Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 05 Issue 65
Computer underground Digest Tue Aug 24 1993 Volume 5 : Issue 65
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Ediot: Etaoin Shrdlu, III
CONTENTS, #5.65 (Aug 24 1993)
File 1--Report on Summer Hack-Tic Conference in the Netherlands
File 2--Another View of the Hack-tic '93 Conference
File 3--Computer Culture and Media Images
File 4--Media Images of Cu Digest - CuD Response to SunWorld
File 5--CORRECTION on Graduate Paper Competition for CFP-'94
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, Aug 11, '93 04:28:01 PDT
From: Robert David Steele <steeler@well.sf.ca.us>
Subject: File 1--Report on Summer Hack-Tic Conference in the Netherlands
((MODERATORS' NOTE: Newsweek (July 26, 1993: 58) billed
the Hack-tic conference in Lelystad, the Netherlands,
on August 3-6 as "Woodstock for the Nintendo generation."
There's no guarantee of a large turn-out, but if
thousands show up, it may help demonstrate just how far
hacking has moved out of the bedrooms of smelly
adolescents. If so, there's likely to be less geeking
and more dancing in the Dutch summer night. Programmers
may one day be able to lean back from their terminals,
pat their pocket protectors and say, "I was there."
The following two reports by attendees Robert D. Steeler and Emmanuel
Goldstein, editor of 2600 Maazine, {suggest that the techno-phreak
gathering was a success)).
++++
Here is a brief report (on the Hack-tic conference:
Roughly 150 people endured the rigors of camping out in a damp
environment with no showers and minimal toilet facilities. The food
provided and cooked by volunteers was wholesome but plain (lots of
rice and beans). The Hack-tic organizers did a great job of setting
up a main tent and two smaller workshop tents, as well as a full local
net (which may not have hooked up to INTERNET as intended). Some sexy
products and literature, but on the whole it was a mind-link event.
(I had bronchitis and stayed in a local hotel on advice of doctor, so
I missed most of the late night workshops.
Here are a few highlights, mostly an outline of what took place with
some follow-up contacts and one or two editorial comments:
"Networking for the Masses". Main tent, 75 or so in audience. Talked
about obstacles to free flow of information, main being that "the
masses" aren't even close to understanding the technologies and the
obscure mediocre user interfaces and complex unintegratable
applications. For more info:
ted@nluug.nl (Ted Lindgreen, Manager of nlnet)
peter@hacktic.nl (Peter von der Pouw Kraan, involved in
squat movement newsletters Blurf and NN)
maja@agenda.hacktic.nl (Maja van der Velden, Agenda
Foundation)
nonsenso@utopia.hacktic.nl (Felipe Rodriguez from Hack-Tic
Network which spun out of Dutch computer underground)
zabkar@roana.hacktic.nl (Andre Blum, expert in wireless
communications).
A few others:
"Phreaking the Phone" I missel uhis one, which was surely very
interesting. Emmanuel can comment. For more info:
bill@tech.hacktic.nl (Billsf, one of the world's best...
"Hacking and the Law" Very important discussion of whether the laws
are out-dated or retarded (to which I would also add my standard
comment that law is not a good substitute for engineering oversights).
More info: fridge@cri.hacktic.nl (Harry Onderwater, technical EDP
auditor at Dutch National Criminal Intelligence Service)
herschbe@dutiws.twi.tudelft.nl (Professor Bob Herschberg, lectures on
computer insecurity and unprivacy) rgb@tracer.hacktic.nl (Ronald RGB
O., the only Dutch hacker arrested both before and after new law in
effect, self-taught writer and author for Hack-tic Magazine)
andy@cccbln.ccc.de (andy Mueller-Maguhn, from German Chaos Computer
Club) emmanuel@eff.org (our ((The Well's)) own)
kaplan@bpa.arizona.edu (Ray Kaplan, computer security consultants,
hosts "meet the enemy" sessions" rop@hacktic.nl (Rop Gonggrijp, was
involved in some of the first computer break-ins om 80's, editor of
Hacktic Magazine, and a VERY hard worker and leader of the team that
put this conference together. I have guaranteed his expenses and am
hosting his participation, and emmanuels, in my symposium in November
whose secret title is "hacking the intelligence community".
A number of technical workshops, modest participation.
The most impressive workshop, which drew a lot of people and had
continuous spin-off conversations the next day, was led by David
Chaum of DigiCash, address Kruislaan 419, 1098 VA Amsterdam, The
Netherlands, phone +31 20 665-2611 fax +31 20 668-5486 email
david@digicash.nl. This guy, either English or England trained, is a
heavy duty dude who appears to be on the bleeding edge (actually he's
holding the knife) in the areas of smart cash, undeniable signatures,
untraceable electronic mail, zero-knowledge signatures and zero
information circuits, privacy protected payments, and so on. I was
very impressed.--not my thing, but a class act. My next (separate
response) contains my outline for the workshop, "Hacking the
Intelligence Community: Increasing Citizens' Access to Intelligence in
the Age of Information Warfare".
