Copy Link
Add to Bookmark
Report
Phrack Inc. Volume 05 Issue 46 File 28
==Phrack Magazine==
Volume Five, Issue Forty-Six, File 28 of 28
PWN PWN PNW PNW PNW PNW PNW PNW PNW PNW PNW PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Compiled by Datastream Cowboy PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Damn The Torpedoes June 6, 1994
~~~~~~~~~~~~~~~~~~
by Loring Wirbel (Electronic Engineering Times) (Page 134)
On May 3, a gargantuan satellite was launched with little press coverage
from Cape Canaveral.
The $1.5 billion satellite is a joint project of the NSA and the
National Reconnaissance Office. At five tons, it is heavy enough to
have required every bit of thrust its Titan IV launcher could
provide--and despite the boost, it still did enough damage to the
launch-pad water main to render the facility unusable for two months.
The satellite is known as Mentor, Jeroboam and Big Bertha, and it has an
antenna larger than a football field to carry out "hyper-spectral
analysis" -- Reconnaissance Office buzzwords for real-time analysis of
communications in a very wide swath of the electromagnetic spectrum.
Clipper and Digital Signature Standard opponents should be paying
attention to this one. Mentor surprised space analysts by moving into a
geostationary rather than geosynchronous orbit. Geostationary orbit
allows the satellite to "park" over a certain sector of the earth.
This first satellite in a planned series was heading for the Ural
Mountains in Russia at last notice. Additional launches planned for
late 1994 will park future Mentors over the western hemisphere.
According to John Pike of the Federation of American Scientists, those
satellites will likely be controlled from Buckley Field (Aurora,
Colorado), an NSA/Reconnaissance downlink base slated to become this
hemisphere's largest intelligence base in the 1990s.
[Able to hear a bug fart from space. DC to Daylight realtime analysis.
And you Clipper whiners cry about someone listening to your phone calls.
Puh-lease.]
-----------------------------------------------------------------------------
Discovery of 'Data Processing Virus Factory' In Italy February 17, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AFP Sciences
It was learned in Rome on 10 February that a data processing virus
"factory" -- in fact, a program called VCL (Viruses Creation Laboratory),
capable of triggering a virus epidemic--was discovered in Italy
Mr. Fulvio Berghella, deputy directory-general of the Italian Institute
for Bank Data Processing Security (ISTINFORM), discovered what it takes
to enable just about anybody to fabricate data processing viruses; he told
the press that its existence had been suspected for a year and a half and
that about a hundred Italian enterprises had been "contaminated."
An investigation was launched to try to determine the origin of the program,
said Mr. Alessandro Pansa, chief of the "data processing crime" section
of the Italian police. Several copies of VCL were found in various places,
particularly in Rome and Milan.
Producing viruses is very simple with the help of this program, but it is
not easy to find. A clandestine Bulgarian data bank, as yet not identified,
reportedly was behind all this. An international meeting of data processing
virus "hunters" was organized in Amsterdam on 12 February to draft
a strategy; an international police meeting on this subject will be held
next week in Sweden.
Since 1991, the number of viruses in circulation throughout the world
increased 500% to a total of about 10,000 viruses. In Italy, it is not
forbidden to own a program of this type, but dissemination of viruses
is prosecuted.
[So, I take it Nowhere Man cannot ever travel to Italy?]
--------------------------------------------------------------------------
DEFCON TV-News Coverage July 26, 1994
by Hal Eisner (Real News at 10) (KCOP Channel 13 Los Angeles)
[Shot of audience]
Female Newscaster: "Hackers are like frontier outlaws. Look at what Hal
Eisner found at a gathering of hackers on the Las
Vegas strip."
[Shot of "Welcome to Vegas" sign]
[Shot of Code Thief Deluxe v3.5]
[Shot of Dark Tangent talking]
Dark Tangent: "Welcome to the convention!"
[Shot of Voyager hanging with some people]
Hal Eisner: "Well not everyone was welcome to this year's
Def Con II, a national convention for hackers.
Certainly federal agents weren't."
[Shot DTangent searching for a fed]
Dark Tangent: "On the right. Getting closer."
Fed: "Must be me! Thank you."
