****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 3, Issue #3.13 (April 20, 1991)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
ARCHIVISTS:   Bob Krause / Alex Smith / Bob Kusumoto
POETICA OBSCIVORUM REI: Brendan Kehoe

            +++++     +++++     +++++     +++++     +++++

CONTENTS THIS ISSUE:
File 1: From the Mailbag
File 2: Response to RISKS DIGEST (#11.43-- Len Rose Case)
File 3: Response to recent comments concerning Len Rose
File 4: CU News
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
                     (2) cudarch@chsun1.uchicago.edu;
                     (3) dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.  It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground.  Articles are preferred
to short responses.  Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Contributors assume all
            responsibility for assuring that articles submitted do not
            violate copyright protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Various
Subject: From the Mailbag
Date: 20 April, 1991

********************************************************************
***  CuD #3.13: File 1 of 4: From the Mailbag                    ***
********************************************************************

From: hkhenson@CUP.PORTAL.COM
Subject: reply to ATT letter responses
Date: Tue, 16 Apr 91 19:52:24 PDT

In CuD 3.12 peter@TARONGA.HACKERCORP.COM(Peter da Silva) notes:

>Finally, I would like to note that unlike many of the posters
>here I'm not going to try to excuse Rose's adding trapdoors to
>login.c as either educational or providing support to AT&T
>customers.  His posession of this code was definitely illegal.
>His use of it was, while perhaps protected under the first
>amendment, hardly wise.

I think all involved, especially Len Rose would agree with the last
statement!  I also agree with with Peter the posession of the source
code was also illegal, but there is illegal and illegal.  Copyright
violation (which is a _civil_ matter) would have been the proper
approach for ATT to take in the Len Rose case.  However, ATT folks
convinced agents of the US Government to make what should have been a
civil case into a federal wire fraud case, with as much jail time as
second degree murder.  Now, if Len had profited in any significant way
from his use of widely available source code, I could perhaps support
making it into wire fraud.  But next time you copy more than a page or
two from a book in the library, look over your shoulder.  If the
publisher of the book can get the government to go after you . . . .

In the same issue jrbd@CRAYCOS.COM(James Davies) complains

>The press release published earlier in the same CuD issue makes
>it clear that Rose's intent was to steal passwords and invade
>systems. While the possession of AT&T source code was the charge
>of which Rose was convicted, his actual crime (in a moral sense)
>was the equivalent of manufacturing burglar's tools, or perhaps
>of breaking and entering (although there isn't any evidence that
>he actually did any of this, his intent was clearly to help
>others do so).  Nothing makes this more obvious than Rose's own
>words, as quoted from the comments in his modified login.c by
>the Secret Service press release:

[quotes press release comments]

And goes on:

>I'm sorry, but these aren't the words of an innocent man.
>Personally, I think that Rose is guilty of the exact same sort
>of behaviour that gives hackers a bad name in the press, and I
>think that you're crazy to be supporting him in this.  Save your
>indignation for true misjustices, ok?

I'm sorry, but you are wrong.  In *this* country, a person cannot be
convicted on the basis of what they write, only on their actions.
Otherwise, there could be no mystery stories.  Len was never accused
of breaking into any system.  Why should he?  He was *given* accounts
on systems far and wide across the net, and *given* source code by ATT
employees.  The only reason Len came to the attention of ATT was
through the SS/Bell South searching an electronic publisher's email
(think about that.) For all the BS in the login.c comments, I consider
Len to have been a positive element in the computer underground,
influencing young explorers to respect and not damage data.  (See the
moderators papers on socializing forces in the Computer Underground.)

