****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
               ***  Volume 1, Issue #1.07 (May  5, 1990)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer
REPLY TO:     TK0JUT2@NIU.bitnet
FTP SITE:     RJKRAUSE@SUNRISE.bitnet

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
            views of the moderators. Contributors assume all responsibility
            for assuring that articles submitted do not violate copyright
            protections.
--------------------------------------------------------------------


In This Issue:

File 1:  Moderators' Corner (news and notes)
File 2:  The CU in the News
File 3:  Response to the Stoll review by Stephen Tihor
File 4:  A Comment on Hacking (reprint)
File 5:  A Computer Game that "Just says No??!"
File 6:  CU Poem: "IMAGINE," by Roberta Barlow
--------------------------------------------------------------------


***************************************************************
***  Computer Underground Digest Issue #1.07 / File 1 of 6  ***
***************************************************************

In this file:
 -- LoD Update
 -- Summer Schedule
 -- FTP Site
 -- Whither the CU BBS World?
--------------------------------------------------------------

-----------
LoD Update (30 April, '90)
------------

Gov't has arranged for 13 witnesses..give or take two...to testify against
Craig Neidorf in the upcoming LoD/e911 trial.   Several of the witnesses
are Bell South personnel, presumably to testify on the system that was
allegedly compromised. However, since Neidorf is not charged with entering
that system it is unclear as to why so many Bell South employees would be
able to give relevant testimony.  Other witnesses for the government
include SS personnel and a representative (to be announced) of UMC where
Phrack was produced and distributed from.

4/30/90

 ---------------------------------------------------------------

-------------
Summer Schedule
--------------

CuD will come out less frequently in the summer, probably about once every
3-4 weeks, depending on how steady the contributions are. If you are on a
student account that is closed during the summer, be sure to notify us so
we don't unnecessarily jam up the mails. If you come across news articles
about the CU in the news, be sure to send them to us.

---------------------------------------------------------------

--------------
FTP SITE
-------------

We have one FTP site, and we could use a few more.
The current FTP cite is:
RJKRAUSE@SUNRISE.bitnet

We are gradually providing the site with the bulk of our back issues of
ATI, PIRATE, PHRACK, P/Hun, LoD, and papers, handbooks, and other material
that researchers should find useful.

We remind everybody that requests for files directly from CuD should come
gradually, because we can only send out a few at a time.  So, if you can't
get through to the FTP site, keep track of what you need and send a note
simply saying something like "Send issues 25-30 of ATI" (or whatever), and
keep sending until you have what you need.

-------------------------------------------------------------------

-----------
Whither the BBS World?
------------

From what we've been reading (and seeing), the world of the CU BBS has been
changing dramatically in the past year. The elite p/h boards are fewer, and
the "lamer" boards are increasing.  9600 baud modems have changed the
pirate world, and there haven't been many new "special interest" boards
(cyberpunk, eco-raiders, anarchy, etc) springing up.  We plan to do an
article on the status of boards, especially on the changes over the past
decade. Does anybody know which was the first phreak/hacker board? The
first pirate board? Which was the all-around "Best of the Rest" in the
1980s? We'd like to put this in a historical context, so if you have any
ideas, send them along.  Better yet, write an article!

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  Computer Underground Digest Issue #1.07 / File 2 of 6  ***
***************************************************************

In this file:
   1. Robert Morris Sentenced
   2. 12 year-old Hacker Busted in Detroit
   3. E911 Tampering in Denver

----------
MORRIS SENTENCED
----------

(From the CHICAGO TRIBUNE, May 5, 1990 (p. II-1).
COMPUTER TAMPERER FINED. Computer expert Robert T. Morris was sentenced to
three years' probation and fined $10,000 for creating a "worm" program that
paralyzed thousand of computers nationwide.  U.S. District Judge Howard
Munson in Syracuse, N.Y., also ordered Morris, 25, to perform 400 hours of
community service. Morris did not speak at the sentencing or talk to
reporters after the hearing. He remained grim-faced through most of the
hearing, then cracked a wide smile and hugged his mother when the sentence
was announced.

--------------------------------------------------------------------

----------
From: CHICAGO TRIBUNE, April 29, 1990 (p. I-29).
----------

                HACKER, 12, FACES CREDIT CARD FRAUD CHARGES

DETROIT (AP)--A 12-year-old computer hacker has been accused of gaining
access to the computers of TRW Inc. and distributing credit card charge
numbers to computer bulletin boards.

