**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.07 (May 5, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet FTP SITE: RJKRAUSE@SUNRISE.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- In This Issue: File 1: Moderators' Corner (news and notes) File 2: The CU in the News File 3: Response to the Stoll review by Stephen Tihor File 4: A Comment on Hacking (reprint) File 5: A Computer Game that "Just says No??!" File 6: CU Poem: "IMAGINE," by Roberta Barlow -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.07 / File 1 of 6 *** *************************************************************** In this file: -- LoD Update -- Summer Schedule -- FTP Site -- Whither the CU BBS World? -------------------------------------------------------------- ----------- LoD Update (30 April, '90) ------------ Gov't has arranged for 13 witnesses..give or take two...to testify against Craig Neidorf in the upcoming LoD/e911 trial. Several of the witnesses are Bell South personnel, presumably to testify on the system that was allegedly compromised. However, since Neidorf is not charged with entering that system it is unclear as to why so many Bell South employees would be able to give relevant testimony. Other witnesses for the government include SS personnel and a representative (to be announced) of UMC where Phrack was produced and distributed from. 4/30/90 --------------------------------------------------------------- ------------- Summer Schedule -------------- CuD will come out less frequently in the summer, probably about once every 3-4 weeks, depending on how steady the contributions are. If you are on a student account that is closed during the summer, be sure to notify us so we don't unnecessarily jam up the mails. If you come across news articles about the CU in the news, be sure to send them to us. --------------------------------------------------------------- -------------- FTP SITE ------------- We have one FTP site, and we could use a few more. The current FTP cite is: RJKRAUSE@SUNRISE.bitnet We are gradually providing the site with the bulk of our back issues of ATI, PIRATE, PHRACK, P/Hun, LoD, and papers, handbooks, and other material that researchers should find useful. We remind everybody that requests for files directly from CuD should come gradually, because we can only send out a few at a time. So, if you can't get through to the FTP site, keep track of what you need and send a note simply saying something like "Send issues 25-30 of ATI" (or whatever), and keep sending until you have what you need. ------------------------------------------------------------------- ----------- Whither the BBS World? ------------ From what we've been reading (and seeing), the world of the CU BBS has been changing dramatically in the past year. The elite p/h boards are fewer, and the "lamer" boards are increasing. 9600 baud modems have changed the pirate world, and there haven't been many new "special interest" boards (cyberpunk, eco-raiders, anarchy, etc) springing up. We plan to do an article on the status of boards, especially on the changes over the past decade. Does anybody know which was the first phreak/hacker board? The first pirate board? Which was the all-around "Best of the Rest" in the 1980s? We'd like to put this in a historical context, so if you have any ideas, send them along. Better yet, write an article! =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.07 / File 2 of 6 *** *************************************************************** In this file: 1. Robert Morris Sentenced 2. 12 year-old Hacker Busted in Detroit 3. E911 Tampering in Denver ---------- MORRIS SENTENCED ---------- (From the CHICAGO TRIBUNE, May 5, 1990 (p. II-1). COMPUTER TAMPERER FINED. Computer expert Robert T. Morris was sentenced to three years' probation and fined $10,000 for creating a "worm" program that paralyzed thousand of computers nationwide. U.S. District Judge Howard Munson in Syracuse, N.Y., also ordered Morris, 25, to perform 400 hours of community service. Morris did not speak at the sentencing or talk to reporters after the hearing. He remained grim-faced through most of the hearing, then cracked a wide smile and hugged his mother when the sentence was announced. -------------------------------------------------------------------- ---------- From: CHICAGO TRIBUNE, April 29, 1990 (p. I-29). ---------- HACKER, 12, FACES CREDIT CARD FRAUD CHARGES DETROIT (AP)--A 12-year-old computer hacker has been accused of gaining access to the computers of TRW Inc. and distributing credit card charge numbers to computer bulletin boards. State police said authorities were preparing to charge the youth with computer fraud and financial transaction fraud. The boy's computer and files were seized Thursday from his Grosse Ile home, police said. He has not been arrested. Officials were uncertain how many files were tapped, who used the credit card numbers and what was purchased with them. But officials said TRW, a national