Keith Henson

PS  You might want to consider the consequences of big companies
getting in the habit of saving money on civil suits by using the
Federal Government to harass and jail people they are unhappy with.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: scubed!pro-harvest.cts.com!wlup69%das@HARVUNXW.BITNET(Rob Heins)
Subject: Response to article in CuD 3.12
Date: Tue, 16 Apr 91 19:05:45 CDT

In CuD 3.12, Bernie Cosell (cosell@BBN.COM) writes:

|Consider: it is the middle of summer and you happen to be climbing in
|the mountains and see a pack of teenagers roaming around an
|abandoned-until-snow ski resort.  There is no question of physical
|harm to a person, since there will be no people around for months.
|They are methodically searching EVERY truck, building, outbuilding,
|shed, etc,.  Trying EVERY window, trying to pick EVERY lock.  When they
|find something they can open, they wander into it, and emerge a while
|later.  From your vantage point, you can see no actual evidence of any
|theft or vandalism, but then you can't actually see what they're doing
|while they're inside whatever-it-is.
|
|Should you call the cops?  What should the charge be?

Of course you should call the cops.  Unless they are authorized to be
on the property, (by the owner) they are trespassing, and in the case
of picking locks, breaking and entering.

However, you're trying to equate breaking into a ski resort with
breaking into a computer system.  The difference being:99 times out of
100, the people breaking into a computer system only want to learn,
have forgotten a password, etc...99 times out of 100, the people
breaking into the ski resort are out for free shit.

That's why it's such a good idea to have a chat with an unknown
account on your system, to determine if they're there to destroy the
place, or if they only want to see how Unix ticks...A wise person once
said, "If they can do it once, chances are, they can do it again.

|Would the answer be different if it were YOUR stuff they were sifting
|through?

The answer, of course, is no.  Reason being that I've got the brains
not leave data lying around a system with a dial-up that I don't want
anyone to see.  (Check out my directory at Pro-Harvest...All I have
are a couple of CuD backissues, my sig file, and an ad for a hard
drive that I forgot to respond to...)

|2) I'm just as happy having that kind of "finding out" done by the
|police and the courts --- that's their job and I'd just as soon not
|get involved in the messy business [even if I could spare the time].
|If you can't learn to act like a reasonable member of society for its
|own sake, perhaps somewhat more painful measures will dissuade you
|from "doing it again".

Yeah...good philosophy.  "Let's spend a couple hundred grand
investigating something that the local sysop could take care of in two
minutes of his 'Precious Time'".  It seems to me that if you have the
time to run a BBS, you have the time to perform ALL the duties a sysop
with a couple of working brain cells should have...(Including the two
minutes to write a 200 byte email note to somebody who's probably
harmless.  If they don't respond, then delete them.  That's what, a
three step procedure with about 5 minutes of cumulative "work"
involved?  (Even you can understand.)  If you really want to keep
someone out, set it up so that only root can create accounts.)

If ol' Bernie wants to defend people's rights, maybe he should stick
to his own, and leave mine and my non-crotchety-old-man friends'
alone.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: mnemonic (Mike Godwin)
Subject: Response to RISKS DIGEST (#11.43-- Len Rose Case)
Date: Wed, 10 Apr 91 22:18:43 EDT

********************************************************************
***  CuD #3.13: File 2 of 4: Response to Len Rose Article (1)    ***
********************************************************************

%Moderators' Note: The following article was written by Mike Godwin in
response to a post by Jerry Leichter in RISKS #11.43.%

++++

Jerry Leichter <leichter@lrw.com> writes the following:

>With all the verbiage about whether Len Rose was a "hacker" and why he did
>what he in fact did, everyone has had to work on ASSUMPTIONS.

This is false. I have worked closely on Len's case, and have access to
all the facts about it.

>Well, it turns
>out there's now some data:  A press release from the US Attorney in Chicago,
>posted to the Computer Underground Digest by Gene Spafford.

In general, a press release is not data. A press release is a document
designed to ensure favorable press coverage for the entity releasing it.
There are a few facts in the press release, however, and I'll deal with
them below.

[Jerry quotes from the press release:]
> In pleading guilty to the Chicago charges, Rose acknowledged that when
> he distributed his trojan horse program to others he inserted several
> warnings so that the potential users would be alerted to the fact that
> they were in posession of proprietary AT&T information. In the text of
> the program Rose advised that the source code originally came from
> AT&T "so it's definitely not something you wish to get caught with."
> and "Warning: This is AT&T proprietary source code. DO NOT get caught
> with it."