State police said authorities were preparing to charge the youth with
computer fraud and financial transaction fraud. The boy's computer and
files were seized Thursday from his Grosse Ile home, police said. He has
not been arrested.

Officials were uncertain how many files were tapped, who used the credit
card numbers and what was purchased with them.  But officials said TRW, a
national company that checks credit ratings, noticed the improper entry to
their system and contacted authorities.

The boy's mother said he worked on the computer for up to five hours every
weeknight and even longer on weekends.

"He didn't bother me," she said. "Well, I figured, computers,
that's the thing of the day.

--------------------------------------------------------------------

--------------------
E911 Tampering
--------------------

Date: 1 May 90 10:03:00 MDT
From: "Gary McClelland" <gmcclella@clipr.colorado.edu>
Subject: RE: Interesting note on E911 -- do you have any more info?
To: "tk0jut1" <tk0jut1%niu.bitnet@uicvm.uic.edu>

Following is complete text of the newspaper article.  You may print my note
and/or this in your digest.  Several people have inquired so I will try to
call the reported and the cop to get more info.  If I learn anything I'll
send you a note.  Hope this helps.

  Gary McClelland

**********************************************************************
Boulder Co. DAILY CAMERA, Wednesday, April 25, 1990, p. 1C.

POLICE RADIO, 911 JAMMED; MAN ARRESTED.
  By Rusty Pierce, Camera Staff Writer

A man who is suspected of jamming police radio frequencies and interfering
with emergency 911 telephone lines has been arrested by University of
Colorado police.

CU police announced Tuesday that they had arrested Robert Matthew Sklar,
24, of 2882 Sundown Lane, Apt. 203, for investigation of wiretapping, a
felony, and obstructing government operations, a misdemeanor.

Sklar was contacted recently by police when he refused to leave the Duane
Physics Building [site of lots of public computer workstations] during a
fire alarm test.  He initially refused to cooperate but later gave his name
and address.  Sgt. John Kish issued him a warning for interfering with the
test.

Shortly after that, someone started jamming the CU police department's
radio frequencies and interfering with its 911 emergency lines.

Kish said police had "reasonable suspicion" to believe that Sklar may have
been involved.  After a week-long investigation that included tracking the
radio signal, police developed enough evidence to obtain a warrant to
search Sklar's house.  When police went to his home to search, Sklar
returned home in a car.

Several radios and pieces of equipment were in the car, Kish said.

"We were really concerned.  It was tying up incoming emergency lines.  When
the radio was jammed we were not able to communicate in the field," Kish
said.

Police also have served Sklar with a notice to confiscate his vehicle under
Colorado's public nuisance statue because they believe he sometimes jammed
the frequencies from inside his vehicle.

Police believe he used a two-way radio to jam the police radio and computer
equipment to tie up the 911 emergency lines, Kish said.

Voice prints of the radio that jammed the frequencies and voice prints of
the confiscated radio equipment will be compared by experts.

Sklar, a continuing education student at CU, is scheduled to appear in
Boulder County Court today at 2 p.m.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  Computer Underground Digest Issue #1.07 / File 3 of 6  ***
***************************************************************

---------------------
Response to Stoll Review
---------------------

Date:     Tue,  1 May 90 21:44 EDT
From:     Stephen Tihor <TIHOR@NYUACF>
Subject:  Cliff Stoll
To:       tk0jut2


Two quick items from times past:

Cliff Stoll is accurately portrayed in his book as being part of the
current thread of the 60's hippy culture.  Despite the reviewer's
assertions %see the review in CuD, #1.06 (eds)%, that culture did not die.
It continues to live as hardy as any weed that can not be completely paved
over or removed.  I met Cliff during the period covered by the book and it
is substantively accurate in all the areas I am directly and indirectly
aware of.

Further I do not view it as a piece of social analysis but as a ripping
good true story.  If de-polemicized, %the reviewer's% comments might form
an interesting commentary to Cliff's actions and reactions as compared with
his mental model of the Cuckoo and as compared to the idealized
non-intrusive "hacker". Unfortunately the reviewer's axe is rather a bit
too clear and, frankly, Cliff's book is irrelevant to the  subject being
discussed as presented.  It is clear that the reviewer has different
standards on right and wrong, on privacy and property rights, and on basic
courtesy than either Cliff, myself, or the bulk of the legislatures and
judiciaries of the United States.

