**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.03 (January 22, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto RESIDENT SYSTEM CRASH VICTIM:: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve, PC-EXEC BBS, and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (2) cudarch@chsun1.uchicago.edu E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS THIS ISSUE: File 1: Moderators' Corner File 2: From the Mailbag File 3: More CU News Articles File 4: The CU in the News ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #3.03: File 1 of 4: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: January 22, 1991 ++++++++++ In this file: 1. INFORMANTS AND OTHER ISSUES 2. ARTICLE FORMAT 3. HACK-TIC MAGAZINE 4. FTP INFO 5. FIDO-NET AND CuD BACK-ISSUES ++++++++++ ++++++++++++++ Informants, etc ++++++++++++++ There will be more information on the Secret Service's use of informants and the extent to which they were employed in forth-coming issues. CuD will be making several FOIA requests in an attempt to gather more information. A future issue will be devoted to how individuals can help in protecting Constitutional freedoms related to computer communication. ++++++++++++++++++++ Article Format ++++++++++++++++++++ We've been receiving an increasing number responses using software that auto-cites. *PLEASE* don't quote long lines of texts if they are not relevant to your article. Also, make sure that that attribution of authorship goes to the proper person (as in "josie blowsie writes:") rather than to the CuD editors (unless we in fact wrote it). Most editors are picking up the "jut2" line, especially in the mailbag file. In long articles, it helps to have a blank space between each paragraph and to avoid odd or unprintable characters which some systems have difficulty reading. ++++++++++++++++ HACK-TIC Magazine ++++++++++++++++ We received our first copy of HACK-TIC, a CU periodical from Amsterdam. We don't read Dutch, so we tried to wing it from German. The size and layout are similar to 2600. We received Issue 11-12 (47 pages), which contains technical information, articles on the E911/PHRACK trial, Milnet, Cartoons, and other news from Europe. There is enough substance that one need not speak Dutch to get a decent value from picking up the stray bits in English (such as a decoder program for Wordperfect files). For those wanting more information, write to: HACK-TIC pb 22953 1100 DL Amsterdam The Netherlands UUCP = ropg@ooc.uva.nl Individuals issues cost about $2.30 each, (4 G) and a subscription of 10 issues costs about $21.75 (37.5 G). CuD (and other text files) are available on FIDOnet through Mike Bateman's system: 1:100/345 for those on FIDOnet 8:921/910 for those on RBBSnet 65:221/4 for those on OURnet 43:555/203 for those on V-NET To access various files, simply send a file request to Mike's system for the magic filename CUD. This will send out the current listing of archive files held here. From there it's up to callers to request what they want. The system is available 24hours a day, IS PCP Pursuitable (even though the list doesn't reflect that yet due to his area code being very new). For questions or problems, drop a note to: SMBATEM@UMSLVMA.bitnet PC Pusuitable at MOSLO, and supports 1200, 2400 9600, and 14400 connects, both HST and v32. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: From the Mailbag Date: 22 January, 1991 ******************************************************************** *** CuD #3.03: File 2 of 4: From the Mailbag *** ******************************************************************** From: UK05744@UKPR.UKY.EDU Subject: tap news Date: Sun, 06 Jan 91 23:45:04 EST In a recent issue of CuD, the moderators wrote: >TAP is alive and well. In addition to a newsletter, they also have a BBS for >exchange of information and news. TAP is available for the price of a >postage stamp for each issue by writing: > > TAP > PO Box 20264 > Louisville, KY 40250 Greetings! I wanted to help clear up any misconceptions some people might have regarding TAP Magazine. The first point is that I am no longer editor. After Craig Neidorf got molested, I decided do let go of TAP and concentrate on more important things. Therefore, I handed editorship to Predat0r. Since then, I have had NOTHING to do with TAP Magazine. The second point is the details of the subscription. I am not totally sure of this but it is what I hear. TAP is not free anymore (I don't know why. I put it out for free), it is now $2 for a SAMPLE issue. The yearly rates are $10 for ten issues. If anyone has any questions regarding TAP, don't mail me. Mail them to Predat0r at the above address. If anyone wants to correspond with ME, you can mail me at UK05744@UKPR.UKY.EDU. OR UK05744@UKPR.BITNET. ++++++++++++++++++++++++++++++++++++++++++++++++++ From: eric@EGSNER.CIRR.COM(Eric Schnoebelen) Subject: Re: CU Digest #3.00 Date: Sun, 6 Jan 91 14:44:05 CST In a recent issue of CuD, works!cud@UUNET.UU.NET writes: - How can it be legal to make BBS' operators shell out extra money for a - hobby, answering machines aren't something people have to pay extra for, - and in some cases thats what BBS's are used for. If its a public BBS, it is - receiving no true