++++++++++++++++++++++++
Outline of Hack-tic Workshop 6 August, Holland "Hacking the
Intelligence Community: Increasing Citizens' Access to Intelligence in
the Age of Information Warfare"
- What IS intelligence? Data, Info, Intel
- Why Hack the Intelligence Community?
- Age of Info, InfoWar, InfoEcon
- Empower CITIZENS, the "troops"
- Move $1-5 billion from U.S. Intel Budget (per year, there is a draft
bill I wrote circulating for comment, to create a National Knowledge
Foundation)
- Salute to Hackers--The Trail Blazers
- Mile in My Shoes
- Intel Experience
-$10M mistake (USMC Intel Ctr built Top Secret system to get into CIA
data, etc., only to find database empty of useful Third World
info--and the system isn't allowed to go into open source databases by
security regulations)
- Explode the Myth of Intelligence
- Collection failures (less than 10%)
- Production failures (90% or more of what a policy maker reads/listens
to is UNCLASSIFIED and UNANALYZED)
- Production types & limits (too much, too late, too secret)
Dinosaur/Cadilac Analogy (We've spent billions building a superhighway
between Mosco and Washington, and a single Cadillac, when what we
really need now is many many off-road vehicles--five jeeps, 100
motorcycles, 1000 bikes)
- BENCHMARKING (Get consumers of intelligence to give same question to
library as to intel--one general got an answer from library in 45
minutes and it was of course unclassified; intel community came back
in two days, SAME answer, classified)
- Power in the Age of Information
- Information Continuum (K-12, univ, lib, businesses, private
investigators-info brokers, media, government, defense-intel)
- Barriers--Iron Curtains between sectors, Bamboo Curtains between
institutions within sectors, plastic curtains between individuals
within institutions.
- Hackers helping poke holes in the curtains.
INFORMATION COMMONS
Need to break down curtains SHARED collection responsibilities
DISTRIBUTED analysis & production Age of "central" intelligence is
OVER!! Direct "mind-links" in real time between consumer w/question
and expert w/answer Old linear paradigm dead (consumer to analyst to
collector to source and back) New diamond paradigm (all four all ways)
Must empower the citizen with intelligence
-- as a voter
-- as an investor
-- as an entrepreneur
-- as scientist
-- as social thinker
New Security Concepts: Focus on connectivity and speed, NOT on
restricting dissem or even bothering to decrypt Need a NATIONAL
KNOWLEDGE STRATEGY God Bless Al Gore BUT he is "all connectivity and
no content" Need to free up unclassified information wrapped in the
"cement overcoat" of peripheral classified information Need a national
program to break down curtains and increase sharing of original
unclassified source material Need a national cooperative R&D effort to
avoid waste (I believe the intelligence community wastes $100 million
a year at least, from having at least ten different "black" programs
each trying to build the ultimate all source analysts workstation in
isolation--and this is just one small example of waste from
compartmentation)
Intelligence for the Masses
Lots of good Q&A.
------------------------------
Date: Wed, 11 Aug 1993 18:21:43 PDT
From: Emmanuel Goldstein, 2600 Magazine <emmanuel@well.sf.ca.us>
Subject: File 2--Another View of the Hack-tic '93 Conference
Actually, attendance was estimated by the organizers at around 1,000.
It was bigger than the Galactic Hacker Party and, in my opinion, more
interesting. Too bad so few Americans showed up - tons of media
though. Some of the highlights for me: the "stone" keyboard -
somebody set up a computer on the grass with a keyboard made of stones
and, yes, it worked; the room filled with computers from all over the
world tied into a giant ethernet and then further tied to all of the
computers in tents on the field; the social engineering workshop where
people from all corners of the globe shared stories; and the overall
Woodstock atmosphere of the whole thing. It's incredible how you can
just pull things like this off over there with a minimum of hassle. In
the States there are literally dozens of reasons why such an event
wouldn't work. Despite that, we're going to try to do something next
summer for the tenth anniversary of 2600. We need two things: a
warehouse and some network experts to be creative. Plus a whole lot of
good karma.
P.S. United States Customs took one look at my passport and pulled me
aside yet again. The usual: bags searched, interrogation as to what
kind of magazine I write for, and a 25 minute wait while they "check"
my name. This has happened to me so many times now that I can hardly
consider it coincidence anymore. It's pure harassment and it's
garbage like this that makes it an embarrassment to be an American
these days.
I guess I can expect to disappear now having spoken against the state.