[Dark Tangent gives the Fed "I'm a Fed" t-shirt]
Hail Eisner: "Suspected agents were ridiculed and given
identifying t-shirts. While conventioneers, some of
[Shot of someone using a laptop]
which have violated the law, and many of which are
[Shot of some guy reading the DefCon pamphlet]
simply tech-heads hungry for the latest theory, got
[Shot of a frequency counter, and a scanner]
to see a lot of the newest gadgetry, and hear some
tough talk from an Arizona Deputy DA that
[Shot of Gail giving her speech]
specializes on computer crime and actually
recognized some of her audience."
Gail: "Some people are outlaws, crooks, felons maybe."
[Shot back of conference room. People hanging]
Hal Eisner: "There was an Alice in Wonderland quality about all
of this. Hackers by definition go where they are not
invited, but so is the government that is trying to
intrude on their privacy."
Devlin: "If I want to conceal something for whatever reason.
I'd like to have the ability to."
Hal Eisner: "The bottom line is that many of the people here
want to do what they want, when they want, and how
they want, without restrictions."
Deadkat: "What we are doing is changing the system, and if you
have to break the law to change the system, so be it!"
Hal Eisner: "That's from residents of that cyberspacious world
[Shot of someone holding a diskette with what is supposed to be codez on the
label]
of behind the computer screen where the shy can be
[Code Thief on the background]
dangerous. Reporting from Las Vegas, Hal Eisner,
Real News.
------------------------------------------------------------------------------
Cyber Cops May 23, 1994
~~~~~~~~~~
by Joseph Panettieri (Information Week) (Page 30)
When Chris Myers, a software engineer at Washington University in
St. Louis, arrived to work one Monday morning last month, he realized
something wasn't quite right. Files had been damaged and a back door
was left ajar. Not in his office, but on the university's computer network.
Like Commissioner Gordon racing to the Batphone, Myers swiftly called the
Internet's guardian, the Computer Emergency Response Team (CERT).
The CERT team boasts impressive credentials. Its 14 team members are
managed by Dain Gary, former director of corporate data security at
Mellon Bank Corp. in Pittsburgh. While Gary is the coach of the CERT
squad, Moira West is the scrambling on-field quarterback. As manager
of CERT's incident-response team and coordination center, she oversees
the team's responses to attacks by Internet hackers and its search for
ways to reduce the Internet's vulnerabilities. West was formerly a
software engineer at the University of York in England.
The rest of the CERT team remains in the shadows. West says
the CERT crew hails from various information-systems backgrounds,
but declines to get more specific, possibly to hide any Achilles'
heels from hackers.
One thing West stresses is that CERT isn't a collection of reformed
hackers combing the Internet for suspicious data. "People have to
trust us, so hiring hackers definitely isn't an option," she says.
"And we don't probe or log-on to other people's systems."
As a rule, CERT won't post an alert until after it finds a
remedy to the problem. But that can take months, giving hackers
time to attempt similar breakins on thousands of Internet hosts
without fear of detection. Yet CERT's West defends this policy:
"We don't want to cause mass hysteria if there's no way to
address a new, isolated problem. We also don't want to alert the
entire intruder community about it."
------------------------------------
Who You Gonna Call?
How to reach CERT
Phone: 412-268-7090
Internet: cert@cert.org
Fax: 412-268-6989
Mail: CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
------------------------------------
[Ask for that saucy British chippie. Her voice will melt you like
butter.
CERT -- Continually re-emphasizing the adage: "You get what you pay for!"]
And remember, CERT doesn't hire hackers, they just suck the juicy bits
out of their brains for free.
------------------------------------------------------------------------------
Defining the Ethics of Hacking August 12, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Amy Harmon (Los Angeles Times) (page A1)
Eric Corley, a.k.a Emmanuel Goldstein -- patron saint of computer
hackers and phone phreaks -- is having a party.
And perhaps it is just in time. 2600, the hacker magazine Corley
started when he was 23, is a decade old. It has spawned monthly
hacker meetings in dozens of cities. It has been the target of a
Secret Service investigation. It has even gone aboveground, with
newsstand sales of 20,000 last year.
As hundreds of hackers converge in New York City this weekend to celebrate
2600's anniversary, Corley hopes to grapple with how to uphold the
"hacker ethic," an oxymoron to some, in an era when many of 2600's devotees
just want to know how to make free phone calls. (Less high-minded
activities -- like cracking the New York City subway's new electronic
fare card system -- are also on the agenda).