income from its users, unless they pay a standard, - billable time, (ie. A commercial BBS) What gives them the right to charge - us now? - Do they have a right to charge us? are they providing any type of special - service because we have a modem on the line, instead of an answering - machine, FAX, phone, or other? we are private citizens, it should be up to - us how we use the phones. TelCo's still a monopoly The "monopolies" have only the powers to charge for the services that are tariffed by the local and state public utilities commissions for intrastate services, and the Federal Communication Commission on the interstate services. The charges for local service come under the jurisdiction of the PUC's, and not the FCC. If the operating company can convince the local PUC that a BBS is business, then they will be able to "legally" charge business rates for connections that are used for BBS's. Keep in mind that telephone service is not a guaranteed right. The low residential service rates are due to a state and federal government policy dating from early in the century, which was aimed at providing universal telephone service, much in the same way that the government have provided roads to encourage the mobility of the automobile. A case could easily be made that more than one line to a residence/household is a luxury, and all additional lines should be billed at a higher rate. Fortunately, generally the telephone companies have not tried for this, but instead have limited the attempts to charge business rates to BBS's solely to BBS's that could be viewed as businesses, such as ones that charge for access. Businesses are charged more for their service because they are expected to make more use of the telephone system, and thus cause greater wear on the system. BBS's, like teenagers, blow that equation all out of the water. - There are a lot of rumours about this type of thing, only I've never seen - it actually put into action. Southwestern Bell, in Houston, Tx, attempted to define all BBS's with more than one phone line as businesses, for the purposes of billing, whether they charged a fee for not. As part of this, they also claimed that BBS's that had a mandatory upload's for access were also businesses, since the user was required to provide something in order to gain access. [I may not have all of the above 100% correct, but that seems to be the gist of it] I have also heard that GTE in Indiana has tariffed that all BBS's that charge for access get business rates. At least GTE went through the PUC in getting that one through, unlike SWBT. And in response, at least in the case of the SWBT action, a group of BBS operators in Texas (and Oklahoma) fought the action. For the most part, I gather that they have succeeded, but not completely. I doubt that I have made anyone happy by reading the above, but hopefully, I have made people more informed. *********************** In CuD 3.00, file 4, Liz E. Borden Writes: - Why, you ask, do I think the CU is sexist? I will agree that there is a very strong male bias in the entire computing industry, and probably even more so in the underground. Why? I have no real idea, although a guess that pops to mind is (Gross Generalizations here!) many women would rather do things more secure and "safe" than play on the edges in the underground. How true that is, I don't know. I would say that is a stereotypical perception that is not well held up by the women I know. - Second, BBSs, especially those catering to adolescents and college - students, are frightening in their mysogeny. I have commonly seen in - general posts on large boards on college towns discussion of women in the - basest of terms (but never comparable discussions of men), use of such - terms as broads, bitches, cunts, and others as synonymous with the term - "woman" in general conversation, and generalized hostile and angry - responses against women as a class. This, unfortunately, does exist, even in what are supposed to be some of our most enlightened environments, the university campus. But keep in mind, this is also how they were taught by the outside society before entering the enlightening halls of the university, and they should be exposed to ideals that indicate that their actions and beliefs may be flawed, or even incorrect. It does nothing to complain about these people, they need to be exposed to a greater, less biased world than the one from which they came. Some will reject it, because it will suddenly devalue their self worth, or the views/beliefs they held upon entering are to strong, but after time (perhaps generations) they will be in the definite minority, and perhaps even extinct. - Third, sexism is rampant on the nets. The alt.sex (bondage, gifs, - what-have-you) appeal to male fantasies of a type that degrades women. No, - I don't believe in censorship, but I do believe we can raise the gender - implications of these news groups just as we would if a controversial - speaker came to a campus. Most posts that refer to a generic category tend - to use male specific pronouns that presume masculinity (the generic "he") - or terms such as "policeman" or "chairman" instead of "chair" or "police - officer." It is my belief that