textfiles/humor/COMPUTER/misuse.notes

Date: 10 Dec 1980 1454-PST
Sender: GEOFF at DARCOM-KA
Subject: DOE Flap
From: the tty of Geoffrey S. Goodfellow
To: ARPA-PROTEC at MC, Human-nets at AI
Message-ID: <[DARCOM-KA]10-Dec-80 14:54:58.GEOFF>
Reply-to: Geoff @ SRI-KA


No More `Star Trek' on CPU
COmputer Security Tightened at Sandia Labs

	by Jake Kirchner, CW Washington Bureau, Washington D.C.


Federal   auditors   have   all   but  closed  the  books  on  an
investigation into unauthorized computer use by  employees  of  a
government nuclear weapons research center in Albuquerque, N.M.

Although it has not done a follow-up  study,  the  Department  of
Energy  (DOE)  said  recently  the  Sandia  Laboratory  has taken
"commendable"  steps  to  beef  up  computer  security  following
revelations of widespread problems at the facility.

The DOE Inspector General's office here revealed  last  month  it
had  found  more  than 200 Sandia employees had stored a total of
456 unauthorized files on one  of  the  facility's  Control  Data
Corp.  system.

The laboratory, operated for the government by  Western  Electric
Co.,  performs  nuclear  weapons  research  and  development  and
conducts research projects  in  such  areas  as  solar  and  wind
energy.

Although the lab does classified work, the time-shared  CDC  6600
system involved was used for unclassified projects.


			DOE Investigation

The DOE investigation began a year ago when the Federal Bureau of
Investigation  informed  the  department  it  had  found  one  of
Sandia's employees using the CDC system to  help  local  gamblers
run a bookmaking operation.

The employee was fired and a subsequent audit found  hundreds  of
rather   routine,  although  unauthorized,  files  that  included
several hundred games, such as Star Trek and Adventure,  as  well
as poetry, jokes, personal letters, a beer collection catalog and
bowling team rosters.

About half the offending employees disregarded an initial warning
to  purge  the  files  of  unauthorized  data  and   were   later
reprimanded, according to DOE.

One of the "most disturbing findings," the DOE said, was  that  a
so-called  "bomb  book"  was  on the system and accessible to all
users.  This file contained numerous nuclear test shots.

While  not classified, the bomb book was considered sensitive and
was later removed from the system.

This  problem  and  other  findings  of  the investigation raised
questions about Sandia's overall computer security procedures.

The DOE investigators found, for example, that "a common practice
at Sandia was to share  passwords  among  staff  people."   Also,
passwords  were changed only once a year so that a person leaving
Sandia employ  could  still  access  the  computer  system  using
another person's passwork.

Another  problem  was  with  physical  security.   DOE  said  its
auditors  observed  no  security checks on briefcases or packages
carried by Sandia, DOE or contract emplyees.


			Policy Directive

Following the DOE investigation, Sandia issued a policy directive
stating any use of a facility computer must be for official work.

DOE  also  advised Sandia employees that personal or improper use
of the computers would result in disciplinary action.

Employees   were  further  reminded  that  misuse  of  government
property is punishable by fine, imprisonment or both.

DOE   called   for  better  recordkeeping  of  computer  security
guidelines to employees, as well as periodic random  sampling  of
computer files to make sure no authorized data is being stored.
-------
		

Date: 11 Dec 1980 0338-EST
From: Walter Newswriter
Subject: Boffin Flap
To: ARPA-PROTEC@MIT-MC

	
COMPUTERVISION, December 10, 1984

No More Aspirin at Work
Desk Security Tightened at Boffin Labs

	by Walter Newswriter, PAP News Bureau, Washington D.C.


Federal auditors have all but closed the books on an investigation
into unauthorized desk  contents  by  employees  of  a  government
research center in Yourtown, U.S.A.

Although it has not done a  follow-up  study,  the  Department  of
Ultimate  Bombastic  Bona-Partism (DUMBB) said recently the Boffin
Laboratory has taken "commendable" steps to beef up desk  security
following revelations of widespread problems at the facility.

The DUMBB Inspector General's office here revealed last  month  it
had found more than 200 Boffin employees had stored a total of 456
unauthorized items in desks issued to them by the facility.

The  laboratory,  operated for the government by an unnamed energy
magnate, performs research and development and  conducts  research
projects in such areas as solar and wind energy.

Although the lab does classified work,  the  desks  involved  were
used for storing unclassified items.


			DUMBB Investigation

The DUMBB investigation began a year ago when the  Federal  Bureau
of  Investigation  informed  the  department  it  had found one of
Boffin's employees using a calculator normally stored in  the  top
desk drawer to help local gamblers run a bookmaking operation.

The employee was fired and a subsequent audit  found  hundreds  of
rather routine, although unauthorized, desk contents that included
several hundred decks of cards, such as Bridge  and  Pinochle,  as
well  as  aspirin,  candy, personal letters, a beer collection and
bowling team rosters.

About  half the offending employees disregarded an initial warning
to  purge  their  desks  of  unauthorized  items  and  were  later
reprimanded, according to DUMBB.


			Policy Directive

Following  the  DUMBB  investigation,  Boffin  issued   a   policy
directive  stating any use of a facility desk must be for official
work.

DUMBB  also advised Boffin employees that personal or improper use
of the desks would result in disciplinary action.

Employees were further reminded that misuse of government property
is punishable by fine, imprisonment or both.

DUMBB  called for better recordkeeping of desk security guidelines
to employees, as well as periodic random sampling of desk  drawers
to make sure no authorized items are being stored.
-------
-------