Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 02 Issue 17
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 2, Issue #2.17 (December 16, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith
RESIDENT INSOMNIAC: Brendan Kehoe
USENET readers can currently receive CuD as alt.society.cu-digest.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.
It is assumed that non-personal mail to the moderators may be reprinted
unless otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: EFF Response to Atlanta Sentencing Memorandum
File 4: Some Thoughts on the Atlanta Sentencing
File 5: Earning your Stripes
File 6: Playgrounds of the Mind: Cyberspace
File 7: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----------------------------------------------------------------------
********************************************************************
*** CuD #2.17: File 1 of 7: Moderator's corner ***
********************************************************************
From: Moderators
Subject: Moderators' Corner
Date: December 16, 1990
++++++++++
In this file:
1. LEN ROSE UPDATE
2. FTP FILES
++++++++++
+++++++++++++++++++++
Len Rose Update
+++++++++++++++++++++
Len Rose will go to trial in Baltimore in late January barring any
extensions. He asked us to pass on his thanks to the many, many people who
responded to his request for witnesses. Len is still unemployed and is
prevented from seeking menial work because his leg remains in a cast and he
cannot stand for extended periods of time. He sends his thanks to those who
have helped in financially and emotionally during this period. Those
wishing to help him through the holidays are encouraged to send donations
to:
Len Rose Donation
c/o Sheldon Zenner
Katten, Muchin and Zavis
525 W. Monroe, Suite 1600
Chicago, IL 60606
Checks should be made out to either Sheldon Zenner or Len Rose.
+++++++++++++++
FTP Files
+++++++++++++++
A few more state statutes have been added to the ftp site along with a few
legal papers. The complete NIA (Network Information Access, #s 1-67) will
also be up by Christmas. DAVE BANISAR has been helpful in expanding the
legal documents.
The EFF NEWSLETTER, which just came out, will also be added. We encourage
people to ftp it and upload it elsewhere. Their first issue is excellent
(we reprint their response to the Riggs sentencing memo in file 3).
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Various
Subject: From the Mailbag
Date: December 16, 1990
********************************************************************
*** CuD #2.17: File 2 of 7: From the Mailbag ***
********************************************************************
From: Robert McClenon <76476.337@COMPUSERVE.COM>
Subject: Cowboys and Indians and the cyberfrontier
Date: 11 Dec 90 00:54:55 EST
The question was posed as to whether hackers are cowboys seeking new
territory to stake out. Maybe. But I propose a different (electronic)
frontier metaphor. Cowboys lived on the frontier in what they perceived to
be freedom but did not understand the limits of the world and eventually
wasted the commons. There were another group of people, living further out
on the frontier, who in general did understand the limits of the world and
the interdependency of all things, and who had their own tribal culture and
ethic that was not well understood by outsiders. They were called by many
names and called themselves by many names, but at the time most outsiders
called them Indians. Their society was tribal, but most tribes had an
organization that at the same time was mostly democratic and yet placed a
great deal of authority and respect in a chief. They had a few enemies.
Principal among their enemies were the federal cavalry. The objective of
the cavalry was in general to herd the Indians onto reservations as a step
toward fencing in the free range, and some of the cavalry had the secondary
wish to massacre a few Indians in the process. The cavalry often waited
for a provocation, which sometimes came from rogue Indians who interfered
with the white man's property, by raiding his sheep, or with his
communication, by cutting telegraph lines or harassing the pony express.
I suggest that the BBS community are comparable to Indians, living
peacefully on the frontier, in harmony with the world, and mostly
respecting the authority of the chiefs (sysops), although not without
complaining. Hackers are rogue Indians, who threaten communication and
property. It does not take much of a provocation to bring on the feds.
And the feds do not respect the Indian culture and have shown a willingness
to slaughter Indian chiefs who tried to cooperate with the feds in
controlling the rogue Indians.
What are the conclusions? The rogue Indians threaten the continued
existence of the Indians. The worse rogues are the feds, who do not seem
to respect anyone's law, even their own. The only long-term hope for the
Indians is to maintain their own discipline.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: wex@PWS.BULL.COM
Subject: A Philosophical Reminder
Date: Mon, 10 Dec 90 13:41:49 est
Not to rain on Dark Adept's parade since I largely agree with him, but...