many people consider "chairman" and "policeman" to be generic terms for "chair" and "police officer" I have heard my youngest sister refer to herself as a "policeman" on several occasions, although she does tend to use "police officer" a bit more often. As to rampant sexism on the "nets", I cannot say. I only frequent USENET and internet mailing lists for my net based reading. What it is like on the Fido echo's etc, I do not know. In general, most of the postings I see on USENET are of very open, somewhat liberal, attitude. I suppose that the alt.sex hierarchy could be considered degrading, but I am unsure how. What I see in those groups that I read there are generally open, fairly well reasoned discussions of items of a sexual nature, as well as some discussions attempting to show some users the error of their ways of belief. Those do degenerate in to some impressive flame wars, but there has been little I could see as being viewed as degrading/demeaning. -Why don't we think about and discuss some of - this, and why isn't CuD taking the lead?! Good question. If the computer underground is truly on the cutting edge of future society, then lets take the chance to rework our (and the rest of the nations/worlds) views on sexism, racism, and all the other -ism's out there. These sorts of actions start at home! And in doing so, we shouldn't flame those who hold opposing opinions, rather we should listen to them, and reason with them. Find out why they hold the beliefs they do, and politely attempt to enlighten them. All in all, I would say that Ms. Borden makes some very good points, points we all could do well to consider, and act upon. The computer industry needs to make a more intense effort to draw women into the industry, and we of the computer underground need to draw them into the mainstream of the underground. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: snowgoose!dave@UUNET.UU.NET Subject: No Room for Dinosaurs Date: Mon, 14 Jan 91 08:21:22 -0500 Over the past year, I have been reading about three subjects which have converged in my twisted mind to create an apprehension. AT first realization, I actually felt a little paranoid, but quickly realized that no conspiracy was taking place. That left me with apprehension of something it took me awhile to understand, though dimly still. The three subjects about which I have been reading, actually tracking, are (1) the quickening use of law and enforcement to control certain elements of the computer literate in society, (2) the efforts on the part of telecom companies to charge business rates for BBS phone service, and (3) the mass marketing of computer information services such as GENIE, COMPUSERVE, and (the worst or the best) PRODIGY. In that instant of paranoia, I asked myself whether these three forces were conspiring to squeeze me (and people like me) into conformity or extinction. When the paranoia passed, leaving me with an uncomfortable apprehension, I knew it was no conspiracy, just powerful forces moving in a like direction; all three forces a reaction to the permeation of computers throughout all facets of our society. I support law and enforcement, an our responsibility to control the excesses of those who govern us. I support a free market economy in which telecom companies and computer services companies make a buck. I understand the position PRODIGY takes; that they are a publisher who will exercise editorial control (in response to advertisers sensitivities.) Still, though, something uneasy lingers in my soul. The recent contributions to CUD about sexism in the CU sharpened the focus of my apprehension. I earned my first job as a systems programmer by penetrating a security hole in the university's mainframes. I like to refer to my sailboat as "she". I am going to sail around the world someday soon. And, I'm still looking for opportunities to achieve technical feats for the simple pleasure of doing it. Oh yes, I smoke a pipe, too. I'm a dinosaur. When I earned my first systems programmer job, there wasn't a computer underground. We were the elite, and held in awe for our abilities. We were pretty responsible too. I am wondering whether there is much of a computer underground now. When issues of sexism or equal access to computers by the handicapped permeate the computer underground, it won't be an underground anymore. (I bet that one will get a few flames. I'm handicapped, and I have felt discrimination, but CUD isn't the forum for discussing it.) Anyway, to the point, soon, I fear, the hackers, and others on the frontier of computing, who seek to express their individualism, will go the way of the dinosaur. I finally realized my apprehension for what it was; the fear of dying, of being %passed by' by forces too powerful to resist, too conformist to join. Actually, I do join those forces. Life is full of compromise. The joining is a form of dying in itself. Better than dying from starvation, I guess. