Computer underground Digest    Sun, Nov 3, 1991   Volume 3 : Issue 39

       Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)

CONTENTS, #3.39 ( November 3, 1991)
File 1: Moderator's Corner--Brendan Kehoe's FTP information
File 2: The Secret Service and Protection of Privacy
File 3: Re: Response to Bill Vajk's FOIA Piece
File 4: Letters from Prison: Installment #1
File 5: Diehard 2 And Hacking
File 6: Re: CuD - Now It Can Be Told
File 7: Is the Government creating malign hackers?

Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.20),
chsun1.spc.uchicago.edu, and dagon.acc.stolaf.edu.  To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted as long as the source
is cited.  Some authors do copyright their material, and they should
be contacted for reprint permission.  It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground.  Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: 3 Nov 91 11:32:33 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Moderator's Corner--Brendan Kehoe's FTP information

  >I would like to announce the release of the first issue
  >of 'Informatik'.  Informatik #1 is available by
  >anonymous ftp at uunet.uu.net under:
  >tmp/inform1.Z
  >tmp/inform1.txt

Brendan Kehoe reminds everybody that this is in the CuD archives as
misc/inform-1.1.Z.  (For future reference, anybody saying something
'released on uunet in /tmp/blah' is most likely not condoned by UUnet,
and isn't guaranteed to be there.)

Brendan also worked to establish an Australian shadow of the CuD
archives at the University of Melbourne.  It's on ftp.ee.mu.oz.au
[128.250.1.80] in pub/text/CuD.  Everything on ftp.cs.widener.edu and
chsun1.sps.uchicago.edu will be there.  We *STRONGLY* encourage all
Australian readers to FTP to this machine, to save the international
link.

Thanks to Daniel Carosone for all of his help.  And to Libby on
general principle.

------------------------------

Date: Thu Oct 24 16:38:35 1991
From: igloo!learn@DELTA.EECS.NWU.EDU
Subject: File 2--The Secret Service and Protection of Privacy

((Moderators' note: Bill Vajk and Glenn Roberts have recently obtained
several reams of Secret Service files under the Freedom of Information
Act related to Len Rose's case. Some of this information appears to
include the names of net people, and as the file by Gordon Meyer
indicates, having your name on a list could be sufficient to earn the
"victim" a file of their own)).

The following is an accurate representation of some of the techniques
the United States Secret Service uses to protect the privacy of
citizens from the prying eyes of those who make Freedom of Information
requests regarding investigations. The following excerpt will be
familiar to many who have been paying attention to US Secret Service
activities for the past year.

NOTE: X, Y, and Z are blankouts by your public servants.

======================================================================

TELECOM Digest     Sat, 27 Oct 90 16:54:32 CDT    Volume 10 : Issue 766

[......]

On his final day of employment, Mr. Rose was visited by federal agent
XXXXXXXXX, the fellow who has been involved with much of the Operation
Sun Devil investigation since the beginning. On the advice of his
attorney, Mr. Rose declined to speak with YYYYYYYYY at the time.

[......]

As ZZZZZZZZZZ points out in the current issue of %Computer Underground
Digest% something very strange is going on ... I refer you to the
current issue of CuD for more specifics on this case. If you are a
subscriber to CuD, you should have received an issue on Saturday
morning with this story. If not, and you'd like to subscribe, then
write the Moderators with your request:  tk0jut2@niu.bitnet.

[......]

Was this latest turn of events a 'set up' of some kind, or a
conspiracy against Len Rose? It seems doubtful, yet if the new charges
against him are true, then he must be a very self-destructive
individual. Quite honestly, I was shocked to receive this report a few
days ago from Jim Thomas (I promised not to publish it until he did),
and I really don't know what to think. I do feel terribly sorry for
his wife and children at this point, alone in a strange place without
the resources they need for survival.

==========================================================================

Need any hints ?

X is "Tim Foley". Y is "Mr. Foley". Z is "Jim Thomas", although they missed
him with their whiteout brush in the second instance in the subsequent
paragraph. They also obviously did not recognize tk0jut2@niu.bitnet
as much an identifier as any name.