The ancient wizards he refers to, and whom he credits with things such as
Physics and Philosophy, were but pale imitations of their Greek, Babylonian,
and Chinese forbears. It was these men (for women were systematically
excluded) who -- as far as we know -- founded such things as Philosophy.
The alchemists (and similar "wizards") were indeed similar to (some) hackers
in that they were unsystematic dabblers in things that were supposed to be
forbidden. But credit where credit is due, please. It was people like
Descartes and Russell who systematized and made Western science what it
became.
--Alan Wexelblat phone: (508)294-7485
Bull Worldwide Information Systems internet: wex@pws.bull.com
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Electronic Frontier Foundation
Subject: EFF Response to Atlanta Sentencing Memorandum
Date: December 10, 1990
********************************************************************
*** CuD #2.17: File 3 of 7: EFF Response to Atlanta Sentencing ***
********************************************************************
EFF News #1.00: Article 7 of 7:
How Prosecutors Misrepresented the Atlanta Hackers
Although the Electronic Frontier Foundation is opposed to unauthorized
computer entry, we are deeply disturbed by the recent sentencing of Bell
South hackers/crackers Riggs, Darden, and Grant. Not only are the sentences
disproportionate to the nature of the offenses these young men committed,
but, to the extent the judge's sentence was based on the prosecution's
sentencing memorandum, it relied on a document filled with
misrepresentations.
Robert J. Riggs, Franklin E. Darden, Jr., and Adam E. Grant were sentenced
Friday, November 16 in federal court in Atlanta. Darden and Riggs had each
pled guilty to a conspiracy to commit computer fraud, wire fraud,
access-code fraud, and interstate transportation of stolen property. Grant
had pled guilty to a separate count of possession of access codes with
intent to defraud.
All received prison terms; Grant and Darden, according to a Department of
Justice news release, "each received a sentence of 14 months incarceration
(7 in a half-way house) with restitution payments of $233,000." Riggs, said
the release, "received a sentence of 21 months incarceration and $233,000
in restitution." In addition, each is forbidden to use a computer, except
insofar as such use may be related to employment, during his
post-incarceration supervision.
The facts of the case, as related by the prosecution in its sentencing
memorandum, indicate that the defendants gained free telephone service and
unauthorized access to BellSouth computers, primarily in order to gain
knowledge about the phone system. Damage to the systems was either minimal
or nonexistent. Although it is well-documented that the typical motivation
of phone-system hackers is curiosity and the desire to master complex
systems (see, e.g., HACKERS: HEROES OF THE COMPUTER REVOLUTION, Steven
Levy, 1984), the prosecution attempts to characterize the crackers as major
criminals, and misrepresents facts in doing so.
Examples of such misrepresentation include:
1) Misrepresenting the E911 file.
The E911 file, an administrative document, was copied by Robert Riggs and
eventually published by Craig Neidorf in the electronic magazine PHRACK.
Says the prosecution: "This file, which is the subject of the Chicago
[Craig Neidorf] indictment, is noteworthy because it contains the program
for the emergency 911 dialing system. As the Court knows, any damage to
that very sensitive system could result in a dangerous breakdown in police,
fire, and ambulance services. The evidence indicates that Riggs stole the
E911 program from BellSouth's centralized automation system (i.e., free run
of the system). Bob Kibler of BellSouth Security estimates the value of the
E911 file, based on R&D costs, is $24,639.05."
This statement by prosecutors is clearly false. Defense witnesses in the
Neidorf case were prepared to testify that the E911 document was not a
program, that it could not be used to disrupt 911 service, and that the
same information could be ordered from Bell South at a cost of less than
$20. Under cross-examination, the prosecution's own witness admitted that
the information in the E911 file was available in public documents, that
the notice placed on the document stating that it was proprietary was
placed on all Bell South documents (without any prior review to determine
whether the notice was proper), and that the document did not pose a danger
to the functioning of the 911 system.
2) Guilt by association.
The prosecution begins its memorandum by detailing two crimes: 1) a plot
to plant "logic bombs" that would disrupt phone service in several states,
and 2) a prank involving the rerouting of calls from a probation office in
Florida to "a New York Dial-A-Porn number."
Only after going to some length describing these two crimes does the
prosecution state, in passing, that *the defendants were not implicated in
these crimes.*
3) Misrepresentation of motives.