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: scubed!gnh-igloo.cts.com!penguin%das@HARVUNXW.BITNET(Mark Steiger) Subject: Re: Reward for Hacking Date: Fri Jan 4 91 at 15:59:51 (CST) In CUD 2.19 it was mentioned about "10,000 hackers couldn't break into our system". It is True. Our computer club received a mailer offering $5,000 to anyone who could break in if they told them how they did it. It looked like a interesting offer. They gave a bunch of phone numbers that their computer was on. I don't have the flyer anymore. Got it late spring/early summer 1990. Mark Steiger, Sysop, The Igloo BBS 218/262-3142 300-19.2K Baud ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: worley@COMPASS.COM(Dale Worley) Subject: C.U.D. vol. 2 is. 2.19, Date: Tue, 8 Jan 91 16:37:50 EST In CuD 2.19 (File #3) <riddle@CRCHPUX.UNL.EDU> writes: > Our response is that there is little, if any, added expense to > telecom operations whether a phone is used for 20 minutes or 20 > hours during a given day. Regardless of the other issues at stake here, the surprising fact is that the above statement is completely false -- the costs of a connected line are much higher than those of an unconnected line. The costs associated with a local phone call fall into three categories: the cost of having the line installed the cost of setting up and taking down the call the cost of maintaining the signal path while the call is in progress Since traditional phone lines have been used for only a tiny fraction of the day, the phone companies have spent much money and cleverness at reducing the "fixed cost" of an installed phone line. It is much harder to reduce the cost of maintaining a signal path -- the number of switching elements in the central office must be sufficient to handle the number of calls likely to be in progress at any moment, which is presumed to be far smaller than the number of phone lines. In practice, the total costs of maintaining the signal paths are considerably higher than the fixed costs of the installed lines. The net result is that a line which is connected 24 hours a day costs the phone co. far more than a line which is used very little, because it is the connections which consume the expensive resources. That is why a leased line costs much more than basic message unit service. (If you don't believe me, check any book on the design of telephone systems.) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: wichers@HUSC9.HARVARD.EDU(John Wichers) Subject: Re: Cu Digest, #2.19 Date: Sun, 6 Jan 91 16:56:55 -0500 In article <1770@chinacat.Unicom.COM> Andy Jacobson <IZZYAS1@UCLAMVS.BITNET> writes: >Subject: Hackers as a software development tool >"GET DEFENSIVE! >YOU CAN'S SEE THEM BUT YOU KNOW THEY'RE THERE. >Hackers pose an invisible but serious threat to your information system. >Let LeeMah DataCom protect your data with the only data security system >proven impenetrable by over 10,000 hackers in LeeMah Hacker Challenges I >and II. For more information on how to secure your dial-up networks send >this card or call, today!" (Phone number and address deleted.) >So it seems they're claiming that 10,000 hackers (assuming there are that >many!) have hacked their system and failed. Somehow I doubt it. Maybe they >got 10,000 attempts by a team of dedicated hackers, (perhaps employees?) >but has anyone out there heard of the LeeMah Hacker Challenges I and II? If I remember correctly, they market some sort of a callback modem. What they then did was issue an open challenge to all hackers to call a system through their modem and get a text file or something similar in the system. The first time they had the "LeeMah Hacker Challenge", there were 8000+ attempts by hackers, none successful. The second time there were only 2000+ attempts, apparently because many hackers thought it was a new attempt by Big Brother to identify them. Note: although there were more than 10,000 *attempts* to get by their product, LeeMah cannot justify saying that means that 10,000 hackers tried, unless each hacker tried only once. Somehow I doubt that. Disclaimer: I have nothing to do with LeeMah, nor did I take part in either of their "Challenges". I just recall reading about it. --jjw (aka narcoleptic) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: claris!netcom!onymouse@AMES.ARC.NASA.GOV(John Debert) Subject: Re: Cu Digest, #2.19 (Gail Thakeray's comments, etc.) Date: 7 Jan 91 01:35:15 GMT In CuD 2.19 (File 5), jwarren@well.sf.ca.us writes: > For those who don't know of Ms. Thackeray, she is an Assistant State > Attorney General for the State of Arizona, active in pursuing computer > crime, and controversial for some of her public statements and/or > statements that.some press *allege* she said. In some cases, she may have > been as misleadingly quoted-out-of-context -- or flat-out abusively > misquoted -- as has been the case with some reports about Mitch Kapor, John > Perry Barlow and the Electronic Frontier Foundation. > --Jim Warren [permission herewith granted to circulate this-in-full] Gail Thakeray has in fact made either untrue, half-true or misleading statements to the press and public at large. I heard her discussing the "hacker" problem last year live on-air on radio and she did in make such statements to support her position against certain, not-necessarily-criminal computer experts. She is supposed to know the law and specialize in computer crime but she made herself out to be against anyone who not only may have committed computer crime but also those who may be potentially capable (whatever that means, either possessed of the moral or technological capability, or whatever) to commit a crime. The sum of the position stated was that nothing would be allowed to get in her way to seek out and prosecute alleged computer criminals. She seems inconsistent in her position and her department's policy and I, for one, see no reason therefore to trust anything she may say. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Maelstrom <BEHA@LCC.EDU> Subject: Correction - Michigan Bell vs BBS's Date: Mon, 7 Jan 91 19:05 EST A bit out of CuD #2.19 to refresh everyone's memories: >...an administrative hearing will be held before the >Michigan Public Service Commission to discuss a complaint filed against >Michigan Bell Telephone Company. >Early this year, a private bulletin board in Grosse Point, called the >Variety and Spice BBS, was ordered to pay an increased charge for phone >service because it was discovered he was accepting donations for use of his >BBS. >Michigan Bell claims that placing any condition on the use of a BBS >constitutes a business, and that the sysop must pay a business rate for his >phone line, plus pay a $100 deposit for EACH LINE in use. This means the >Variety and Spice sysop would have to pay a $1600 deposit, plus about $50 >additional each month if he wanted to continue his BBS. >Your help is urgently needed!! Please try to attend this hearing. It will >be held at the Public Service Building, 6545 Merchant Way, Lansing, >Michigan. The date is January 15. I do not have the exact time but I >assume this hearing will last most of the day. You do not have to testify, >but it would really be helpful if you can attend as a show of support. The >MPSC does not think the Michigan public even cares about BBS's. But we can >certainly jar their thinking if we can pack the room with sysops and users! >For more information, please contact Jerry Cross at 313-736-4544 (voice) or >313-736-3920 (bbs). You can also contact the sysop of the Variety & Spice >BBS at 313-885-8377. >Please! We need your support. I just got off the phone with Jerry Cross, and it appears there has been a mistake in date and time for the hearing. The correct dates are January 29 and 30, at 9:00am on both days. The hearing should last for most of both days, depending on how many people testify. It is important that as many of us as possible attend as a show of support! There is power in numbers. Subject: The Consequence of a Philosophy: Response to Dark Adept From: polari!tronix@SUMAX.SEATTLEU.EDU(David Daniel) Date: Fri, 11 Jan 91 17:26:25 PST The Consequences of a Philosophy by David Daniel I am moved to write this piece primarily by the Dark Adept's essay which appeared in CUD 2.18. He brought up many aspects of the 'hacker mentality' which have served and are serving to produce concern within the business and law enforcement community. Unfortunately, many of his assertions are based on common misconceptions about how businesses operate. Mr. Adept presented a distorted view of the 'capitalist mentality'. I hope to correct these misconceptions based on my experience in both computer and non-computer related businesses. Mr. Adept mentioned the restrictive aspects of patents and copyrights but offered no proof to support his claim. He also misstated the scope of a patent right. A patent only covers the method by with an invention performs its task. For example, I could invent a new form of sewing machine with only three moving parts and a revolutionary means of fixing various materials together. My patent would cover the means by which my devise achieves its purpose. Further, my patent would free me to release my invention to the world and to invite any and all those interested to study it. It's likely that Singer would be quite impressed and I could rest assured that I would receive due compensation if Singer decided to manufacture and/or market it. Mr. Adept expressed his belief that a user interface was generic. I'm sure we could find many hard working programmers who would heartily disagree as well as corporate executives who have overseen the expenditure of many thousands or man-hours and dollars in the developement of a unique software product. Don't they deserve a return on their investment? Mr. Adept denies the existence of license agreements when he asserts that an inefficient company can tie up a good interface by tying it to a bad program. He also denies the idea of a joint marketing venture by two or more companies which combine their strongest products. Mr. Adept wrote about the danger of protecting algorithms since they are merely mathematical models. Should we consider DOS and BIOS in the same category? Should these proprietary packages be freely circulated without compensation? It might be an attractive utopian concept but not workable within our present system. I see the issue ultimately as one of philosophical ethics. It pits the hacker/cracker/phreaker community with their latter-day Robin Hood persona against the free enterprise business community with their 'what's mine is mine' attitude. The struggle has been going on for years and will likely continue. There is