I would also like to mention that I know some of the people involved in
SPAN security and that unlike their characterizations in a  previous
posting they are not unaware of the risks involved in some of the security
configurations of their systems.  Two concerns prevent a much tighter
security curtain in the SPAN areas that I know of.  First, some researchers
were using the accesses for legitimate research, relying on the community
spirit that the reviewer of Mr. Stoll's book claims not to see evidence of
for security.  That changed.  Second there is the general problem of
enforcement in a cooperating anarchy of systems manage by scientists not
professional computer users.  This problem is being address by current
version of the networking software for some of them but having dealt with
them day to day it is hard to explain the risks to someone unfamiliar with
the field and if they do understand they are likely to give up on
computing, remove their systems from the internetwork, or turn into the
witch burners that we are warned against becoming.  None of these seem
particularly good to me although I have know people on various sides of the
fence who would argue for each of them in turn.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  Computer Underground Digest Issue #1.07 / File 4 of 6  ***
***************************************************************

Date: Thu, 26 Apr 90 11:44:41 EDT
From: Karl Smith <ksmith@ANDREW.dnet.ge.com>
Subject: article forwarded from alt.security
To: TK0JUT2%NIU.BITNET@uicvm.uic.edu

[This is from alt.security. Since it was publically posted, you should
be able to reprint it, but you might want to contact the author first.
I saw this and thought you might be interested. ]

%Eds. Note: We attempted to contact the author and the digest on
which it was originally printed and rec'd no reply. Because it
was a public message, and because of its interest value, we
reprint it here%.

------------------------------------------------------------------

Article 105 of 113, Sun 02:47.
Subject: Re: Alt.security discussion (long)
From: jbass (John Bass, temporary account)
Newsgroups: alt.security
Date: 22 Apr 90 09:47:55 GMT
Sender: news@sco.COM


I to have to lend support for leaving this group an open widely distributed
forum. I have been on both sides of the fence over the last 21 years ...
both managing and cracking systems.

During 1970 to 1973 I was too bright, too interested in systems
programming, and too often in the wrong place at the wrong time. I was
continuously accused to attempting to breach facility security by three
separate college data center staffs. I was harassed, denied access to
facilities, watched like a criminal, and lived under restrictions not
placed on other students simply because of a FEAR that I knew too much
about operating systems. I did complex 360 DOS RJE sysgens and ported major
sections of OS ECAP back to DOS while other students wrote "hello world"
fortran and basic programs. I dreamed BAL, DOS, and OS/MVT.

Finally I had enough, and with several instructors' support, I started
finding out how to do the things I was being accused of. Within a few
months I not only identified the underground hackers that were causing the
problems, but also helped create the fixes that shut them out. In the sport
of this, we protected the identity of the underground groups at CalPoly
Pomona and Sacramento and continued to play the game for a year and a half.

I cracked the security of the system in a few weeks simply by knowing it
could be done (having been already accused of such). Most of the things we
did were directly in response to the negative direction provided. The
system was a nation wide timesharing service (CTS/ITS) based on the XDS940
rel 3 OS converted to run on CDC 3100's and 3300's. The system was based on
a similar model as UNIX with supposedly VERY TIGHT SECURITY. We broke that
security right down to intercepting interrupt vectors and inserting private
kernel code and maintained a level of penetration for 18 months while
providing the facility staff source level fixes from the disassemblies of
the raw binary.

Early in the assault we were aided by the DEBUGGING aids left by the
systems staff ... a user level command to dump/patch the kernel address
space! We also found doing a particular type of memory allocate gave you
the first available DIRTY memory pages ... allowing some very interesting
statistical analysis to recreate a complete runtime binary image of nearly
every processes text and data space, including kernel temporary buffers for
terminal I/O and File I/O (a great hunting land for passwords and other
trivia!).  I also wrote a program to attempt all possible system calls with
widely varied arguments ... stumbling upon the fact that the haltsys system
call could be executed in user mode and various peripheral ioctl's as well
(taking offline printers and disks).

As we found new ways break the security, we would pass the old ways on to
the facility staff ... keeping the window open for us and closing it for
others. (I greatly appreciate the insights to what could be done to the
system during my visit Easter break 1973 provided by Steve Mayfield and
Gary Philips of CalPoly Pomona, as well as the XDS 960 sources and PLM's
they later provided!) (I suppose I should also thank Alan and the gang at
CalState Sacramento for discovering you could link an operators console,
thus stealing all operations passwords and the resulting havoc and concern
they caused, which I was then accused of). (Hmm I suppose I should also
thank Bob Oberwager(SP?) and the staff at CalState Northridge, which
managed the CalState version of the system, for being such panic stricken
mindless idiots to have blamed me for the many things I hadn't done during
fall 72 and winter 73 ... and then continuing to blame me instead of the
underground groups! Without their quick guidance I would have missed many
of the things the other groups were up to!!!)