------------------------------
Date: 20 Aug 93 19:28:52 EDT
From: george c smith <70743.1711@COMPUSERVE.COM>
Subject: File 3--Computer Culture and Media Images
Computer Culture and Media Images
(By George C. Smith)
"I've had enough of that crummy stuff. Crummy stuff, crummy
stuff, crummy, crummy, crummy, crummy, crummy stuff." (from
"Crummy Stuff," by The Ramones)
After reviewing numerous stories on the computer underground dating
back to 1990, Mike Liedtke's Contra Costa Times piece on the
NIRVANAnet BBS's comes off as another example of the genre:
paint-by-numbers journalism, so predictable it's a cliche. The locales
shift, the names change, the breathless "maybe something shady's going
on here" tone stays the same.
Unfortunately, so does the expertise of the reporters. Seemingly
locked into some kind of "computer neophyte from Hell" never-never
land, there never seems to be a lack of writers who turn in stories
which are painfully unsophisticated, sensational and . . . crummy.
It's damnable, because the picture which emerges is one of mainstream
journalists who ought to be starting to get the lay of the land, but
aren't.
By contrast, this lack of know-how hasn't stopped reporters, or even
slowed them down, in generation of countless fluffy, trend stories on
the information superhighway, this year's bright and shiny cliche.
So, that the users of the NIRVANAnet systems think the news media
arrogant is not a scream of wounded pride or the surprised squeak of
slimy characters exposed when their rock is turned over. It's
justified.
Why?
Take for example a news piece which appeared in 1990 in The Morning
Call newspaper of Allentown, PA, a continent and three years away.
The Call had discovered a now long gone "underground" bulletin board
in nearby Easton, PA. I lived in the area at the time and Liedtke's
Contra Costa Times piece was uncannily similar to the one Morning Call
reporter Carol Cleaveland delivered for the Call's readership. The
same ingredients were in the mix: a couple of textfiles on how to
make bombf a regional lawman explaining about how hard it is to nail
people for computer crime and a tut-tutting sysop of another local
"public domain" system acting as a tipster, warning concerned readers
that he sure as Hell wouldn't want such a system in his backyard.
Just like Liedtke's Contra Costa Times piece, there was not a shred of
comment from the sysop whose system was being profiled. Nothing ever
came of the nonsense. The system continued online for a couple of
more years, no criminal charges were filed, and the local businesses
appeared not to go up in flames at the hands of unknown hackers or
bomb-throwing, masked anarchists. So, this was news?
Now, fast forward to The New York Times on January 25 of this year. In
an 'A' section article, reporter Ralph Blumenthal profiled "Phrakr
Trakr," a federal undercover man keeping our electronic streets safe
from cybernetic hoodlums too numerous to mention singly.
A quick read shows the reporter another investigator from the
mainstream who hadn't gotten anything from underground BBS's
first-hand, relying instead on the Phrakr Trakr's tales of nameless
computer criminals trafficking in "stolen information, poison recipes
and _bomb-making_ [emphasis MINE] instructions."
While not dwelling on or minimizing the issue of phone-related phraud
and the abuse of credit card numbers on underground BBS's (which has
been established), Blumenthal's continued attention to text files for
"turning household chemicals into deadly poisons, [or] how to build an
'Assassin Box' to supposedly send a lethal surge through a telephone
line" was more of the same. It was the kind of news which furthers the
perception on the nets that reporters are rubes, reluctant to use
their mental faculties to analyze material of dubious nature.
Most anyone from teenagers to the college educated on-line seem to
recognize text files on a BBS as usually menacingly written trivial
crap or bowdlerized, error-filled reprints from engineering, biology
and chemistry books. In either case, hardly noteworthy unless you're
one who can't tell the difference between comic books and real news.
So why can't we, make that why SHOULDN'T we, expect the same critical
ability from mainstream journalists? Of course, we should.
And it's not only the on-line community which is getting mugged. Just
about every sentient, reading mammal in North America was fed a
continuous line on the Michelangelo virus for the first three months
of 1992 courtesy of the mainstream press. In the aftermath, the
perception seeped in that inadvertently or not, most reporters had
been played for suckers by software developers. However, there was no
informed skepticism when it counted.
Recall, newspapers around the country ran headlines warning of
imminent disaster. "Thousands of PC's could crash Friday," said USA
Today. "Deadly Virus Set to Wreak Havoc Tomorrow," said the
Washington Post. "Paint It Scary," said the Los Angeles Times.
Weeks after the grand viral no-show on March 6th, reporters still
insisted the hysterical coverage prevented thousands of computers from
losing data. John Schneidawind of USA Today claimed "everyone's PC's
would have crashed" in interview for the American Journalism Review
but was unable to provide any evidence to back it up.
Even The San Jose Mercury News credited the publicity with saving the
day. There was, however, little mention that corporate wallets were
swollen with payouts from worried consumers or that most of the
experts used as sources came from the same circle of businessmen
benefiting from the panic.
In the aftermath everyone blamed John McAfee, the nation's leading
antiviral software manufacturer. After all, it was McAfee who told
many reporters that as many as 5 million computers were at risk,
wasn't it?