Hackers counter that in a society increasingly dependent on
technology, the very basis for democracy could be threatened by limiting
technological exploration. "Hacking teaches people to think critically about
technology," says Rop Gonggrijp, a Dutch hacker who will attend the Hackers
on Planet Earth conference this weekend. "The corporations that are building
the technology are certainly not going to tell us, because they're trying to
sell it to us. Whole societies are trusting technology blindly -- they just
believe what the technocrats say."
Gonggrijp, 26, publishes a magazine much like 2600 called Hack-Tic,
which made waves this year with an article showing that while tapping mobile
phones of criminal suspects with radio scanners, Dutch police tapped into
thousand of other mobile phones.
"What society needs is people who are independent yet knowledgeable,"
Gonggrijp said. 'That's mostly going to be young people, which society is
uncomfortable with. But there's only two groups who know how the phone and
computer systems work, and that's engineers and hackers. And I think that's
a very healthy situation."
[By the way Amy: Phrack always grants interviews to cute, female
LA Times reporters.]
------------------------------------------------------------------------------
Fighting Telephone Fraud August 1, 1994
~~~~~~~~~~~~~~~~~~~~~~~~
by Barbara DePompa (Information Week) (Page 74)
Local phone companies are taking an active role in warning customers of
scams and cracking down on hackers.
Early last month, a 17-year old hacker in Baltimore was caught
red-handed with a list of more than 100 corporate authorization codes that
would have enabled fraud artists to access private branch exchanges and
make outgoing calls at corporate expanse.
After the teenager's arrest, local police shared the list with Bell
Atlantic's fraud prevention group. Within hours, the phone numbers were
communicated to the appropriate regional phone companies and corporate
customers on the list were advised to either change their authorization
codes or shut down outside dialing privileges.
"We can't curb fraud without full disclosure and sharing this type
of vital information" points out Mary Chacanias, manager of
telecommunications fraud prevention for Bell Atlantic in Arlington, VA.
-----------------------------------------------------------------------------
AT&T Forms Team to Track Hackers August 30, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Reuters News Wire)
AT&T Corp.'s Global Business Communications Systems subsidiary said
Wednesday it has formed an investigative unit to monitor, track and
catch phone-system hackers in the act of committing toll fraud.
The unit will profile hacker activity and initiate "electronic
stakeouts" with its business communications equipment in cooperation
with law enforcement agencies, and work with them to prosecute the
thieves.
"We're in a shoot-out between 'high-tech cops' -- like AT&T -- and
'high-tech robbers' who brazenly steal long distance service from our
business customers," said Kevin Hanley, marketing director for business
security systems for AT&T Global Business.
"Our goal is not only to defend against hackers but to get them off the
street."
[Oh my God. Are you scared? Have you wet yourself? YOU WILL!]
-----------------------------------------------------------------------------
Former FBI Informant a Fugitive July 31, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Keith Stone (Daily News)
Computer outlaw Justin Tanner Petersen and prosecutors
cut a deal: The Los Angeles nightclub promoter known in
the computer world as "Agent Steal" would work for the
government in exchange for freedom.
With his help, the government built its case against
Kevin Lee Poulsen, a Pasadena native who pleaded guilty
in June to charges he electronically rigged telephones at
Los Angeles radio stations so he could win two Porsches,
$22,000 and two trips to Hawaii.
Petersen also provided information on Kevin Mitnick, a
Calabasas man wanted by the FBI for cracking computer and
telephone networks at Pacific Bell and the state Department
of Motor Vehicles, according to court records.
Petersen's deal lasted for nearly two years - until
authorities found that while he was helping them undercover,
he also was helping himself to other people's credit cards.
Caught but not cornered, the 34-year-old "Agent Steal" had
one more trick: He admitted his wrongdoing to a prosecutor
at the Los Angeles U.S. Attorney's Office, asked to meet
with his attorney and then said he needed to take a walk.
And he never came back.
A month after Petersen fled, he spoke with a magazine for
computer users about his role as an FBI informant, who he
had worked against and his plans for the future.
"I have learned a lot about how the bureau works. Probably
too much," he said in an interview that Phrack Magazine published
Nov. 17, 1993. Phrack is available on the Internet, a worldwide
network for computer users.
Petersen told the magazine that working with the FBI was fun
most of the time. "There was a lot of money and resources used.