company that checks credit ratings, noticed the improper entry to their system and contacted authorities. The boy's mother said he worked on the computer for up to five hours every weeknight and even longer on weekends. "He didn't bother me," she said. "Well, I figured, computers, that's the thing of the day. -------------------------------------------------------------------- -------------------- E911 Tampering -------------------- Date: 1 May 90 10:03:00 MDT From: "Gary McClelland" <gmcclella@clipr.colorado.edu> Subject: RE: Interesting note on E911 -- do you have any more info? To: "tk0jut1" <tk0jut1%niu.bitnet@uicvm.uic.edu> Following is complete text of the newspaper article. You may print my note and/or this in your digest. Several people have inquired so I will try to call the reported and the cop to get more info. If I learn anything I'll send you a note. Hope this helps. Gary McClelland ********************************************************************** Boulder Co. DAILY CAMERA, Wednesday, April 25, 1990, p. 1C. POLICE RADIO, 911 JAMMED; MAN ARRESTED. By Rusty Pierce, Camera Staff Writer A man who is suspected of jamming police radio frequencies and interfering with emergency 911 telephone lines has been arrested by University of Colorado police. CU police announced Tuesday that they had arrested Robert Matthew Sklar, 24, of 2882 Sundown Lane, Apt. 203, for investigation of wiretapping, a felony, and obstructing government operations, a misdemeanor. Sklar was contacted recently by police when he refused to leave the Duane Physics Building [site of lots of public computer workstations] during a fire alarm test. He initially refused to cooperate but later gave his name and address. Sgt. John Kish issued him a warning for interfering with the test. Shortly after that, someone started jamming the CU police department's radio frequencies and interfering with its 911 emergency lines. Kish said police had "reasonable suspicion" to believe that Sklar may have been involved. After a week-long investigation that included tracking the radio signal, police developed enough evidence to obtain a warrant to search Sklar's house. When police went to his home to search, Sklar returned home in a car. Several radios and pieces of equipment were in the car, Kish said. "We were really concerned. It was tying up incoming emergency lines. When the radio was jammed we were not able to communicate in the field," Kish said. Police also have served Sklar with a notice to confiscate his vehicle under Colorado's public nuisance statue because they believe he sometimes jammed the frequencies from inside his vehicle. Police believe he used a two-way radio to jam the police radio and computer equipment to tie up the 911 emergency lines, Kish said. Voice prints of the radio that jammed the frequencies and voice prints of the confiscated radio equipment will be compared by experts. Sklar, a continuing education student at CU, is scheduled to appear in Boulder County Court today at 2 p.m. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.07 / File 3 of 6 *** *************************************************************** --------------------- Response to Stoll Review --------------------- Date: Tue, 1 May 90 21:44 EDT From: Stephen Tihor <TIHOR@NYUACF> Subject: Cliff Stoll To: tk0jut2 Two quick items from times past: Cliff Stoll is accurately portrayed in his book as being part of the current thread of the 60's hippy culture. Despite the reviewer's assertions %see the review in CuD, #1.06 (eds)%, that culture did not die. It continues to live as hardy as any weed that can not be completely paved over or removed. I met Cliff during the period covered by the book and it is substantively accurate in all the areas I am directly and indirectly aware of. Further I do not view it as a piece of social analysis but as a ripping good true story. If de-polemicized, %the reviewer's% comments might form an interesting commentary to Cliff's actions and reactions as compared with his mental model of the Cuckoo and as compared to the idealized non-intrusive "hacker". Unfortunately the reviewer's axe is rather a bit too clear and, frankly, Cliff's book is irrelevant to the subject being discussed as presented. It is clear that the reviewer has different standards on right and wrong, on privacy and property rights, and on basic courtesy than either Cliff, myself, or the bulk of the legislatures and judiciaries of the United States. I would also like to mention that I know some of the people involved in SPAN security and that unlike their characterizations in a previous posting they are not unaware of the risks involved in some of the security configurations of their systems. Two concerns prevent a much tighter security curtain in the SPAN areas that I know of. First, some researchers were using the accesses for legitimate research, relying on the community spirit that the reviewer of Mr. Stoll's book claims not to see evidence of for security. That changed. Second there is the general problem of enforcement in a cooperating anarchy of systems manage by scientists not professional computer users. This problem is being address by current version of the networking software for some of them but having dealt with them day to day it is hard to explain the risks to someone unfamiliar with the field and if they do understand they are likely to give up on computing, remove their systems from the internetwork, or turn into the witch burners that we are warned against becoming. None of these seem particularly good to me although I have know people on various sides of the fence who would argue for each of them in turn. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.07 / File 4 of 6 *** *************************************************************** Date: Thu, 26 Apr 90 11:44:41 EDT From: Karl Smith <ksmith@ANDREW.dnet.ge.com> Subject: article forwarded from alt.security To: TK0JUT2%NIU.BITNET@uicvm.uic.edu [This is from alt.security. Since it was publically posted, you should be able to reprint it, but you might want to contact the author first. I saw this and thought you might be interested. ] %Eds. Note: We attempted to contact the author and the digest on which it was originally printed and rec'd no reply. Because it was a public message, and because of its interest value, we reprint it here%. ------------------------------------------------------------------ Article 105 of 113, Sun 02:47. Subject: Re: Alt.security discussion (long) From: jbass (John Bass, temporary account) Newsgroups: alt.security Date: 22 Apr 90 09:47:55 GMT Sender: news@sco.COM I to have to lend support for leaving this group an open widely distributed forum. I have been on both sides of the fence over the last 21 years ... both managing and cracking systems. During 1970 to 1973 I was too bright, too interested in systems programming, and too often in the wrong place at the wrong time. I was continuously accused to attempting to breach facility security by three separate college data center staffs. I was harassed, denied access to facilities, watched like a criminal, and lived under restrictions not placed on other students simply because of a FEAR that I knew too much about operating systems. I did complex 360 DOS RJE sysgens and ported major sections of OS ECAP back to DOS while other students wrote "hello world" fortran and basic programs. I dreamed BAL, DOS, and OS/MVT. Finally I had enough, and with several instructors' support, I started finding out how to do the things I was being accused of. Within a few months I not only identified the underground hackers that were causing the problems, but also helped create the fixes that shut them out. In the sport of this, we protected the identity of the underground groups at CalPoly Pomona and Sacramento and continued to play the game for a year and a half. I cracked the security of the system in a few weeks simply by knowing it could be done (having been already accused of such). Most of the things we did were directly in response to the negative direction provided. The system was a nation wide timesharing service (CTS/ITS) based on the XDS940 rel 3 OS converted to run on CDC 3100's and 3300's. The system was based on a similar model as UNIX with supposedly VERY TIGHT SECURITY. We broke that security right down to intercepting interrupt vectors and inserting private kernel code and maintained a level of penetration for 18 months while providing the facility staff source level fixes from the disassemblies of the raw binary. Early in the assault we were aided by the DEBUGGING aids left by the systems staff ... a user level command to dump/patch the kernel address space! We also found doing a particular type of memory allocate gave you the first available DIRTY memory pages ... allowing some very interesting statistical analysis to recreate a complete runtime binary image of nearly every processes text and data space, including kernel temporary buffers for terminal I/O and File I/O (a great hunting land for passwords and other trivia!). I also wrote a program to attempt all possible system calls with widely varied arguments ... stumbling upon the fact that the haltsys system call could be executed in user mode and various peripheral ioctl's as well (taking offline printers and disks). As we found new ways break the security, we would pass the old ways on to the facility staff ... keeping the window open for us and closing it for others. (I greatly appreciate the insights to what could be done to the system during my visit Easter break 1973 provided by Steve Mayfield and Gary Philips of CalPoly Pomona, as well as the XDS 960 sources and PLM's they later provided!) (I suppose I should also thank Alan and the gang at CalState Sacramento for discovering you could link an operators console, thus stealing all operations passwords and the resulting havoc and concern they caused, which I was then accused of). (Hmm I suppose I should also