Although I am a lawyer, it does not take a law degree to see that this
paragraph does not support Jerry's thesis--that Len Rose is interested
in unauthorized entry into other people's computers.  What it does
show is that Len knew that he had no license for the source code in
his possession. And, in fact, as a careful reader of the press release
would have noted, Len pled guilty only to possession and transmission
of unlicensed source, not to *any* unauthorized entry or any scheme
for unauthorized entry, in spite of what is implied in the press
release.

[Jerry quotes "Terminus's" comments in the modified code:]

>Hacked by Terminus to enable stealing passwords.
>This is obviously not a tool to be used for initial
>system penetration, but instead will allow you to
>collect passwords and accounts once it's been
>installed.  (I)deal for situations where you have a
>one-shot opportunity for super user privileges..
>This source code is not public domain..(so don't get
>caught with it).
>
>I can't imagine a clearer statement of an active interest in breaking into
>systems, along with a reasonable explanation of how and when such code could
>be effective.

Indeed, it *can* be interpreted as a clear statement of an active
interest in breaking into systems. What undercuts that interpretation,
however, is that there is no evidence that Len Rose ever broke into
any systems. Based on all the information available, it seems clear
that Rose had authorized access in every system for which he sought
it.

What's more, there is no evidence that anyone ever took Rose's code
and used it for hacking. There is no evidence that anyone ever took
any *other* code of Rose's and used it for hacking.

What Rose did is demonstrate that he could write a password-hacking
program. Jerry apparently is unaware that some computer programmers
like to brag about the things they *could* do--he seems to interpret
such bragging as evidence of intent to do illegal acts. But in the
absence of *any* evidence that Rose ever took part in unauthorized
entry into anyone's computers, Jerry's interpretation is unfounded,
and his posted speculations here are both irresponsible and cruel, in
my opinion.

Rose may have done some foolish things, but he didn't break into
people's systems.

>The only thing that will convince me, after reading this, that Rose was NOT an
>active system breaker is a believable claim that either (a) this text was not
>quoted correctly from the modified login.c source; or (b) Rose didn't write
>the text, but was essentially forced by the admitted duress of his situation
>to acknowledge it as his own.

In other words, Jerry says, the fact that Rose never actually tried
to break into people's systems doesn't count as evidence "that Rose was
NOT an active system breaker."  This is a shame.  One would hope that
even Jerry might regard this as a relevant fact.

Let me close here by warning Jerry and other readers not to accept
press releases--even from the government--uncritically. The government
has a political stake in this case: it feels compelled to show that
Len Rose was an active threat to other people's systems, so it has
selectively presented material in its press release to support that
interpretation.

But press releases are rhetorical devices. They are designed to shape
opinion. Even when technically accurate, as in this case, they can
present the facts in a way that implies that a defendant was far more
of a threat than he actually was. This is what happened in Len Rose's
case.

It bears repeating: there was no evidence, and the government did not
claim, that Len Rose had ever tried to break into other people's
systems, or that he took part in anyone else's efforts to do so.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: louisg <louisg@VPNET.CHI.IL.US>
Subject: Response to recent comments concerning Len Rose
Date: Wed, 17 Apr 91 23:53:44 CDT

********************************************************************
***  CuD #3.13: File 3 of 4: Response to Len Rose Article (2)    ***
********************************************************************

In CuD 312 Mr. James Davies wrote a letter expressing his feelings on
the Len Rose case.  I feel that he and many others are missing the
larger point of the issue, as I will try to describe.

>Subject: Len Rose
>From: jrbd@CRAYCOS.COM(James Davies)

>Keith Hansen and Arel Lucas in CuD #3.11 shared with us their letter
>to AT&T expressing their anger at the arrest and conviction of Len
>Rose (among other things).  Well, I have to disagree with their
>conclusions in this case -- Len Rose is not an innocent martyr,
>crucified by an evil corporation for benevolently giving unpaid
>support to AT&T software users, as Hansen and Lucas attempted to
>portray him.