In addition, they paid me well," he said.
"If I didn't cooperate with the bureau," he told Phrack, "I
could have been charged with possession of government material."
"Most hackers would have sold out their mother," he added.
Petersen is described as 5 foot, 11 inches, 175 pounds, with
brown hair - "sometimes platinum blond." But his most telling
characteristic is that he walks with the aid of a prosthesis
because he lost his left leg below the knee in a car accident.
Heavily involved in the Hollywood music scene, Petersen's
last known employer was Club "Velvet Jam," one of a string of
clubs he promoted in Los Angeles.
-----------------------------------------------------------------------------
Hacker in Hiding July 31, 1994
~~~~~~~~~~~~~~~~
by John Johnson (LA Times)
First there was the Condor, then Dark Dante. The latest computer hacker to
hit the cyberspace most wanted list is Agent Steal, a slender, good-looking
rogue partial to Porsches and BMWs who bragged that he worked undercover
for the FBI catching other hackers.
Now Agent Steal, whose real name is Justin Tanner Petersen, is on the run
from the very agency he told friends was paying his rent and flying him to
computer conferences to spy on other hackers.
Petersen, 34, disappeared Oct. 18 after admitting to federal prosecutors
that he had been committing further crimes during the time when he was
apparently working with the government "in the investigation of other
persons," according to federal court records.
Ironically, by running he has consigned himself to the same secretive life
as Kevin Mitnick, the former North Hills man who is one of the nation's most
infamous hackers, and whom Petersen allegedly bragged of helping to set up
for an FBI bust. Mitnick, who once took the name Condor in homage to a
favorite movie character, has been hiding for almost two years to avoid
prosecution for allegedly hacking into computers illegally and posing as a
law enforcement officer.
Authorities say Petersen's list of hacks includes breaking into computers
used by federal investigative agencies and tapping into a credit card
information bureau. Petersen, who once promoted after-hours rock shows in
the San Fernando Valley, also was involved in the hacker underground's most
sensational scam - hijacking radio station phone lines to win contests with
prizes ranging from new cars to trips to Hawaii.
Petersen gave an interview last year to an on-line publication called Phrack
in which he claimed to have tapped the phone of a prostitute working for
Heidi Fleiss. He also boasted openly of working with the FBI to bust
Mitnick.
"When I went to work for the bureau I contacted him," Petersen said in the
interview conducted by Mike Bowen. "He was still up to his old tricks, so
we opened a case on him. . . . What a loser. Everyone thinks he is some
great hacker. I outsmarted him and busted him."
In the Phrack interview, published on the Internet, an international network
of computer networks with millions of users, Agent Steal bragged about
breaking into Pacific Bell headquarters with Poulsen to obtain information
about the phone company's investigation of his hacking.
Petersen was arrested in Texas in 1991, where he lived briefly. Court
records show that authorities searching his apartment found computer
equipment, Pacific Bell manuals and five modems.
A grand jury in Texas returned an eight-count indictment against Petersen,
accusing him of assuming false names, accessing a computer without
authorization, possessing stolen mail and fraudulently obtaining and using
credit cards.
The case was later transferred to California and sealed, out of concern for
Petersen's safety, authorities said. The motion to seal, obtained by
Sherman, states that Petersen, "acting in an undercover capacity, currently
is cooperating with the United States in the investigation of other persons
in California."
In the Phrack interview, Petersen makes no apologies for his choices in life.
While discussing Petersen's role as an informant, Mike Bowen says, "I think
that most hackers would have done the same as you."
"Most hackers would have sold out their mother," Petersen responded.
------------------------------------------------------------------------------
Computer Criminal Caught After 10 Months on the Run August 30, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Keith Stone (Daily News)
Convicted computer criminal Justin Tanner Petersen was captured Monday in
Los Angeles, 10 months after federal authorities said they discovered he
had begun living a dual life as their informant and an outlaw hacker.
Petersen, 34, was arrested about 3:30 a.m. outside a Westwood apartment
that FBI agents had placed under surveillance, said Assistant U.S.
Attorney David Schindler.
A flamboyant hacker known in the computer world as "Agent Steal," Petersen
was being held without bail in the federal detention center in Los Angeles.
U.S. District Court Judge Stephen V. Wilson scheduled a sentencing hearing
for Oct. 31.