However, a look back at some of his comments to American Journalism
Review in May 1992 expands the limelight a little. "I told reporters
all along that estimates ranged from 50,000 to 5 million," he said. "I
said, '50,000 to 5 million, take your pick,' and they did."
"I never contacted a single reporter, I never sent out a press
release, I never wrote any articles," he continued. "I was just
sitting here doing my job and people started calling."
"Before the media starts to crucify the antivirus community," he
continued, "they should look in the mirror and see how much [of the
coverage] came from their desire to make it a good story. Not that I'm
a press-basher."
Why does this happen? What drives one of these "good stories"?
John Schneidawind of USA Today, when interviewed shortly after
Michelangelo said John McAfee was always available to explain things
from the early days of the Silicon Valley. There was a sense, said
Schneidawind, that "we owed him." That's even-handed reporting!
Obviously, a great many news stories are hung on a sexy hook, too.
Often this has little to do with reality. Put yourself in a
reporter's shoes, fire-balling these leads past an editor.
Techno-kids running amok in cyberspace, crashing the accounts of
hapless businessmen, playing fast and loose with the law, fostering
the dissolution of community in the suburbs! Or, computer virus
plague set to incinerate data world wide! Or, government BBS flouts
public interest, aids computer vandals in high-tech predation of
nation's information superhighways! Whoosh! Bang! Who wouldn't bite?
Now imagine trying to sell an on-going series dealing with the warp
and weave of the networks, touching on everything from dating BBS's to
encryption to virus distribution to electronic publishing, copyright
law and free speech. Frequently, you'll need more than 40 column
inches per topic to do it right.
If you're a reporter you might hear these responses as reasons NOT to
get into such a project.
1. We don't have the space. (There will, however, always be 40 inches
of space for the latest equivalent of "Jurassic Park.")
2. We can get that off the wire. We can't afford to get involved in
specialty journalism.
3. No more long stories - our readership won't follow them. (Policy
at USA Today.)
4. No one is interested in computers. (Believe it or not, this was a
popular one in 1992 at The Morning Call in Allentown, PA.)
5. I don't understand all that, our readers won't either.
6. Where's the hook?
So, proactive news stories, particularly on computers, are a hard sell
many reporters aren't up to. Conversely, most have no trouble selling
what Carl Jensen, journalism prof at Sonoma State in California, calls
"junk food news."
Junk food news is, he writes, "sensationalized, personalized,
homogenized trivia . . . generic to [some] of the following
categories: Madonna's latest sexscapades . . . the newest diet craze,
fashion craze, dance craze, sports craze, video game craze . . . the
routine freeway pile-up . . . the torrents of rhetoric pouring from
the mouths of candidates, pledging to solve unemployment, reduce the
deficit, lower prices, [and] defy foreign invaders . . ."
Junk food news soaks up a lot of effort on the part of reporters. And
there is no shortage of junk food computer news, either.
Take, for instance, almost anything using the word "cyber." The August
15th issue of The L.A. Times Sunday Magazine devoted three-quarters of
a page to "Hack Attack - Cybersex." "Cybersex," in the finest
gosh-oh-jeekers style, went on about yet another budding entrepreneur
who's puzzled out there's a market in putting $70 worth of sex
animation on CD-ROM. Only such a junk food news piece _could_ close
with a quote from the businessman so ludicrous it would be laughed off
the table in any self-respecting barroom. "This is a powerful
medium," said the computer sex movie-maker. "The potential is there
for people prone to become alienated to become alienated. But we also
envision virtual reality sex as a vehicle for people to interact with
others in a way they might not feel comfortable in reality."
The week before, the same magazine ran a story on cyberpunk Billy Idol
and how callers to The Well were dissing him for being a phony.
That's news!
Other computer junk food news stories include, but are by no means
limited to:
--Just about anything on Jaron Lanier and data gloves.
--Tittering, voyeuristic "human interest" pieces on local
lonely-hearts BBS's that DON'T mention that 50 percent of the data
storage is devoted to color photos of hideously obese men and women
screwing, young models licking each other's private parts and other
similar stuff which, if warehoused as magazines in a windowless,
beige-colored building on the publisher's block, would be the target
of a picketing team from the metro section of the same newspaper.
--Flogging the latest Steven Spielberg project which involves using
50-gazillion megabytes of computer power and more cash than the gross
national product of the Ukraine to make a TV show on some kind of
virtual reality living submarine with tentacular arms and talking
porpoise sidekicks.
--Anything on the information superhighway with the usual pro forma
hey-even-I-could-think-of-that quotes from Ed Markey and Mitch Kapor.
--Gadget stories - actually, unpaid advertisements - on the newest
computer-chip controlled stun gun, the newest computer-driven home
studio, the newest useless morphing software for amusing and cowing
your friends, the newest wallet-sized computer which doesn't exist,
the newest whatever-press-release-selling-it-came-in
-through-the-fax-machine-today device.