Mr. Davies is quite correct when he states that Len was not innocent
of certain criminal acts as defined by current law.  The trial has
come and gone, and Len pleaded guilty.  Mr. Davies even provides
evidence of Mr. Rose's intent. Whether it is 'court-quality' evidence
or not, it should convince the reader that Len was guilty of something
or other.  By checking the references that Mr. Davies provides, his
case of Rose's guilt is made even stronger.  I am stating this since I
want to make it *clear* that I am NOT questioning the guilt of Mr. Rose.

What I must question, however, is what happened to Mr. Rose.

Mr. Rose commited white-collar crimes.  He did not physically injure
or maim or kill anyone.  His crime was money-related.  He did not
steal from a 75 year-old on social security, giving her a kick in the
ribs for good luck on his way out.  The way he was treated, however,
suggests that he committed a crime of the most heinous nature.

For a felony violent crime, I could understand and even in some cases
promote strict treatment of the accused before the trial.  For a white
collar crime that does not threaten the solvency of a company or
persons I cannot.

Len Rose posed a risk to no person or company after his warrant was
served.  Before he was even put on trial, he had almost all of his
belongings taken away, was harassed (in my opinion) by the
authorities, and left without a means for supporting himself and his
family.  Why? Because he had Unix source code.  Does this seem just to
you?  It would be very different if he had 55 warrants for rape and
murder in 48 states listing him as the accused, but he didn't.  He
lost everything *before* the trial, and, as a result, was almost
forced into pleading guilty.  All this for copyright violations, as I
see it, or felony theft as others may see it.

The problem here is the *same* as in the Steve Jackson case.  The
person who was served the warrant (he wasn't even charged yet!!!!)
lost everything.  They were punished not only before a conviction,
before a trial, but before they were even charged with a crime!!!

This, for a non-violent, white-collar crime that did not directly
threaten a person or company with bankruptcy.  In Jackson's case, he
was even innocent!

>Personally, I think that Rose is guilty of the exact same sort of
>behaviour that gives hackers a bad name in the press, and I think that
>you're crazy to be supporting him in this.  Save your indignation for
>true misjustices, ok?

If this isn't an injustice, then I don't know what is.  If this sort
of treatment of the accused seems just to you, Mr. Davies, then may I
suggest a position in the secret police of some Fascist country as a
fitting career move on your part.  The fact that Len was guilty does
not nullify the maltreatment of him, his family, and his equipment
before his trial.  It in no wise makes it right.  This sort of action
gives law enforcement a bad name.  I'm sure that I would share your
views if the accused was a habitual criminal and he
presented a threat to the public.  He wasn't, and presented little or
no threat at the time of the warrant.  Law enforcement is there to
protect the public, and not to convict the guilty.  That is a job for
the courts and a jury of one's peers as stipulated in the U.S.
Constitution.  I suggest you glance at it before you restate that
there was no "misjustice" (sic) here.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Various
Subject: CU News
Date: April 20, 1991

********************************************************************
***  CuD #3.13: File 4 of 4: The CU in the News                  ***
********************************************************************

From: Anonymous
Subject: Newsweek article--Cyberpunks and Constitution
Date:         Wed, 9 Apr 91 16:22:18 EST

                     Cyberpunks and the Constitution
          The fast-changing technologies of the late 20th century pose
           a challenge to American laws and principles of ages past

By PHILLIP ELMER-DEWITT
SAN FRANCISCO

Armed with guns and search warrants, 150 Secret Service agents staged
surprise raids in 14 American cities one morning last May, seizing 42
computers and tens of thousands of floppy disks.  Their target: a
loose-knit group of youthful computer enthusiasts suspected of
trafficking in stolen credit-card numbers, telephone access codes and
other contraband of the information age.  The authorities intended to
send a sharp message to would-be digital desperadoes that computer
crime does not pay.  But in their zeal, they sent a very different
message - one that chilled civil libertarians.  By attempting to crack
down on telephone fraud, they shut down dozens of computer bulletin
boards that may be as fully protected by the U.S. Constitution as the
words on this page.