As we noted above, it has been documented that young phone-system hackers
are typically motivated by the desire to understand and master large
systems, not to inflict harm or to enrich themselves materially. Although
the prosecution concedes that "[defendants claimed that they never
personally profited from their hacking activities, with the exception of
getting unauthorized long distance and data network service," the
prosecutors nevertheless characterize the hackers' motives as similar to
those of extortionists: "Their main motivation [was to] obtain power
through information and intimidation." The prosecutors add that "In
essence, stolen information equalled power, and by that definition, all
three defendants were becoming frighteningly powerful."
The prosecution goes to great lengths describing the crimes the defendants
*could* have committed with the kind of knowledge they had gathered. The
prosecution does not mention, however, that the mere possession of
*dangerous* (and non-proprietary) information is not a crime, nor does it
admit, explicitly, that the defendants never conspired to cause such damage
to the phone system.
Elsewhere in the memorandum, the prosecution attempts to suggest the
defendants' responsibility in another person's crime. Because the
defendants "freely and recklessly disseminated access information they had
stolen," says the memorandum, a 15-year-old hacker committed $10,000 in
electronic theft. Even though the prosecution does not say the defendants
intended to facilitate that 15-year-old's alleged theft, the memorandum
seeks to implicate the defendants in that theft.
4) Failure to acknowledge the outcome of the Craig Neidorf case.
In evaluating defendants' cooperation in the prosecution of Craig Neidorf,
the college student who was prosecuted for his publication of the E911
text file in an electronic newsletter, the government singles out Riggs as
being less helpful than the other two defendants, and recommends less
leniency because of this. Says the memorandum: "The testimony was somewhat
helpful, though the prosecutors felt defendant Riggs was holding back and
not being as open as he had been in the earlier meeting." The memorandum
fails to mention, however, that Riggs's testimony tended to support
Neidorf's defense that he had never conspired with Riggs to engage in the
interstate transportation of stolen property or that the case against
Neidorf was dropped. Riggs's failure to implicate Neidorf in a crime he did
not commit appears to have been taken by prosecutors as a lack of
cooperation, even though Riggs was simply telling the truth.
Sending a Message to Hackers?
Perhaps the most egregious aspect of the government's memorandum is the
argument that Riggs, Grant, and Darden should be imprisoned, not for what
*they* have done, but send the right "message to the hacking community."
The government focuses on the case of Robert J. Morris Jr., the
computer-science graduate student who was sentenced to a term of probation
in May of this year for his reckless release of the worm program that
disrupted many computers connected to the Internet. Urging the court to
imprison the three defendants, the government remarked that "hackers and
computer experts recall general hacker jubilation when the judge imposed a
probated sentence. Clearly, the sentence had little effect on defendants
Grant, Riggs, and Darden."
The government's criticism is particularly unfair in light of the fact
that the Morris sentencing took place almost a year *after* the activities
leading to the defendants' convictions! (To have been deterred by the
Morris sentencing the Atlanta defendants would have to have been able to
foretell the future.)
The memorandum raises other questions besides those of the prosecutors'
biased presentation of the facts. The most significant of these is the
government's uncritical acceptance of BellSouth's statement of the damage
the defendants did to its computer system. The memorandum states that "In
all, [the defendants] stole approximately $233,880 worth of
logins/passwords and connect addresses (i.e., access information) from
BellSouth. BellSouth spend approximately $1.5 million in identifying the
intruders into their system and has since then spent roughly $3 million
more to further secure their network."
It is unclear how these figures were derived. The stated cost of the
passwords is highly questionable: What is the dollar value of a password?
What is the dollar cost of replacing a password?
And it's similarly unclear that the defendants caused BellSouth to spend
$4.5 million more than they normally would have spent in a similar period
to identify intruders and secure their network. Although the government's
memorandum states that "[t]he defendants ... have literally caused
BellSouth millions of dollars in expenses by their actions," the actual
facts as presented in the memorandum suggest that BellSouth had *already
embarked upon the expenditure of millions of dollars* before it had heard
anything about the crimes the defendants ultimately were alleged to have
committed. Moreover, if the network was insecure to begin with, wouldn't
BellSouth have had to spend money to secure it regardless of whether the
security flaws were exploited by defendants?
The Neidorf case provides an instructive example of what happens when
prosecutors fail to question the valuations a telephone company puts on its
damages. But the example may not have been sufficiently instructive for the
federal prosecutors in Atlanta.
Not only are there questions about the justice of the restitution
requirement in the sentencing of Riggs, Darden, and Grant, but there also
are Constitutional issues raised by the prohibition of access to computers.