thank Bob Oberwager(SP?) and the staff at CalState Northridge, which managed the CalState version of the system, for being such panic stricken mindless idiots to have blamed me for the many things I hadn't done during fall 72 and winter 73 ... and then continuing to blame me instead of the underground groups! Without their quick guidance I would have missed many of the things the other groups were up to!!!) The systems staff was outraged because NOBODY had the source except them. Armed with the original XDS source, we were able to disassemble the 3300 port back to source code in about a man year. We did most of our work on other systems to prevent the sysops from spying. Many thousands of feet of paper tape was punched at 110 buad on an ASR33 teletype, converted to a 9 track tape on a varian, and disassembled late at night on one of several 360 sites. Much of the SECURITY of the system was the supposed lack of internal documentation, which we recreated in better detail than the internal staff had. UNIX is a completely different beast ... nearly every major hacker has partial source of some version along the way ... the university environment has been too lax in protecting the source base. It is impossible to hide ones head in the sand with such widely held source access ... even without sources, disassembly is an easy method to recreate sources, particularly with other source versions around as a model. Instead of bitching about this forum, more attention should be paid to the gamesmanship that is played out between bad hackers and their victims. These energies need to be recognized and redirected where possible to supervised positive pursuits. The ethics and liabilities need to be discussed at length with proper reprimands for those who step over the line. Management FEAR must be replaced with INFORMED action to stop this deadly game. Even good kids can crack when subject to long term negative pressure. I stayed above ground from 1970 through 1975, in the face of threats of expulsion and legal reprisals, with the support of some understanding faculty. The long term strain and anger from this, combined with some severely bad personal times, lead to a lash out against ITS in 1975, resulting in an ethics breach I am not proud of ... and some lessons learned. There need to be more MIT & Berkeley style open student managed systems for undergraduates ... giving our future sysops and system programmers a breeding ground to develop in. This really applies at BOTH college and High School level. There is NOTHING MAGIC OR SPECIAL about computer data ... it is JUST LIKE it's paper counter part. Everyone should be made to understand that sneaking about in ones electronic world is just as offensive as violating ones physical world. IE it doesn't matter if someones home/office/desk is not locked ... we KNOW that we SHALL NOT enter unless invited ... DITTO for computer places. Unfortunately this analog is not clearly stamped into the heads of most people in our society ... and certain people like Stallman perpetuate the myth that computer data/programs/assets are exempt from real world rules of ownership and privacy. SO ... post and discuss the bugs here ... enlist the aid of the good hackers and do what ever is necessary to keep the bad hackers from stepping over the line. have fun ... John L. Bass PS: I am glad I grew up when I did ... these kids legal liabilities for hacking today are utterly frightening ... especially for viruses. We need a re-union party for hackers from this period!!! Write me. ----[end of included article] =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.07 / File 5 of 6 *** *************************************************************** ------------- Just Say "Whaa.....???" -------------- (Eds Note: We did not make this up, nor is the press release dated April 1st) Press Release: Jeff Mackler Communications 15301 Ventura Blvd Suite 300 Sherman Oaks, CA 91403-3102 (818) 783-1688 (voice) (818) 783-6516 (FAX) TAITO'S 'WRATH OF THE BLACK MANTA' DELIVERS STRONG ANTI-DRUG MESSAGE (LOS ANGELES, CA) APRIL 12 -- With the popularity of video games continuing to increase at a dizzying pace, one software publishing company believes it has an added responsibility to the consumer public. Taito Software, Inc., a major creator of video game software for the Nintendo Entertainment System, has taken up the lance in the fight against drugs and international terrorism by publishing the hard-hitting "Wrath of the Black Manta," which brings a strong anti-drug, anti-terrorism message directly into the home. Alan Fezer, President of Taito said, "Taito has the opportunity to deliver a message to today's youth. Video games have a strong impact on the playing public. In general, they are both entertained and educated by the message of the game. Taito has made the decision to make it's anti-drug message loud and clear." "Wrath of the Black manta" comes wrapped in state-of-the-art technology including advanced