Do electronic bulletin boards that may list stolen access codes enjoy
protection under the First Amendment?  That was one of the thorny
questions raised last week at an unusual gathering of computer
hackers, law-enforcement officials and legal scholars sponsored by
Computer Professionals for Social Responsibility.  For four days in
California's Silicon Valley, 400 experts struggled to sort out the
implications of applying late-18th century laws and legal principles
to the fast-changing technologies of the late 20th century.

While the gathering was short on answers, it was long on tantalizing
questions.  How can privacy be ensured when computers record every
phone call, cash withdrawal and credit-card transaction?  What
"property rights" can be protected in digital electronic systems that
can create copies that are indistinguishable from the real thing?
What is a "place" in cyberspace, the universe occupied by audio and
video signals traveling across state and national borders at nearly
the speed of light?  Or as Harvard law professor Laurence Tribe aptly
summarized, "When the lines along which our Constitution is drawn warp
or vanish, what happens to the Constitution itself?"

Tribe suggested that the Supreme Court may be incapable of keeping up
with the pace of technological change.  He proposed what many will
consider a radical solution: a 27th Amendment that would make the
information-related freedoms guaranteed in the Bill of Rights fully
applicable "no matter what the technological method or medium" by
which that information is generated, stored or transmitted.  While
such a proposal is unlikely to pass into law, the fact that one of the
country's leading constitutional scholars put it forward may persuade
the judiciary to focus on the issues it raises.  In recent months,
several conflicts involving computer-related privacy and free speech
have surfaced:

-- When subscribers to Prodigy, a 700,000-member information system
owned by Sears and IBM, began posting messages protesting a rate hike,
Prodigy officials banned discussion of the topic in public forums on
the system.  After protesters began sending private mail messages to
other members - and to advertisers - they were summarily kicked off
the network.

-- When Lotus Development Corp. of Cambridge, Mass., announced a joint
venture with Equifax, one of the country's largest credit-rating
bureaus, to sell a personal-computer product that would contain
information on the shopping habits of 120 million U.S. households, it
received 30,000 calls and letters from individuals asking that their
names be removed from the data base.  The project was quietly canceled
in January.

-- When regional telephone companies began offering Caller ID, a
device that displays the phone numbers - including unlisted ones - of
incoming calls, many people viewed it as an invasion of privacy.
Several states have since passed laws requiring phone companies to
offer callers a "blocking" option so that they can choose whether or
not to disclose their numbers.  Pennsylvania has banned the service.

But the hacker dragnets generated the most heat.  Ten months after the
Secret Service shut down the bulletin boards, the government still has
not produced any indictments.  And several similar cases that have
come before courts have been badly flawed.  One Austin-based game
publisher whose bulletin-board system was seized last March is
expected soon to sue the government for violating his civil liberties.

There is certainly plenty of computer crime around.  The Secret
Service claims that U.S. phone companies are losing $1.2 billion a
year anc credit-card providers another $1 billion, largely through
fraudulent use of stolen passwords and access codes.  It is not clear,
however, that the cyberpunks rounded up in dragnets like last May's
are the ones committing the worst offenses.  Those arrested were
mostly teenagers more intent on showing off their computer skills than
padding their bank accounts.  One 14-year-old from New York City, for
instance, apparently specialized in taking over the operation of
remote computer systems and turning them into bulletin boards - for
his friends to play on.  Among his targets, say police, was a Pentagon
computer belonging to the Secretary of the Air Force.  "I regard
unauthorized entry into computer systems as wrong and deserving of
punishment," says Mitch Kapor, the former president of Lotus.