The Court's sentencing suggests a belief that anything the defendants do
with computers is likely to be illegal; it ignores the fact that computers
are a communications medium, and that the prohibition goes beyond
preventing future crimes by the defendants--it treads upon their rights to
engage in lawful speech and association.
EFF does not support the proposition that computer intrusion and
long-distance theft should go unpunished. But we find highly disturbing the
misrepresentations of facts in the prosecutors' sentencing memorandum as
they seek disproportionate sentences for Riggs, Darden, and Grant--stiff
sentences that supposedly will "send a message" to the hackers and
crackers.
The message this memorandum really sends is that the government's
presentation of the facts of this case has been been heavily biased by its
eagerness to appear to be deterring future computer crime.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: The Advocate / return deleted
Subject: Some Thoughts on the Atlanta Sentencing
Date: Tue, 11 Dec 90 15:37:23 -0500
********************************************************************
*** CuD #2.17: File 4 of 7: Thoughts on the Atlanta Sentencing ***
********************************************************************
I find the statement in the sentencing memo "these three had acquired
tremendous information, enough to become frighteningly powerful" to be the
key to the governments prosecution.
The governemnt has always feared those who have gained power outside of the
channels of normal authority, and sought to destroy all those who have
gained this power.
The FBI sought to destroy King and the SCLC, not because he was a bad man,
but because he threatened the status quo. The Black Panthers threatened
the status quo and they were destroyed. Read the history of organized
labor. Every initial unionization attempt was met with violence and legal
assault, until the unions became part of the establishment. Jesus was
crucified because he threatened the order.
Now hackers have started to seize information and power. That power is a
potential force for good or evil. That power could shake the world as they
know it. So now all forces of law enforcement have begun to turn on those
who may threaten the order.
I would recommend that all those who wish to hack, listen to "Ruby, an
intergalactic gumshoe". It's a radio drama from the people who did the
"fourth tower of Inverness"(best guess). There there is an organization
called the digital circus, who build wrestling robots. THey wrestle
against the rulers machines. They never win, but always come a little
closer before throwing the match.
I would suggest that the sentencing memo serve as a warning to all other
hackers.
SQUEALERS NEVER PROSPER.........
John Doe the indiana stool pigeon, got for his troubles,
a search warrant and indictment.
The atlanta three got for their guilty plea and cooperation
about 8 years and $250,000 in punishment.
I have been around criminal lawyers and investigators, for the better part
of my life. I cannot suggest any case where cooperation brings help. Now
all of them are also vulnerable on civil charges.
Had they all sat odwn, said prove the case and fought it out, they would
have done no worse. and probably could have demolished the case with Dr
Dennings testimony. But no, they squealed. Someone ought to slap around
their attorneys.
Craig Neidorf had it right with sheldon zenner. Fight all the way.
Don't fight the good fight. Fight with every drop of blood you have.
Fight constitutionality. fight civilly. fight in the press. fight in the
legislature.
If you are indicted, use your rights. Subpoena every document of the
firms opposing you. They claim billions in damages, subpoena all their
operating records. get their expense records of top officials. Use your
subpoena rights to find dirt on their witnesses. It's there, you just
have to look for it.
IF there is going to be a computer underground, then it's going to have to
learn how to fight and win in the courts and legislatures and public
opinion. that means controlling our excesses. learning how to measure
performance, and developing ethics.
Ethics. The Dark adept wrote about these. Why break into yet another TSO
machine? Don't damage data. Learn to respect privacy rights. IF you find
a security bug, publish it, but learn how to offer your services to fix
these. Learn to realize that trespassing via computer is no different then
trespass by foot. Create playlands. The LOTS machine at stanford provided
many a safe outlet. Get these machines going at the larger colleges. Why
can't their still be LOTS?
Learn to realize limits, as well. well best of luck for those of you out
there.
I remain, The Advocate.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Subject: Earning your Stripes
From: Silver Surfer
Date: Tue, 11 Dec 90 07:06 EDT
********************************************************************
*** CuD #2.17: File 5 of 7: Earning your Stripes ***
********************************************************************
In an article by Katie Hafner entitled "Morris Code", she describes a long
standing tradition that computer security experts have earned their stripes
by defeating the computer's barriers. But now instead of earning pin
stripes, hackers are earning their prison stripes for defeating computer's
barriers. What has happened to change the norms and values in the computer
world in the last 10 to 15 years?