Petersen faces a maximum of 40 years in prison for using his sophisticated
computer skills to rig a radio contest in Los Angeles, tap telephone lines
and enrich himself with credit cards.
Monday's arrest ends Petersen's run from the same FBI agents with whom he
had once struck a deal: to remain free on bond in exchange for pleading
guilty to several computer crimes and helping the FBI with other hacker
cases.
The one-time nightclub promoter pleaded guilty in April 1993 to six federal
charges. And he agreed to help the government build its case against Kevin
Lee Poulsen, who was convicted of manipulating telephones to win radio
contests and is awaiting trial on espionage charges in San Francisco.
Authorities said they later learned that Petersen had violated the deal by
committing new crimes even as he was awaiting sentencing in the plea
agreement.
On Monday, FBI agents acting on a tip were waiting for Petersen when he parked
a BMW at the Westwood apartment building. An FBI agent called Petersen's
name, and Petersen began to run, Schindler said.
Two FBI agents gave chase and quickly caught Petersen, who has a prosthetic
lower left leg because of a car-motorcycle accident several years ago.
In April 1993, Petersen pleaded guilty to six federal charges including
conspiracy, computer fraud, intercepting wire communications, transporting
a stolen vehicle across state lines and wrongfully accessing TRW credit
files. Among the crimes that Petersen has admitted to was working with other
people to seize control of telephone lines so they could win radio
promotional contests. In 1989, Petersen used that trick and walked away with
$10,000 in prize money from an FM station, court records show.
When that and other misdeeds began to catch up with him, Petersen said, he
fled to Dallas, where he assumed the alias Samuel Grossman and continued
using computers to make money illegally.
When he as finally arrested in 1991, Petersen played his last card.
"I called up the FBI and said: 'Guess what? I am in jail,' " he said.
He said he spent the next four months in prison, negotiating for his freedom
with the promise that he would act as an informant in Los Angeles.
The FBI paid his rent and utilities and gave him $200 a week for spending
money and medical insurance, Petersen said.
They also provided him with a computer and phone lines to gather information
on hackers, he said.
Eventually, Petersen said, the FBI stopped supporting him so he turned to
his nightclubs for income. But when that began to fail, he returned to
hacking for profit.
"I was stuck out on a limb. I was almost out on the street. My club
was costing me money because it was a new club," he said. "So I did what
I had to do. I an not a greedy person."
[Broke, Busted, Distrusted. Turning in your friends leads to some
seriously bad Karma, man. Negative energy like that returns ten-fold.
You never know in what form either. You could end getting shot,
thrown in jail, or worse, test HIV Positive. So many titty-dancers,
so little time, eh dude? Good luck and God bless ya' Justin.]
-----------------------------------------------------------------------------
Fugitive Hacker Baffles FBI With Technical Guile July 5, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by John Markoff (New York Times)
[Mitnik, Mitnik, Mitnik, and more Mitnik. Poor bastard. No rest for
the wicked, eh Kevin?]
-----------------------------------------------------------------------------
Computer Outlaws Invade the Internet May 24, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Mike Toner (Atlanta Journal-Constitution)
A nationwide wave of computer break-ins has law enforcement
authorities scrambling to track down a sophisticated ring of
"hackers" who have used the international "information
highway," the Internet, to steal more than 100,000 passwords -- the
electronic keys to vast quantities of information stored on
government, university and corporate computer systems.
Since the discovery of an isolated break-in last year at a
single computer that provides a "gateway" to the Internet,
operators of at least 30 major computer systems have found illicit
password "sniffers" on their machines.
The Federal Bureau of Investigation has been investigating the
so-called "sniffer" attacks since February, but security experts
say the intrusions are continuing -- spurred, in part, by the
publication last month of line-by-line instructions for the
offending software in an on-line magazine for hackers.
Computer security experts say the recent rash of password piracy
using the Internet is much more serious than earlier security
violations, like the electronic "worm" unleashed in 1988 by
Cornell University graduate student Robert Morris.
"This is a major concern for the whole country," she says.
"I've had some sleepless nights just thinking about what could
happen. It's scary. Once someone has your ID and your password,
they can read everything you own, erase it or shut a system down.
They can steal proprietary information and sell it, and you might
not even know it's gone."