And yet Kapor has emerged as a leading watchdog for freedom in the
information age.  He views the tiny bulletin-board systems as the
forerunners of a public computer network that will eventually connect
households across the country.  Kapor is worried that legal precedents
set today may haunt all Americans in the 21st century.  Thus he is
providing funds to fight for civil liberties in cyberspace the best
way he knows how - one case at a time.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: Cyber City Public Access BBS * Toronto, Canada * 416/593-6000
Subject: Canada is Accused of using Stolen Software
Date: Wed, 10 Apr 91 11:19:48 EDT

(Reprinted with permission:
1. The article must be reproduced in full
2. The Financial Post must be credited somewhere in the article.
The article's date was Friday, April 5th, 1991.)

CANADA IS ACCUSED OF USING STOLEN SOFTWARE

By Eric Reguly and Alan Friedman
Financial Post and Financial Times of London

NEW YORK -- Government agencies in Canada and other countries are using
computer software that was stolen from a Washington-based company by the
U.S. Department of Justice, according to affidavits filed in a U.S.
court case.

In a complex case, several nations, as well as some well-known
Washington insiders - including the national security advisor to former
President Ronald Reagan, Robert McFarlane - are named as allegedly
playing a role.

The affidavits were filed in recent weeks in support of a
Washington-based computer company called Inslaw Inc., which claims that
its case-tracking software, known as Promis, was stolen by the U.S.
Department of Justice and eventually ended up in the hands of the
governments of Israel, Canada and Iraq.

NEW MOTION
Yesterday, lawyers for Inslaw filed a new motion in federal bankruptcy
court in Washington demanding the power to subpoena information from the
Canadian government on how Ottawa came to acquire Promis software.  The
motion states, "The evidence continues to mount that Inslaw's
proprietary software is in Canada."

The affidavits allege that Promis - designed to keep track of cases and
criminals by government agencies - is in use by the RCMP and the
Canadian Security Intelligence Service.

The Canadian Department of Communications is referring calls on the
subject to the department's lawyer, John Lovell in Ottawa, while a CSIS
spokesman will not confirm or deny whether the agency uses the software.
"No one is aware of the program's existence here," Corporal DEnis
Deveau, Ottawa-based spokesman for the RCMP, said yesterday.

The case of Inslaw, which won a court victory against the Justice
Department in 1987, at first glance appears to be an obscure lawsuit by
a small business that was forced into bankruptcy because of the loss of
its proprietary software.

But several members of the Washington establishment are suggesting
Inslaw may have implications for U.S. foreign policy in the Middle East.
The Case already has some unusual aspects.

At least one judge has refused to handle it because of potential
conflicts of interest, and a key lawyer representing Inslaw is Elliot
Richardson, a former U.S. attorney general and ambassador to Britain who
is remembered for his role in standing up to Richard Nixon during the
Watergate scandal.

Richardson yesterday told the Financial Times of London and The
Financial Post that: "Evidence of the widespread ramifications of the
Inslaw case comes from many sources and keeps accumulating."

A curious development in the Inslaw case is that the Department of
Justice has refused to provide documents relating to Inslaw to Jack
Brook, chairman of the Judiciary Committee of the House of
Representatives.

Richardson said, "It remains inexplicable why the Justice Department
consistently refuses to pursue this evidence and resists co-operation
with the Judiciary Committee of the House of Representatives."

The Inslaw case began in 1982 when the company accepted a US $10-million
contract to install its Promis case management software at the
Department of Justice.  In 1983 the government agency stopped paying
Inslaw and the firm went into Chapter 11 bankruptcy proceedings.

Inslaw sued Justice in 1986 and the trial took place a year later.  The
result of the trial in 1987 was a ruling by a federal bankruptcy court
in Inslaw's favor.

The ruling said that the Justice Department "took, converted, stole"
Promis software through "trickery, fraud and deceit" and then conspired
to drive Inslaw out of business.

That ruling, which received little publicity at the time, was upheld by
the U.S. District Court in Washington in 1989, but Justice lodged an
appeal last year in an attempt to overturn the judgement that it must
pay Inslaw US $6.1 million  (C $7.1 million) in damages and US $1.2
million in legal fees.

