November 21, 2024

Archives for February 2004

Safire: US Blew Up Soviet Pipeline with Software Trojan Horse

William Safire tells an amazing story in his column in today’s New York Times. He says that in the early 1980’s, the U.S. government hid malicious code in oil-pipeline-control software that the Soviet Union then stole and used to control a huge trans-Siberia pipeline. The malicious code manipulated the pipelines valves and other controls in a way that caused a huge explosion, ruining the pipeline.

After that, Safire reports, “all the software [the Soviet Union] had stolen for years was suddenly suspect, which stopped or delayed the work of thousands of worried Russian technicians and scientists.”

I should emphasize that as of yet there is no corroboration for this story; and the story appears in an editorial-page column and not on the news pages of the Times (where it would presumably be subject to more stringent fact-checking, especially in light of the Times’ recent experience).

From a purely technical standpoint, this sort of thing is definitely possible. Any time you rely on somebody else to write your software, especially software that controls dangerous equipment, you’re trusting that person not to insert malicious code. Whether it’s true or not, Safire’s story is instructive.

Tennessee Super-DMCA: It's Baaaaaaack!

The Tennessee Super-DMCA is back. Here’s the text of the latest version.

Like the previous version, which died in a past legislative session, this bill looks like an attempt to broaden existing bans on unauthorized access to cable TV and phone service. The old version was much too broad. The new version is worded more carefully, with exceptions for “multipurpose devices”. I haven’t read it carefully enough to tell whether there are remaining problems.

Tennessee Digital Freedom is a good source for information and updates on this bill.