Ah, but these are easy shots to take, being mostly the handiwork of
features and entertainment reporters, long regarded as the:Slft white
underbelly of the news media.
What about front page news? Take a look back at Joel Garreau's
Washington Post expose of Kim Clancy and the AIS system.
It's reliance on the usual he said/she said reporting resulted in the
trotting out of source Paul Ferguson who was able to pose as two
people at once. This, perhaps, would not have happened had Garreau
been more familiar with the complexities of computer security. As it
was, the pursuit of the news from a human interest angle resulted in a
set-up, or "official scandal" as its called by Martin Lee and Norman
Solomon in a devastating criticism of journalistic methods,
"Unreliable Sources: A Guide To Detecting Bias in Newsmedia" (1990,
Lyle Stuart).
According to Lee and Solomon, "official" scandals as reported by the
press, have certain hallmarks.
1. "The 'scandal' [came] to light much later than it could have." So
it was with AIS: The hacker files were removed from the BBS
weeks before the story was retold by The Washington Post.
2. "The focus is on scapegoats, fallguys, as though remedial action
amounts to handing the public a few heads on a platter." Kim
Clancy, the administrator of AIS, was the fallguy, er, fall-lady,
here.
3. "Damage control keeps the media barking but at bay. The press is
so busy chewing on scraps near the outer perimeter that it stays
away from the chicken house." While the news media was chewing on
AIS, it neglected to discover Paul Ferguson doing double-duty,
anti-virus researchers helping themselves to dangerous code on
AIS while complaining about it to others, and the ugly truth
that much of the virus code and live viruses on amateur BBS's
throughout the U.S. can be traced to AIS's opponents, a few of
the same complaining researchers.
4. "Sources on the inside supply tidbits of information to steer
reporters in certain directions -- and away from others."
5. "The spotlight is on outraged officials." In this case,
"anonymous", Paul Ferguson, Ed Markey, etc., -- asking tough,
but not TOO tough, questions.
Because it ran in The Washington Post, Garreau's story immediately
touched off a wave of pack journalism. The Associated Press digested
all the wrong, flashy aspects of Garreau's work. Specialty
publications catering to corporate computer users published weird,
warped tales on AIS, culminating in Laura Didio's August 9th feature
in LAN Times which called Computer underground Digest "a BBS" and had
the ubiquitous Ed Markey claiming that the AIS system had infected
itself with a virus, a serious falsehood. This from a reporter, no,
make that a _bureau chief_, who works for a computer publication!
So if the NIRVANAnet BBS operators are angry with Mike Liedtke for
blind-siding them in the pages of The Contra Costa Times, good for
them. If they think mainstream journalists have been doing a rotten
job on computer stories, they have the ammunition to prove it.
It is right for them to expect more from journalists than the passing
on of whatever received wisdom is currently circulating about the
computer underground. It's perfectly legitimate to expect more from
reporters than junk food computer news or dressed-up press releases.
They're right if they think they're being patronized by news
organizations which assign reporters who don't know what a modem is,
have only been Prodigy members or who believe that being a "people"
person is sufficient qualification to report in this beat.
Good journalists are obliged to be responsive and receptive to the
beats and communities they cover. So it should be with the computer
underground. It is not considered cool to use ignorance or
inexperience as an excuse for slipshod work, to take the path of least
resistance, to rely only upon sources who are mainstream professional
acquaintances or whose names are right near the telephone. Those who
think otherwise are jerks.
------------------------------
Date: Tue, 17 Aug 1993 13:39:27 CDT
From: CuD Moderators <cudigest@mindvox.phantom.com>
Subject: File 4--Media Images of Cu I^est - CuD Response to SunWorld
((MODERATORS' NOTE: Media misrepresentations directly affect CuD. We
are periodically depicted as a "BBS" or a "system." When a reporter
from New Jersey writing on computer crime called me in early August, I
found it impossible to explain an electronic journal to
her--incredibly, she not only did NOT know about Internet or BBSes,
but DID NOT KNOW WHAT A MODEM WAS!
The problem grows more serious when CuD is misrepresented in a way
that depicts us as advocating illegal activity, abetting computer
intrusion, or suggesting that we advocate chaos or disorder. Because
such articles generally do not appear in national media, we don't see
them unless readers send us a copy. The following SunWorld article is
such an example. Although CuD was referenced just once in a single
sentence, the phrasing carried discomforting implications. We could
not let this one go without a response. We reproduce this material as
an example of the difficulties we all continue to confront in
"educating" the media, and to illustrate the generally unintended
genesis of twists of phrase that become self-perpetuating in the game
of "catch-up to the facts." What follows is, first, our letter to the
author of the SunWorld piece, Phillip Moyer. Second, we summarize our
e-mail responses to him. Finally, because we do not how our final
response to SunWorld will appear after editing, we include the entire
letter.