Now it is a crime to pursue forbidden unlawful computer knowledge. Just
recently the "Atlanta Three" (Robert Riggs, Adam Grant and Franklin Darden)
have been sentenced to prison terms for breaking into the BellSouth
computer systems. It is stated by the government that these individuals
have a vast knowledge concerning computer and telecommunication services.
So with this aptitude they are being sent to prison where they might learn
a lesson. What lesson might they learn, I do not know. It is hard to
believe that the government would not impose a fine on them and community
service similar to what Morris received (but then again I bet none of their
fathers are at the NSA..or could afford the lawyers Morris's family
provided their son).
I think the "Atlanta Three" should be viewed as technological clepto
maniacs. They would pursue information and knowledge even though they knew
the means were illegal. You could say that their value system of right and
wrong was skewed. But is this a reason to imprison these young men? Their
critics site the millions of dollars lost (just like the thousands of
dollars for the 911 manuscript ....it's revised net value is under $20 now)
and the threat to life they could have caused through network disruption.
The key words are COULD HAVE CAUSED. They never actually caused loss of
life or injury to anyone. If that was the case, I would drive them to
prison myself.
So the federal government has issued a message to hackers and phreaks, that
the only stripes you can earn now are prison stripes.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Silicon Surfer / <address deleted>
Subject: Playgrounds of the Mind: Cyberspace
Date: Tue, 11 Dec 90 07:06 EDT
********************************************************************
*** CuD #2.17: File 6 of 7: Playgrounds of the Mind: Cyberspace ***
********************************************************************
Playgrounds Of The Mind: Cyberspace
By
Silicon Surfer
Why do hackers hack? The majority seem to say it's a thrill or a challenge
to get into a system. Others say that it's a means to learn about
mainframe computers and their various communication networks.
Every year the government and with donations from industry pour millions of
dollars into athletic facilities for it's youth and adult citizens. There
is even a President's Fitness Council to encourage Americans to exercise
their bodies. The government and industry does spend millions of dollars
to fight computer "hackers" and fix security holes. But where are the
playgrounds for the mind?
If the government and industry provided regionally located computer centers
for the young and old computer enthusiasts to use or break into what would
happen? Industry and the government would have a place to test it's new
software and find security holes. It would also be developing a young crop
of computer programmers and security experts. Imagine what it would be
like to develop young adults with years of computer experience, we already
see this result in sports every year during the various professional drafts
and attempts by colleges to recruit players.
And what of the crime of computer hackers? There would be no excuse if you
were allowed to use or crack a specific computer system. There would still
be the thrill, challenge and knowledge to achieve, BUT it would be legal.
It would also teach ethics. Imagine a hacker defeating a system and gaining
an account, then only weeks later to lose that account to another hacker
(of course a large increase of computer expertise would be developed by
hackers to defend their own accounts).
And if a hacker broke into a system that was outside the allowed
systems...there would be no excuse except for criminal mischief.
There already exits a network called the Internet that would allow various
playgrounds of cyberspace to be connected. Today, most high school
districts have minicomputers or mainframe systems (imagine students staying
after school to work and learn with a computer...they would most likely
have to sign up for time...images of the old days of the old hackers of the
70's) that could connect to the Internet. And what of the computing
resources of community colleges and state universities that could be opened
up to the public. They already open up their gyms, athletic fields, and
pools to the community, why not their computers? A perfect example is the
Cleveland Free-Net by CASE Western. They have developed a computer city
that exists on the Internet and is accessible to anyone at NO cost. The
EFF wants to encourage the growth and inhabitance of cyberspace. Why not
develop outposts at various academic sites to accommodate the "greenhorns"
that are venturing out into this new and open frontier? The EFF does not
need to spend vast amounts of money, instead it should provide
encouragement. They could aid in the development of a program to bring
computers to the people (..help establish a Community Memory
Project...like the one that existed in the late 70's in California). It
would be easier for the more famous of their members to get donations from
industry of used or new equipment.
But then again it is easier for the government and industry to spend
resources of time and money to monitor and hunt hackers. It is better to
foster the idea that computer access and knowledge should be the realm of
the few. That it would be better to complain and wring their hands saying
that the US should do something to regain it's technological edge and by
the way, let's get rid of these dangerous and evil hackers.