graphics, sound effects and music. This provides a greater dimension to the game and allows players of this five-level, martial arts, action/adventure video to participate in an exciting drama. The stakes are as high as they are in real life. The player assumes the role of the "Black Manta," and in the process a student-master relationship develops, imbuing a human-like quality to the play of the game. As the player acquires greater skill through having to develop memory and reading skills, he/she moves up to a higher and more difficult level of play. In describing a psychological process called "mastery," achieving simulated victory in a fantasy situation over an actual conflict, such as the terrorism of international drug cartels, a player is more apt to believe that that goal is obtainable in real life. Taito heightens player involvement and positive reinforcement by making "Wrath of the Black manta" interactive. The story's dialogue is shown simultaneously in script, running along the bottom of the screen at key intervals. In addition, the player receives a series of cryptic messages, including spoken clues from the treacherous thugs and the kidnap victims. Throughout the game, the Master strongly reinforces the drug themes, reminding the player to never use drugs. The action, which takes place in New York, Tokyo and Rio de Janeiro, provides for character development as the player's abilities increase. In the process, he challenges the international gang of formidable foes as he tracks down the ruthless drug lord, El Toro, eventually succeeding in the achieving a single-handed victory over drugs and terrorism. "Black Manta" maintains a continuous story line, level by level, rather than a simple recapping of the narrative. As "Black Manta," the player must become a master of the four groups of Ninpo Arts, with such exotic powers as the Paralyzing Fire Rain, the Veil of Invisibility, and spider-like Underground Travel. With each new level the player reaches, the added Ninpo Arts and skills he masters fuse to give him the added strength and proficiencies (sic) to achieve the final result - destruction of El Toro and his powerful, parasitic (sic) drug cartel. The characterization of a high-concept foe creates much more excitement in play than does a series of anonymous enemies. The stakes in "Black manta" are not simply over turf, but over the insidious power welded by drug lords. Although many "bad guys" challenge the "Black Manta's" skills (Voodoo Warriors, Robot Guards, and the monstrous "Tiny"), the action culminates in a final show-down with El Toro, the mastermind of DRAT (Drug Runners and Terrorists). The game was recently accorded high honor by GAME PLAYER'S NINTENDO GUIDE, which proclaimed that, 'Superior graphics and animation, together with a strong story line, make "Wrath of the Black Manta' a strong contender for the best martial arts game around." NINTENDO POWER (March/April 1990) also gave "The Wrath of the Black Manta" high marks, with a 4 our of a possible 5 rating for graphics and sound, 3.5 out of 4 on play control, 4 out of 5 on challenge, and 4 out of 5 on theme/fun. To introduce "Wrath of the Black Manta" to the public, Taito has established the "Black Manta Sweepstakes" in which the Grand Prize-winner will earn the right to a $5,000 shopping spree in the store of their choice. Game players enter by dialing 1-800-777-2WIN. Taito Software Inc develops and markets entertainment software for the consumer market. The company is the North American home entertainment subsidiary of $500-million Taito Corp., based in Tokyo, the world's largest arcade game manufacturer. Founded in April 1988, Taito Software is committed to providing superior products the incorporate high production values and technological innovation. # # # CONTACT: Gene Lesser Anita Deiter Jeff Mackler Taito Software, Inc Jeff Mackler Communications (604)984-3344 818/783-1688 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.07 / File 6 of 6 *** *************************************************************** IMAGINE (tune by John Lennon; Words by Roberta Barlow) Imagine there's no mainframe, it almost makes me cry. No links connecting all the countryside. Imagine all the ppl living without relay-ay-ay-ay-ay-ay. You may say i'm addicted, but i'm not the only one. I hope someday to get a real life, bit compu's so much fun! Imagine all the bit-families dissolved one by one, All the nodes disintegrated, link-death everyone. Imagine all the nightmare of an endless, blacked-out scree-ee-ee-ee-ee-een. You may say i'm addicted, but i'm not the only one. I hope someday you'll join up and we can talk over comp. Imagine there are no print-outs of your favorite files, No skipping classes to chat across the miles. Imagine all the ppl living without relay-ay-ay-ay-ay-ay. You may say i'm addicted, but it's just the way i get. I hope someday you'll join up and we can talk through bit-net. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= !