a phrase, "putting a head on a pike". It arose from an ancient custom of removing the head of an enemy and placing it on a long pole anchored in the ground for all to see. It served to warn off other would-be attackers and it sometimes worked. I see many of the recent hacker/cracker prosecutions as just such a piking of heads. It is the price that certain members of the computer underground have paid for the exorcise of their philosophy. As to whether or not it's working only time will tell. I'm sure that some have been deterred while others have been moved to act. I'd like to see the two divergent mentalities reach a compromise. I truly believe a compromise possible. Even though it won't be easy it's a valuable goal that should be worked toward. The alternatives are more of what we've been seeing over the last few years: More prosecutions, more paranoia within the business community and more invasive behavior on the part of the federal government. None of us want this regardless of which side of the proverbial fence we reside. Lets all become part of the solution rather than adding to the problem. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Dan Farmer <df@CERT.SEI.CMU.EDU> Subject: re: COPS, Cud 3.00 (file 5) Date: Wed, 09 Jan 91 11:57:18 EST Hello, Gentlemen! I just read your latest CuD, and would like to take exception with your "File 5 of 6: Security on the Net" section. I wrote that, and it is included with, every copy of COPS that gets put out. However, the way you posted it, it is unclear that this is the case; indeed, people are asking me why I would post such a thing anonymously to your journal, apparently unaware that it is included as part of my package (the first person is used, so it would be a poor subterfuge :-)). If you would just mention something to the effect that I didn't send that to you, I'd appreciate that -- I certainly stand by all the words that I wrote, but it just seems a bit odd the way it is presented there, without the full background. If I send something to your fine journal, I'll certainly include my own name. Thanks! -- dan %Moderator's comment: We apologize to Dan for not giving credit to him as the original author. The person who sent us the article assumed we would recognize the original author, which we did not. The error was ours, and we thank all those who wrote. Jim ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: KRAUSER@SNYSYRV1.BITNET Subject: More CU News Articles Date: Wed, 02 Jan 91 20:27 CST ******************************************************************** *** CuD #3.03: File 3 of 4: CU-Related Bibliography *** ******************************************************************** Computer Hackers News Articles Part II The following is a list of articles that I have found concerning the computer underground in various magazines and news-papers. The list is in chronological order. If you know of an article that should be included in this list or correction, send me the information and I will add it to the listing. Dec 13 '90 New law aims to curb computer crime Financial Times pg.36 Dec 10 '90 NASA refutes hacker break-in story Computerworld pg.10 Dec 6 '90 Experts Call For Better Computer Security Los Angeles Times Part A pg.29 Dec 6 '90 Computer Security Risks Feared Newsday pg.15 Dec 6 '90 Phone Theft At NASA The New York Times Section D; Pg.2 Dec 6 '90 Computer 'will replace bomb as terror weapon' The Daily Telegraph pg.8 Dec 6 '90 Sacking Of Employee Hacker Was Justified The Daily Telegraph pg.8 Dec 6 '90 Computers Vulnerable, Panel Warns; Networks Susceptible To Hackers and Accidents The Washington Post Dec 6 '90 Hackers Can Cause Catastrophe, National Research Council Warns The Washington Times pg.C3 Dec 3 '90 Hackers Humbled Information Week pg.14 Dec 1 '90 Espionage fears mounting as hackers tap into faxes The Daily Telegraph pg.23 Nov 26 '90 Morris Appeals Information Week pg.16 Nov 26 '90 Hackers draw stiff sentences; Computerworld pg.1 Nov 19 '90 Judge Sentences 3 Hackers For BellSouth Breakin Wall Street Journal Section C pg.15 Nov 17 '90 Security Tightened As Hackers Get Jail Newsday pg.9 Nov 16 '90 Companies on alert for 'hackers' The Boston Globe pg.72 Nov 16 '90 Phone Firms On Alert For Hackers Los Angeles Times Part D; Pg.2 Nov 12 '90 Finger hackers' charged with voice-mail crime Computerworld pg.18 Nov 11 '90 Phreaks Sabotage Phone Mail Information Week pg.14 Nov 8 '90 Hacker doing time answering telephones The Washington Times pg.A6 Nov 5 '90 CERTs unite to combat viruses, deter hackers Computerworld pg.4 Oct 29 '90 BT Suspends Phone Data In Hacker Scare The Daily Telegraph pg.2 Oct 22 '90 When A Hacker Cracks The Code The Daily Telegraph pg.31 Oct 21 '90 Charges Against Hacker Dropped The Independent pg.3 Oct 21 '90 The Challenge Of Computer Crime The Independent pg.12 Oct 19 '90 Cops Say Hacker, 17, 'Stole' Phone Service Newsday pg.2 Oct 16 '90 Computer Blackmail Reported At Five Leading British Banks American Banker pg.27 Oct 15 '90 Attempt Made By Hackers To 'Blackmail' Banks The Times Oct 14 '90 Hackers blackmail five banks; Mysterious computer experts demand money to reveal how they penetrated sophisticated security The Independent pg.1 Oct 14 '90 