"Society has shifted in the last few years from just using
computers in business to being absolutely dependent on them and the
information they give us -- and the bad guys are beginning to
appreciate the value of information," says Dain Gary, manager of
the Computer Emergency Response Team (CERT), a crack team of
software experts at Carnegie-Mellon University in Pittsburgh that
is supported by the Defense Department's Advanced Research Projects
Agency.
Gary says the current rash of Internet crime appears to be the
work of a "loosely knit but fairly organized group" of computer
hackers adept not only at breaking and entering, but at hiding
their presence once they're in.
Most of the recent break-ins follow a similar pattern. The
intruders gain access to a computer system by locating a weakness
in its security system -- what software experts call an "unpatched
vulnerability."
Once inside, the intruders install a network monitoring program,
a "sniffer," that captures and stores the first 128 keystrokes
of all newly opened accounts, which almost always includes a user's
log-on and password.
"We really got concerned when we discovered that the code had
been published in Phrack, an on-line magazine for hackers, on April
1," he says. "Putting something like that in Phrack is a little
like publishing the instructions for converting semiautomatic
weapons into automatics.
Even more disturbing to security experts is the absence of a
foolproof defense. CERT has been working with computer system
administrators around the country to shore up electronic security,
but the team concedes that such "patches" are far from perfect.
[Look for plans on converting semiautomatic weapons into automatics
in the next issue.]
------------------------------------------------------------------------------
Information Superhighwaymen - Hacker Menace Persists May 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Open Computing) (Page 25)
Once again the Internet has been labeled a security problem. And a new
breed of hackers has attracted attention for breaking into systems.
"This is a group of people copying what has been done for years," says
Chris Goggans, aka Erik Bloodaxe. "There's one difference: They don't
play nice."
Goggans was a member of the hacker gang called the Legion of Doom in the
late '80s to early '90s. Goggans says the new hacking group, which goes
by the name of "The Posse," has broken into numerous Business Week 1000
companies including Sun Microsystems Inc., Boeing, and Xerox. He says
they've logged onto hundreds of universities and online services like
The Well. And they're getting root access on all these systems.
For their part, The Posse--a loose band of hackers--isn't talking.
------------------------------------------------------------------------------
Security Experts: Computer Hackers a Growing Concern July 22, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
New York Times News Wire (Virginian-Pilot and Ledger Star) (2A)
Armed with increasing sophisticated snooping tools, computer programmers
operating both in the United States and abroad have gained unauthorized
access to hundreds of sensitive but unclassified government and military
computer networks called Internet, computer security experts said.
Classified government and military data, such as those that control
nuclear weapons, intelligence and other critical functions, are not
connected to the Internet and are believed to be safe from the types of
attacks reported recently.
The apparent ease with which hackers are entering military and government
systems suggests that similar if not greater intrusions are under way on
corporate, academic and commercial networks connected to the Internet.
Several sources said it was likely that only a small percentage of
intrusions, perhaps fewer than 5 percent, have been detected.
------------------------------------------------------------------------------
NSA Semi-confidential Rules Circulate
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Keay Davidson (San Francisco Examiner) (Page A1)
It arrived mysteriously at an Austin, Texas, post office box by "snail
mail" - computerese for the Postal Service. But once the National Security
Agency's employee handbook was translated into bits and bytes, it took
only minutes to circulate across the country.
Thus did a computer hacker in Texas display his disdain for government
secrecy last week - by feeding into public computer networks the
semiconfidential document, which describes an agency that, during the darkest
days of the Cold War, didn't officially "exist."
Now, anyone with a computer, telephone, modem and basic computer skills
can read the 36-page manual, which is stamped "FOR OFFICIAL USE ONLY" and
offers a glimpse of the shadowy world of U.S. intelligence - and the personal
price its inhabitants pay.
"Your home, car pool, and public places are not authorized areas to
conduct classified discussions - even if everyone involved in the discussion
possesses a proper clearance and "need-to-know.' The possibility that a
conversation could be overheard by unauthorized persons dictates the need to
guard against classified discussions in non-secure areas."
The manual is "so anal retentive and paranoid. This gives you some
insight into how they think," said Chris Goggans, the Austin hacker who
unleashed it on the computer world. His on-line nom de plume is "Erik
Bloodaxe" because "when I was about 11, I read a book on Vikings, and that
name really struck me."