The affidavits filed in recent weeks relate to an imminent move by
Richardson on behalf of Inslaw to obtain subpoena power in order to
demand copies of the Promis software that the company alleges are
being used by the Central Intelligence Agency and other U.S.
intelligence services that did not purchase the technology from Inslaw.

In the affidavit relating to McFarlane that was filed on March 21, Ari
Ben-Menashe, a former Israeli intelligence officer, claims that
McFarlane had a "special" relationship with Israeli intelligence
officials.  Ben-Menashe alleges that in a 1982 meeting in Tel Aviv, he
was told that Israeli intelligence received the software from McFarlane.

FLORIDA COMPANY

McFarlane has stated that he is "very puzzled" by the allegations that
he passed any of the software to Israel.  He has termed the claims
"absolutely false".

Another strange development is the status of Michael Riconosciuto, a
potential witness for Inslaw who once worked with a Florida company that
sought to develop weapons, including fuel-air explosives and chemical
agents.

Riconosciuto claimed in his affidavit that in February he was called by
a former Justice Department official who warned him against co-op
with the House Judiciary Committee's investigation into Inslaw.
Riconosciuto was arrested last weekend on drug charges, but claimed he
had been "set up".

In his March 21 affidavit, Riconosciuto says he modified Promis software
for law enforcement and intelligence agencies.  "Some of the
modifications that I made were specifically designed to facilitate the
implementation of Promis within two agencies of the government of
Canada...  The propriety (sic) version of Promis, as modified by me,
was, in fact, implemented in both the RCMP and the CSIS in Canada."

On Monday, Richardson and other lawyers for Inslaw will file a motion in
court seeking the power to subpoena copies of the Promis software from
U.S. Intelligence agencies.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: fitz@WANG.COM(Tom Fitzgerald)
Subject: Police confiscate computer equipment dialing wrong number
Date: Mon, 15 Apr 91 19:11:51 EDT

<><><><><><><>  T h e   V O G O N   N e w s   S e r v i c e  <><><><><><><><>

Edition : 2301              Monday 15-Apr-1991           Circulation :  8526

                                      [Mike Taylor, VNS Correspondent]
                                      [Littleton, MA, USA            ]

         Police Confiscate Computer Equipment Dialing Wrong Number

    SAN LUIS OBISPO, CALIFORNIA, U.S.A., 1991 APR 3 (NB) --Ron Hopson
    got a call at work from his neighbor who informed him police broke
    down his front door, and were confiscating his computer equipment.
    The report, in the San Luis Obispo (SLO)  Telegram-Tribune, quoted
    Hopson as saying, "They took my stuff,  they rummaged through my
    house, and all the time I was trying to  figure out what I did, what
    this was about. I didn't have any idea."

    According to the Telegram-Tribune, Hopson and three others were
    accused by police of attempting to break into the bulletin board
    system (BBS) containing patient records of SLO dermatologists
    Longabaugh and Herton. District Attorney Stephen Brown told
    Newsbytes that even though the suspects (two of which are Cal Poly
    students) did not know each other, search warrants were issued after
    their phone numbers were traced by police as numbers  attempting
    access to the dermatologists' system by modem "more than three times
    in a single day."

    Brown told Newsbytes the police wouldn't have been as  concerned if
    it had been the BBS of a non-medical related company, but faced with
    people trying to obtaining illegal narcotics by calling pharmacies
    with fraudulent information...

    What the suspects had in common was the dermatologists' BBS phone
    number programmed into their telecommunications software as the
    Cygnus XI BBS. According to John Ewing, secretary of the SLO
    Personal Computer Users Group (SLO PC UG), the Cygnus XI BBS was a
    public BBS that operated in SLO, but the system operator (sysop)
    moved less than a year ago and discontinued the board. It appears
    the dermatologists inherited the number.