CuD has continually argued that most editors and reporters are quite
amenable to receiving criticisms. Phillip Moyer's response was civil
and cooperative. We were especially impressed with SunWorld editor
Mark Cappel's attitude, which was cordial, cooperative, and--while he
deferred judgment until "the facts were in"--he was fully amendable to
listening without defensiveness and to consider our complaint.
However, such courtesy is what we'd expect from one originally from
our University town of DeKalb, Ill.
++++ (Original letter to the author) ++++
Date--Fri, 9 Jul 93 1:26 CDT
To--PRM@ECN.PURDUE.EDU
From--Cu-Digest (tk0jut2@mvs.cso.niu.edu) <TK0JUT2>
Subject--Response to your SunWorld (July '93) piece
Dear Phillip Moyer:
I am stunned by your description of Cu Digest in the July,
'93, issue of SunWorld. Among other things, you write:
"If you have reason to look in a novice's account, you
will probably find copies of Phrack, the Computer
Underground Digest, and the Legion of Doom's Technical
Journals, all of which have information novices (and
more advanced crackers) find useful (p. 101).
My complaint centers on your CuD comments. CuD does not
cater to "crackers," and if you had bothered to read CuD you
would note the editorial philosophy in the header. We have
*never*, not once, published cracking material or any
material that could even remotely be described as "helpful
to 'crackers'". If you believe I am mistaken, please cite a
specific article. If not, I request an explicit correction
and an apology for your misrepresentation.
CuD is a legitimate electronic newsletter/journal.
Relatively few of our 80,000+ readers are students, let
alone "crackers." Most are academics, computer specialists,
journalists, attorneys, and others interested in a variety
of legal, ethical, social, political, and scholarly issues
surrounding computer culture. Had you looked at past
issues, you would see book reviews, debates, news, legal
documents, legislative information, conference announcements
and summaries, and a broad range of other information that
covers "cyberspace." Further, had you bothered to examine
the CuD ftp sites, you would note that we maintain
directories of a variety of Electronic newsletters, academic
papers, state and federal computer laws, and other archival
invaluable.
We have worked hard to establish a reputation as a forum for
debate that allows diversity of views. To have our
reputation tarnished with public claims insinuating
collusion in illegal or unethical conduct is intolerable. We
have consistently gone on record publicly and privately to
oppose all forms of predatory behavior, including
unauthorized computer intrusion. For those unfamiliar with
CuD, your article both misrepresents our purpose and impugns
our integrity. As a criminal justice professor, I'm not
inclined let such a reckless disregard for truth pass
lightly.
I trust that we can resolve your misrepresentation amicably,
and an apology and retraction in a forthcoming issue of
SunWorld would suffice.
<jt sig>
+++
Phillip Moyer replied with an explanation. He also identified several
articles that he thought would be helpful to hackers. Because CuD has
never published "hacking" information, we were compelled to respond.
This issue strikes is as critical, because when other read the
article, such as law enforcement agents or our University personnel,
the CuD editors are placed in jeapordy. The following are excerpts
from our correspondence to him. We summarize his comments, to which we
are responding:
((In his response, Mr. Moyer indicated that his CuD description was
based on personal experience of network intruders into his site, where
his "investigations" reveal multiple copies of CuD, Phrack, and
LOD/TJ. The CuD response:
Connecting CuD to "hackers" in this manner is quite a leap
of logic. You could also make the same statement about CuD
being carried and read by law enforcement. From our estimate,
thousands of BBSes, public access systems, ftp, and other
sites carry CuD. Finding CuD amongst "hackers" is no more
surprising than finding O'Reilly's books (eg, "Practical
Unix Security" or "The Whole Internet") in "hacker"
libraries. Your twist of phrase is neither innocent nor
neutral, and the implications are quite clear. I'm pleased
that "hackers" read CuD just as I am that law enforcement
reads it. Perhaps the former will learn from it that
computer intrusion and predatory behavior are uncool, just
as we hope the latter will learn that civil liberties and
common sense extend to "cyberspace."
You identify several categories of information "useful" to
"hackers."
1. "Cult" information about famous cracking groups.
2. Technical cracking information.
3. Information about networks in general, and how to move around...
4. Information about cracker activities/clubs/busts.
5. Cyberpunk related articles.
Guilty as charged, with the exception of #2, which we have
*never* published. We publish news. So what? So does the New
York Times, SunWorld, and other sources. The list you
identify is a miniscule fraction of our contents. EFFector
publishes similar, but more narrow, material. I find your
list quite disingenuous. Please re-read your own article:
You write about hackers and where they obtain their skills.
In that context, you list CuD along with two other E-'Zines
specifically devoted to developing skills. You falsely
categorize us, tarnish us by "guilt by association," and in
the context of your article you paint us as a "hacker"
source. You made a mistake, and I would think it more
honorable that you acknowledge it rather than glibly try to
engage in word games and further insult me with sloppy
logic.