Of course the media is of no help. What profit is it to print news stories
or support an initiative like this. There is no sensationalism in law and
order. The bed time horror stories of 15 year olds breaking into military
computers and emergency networks would disappear, leaving them instead with
stories of a educated and ethical computer community.
I believe we are at a turning point in the computer culture. We have
reached the cross roads, we can encourage the open development of computer
knowledge by providing open systems or we can make it a crime to pursue
knowledge. After reading this you might ask what have I done to encourage
computer knowledge? I have taught computer courses for elementary students
while in college and later developed a course outline to use a state
university's mainframe computer to provide accounts and instruction for
high school students (the program although was shot down by the state
university's bureaucracy plan to fight this decision). That is why I am
posting this article under a handle, to protect any future projects of mine
from misinterpretation.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Various
Subject: The CU in the News
Date: 15 December, 1990
********************************************************************
*** CuD #2.17: File 7 of 7: The CU in the News ***
********************************************************************
From: someplace!anonymous@UUNET.UU.NET
Subject: Well, did anything happen?
Date: Wed, 12 Dec 90 02:59:59 -0500
Or was it a case of hysterical or malicious rumor mongering?
COMPUTER JOCKEYS THREATEN PHONE WAR
SAN JOSE MERCURY NEWS (SJ) - Friday, November 16, 1990
By: Associated Press
Edition: Stock Final Section: Front Page: 16A
Telephone companies are taking precautions today against a possible
disruption of service somewhere in the country by computer vandals breaking
into the phone network.
Non-specific threats had been made to invade the massive computers that
control the telephone network, but not to attack physical facilities,
industry sources said.
Sources who spoke on condition of anonymity said the threats apparently
were in connection with a sentencing scheduled in Atlanta this afternoon
for three members of a computer group called the Legion of Doom who had
broken into BellSouth Corp. computers.
Franklin E. Darden Jr. and Robert J. Riggs pleaded guilty earlier this
year in federal court to one conspiracy count each. Adam E. Grant pleaded
guilty to possessing 15 or more access devices with intent to defraud.
'Everyone is on alert'
"We have not been able to assess the validity of the threats, but we
certainly take any threats seriously, and we've taken precautions to
minimize the risk of intrusion," BellSouth spokesman Bill McCloskey said.
"We are aware of the purported threat to try and disrupt at least part of
the nationwide network," said Herb Linnen, a spokesman for American
Telephone and Telegraph Co. "Our corporate security organization has sent
word around the country to make sure everyone is on alert in the coming
days."
Linnen said the purported threat was not against any single company. He
said the rumor of the attempted disruption was discussed at a regular
meeting Wednesday of technical executives of a number of phone companies.
"We have no idea how widespread the threat might be, but it's our
understanding that the group may be national," said Peter Goodale, a
spokesman for Nynex Corp., parent of the New England Telephone and New York
Telephone companies. "We've taken the appropriate security measures to
ensure the integrity of our network."
Copied 911 program
FBI and Defense Department officials said they were unaware of any such
threat.
Federal prosecutors in Chicago last year charged that members of the
Legion of Doom had used their computers in February 1989 to tap into the
911 system of Atlanta-based BellSouth and copy the program.
The information then was published in an electronic newsletter in
Chicago for hackers, but the 911 network was not disrupted.
Charges against the Chicago publisher were dropped in July.
Copyright 1990, San Jose Mercury News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: elroy!grian!alex@AMES.ARC.NASA.GOV(Alex Pournelle)
Subject: Esquire Hacking Article
Date: Wed, 5 Dec 90 09:55:23 GMT
In the December Esquire magazine (with Michelle Pfeiffer on the cover),
there is an article on "hacking" (system-cracking or password-stealing,
really): "Terminal Delinquents", pp. 174ff, by Jack Hitt and Paul Tough,
under the "Outlaws" banner. And it deserves some comments.
I plan a rather lengthier commentary on this article, to be sent to the
magazine, but thought it appropriate to tell the hacking community how they
are portrayed. Certainly, all readers of cu-digest would do well to pick
it up.
The article is written about a small group of New York-based juvenile
hackers (their term) who break into the Nynex billing and phone
add/move/change system--to play around, look around, and just fiddle. A
little time is spent on the background of phone phreaking (Draper
discovering Cap'n Crunch whistles, blue boxes), essentially none on the
history of actual hacking.