The systems staff was outraged because NOBODY had the source except them.
Armed with the original XDS source, we were able to disassemble the 3300
port back to source code in about a man year. We did most of our work on
other systems to prevent the sysops from spying. Many thousands of feet of
paper tape was punched at 110 buad on an ASR33 teletype, converted to a 9
track tape on a varian, and disassembled late at night on one of several
360 sites.

Much of the SECURITY of the system was the supposed lack of internal
documentation, which we recreated in better detail than the internal staff
had.

UNIX is a completely different beast ... nearly every major hacker has
partial source of some version along the way ... the university environment
has been too lax in protecting the source base.

It is impossible to hide ones head in the sand with such widely held source
access ... even without sources, disassembly is an easy method to recreate
sources, particularly with other source versions around as a model.

Instead of bitching about this forum, more attention should be paid to the
gamesmanship that is played out between bad hackers and their victims.
These energies need to be recognized and redirected where possible to
supervised positive pursuits. The ethics and liabilities need to be
discussed at length with proper reprimands for those who step over the
line. Management FEAR must be replaced with INFORMED action to stop this
deadly game.

Even good kids can crack when subject to long term negative pressure.  I
stayed above ground from 1970 through 1975, in the face of threats of
expulsion and legal reprisals, with the support of some understanding
faculty. The long term strain and anger from this, combined with some
severely bad personal times, lead to a lash out against ITS in 1975,
resulting in an ethics breach I am not proud of ... and some lessons
learned.

There need to be more MIT & Berkeley style open student managed systems for
undergraduates ... giving our future sysops and system programmers a
breeding ground to develop in. This really applies at BOTH college and High
School level.

There is NOTHING MAGIC OR SPECIAL about computer data ... it is JUST LIKE
it's paper counter part. Everyone should be made to understand that
sneaking about in ones electronic world is just as offensive as violating
ones physical world. IE it doesn't matter if someones home/office/desk is
not locked ... we KNOW that we SHALL NOT enter unless invited ... DITTO for
computer places. Unfortunately this analog is not clearly stamped into the
heads of most people in our society ... and certain people like Stallman
perpetuate the myth that computer data/programs/assets are exempt from real
world rules of ownership and privacy.

SO ... post and discuss the bugs here ... enlist the aid of the good
hackers and do what ever is necessary to keep the bad hackers from stepping
over the line.

have fun ... John L. Bass

PS: I am glad I grew up when I did ... these kids legal liabilities for
hacking today are utterly frightening ... especially for viruses.

We need a re-union party for hackers from this period!!! Write me.

----[end of included article]


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  Computer Underground Digest Issue #1.07 / File 5 of 6  ***
***************************************************************

-------------
Just Say "Whaa.....???"
--------------

(Eds Note: We did not make this up, nor is the press release dated April 1st)

Press Release:
Jeff Mackler Communications
15301 Ventura Blvd
Suite 300
Sherman Oaks, CA 91403-3102
(818) 783-1688 (voice)
(818) 783-6516 (FAX)

                TAITO'S 'WRATH OF THE BLACK MANTA' DELIVERS
                         STRONG ANTI-DRUG MESSAGE


(LOS ANGELES, CA) APRIL 12 --  With the popularity of video games
continuing to increase at a dizzying pace, one software publishing company
believes it has an added responsibility to the consumer public.  Taito
Software, Inc., a major creator of video game software for the Nintendo
Entertainment System, has taken up the lance in the fight against drugs and
international terrorism by publishing the hard-hitting "Wrath of the Black
Manta," which brings a strong anti-drug, anti-terrorism message directly
into the home.

Alan Fezer, President of Taito said, "Taito has the opportunity to deliver
a message to today's youth. Video games have a strong impact on the playing
public.  In general, they are both entertained and educated by the message
of the game.  Taito has made the decision to make it's anti-drug message
loud and clear."

"Wrath of the Black manta" comes wrapped in state-of-the-art technology
including advanced graphics, sound effects and music.  This provides a
greater dimension to the game and allows players of this five-level,
martial arts, action/adventure video to participate in an exciting drama.
The stakes are as high as they are in real life.