    John Ewing, SLO PCUG editor, commented in the SLO PC UG  newsletter,
    "My personal opinion is that the phone number [for the Cygnus XI
    BBS] is still listed in personal dialing directories as Cygnus XI,
    and people are innocently calling to exchange information and
    download files. These so-called hackers know that the password they
    used worked in the past and attempt to connect several times. The
    password may even be recorded as a script file [an automatic log-on
    file]. If this is the case, my sympathies go out to those who have
    had their hardware and software confiscated."

    Bob Ward, secretary of the SLO PC UG, told Newsbytes, "The number
    [for Cygnus XI] could have been passed around the world. And, as a
    new user, it would be easy to make three mistaken calls. The board
    has no opening screen, it just asks for a password. So, you call
    once with your password, once more trying the word NEW, and again to
    try GUEST."

    %contributed by Barry Wright to RISKS-FORUM Digest V4.38%
    %contributed by Wes Plouff%

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
        Please send subscription and backissue requests to CASEE::VNS

    Permission to copy material from this VNS is granted (per DIGITAL PP&P)
    provided that the message header for the issue and credit lines for the
    VNS correspondent and original source are retained in the copy.

<><><><><><><>   VNS Edition : 2301      Monday 15-Apr-1991   <><><><><><><>

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=====

From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: The CU in South Africa (Reprint from Mondo)
Date: 10 Apr 91 01:24:37 EDT

This 'letter to the editor' appeared in the Winter '91 issue of _Mondo
2000_.  It provides insight and a first hand account of CU interest in
South Africa.
-------
Great that you could help us information hackers down here in South
Africa.  Things are probably a lot more simple in our country than yours
- recent events such as a march on the South Africa Broadcasting
Corporation SABC, demanding that they free the airwaves will recall
similar events in the 60's USA.  Our brains have stagnated in a cultural
wilderness which has more in common with your local totalitarian
bananastate than the subtle manipulations of western 'democracy.'
Anyway, I mean 'simple' in the sense that two thirds of our population
has no electricity. Solution = give them electricity.  Our country
produces 60% of Africa's electric output so there is more than enough.
But here's where you people are important: tho achieve any of the
seemingly simple goals of basic human rights we need to know how to hack
information really well. High tech has the capability of processing and
transmitting large amounts of info, a characteristic that the security
branch and Dept. for Information found really useful in tracking down
radicals.

Example: in one case someone on the run used his Autobank ATM card - it
was promptly swallowed and when he enquired as to the reason at his
friendly bank - he was promptly arrested - yes, they actually programmed
the ATM to trap those in the underground.  Now activists have realized
that to counter such a monopoly on tech-know-how and manipulation, they
have to become techno-radicals, hackers of the establishments of
knowledge, etc.  We're working with a group of former teachers who have
been given computers by the government in 1985 to appease the local
community (a rather pathetic attempt) who then subsequently decided to
use those 'gifts' against the very people who had given them - by
radicalizing computers and spreading this knowledge.  We have made
copies of your very relevant mag and distributed to those individuals
able to carry out hacking attempts.  You're important players in the
process of spreading the hacking ethic via the print media - something
which should not be under-estimated, especially in a country such as ours
where merely being able to read is in itself a revolutionary act.  The
Kagenna project is one which has attempted to use the ethic - by letting
information loose into a stagnant society - anything can happen.  The
green hue is both important and convenient - in a country of many
barriers, it is one of the few topics which cuts across all prejudices of
race and class.  We probably seem pretty tame to you folks, but in the
absence of independent media, we tread a fine line.  So if you keep
sending us the MONDOs, we will Kagenna plus updates on hacking here and
any interesting info we come across - let us know whether this is fine
with you.  We await the birth of the African Cyberpunk Hacker Movement -
a somewhat difficult labour.

Yours in solidarity,

Ted Head (kagenna techno-peasant)
PO Box 4713
Cape Town 8000
New South Africa.

SOURCE: MONDO 2000 #3 (Winter 1991)  pp 14-15 "Letters/FAX/Email"

********************************************************************

------------------------------

                         **END OF CuD #3.13**
********************************************************************