Five banks blackmailed The Sunday Times Oct 4 '90 Cracking Down On Hackers Financial Times pg.30 Oct 1990 More on Operation Sun Devil & the Electronic Frontier Foundation Boardwatch (a monthly for BBS sysops) pp. 14-15 Sept 3 '90 March To A Different Drummer Information Week pg.55 Sept 3 '90 IS security exec tells of risks, strategies Network World pp. 21, 24, & 25 Fall 1990 Crime and Puzzlement (by John Perry Barlow) Whole Earth Review pp 44-57 Aug 6 '90 Presumed Innocent/Phrack Hacker Case Information Week pg.15 Aug 20 '90 Executive Summary Information Week pg.10 Aug 27 '90 Neidorf Vindicated Information Week pg.2 July 16 '90 Outlaws or Pioneers? Information Week pg.12 June 4 '90 Power Seekers Information Week pg.2 June 4 '90 Defining A Crime Information Week pg.81 June 4 '90 My Business Information Week pg.2 June 4 '90 Fragile Egos Information Week pg.81 May 7 '90 Hackers: Whacker Vs. Backer Information Week pg.72 May 7 '90 Hacker Tracker: Be Eternally Vigilant Information Week pg.58 May 7 '90 Judgement Day Information Week pg.57 Apr 9 '90 Computer Crooks Information Week pg.16 Mar 26 '90 Hacker Attack Is Back Information Week pg.26 Feb 12 '90 Guarding Against Hackers Information Week pg.5 Jan 29 '90 Morris Guilty Information Week pg.16 Jan 15 '90 Computer Crime: An Inside Job Information Week pg.26 Jan 8 '90 Private Eyes Stalk Computer Criminals Information Week pg.36 ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: The CU in the News Date: January 22, 1991 ******************************************************************** *** CuD #3.03: File 4 of 4: The CU in the News *** ******************************************************************** From: Anonymous Subject: Bulgaria and Computer Viruses Date: 12-20-90 2253EST "BULGARIA'S LEADING HIGH-TECH EXPORT APPEARS TO BE COMPUTER VIRUSES" From the New York Times, by Chuck Sudetic SOFIA, Bulgaria -- Bulgaria has become the breeding ground of some of the world's most lethal computer viruses, programs that are maliciously designed to spread through computer memories and networks and at times destroy valuable stored information like bank and medical records. "We've counted about 300 viruses written for the IBM personal computer; of these, 80 or 90 originated in Bulgaria," said Morton Swimmer of Hamburg University's Virus Test Center, who specializes in diagnosing and curing Eastern European computer viruses. "Not only do the Bulgarians produce the most computer viruses, they produce the best." One Bulgarian virus, Dark Avenger, has infected American military computers, said John McAfee, who runs the Computer Virus Industry Association, which is based in Santa Clara, Calif., and tracks viruses for computer hardware and software companies. "I'm not saying that any super-secure computers have been infected," he said. "But the U.S. Defense Department has about 400,000 personal computers, and anyone who has that many machines has a 100 percent probability of being hit." "It is causing some people in sensitive places a lot of problems," a Western diplomat here said, "and they are very reluctant to admit they have them." "I would say that 10 percent of the 60 calls we receive each week are for Bulgarian viruses, and 99 percent of these are for Dark Avenger," McAfee said, adding the virus has also attacked computers belonging to banks, insurance and accounting companies, telecommunications companies and medical offices. "I've had a lot of calls from Frankfurt," Swimmer said. "One bank was very nervous about it, but I can't reveal its name for obvious reasons." Several experts say the spread of the Bulgarian viruses is less the result of activities by the secret police than it is the consequence of having developed a generation of young Bulgarians whose programming skills found few outlets beyond hacking interventions. A decade ago, this country's Communist leaders decided to make Bulgaria an Eastern-bloc Silicon Valley, Vesselin Bontchev, a Bulgarian computer specialist, said. Bulgarian factories began turning out computers, and the government introduced them into workshops, schools and institutes. Many computers, however, stood idle because people did not know how to apply them or lacked an economic interest in doing so. "People took office computers home, and their children began playing on them," he said, adding that buying a private computer was almost impossible. These children quickly acquired software-writing skills, but had little or no chance to apply them constructively, he said. They began bootlegging copyrighted Western software, especially computer games, by overriding devices written into the software to prevent it from being copied. Then they started altering the operating systems that drive the computer itself. "From there it was one small step to creating viruses that attack files when they are acted on by the operating system," he said. Bontchev estimated there are only about a dozen young Bulgarian computer programmers who have written the viruses that have caused all the trouble. "Computer hackers here write viruses to show who is who in computer science in Bulgaria, to find a place in the sun," said Slav Ivanov, editor of a Bulgarian computer magazine. "The young computer