The player assumes the role of the "Black Manta," and in the process a
student-master relationship develops, imbuing a human-like quality to the
play of the game.  As the player acquires greater skill through having to
develop memory and reading skills, he/she moves up to a higher and more
difficult level of play.

In describing a psychological process called "mastery," achieving simulated
victory in a fantasy situation over an actual conflict, such as the
terrorism of international drug cartels, a player is more apt to believe
that that goal is obtainable in real life.

Taito heightens player involvement and positive reinforcement by making
"Wrath of the Black manta" interactive.  The story's dialogue is shown
simultaneously in script, running along the bottom of the screen at key
intervals.  In addition, the player receives a series of cryptic messages,
including spoken clues from the treacherous thugs and the kidnap victims.
Throughout the game, the Master strongly reinforces the drug themes,
reminding the player to never use drugs.

The action, which takes place in New York, Tokyo and Rio de Janeiro,
provides for character development as the player's abilities increase.  In
the process, he challenges the international gang of formidable foes as he
tracks down the ruthless drug lord, El Toro, eventually succeeding in the
achieving a single-handed victory over drugs and terrorism.  "Black Manta"
maintains a continuous story line, level by level, rather than a simple
recapping of the narrative.  As

"Black Manta," the player must become a master of the four groups of Ninpo
Arts, with such exotic powers as the Paralyzing Fire Rain, the Veil of
Invisibility, and spider-like Underground Travel.  With each new level the
player reaches, the added Ninpo Arts and skills he masters fuse to give him
the added strength and proficiencies (sic) to achieve the final result -
destruction of El Toro and his powerful, parasitic (sic) drug cartel.  The
characterization of a high-concept foe creates much more excitement in play
than does a series of anonymous enemies.  The stakes in "Black manta" are
not simply over turf, but over the insidious power welded by drug lords.

Although many "bad guys" challenge the "Black Manta's" skills (Voodoo
Warriors, Robot Guards, and the monstrous "Tiny"), the action culminates in
a final show-down with El Toro, the mastermind of DRAT (Drug Runners and
Terrorists).

The game was recently accorded high honor by GAME PLAYER'S NINTENDO GUIDE,
which proclaimed that, 'Superior graphics and animation, together with a
strong story line, make "Wrath of the Black Manta' a strong contender for
the best martial arts game around."

NINTENDO POWER (March/April 1990) also gave "The Wrath of the Black Manta"
high marks, with a 4 our of a possible 5 rating for graphics and sound, 3.5
out of 4 on play control, 4 out of 5 on challenge, and 4 out of 5 on
theme/fun.  To introduce "Wrath of the Black Manta" to the public, Taito
has established the "Black Manta Sweepstakes" in which the Grand
Prize-winner will earn the right to a $5,000 shopping spree in the store of
their choice.  Game players enter by dialing 1-800-777-2WIN.

Taito Software Inc develops and markets entertainment software for the
consumer market.  The company is the North American home entertainment
subsidiary of $500-million Taito Corp., based in Tokyo, the world's largest
arcade game manufacturer.  Founded in April 1988, Taito Software is
committed to providing superior products the incorporate high production
values and technological innovation.

                        # # #

CONTACT:  Gene Lesser                   Anita Deiter
    Jeff Mackler                  Taito Software, Inc
    Jeff Mackler Communications   (604)984-3344
    818/783-1688

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  Computer Underground Digest Issue #1.07 / File 6 of 6  ***
***************************************************************



                           IMAGINE
   (tune by John Lennon; Words by Roberta Barlow)

Imagine there's no mainframe,
     it almost makes me cry.
No links connecting
     all the countryside.
Imagine all the ppl living without relay-ay-ay-ay-ay-ay.
You may say i'm addicted,
     but i'm not the only one.
I hope someday to get a real life,
     bit compu's so much fun!

Imagine all the bit-families
     dissolved one by one,
All the nodes disintegrated,
     link-death everyone.
Imagine all the nightmare
     of an endless, blacked-out scree-ee-ee-ee-ee-een.
You may say i'm addicted,
     but i'm not the only one.
I hope someday you'll join up
     and we can talk over comp.

Imagine there are no print-outs
     of your favorite files,
No skipping classes
     to chat across the miles.
Imagine all the ppl living without relay-ay-ay-ay-ay-ay.
You may say i'm addicted,
     but it's just the way i get.
I hope someday you'll join up
     and we can talk through bit-net.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
!