established in 1969 and
is designed to permit computer researchers to share electronic messages,
programs and data such as project information, budget projections and
research results.

   In 1983 the network was split and the second network, called Milnet,
was reserved for higher-security military communications.  But Milnet is
thought not to handle the most classified military information,
including data related to the control of nuclear weapons.

   The Arpanet and Milnet networks are connected to hundreds of civilian
networks that link computers around the globe.

   There were reports of the virus at hundreds of locations on both
coasts, including, on the East Coast, computers at the Massachusetts
Institute of Technology, Harvard University, the Naval Research
Laboratory in Maryland and the University of Maryland and, on the West
Coast, NASA's Ames Research Center in Mountain View, Calif.; Lawrence
Livermore Laboratories; Stanford University; SRI International in Menlo
Park, Calif.; the University of California's Berkeley and San Diego
campuses and the Naval Ocean Systems Command in San Diego.

   A spokesman at the Naval Ocean Systems Command said that its computer
systems had been attacked Wednesday evening and that the virus had
disabled many of the systems by overloading them.  He said that computer
programs at the facility were still working on the problem more than 19
hours after the original incident.

   The unidentified caller said the Arpanet virus was intended simply to
``live'' secretly in the Arpanet network by slowly copying itself from
computer to computer.  However, because the designer did not completely
understand how the network worked, it quickly copied itself thousands of
times from machine to machine.

    Computer experts who disassembled the program said that it was
written with remarkable skill and that it exploited three security flaws
in the Arpanet network.  [No.  Actually UNIX] The virus' design included
a program designed to steal passwords, then masquerade as a legitimate
user to copy itself to a remote machine.

    Computer security experts said that the episode illustrated the
vulnerability of computer systems and that incidents like this could be
expected to happen repeatedly if awareness about computer security risks
was not heightened.

    ``This was an accident waiting to happen; we deserved it,'' said
Geoffrey Goodfellow,''(*) president of Anterior Technology Inc.  and an
expert on computer communications.

   ``We needed something like this to bring us to our senses.  We have
not been paying much attention to protecting ourselves.''

   Peter Neumann, a computer security expert at SRI International Inc.
in Menlo Park International, said: ``Thus far the disasters we have
known have been relatively minor.  The potential for rather
extraordinary destruction is rather substantial.

    ``In most of the cases we know of, the damage has been immediately
evident.  But if you contemplate the`eofects of hidden programs, you
could have attacks going on and you might never know it.''


[* Following is Geoff's full quote ("exploitation"), which John only
partially integrated with Geoff's earlier off-the-cuff comment
("accident"):

    "This was an exploitation wanting to happen.  We deserved it.  We
needed something like this to bring us to our senses.  We have not been
paying much attention to protecting ourselves.  The blame does not rest
on the R&D community as a whole.  Look how many manufacturers [...] just
took the original computer-science-department developed code
willy-nilly, put their wrapper and corporate logo on it, and resold it
to customers.  That's the real travesty here, we build these systems,
OK, that's great, but we rarely build them and then ask how they might
be abused, broken, or circumvented" {and then try to break them}.  ]

--end--

.