The actions of these teenage trespassers are taken at face value; the only
fact-checking appears to be one call for comment to the Nynex security
office (they had no comment). Even when they are shown the "White House
PROF system" (perhaps they meant PROFS?), they make no effort at
independent corroboration.
I find it even more disturbing that no editor at Esquire even suggested
some fact-checking.
The authors have not, to my eye, even done basic research like reading The
Cuckoo's Egg. They talk about "The Internet Virus", not worm; their long
treatise on "social-engineering of passwords" (getting people to tell
them to you, or guessing them) only implicitly and offhandedly mentions the
knife-edge balance between access and security. There is a lot of
computer-as-electronic-phlogiston talk, some more successful than others.
There is much scare talk about how any dam' fool can get your credit
history from TRW. There's no direct discussion of how random
system-breakins might endanger lives.
There is essentially no talk about the morality, guidance or beliefs of the
hackers--are we to presume that some Big Brother of government or school is
supposed to teach the good and bad of computers? Or is this just a
scary-but-true-to-life story about how any pimply-faced bag of teenage
hormones with a modem can change your credit rating forever?
I think the latter.
In short, the piece is maddeningly obtuse in a magazine with a circulation
of over 800,000. It is long on anecdote and very short on fact. It is a
disservice to anyone who calls him/her/itself a hacker. The magazine
deserves to be told this.
Sincerely,
Alex Pournelle
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: P.A.Taylor@EDINBURGH.AC.UK
Subject: Virus Planters from Eastern Europe?
Date: 27 Nov 90 17:22:04 gmt
FEARS OF COMPUTER VIRUS ATTACK FROM EASTERN EUROPE GROW.
From: The Independent, Sat 24.11.90, By Susan Watts, Science reporter.
The computer industry in Britain is being warned against an influx of
malicious viruses from eastern Europe.
Governments and companies there use computers less widely than those in the
West. The range of applications is limited and so programmers have time to
write these destructive programs.
Bryan Clough, a computer consultant based in Hove, East Sussex, returned
last week from Bulgaria with 100 viruses unknown in the West.
"People have been writing these as a form of protest against the
authorities. Some are very good indeed...I am terrified of running them on
my machine but until I do I will have no idea of what they are capable of",
he says. Mr Clough predicts a wave of virus attacks on Britain, launched
mainly through electronic message systems known as Bulletin boards. One
bulletin board in Birmingham already believes it has been hit by Bulgarian
viruses. These programs can corrupt or destroy data stored on a
computer's hard disk. Jim Bates, who dismantles viruses for Scotland
Yard's Computer Crime Unit,says "I'm having a hell of a job keeping up with
the viruses coming through already. The problem is that we can only screen
for viruses that we know about".
He warns the computer industry against rogue software from eastern Europe,
Bulgaria and Russia are thought to harbour the most virulent viruses. The
small but legitimate software industry in Bulgaria complains that
programming is one of the few skills that the industry can exploit. Recent
concern is killing off even this slim chance of gaining hard currency from
overseas.
Part of the problem is that the authorities do not believe in copyright or
patent protection for software. "Programmers are used to ripping off
software" Mr Clough says, "so that they are expert at hacking into each
others systems and planting viruses."
He found at least 30 people producing viruses in Bulgaria. Most are known
to the police who can do little to stop them since the country has no laws
against computer crime. Even in Britain which introduced legislation
against hacking this summer, virus writers can be arrested only if they
enter a computer system without authority or cause damage once inside.
Scotland Yard's anti-virus team can extradite foreign programmers who flout
this law, if Britain has an extradition treaty with the country concerned.
One of the most worrying of the virus-writers calls himself the "Dark
Avenger". He has written a number of malicious programs, and Mr Clough
believes he intends to plant these in Britain shortly. Virus detectives are
dismantling one such program called "Nomenklatura", thought to have been
written by this man.
Security experts in Britain fear programmers in the Soviet Union may soon
follow Bulgaria's lead. The Soviet Union has no copyright laws, and some
sections of the software industry are already using viruses as a way to
punish those who steal programs. One such virus displays the message
"Lovechild in "Lovechild:in reward for stealing software" on the screen.
Less than two years ago there were only 20 or so virus programs around, now
there are hundreds. In Bulgaria a new virus appears once a week, Mr Clough
says.
********************************************************************
------------------------------
**END OF CuD #2.17**
*********************************************************************