people just don't rank in our society. They don't receive enough money." The average wage of a software writer in Bulgaria is about $30 a month, Bontchev said. One virus designer, however, acknowledged that revenge was also a factor. "I designed my first computer virus for revenge against people at work," said Lubomir Mateev, who helped write a non-destructive virus known as Murphy, which shares many of Dark Avenger's tricks. "Our first virus made all the computers at work send out a noise when they were switched on." Mateev, 23, said he collaborated with Dark Avenger's designer last spring on a new virus that is harder to diagnose and cure because it is self-mutating. "Dark Avenger's designer told me he would take a job as a janitor in a Western software firm just to get out of Bulgaria," he said. Attempts during several months to get in touch with Dark Avenger's creator proved fruitless. For now, Bulgaria's computer virus designers can act with complete legal immunity. "We have no law on computer crime," said Ivanov, whose magazine offers free programs that cure known Bulgarian viruses. "The police are only superficially interested in this matter." Bulgaria's secret-police computers have also been infected, said a well-placed Bulgarian computer expert, who spoke on condition of anonymity and refused to elaborate. Dark Avenger has also spread to the Soviet Union, Britain, Czechoslovakia, Poland and Hungary, Bontchev said, adding, "I've even had one report that it has popped up in Mongolia." "The Dark Avenger is the work of a Sofia-based programmer who is known to have devised 13 different viruses with a host of different versions," Bontchev said. "He is a maniac." Bontchev said he was almost certain Bulgaria's government was not involved with Dark Avenger. "A computer virus cannot be used as a weapon because it cannot be aimed accurately and can return like a boomerang to damage programs belonging to the creator himself," he said. "It can be used only to cause random damage, like a terrorist bomb." Unlike less infectious viruses, Dark Avenger attacks computer data and programs when they are copied, printed or acted on in other ways by a computer's operating system, Bontchev said. The virus destroys information every 16th time an infected program is run. A virus can spread from one computer to another either on floppy disks or through computer modems or computer networks, he said. Many viruses are spread at computer fairs and through computer bulletin-board systems where enthusiasts exchange information over the telephone. Legislation on computer crime will be introduced in Parliament once a criminal code is adopted, said Ilko Eskanazi, a parliamentary representative who has taken an interest in the virus issue. "We are now seeing viruses emerging on entirely new ground in Eastern Europe," Bontchev said. "Things may get much worse before they improve," he warned. "The first law of computer viruses is that if a virus can be made, it will be. The second law is that if a computer virus cannot be made, it will be anyway." +++++++++++++++++++++++++++++++ From: portal!cup.portal.com!ZEL@UNKNOWN.DOMAIN Subject: Mitnick and DEC Conference Date: Thu, 3 Jan 91 20:00:43 PST DECUS Bars Hacker: Meeting attendees focus on security by Anne Knowles FROM: From Communications Week December 24, 1990. Las Vegas-While attendees of the DECUS user group meeting were busy learning about DEC security, an infamous computer hacker was trying to register for the Digital Equipment Computer User Society's Fall 90 Symposium. Luckily for DECUS, the hacker was recognized by show personnel, who refused him admittance. DECUS contacted its lawyers and is now developing a policy for dealing with such situations in the future, said bill Brindley, president of the 30-year old user group. In the interim, the hacker was barred from the meeting. DECUS is the organization for users of Digital Equipment Corp. systems and ne tworks. With 120,000 members worldwide, it is the largest user group of its kind. the group holds seminannual symposiums, week-long events of daily seminars and hourly sessions on mostly technical topics concerning its membership. DECUS had never before been confronted by a hacker attempting to register for one of its symposiums, Brindley said , though an attendee was evicted from the show two years ago when he was discovered hacking. DEC identified this year's hacker as Kevin Mitnick, who is well-known to both DECUS and DEC. He is currently on probation after having been found guilty in federal court of breaking into Easynet, DEC's internal computer network. His probation stipulates that he not enter a networked system or one with a modem, Brindley said. During its symposiums, DECUS supplies networked terminnals for attendee's use. "It would have been logistically impossible to restrict anyone [who had gained admittance to the show] from the systems," Brindley said. The article goes on to other items from this point, but this is the part that deals directly with hacking. ******************************************************************** ------------------------------ **END OF CuD #3.03** ********************************************************************