((Mr. Moyer suggests that "hackers" are interested in more than "how
to" documents, which may be why they "insist" on keeping copies of CuD
in their "stolen accounts."))
You continue with your "guilt by association" rationale.
Your wording is curious: I'm not sure why you use the term
"insist," and perhaps it reflects more about your own
attempts to impute motives to others as you have attributed
false meaning to CuD. From my experience, few "hackers"
keep things in "stolen accounts," but that's a trivial
issue. More to the point is your continued insistence on
linking CuD with "stolen accounts" and other illegal
behavior. Please remember that your article made no mention
of "other" information, but in context focused on the "how
to" aspect. And, the fact that CuDs may be "of interest"
does not lead to the conclusion that they are helpful for
"hacking," as you strongly suggest.
I challenged you to list an article that is "helpful" for
"hackers" or "hacking," and you identify the following:
> CuD #2.14, file 7: Don't Talk to Cops
>
>This one lists security problems that novice crackers may
>not have thought about, and therefore gives them avenues of
>attack which they may otherwise have overlooked:
((MODERATORS' NOTE: Because of ambiguity of wording, it appeared that
the reporter's description of file the "Security on the Net" File
referred to the "Don't Talk to Cops" article. The CuD letter
describes the following, not the previous issue. There was no
explanation given for why "Don't Talk" was used as an example)).
Astounding! This file says no such thing. It was written in
response to abuses by law enforcement in overstepping their
bounds in investigations. The Phrack and Steve Jackson
cases, of which I assume you're aware, typify such excesses.
You'll recall that in many of the so-called "Bill Cook" and
"Sun Devil" cases of early 1990, at which time that file was
written, investigators were rather zealous in their
techniques. This file was written by an attorney for *all*
readers. Even CuD editors were concerned about the "knock on
the door." I'm stunned that you saw in that article anything
related to "security problems that novice crackers may not
have thought about, and therefore gives them avenues of
attack which they may otherwise have overlooked." The
article says no such thing and casts serious credibility on
your claim to have read CuD, let alone this article. The
article is simply not about what you claim. Period!
> CuD #3.00, file 5: Security on the Net
Again, I'm appalled at your interpretation. This article was
written by a system administrator who was once active on the
nets and whose name you might recognize. It is essentially
a summary of survey responses, which strikes me as fully
legitimate. If you see in that something "of interest" to
hackers that would aid them in intrusion (and that was,
after all, my query to you), then your own SunWorld piece
must surely be classified as a primer for novice hackers.
This is another article which it seems you have not read.
>For true novices who haven't figured out how to forge
>mail yet, there's:
> CuD #1.06, file 5: SMPT (sic)
Sorry, but mail forging is hardly a "hacking" tactic and is
of no use in system intrusion. Even for those who would
attempt to use that file to forge mail, they would find that
it wouldn't work. Even if I were to concede (which I don't)
that such an article is of technical interest to hackers, it
is of such inconsequential value and was (even at that time)
so well-known that it's odd that you would consider it in
your list. I should also add that (if my recollection is
correct) it was written by a computer professional as a bit
of a prank because of it's useless value, and we ran it as a
bit of a spoof. Sorry, but you get no points for this one.
>For a number of system-level penetration ideas, mostly to do
>with poor memory protection, check out
> Cud #1.07, file 4: article forwarded from alt.security
Again, there is nothing technical in this post. An "old
time" hacker reflects on the past and, if anything, bemoans
the direction of irresponsible newcomers. We've posted many
such pieces, pro and con. That you adduce this as evidence
of a hacking aid, which was what I asked you to produce,
suggests that my original claim was correct: You can find no
articles to substantiate the inference in your article.
We have published about 200 issues of Cu Digest, which comes
to over 1,000 articles, almost 8 megs of text files, and
many reams of printouts. You have failed to substantiate
your claim other than with some vague allusion to "of
interest" to hackers, which by you definition, includes a
range of articles so diverse as to defy credibility.
((Are CuD editors merely bickering over terminology??))
I don't see this as mere bickering. Your claims in the
SunWorld article were clear and tarnished our professional
reputations. Your words in the article were not
conditional, were not qualified, and explicitly linked CuD
with other media that were targeted to a teenage hacker
audience and included considerable, although generally
publicly available, technical "how to" information. Your
inability to make your case, your "guilt by association"
approach, and your apparent inability to see that as
anything more than mere "bickering" of words is shocking.