NSA spokeswoman Judi Emmel said Tuesday that "apparently this document is
an (NSA) employee handbook, and it is not classified." Rather, it is an
official NSA employee manual and falls into a twilight zone of secrecy. On
one hand, it's "unclassified." On the other hand, it's "FOR OFFICIAL USE
ONLY" and can be obtained only by filing a formal request under the U.S.
Freedom of Information Act, Emmel said.
"While you may take this handbook home for further study, remember that
it does contain "FOR OFFICIAL USE ONLY' information which should be
protected," the manual warns. Unauthorized release of such information could
result in "appropriate administrative action ... (and) corrective and/or
disciplinary measures."
Goggans, 25, runs an on-line electronic "magazine" for computer hackers
called Phrack, which caters to what he calls the "computer underground." He
is also a computer engineer at an Austin firm, which he refuses to name.
The manual recently arrived at Goggans' post office box in a white
envelope with no return address, save a postmark from a Silicon Valley
location, he says. Convinced it was authentic, he typed it into his computer,
then copied it into the latest issue of Phrack.
Other hackers, like Grady Ward of Arcata, Humboldt County, and Jeff
Leroy Davis of Laramie, Wyo., redistributed the electronic files to computer
users' groups. These included one run by the Cambridge, Mass.-based
Electronic Frontier Foundation, which fights to protect free speech on
computer networks.
Ward said he helped redistribute the NSA manual "to embarrass the NSA"
and prove that even the U.S. government's most covert agency can't keep
documents secret.
The action also was aimed at undermining a federal push for
data-encryption regulations that would let the government tap into computer
networks, Ward said.
[Yeah...sure it was, Grady.]
------------------------------------------------------------------------------
Hackers Stored Pornography in Computers at Weapons Lab July 13, 1994
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Adam S. Bauman (Virginian-Pilot and Ledger-Star) (Page A6)
One of the nation's three nuclear weapons labs has confirmed that
computer hackers were using its computers to store and distribute
hard-core pornography.
The offending computer, which was shut down after a Los Angeles Times
reporter investigating Internet hacking alerted lab officials, contained
more than 1,000 pornographic images. It was believed to be the largest
cache of illegal hardcore pornography ever found on a computer network.
At Lawrence Livermore, officials said Monday that they believed at least
one lab employee was involved in the pornography ring, along with an
undetermined number of outside collaborators.
[Uh, let me see if I can give this one a go:
A horny lab technician at LLNL.GOV uudecoded gifs for days on end
from a.b.p.e. After putting them up on an FSP site, a nosey schlock
reporter blew the whistle, and wrote up a big "hacker-scare" article.
The top-notch CIAC team kicked the horn-dog out the door, and began
frantically scouring the big Sun network at LLNL for other breaches,
all the while scratching their heads at how to block UDP-based apps
like FSP at their firewall. MPEGs at 11.
How does shit like this get printed????]
------------------------------------------------------------------------------
Clipper Flaw May Thwart Fed Effort June 6, 1994
by Aaron Zitner (Boston Globe)
Patents, Technical Snares May Trip Up the 'Clipper' June 6, 1994
by Sharon Fisher (Communications Week) (Page 1)
[Clipper, Flipper, Slipper. It's all a big mess, and has obsoleted
itself. But, let's sum up the big news:
How the Clipper technology is SUPPOSED to work
1) Before an encoded message can be sent, a clipper computer chip
assigns and tests a scrambled group of numbers called a LEAF, for
Law Enforcement Access Field. The LEAF includes the chip's serial
number, a "session key" number that locks the message and a "checksum"
number that verifies the validity of the session key.
2) With a warrant to wiretap, a law-enforcement agency like the FBI
could record the message and identify the serial number of a Clipper
chip. It would then retrieve from custodial agencies the two halves of
that chip's decoding key.
3) Using both halves of the decoding key, the FBI would be able to
unscramble the session key number, thus unlocking the messages or data
that had been protected.
How the Clipper technology is FLAWED (YAY, Matt Blaze!)
1) Taking advantage of design imperfections, people trying to defeat
the system could replace the LEAF until it erroneously passed the
"checksum" verification, despite an invalid session-key number.
2) The FBI would still be able to retrieve a decoding key, but it would
prove useless.
3) Because the decoding key would not be able to unscramble the invalid
session key, the message would remain locked.]