((The following is the public letter we finally submitted to SunWorld)):
+++++
Date: Tue, 20 Jul 93 2:24 CDT
To: mark.cappel@sunworld.com
From: Jim Thomas (tk0jut1@mvs.cso.niu.edu) <TK0JUT1>
Subject--Response to SunWorld article of July 23, '93 from Cu Digest
CC: PRM@ECN.PURDUE.EDU,GRMEYER@GENIE.GEIS.COM
18 July, 1993
To: Mark Cappel, Editor
SunWorld
In the July, 1993, issue of SunWorld, Phillip Moyer's piece on
computer "hackers" ("Defending the Realm") referred to Computer
underground Digest (CuD) with an unfortunate choice of words:
"If you have reason to look in a novice's account, you will
probably find copies of Phrack, the Computer Underground
(sic) Digest, and the Legion of Doom's Technical Journals,
all of which have information novices (and more advanced
crackers) find useful (p. 101).
Although probably unintended, the phrasing might lead those
unfamiliar with CuD to mistakenly infer that it is a "hacker"
journal that encourages "hacking" and publishes "how to
'crack'" information. Although we're pleased that hackers are
among those who find CuD of interest, the usefulness of our
articles does not include any technical or other "how to"
information, and CuD is not aimed at a "hacker" audience.
CuD is an electronic journal/newsletter available at no cost to
anybody with an internet mailing address. We have at least
80,000 readers world-wide. The audience is primarily computer
professionals, academics, attorneys, journalists, students, and
others who are interested in computer culture. Articles include
research papers, legal and legislative summaries, conferences
news and excerpts, book reviews, interviews, news, debates of
current issues related to "cyberspace" and "virtual reality,"
and other information aimed at a diverse readership. We have
never published technical information helpful for
"hacking/cracking" and have consistently criticized all forms
of computer abuse. The emphasis on a "hacker" culture and
related articles derives in part from the editors' criminal
justice background, and in part from CuD's original goal, begun
in March, 1990, as what at the time was conceived as a
temporary service to publish overflow pieces from Telecom
Digest related to the 1990 "hacker crackdown."
We recognize any writer's difficulty in choosing words that will
please everybody, and we sympathize with what may seem to the
SunWorld author (and others) as simply bickering over phrasing.
However, given the power of labels and the potential harm that
might result from being construed as a medium that abets
criminal activity, we assure SunWorld readers that, although
we're pleased that CuDs can be found in the files of "hackers"
(as well as law enforcement, thousands of BBSes and public
access systems, ftp sites, and elsewhere), CuD is of no more of
use to "hackers/crackers" than a SunWorld article describing
specific techniques that curious potential intruders might try.
((Final comment: We reproduce this not out of self-indulgence, but to
show how easily articles might be misconstrued. There is also an
apparent double-standard operating: An obscure CuD piece can be given
a "helpful to hacker's" gloss while explicitly technical details found
in security manuals, technical volumes, or even classbooks, are not.
Even though reporters see their comments as innocent, and even though
they may judge our comments as excessively thin-skinned, we can
envision a reader of such articles writing an irate letter to an
employer, university administrator, congressional rep, or law
enforcement agent, wondering "why taxpayer dollars are being used to
fund 'hacking' at a public university." We're obligated to stifle such
misinformation when it's brought to our attention. If CuD readers
come across similar articles in trade journals or other media, let us
know. For media folk wanting to know what a "CuD" is, we suggest the
"Frequently Asked Questions" list that we include with new
subscriptions.
------------------------------
Date: Fri, 20 Aug 1993 18;21:43 EDT
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
Subject: File 5--CORRECTION on Graduate Paper Competition for CFP-'94
((MODERATORS' NOTE: The address listed in CuD 5.64 for the CFP-'94
grad student paper competition should be corrected as listed below. If
you know of grad students doing work in an area related to
computers/technology/privacy, pass this information along to them. WE
REQUEST THAT FACULTY ALSO POST THE INFORMATION ON THEIR DEPT BULLETIN
BOARDS AND SLIP THE INFORMATION INTO GRAD STUDENT MAIL BOXES.
CFP-'94 will be held in Chicago in March, 1984, and brings together an
exciting multi-disciplinary mix of academics, professionals, and
others, to discuss the issues between technology, freedom, and
privacy. For further details, see CuD 5.60, File 2)).
+++
STUDENT PAPER COMPETITION
Full time college or graduate students are invited to enter the
((CFP-'904)) student paper competition. Papers must not exceed 2500
words and should address the impact of computer and telecommunications
technologies on freedom and privacy in society. Winners will receive
a scholarship to attend the conference and present their papers. All
papers should be submitted by November 1, 1993 (either as straight
text via e-mail or 6 printed copies) to:
Professor Eugene Spafford
Department of Computer Sciences
1398 Computer Science Building
Purdue University
West Lafayette, IN 47907-1398
E-Mail: spaf@cs.purdue.edu; Voice: 317-494-7825
REGISTRATION
Registration information and fee schedules will be announced by
September 1, 1993. Inquiries regarding registration should be
directed to RoseMarie Knight, Registration Chair, at the JMLS
address above; her voice number is 312-987-1420.
------------------------------
End of Computer Underground Digest #5.65
************************************