>From reading the text above, for which we have available the original
as a publicly posted article in comp.dcom.telecom, and our understanding
of the context of the information, it is obvious that the individuals
reviewing the documents with a commendable intention to preserve the
privacy of innocent individuals are oblivious to realities of any sort
regarding the cases they are reviewing.

This, I suggest, makes them a danger to the privacy we demand regarding
innocent individuals happening into investigative webs. The other side
of the double edged sword is equally as bad. Such practices on a
continuing basis create an effective shield concealing the very
misbehaviors which the Freedom Of Information Act intended to expose
to public scrutiny. Federal agents acted on our behalf. The government
wishes to keep their agent names a secret, out of the public eye. Does
this not resemble, in highly disturbing ways, the SECRET POLICE of
other nations in other times ? This trend is not limited to the
Secret Service. The FBI also routinely deletes agent names from
reports released under FOIA. The government, as an entity, demands
more privacy for themselves than they wish to permit to society as
a whole.

And the now famous article posted by Len Rose to the network
deteriorates another nonsensical tidbit under the government
censor's hand. It appears as follows in the documents released
by the Secret Service:

    "Hi. I got fired Friday. They had %%%%%%%%%%%% article in
     their hands when they told me the pleasant news."

Hey there, John. Aren't you proud of how the government is
safeguarding your privacy and your name ? There was a toasty
flamewar on usenet about this article. But of course, the folks
reviewing the documents hadn't a clue. They don't really know
what they are doing, and it isn't their fault. The system, which
has succumbed to entropy, is at fault.

Full Disclosure recently received a mountain of documents from the
Government. What I've described here is just the smallest bit
of the tip of an iceberg. Glen Roberts and I have a lot of analysis
to do. In some respects, the government has made the analysis a bit
more difficult, a bit more time consuming. In spite of their generally
contrary nature in such regards, they have nonetheless given us a
better insight into some of the issues and detail perplexing us.

It is to be noted that the documents we have received contain
the first formal evidence that law enforcement agencies are not
only interested in the doings and discussions on Usenet, but also
they have sought out and incorporated such discussions into the
official records of their investigations. Up to this point, such
thoughts have been hearsay and guessing by those of us not directly
involved with law enforcement agencies in these regards.

------------------------------

Date: Fri, 25 Oct 91 8:57:22 CDT
From: bei@DOGFACE.AUSTIN.TX.US(Bob Izenberg)
Subject: File 3--Re: Response to Bill Vajk's FOIA Piece

I've just read Bill Vajk's excerpts (a digest of digests of Digests,
if you will) from the Secret Service's reply to his FOIA request.  A
movie-going fool like me sees it as America's Finest nervously
regarding the Usenet Tall Black Monolith that now graces their veldt.
In time, they'll understand it and possibly even be positively changed
by it, but for now the SS lurkers are as primates checking out the
first subliminal motivation tape...

> From reading the text above, for which we have available the original
> as a publicly posted article in comp.dcom.telecom, and our understanding
> of the context of the information,

Is it common practice to blank out the names of individuals from
published newspaper or broadcast coverage?  The material in question,
as Bill notes, isn't the recorded conversation of an investigation
subject and a confidential informant.  It's the subject of an
investigation being discussed in a public forum.

> This, I suggest, makes them a danger to the privacy we demand regarding
> innocent individuals happening into investigative webs. The other side
> of the double edged sword is equally as bad.

A more mundane explanation suggests itself for the snipping of the
names of agents and technical sources from the documents provided.
Some of those folks whose names are Not To Be Read Aloud have had
their names read aloud in civil court, as defendants.  When people may
have been wobbling over the thin blue line like a dented gyroscope,
the desire for anonymity is understandable.

> Such practices on a
> continuing basis create an effective shield concealing the very
> misbehaviors which the Freedom Of Information Act intended to expose
> to public scrutiny.

As Bill and others who've received the information can attest, the
volume of information provided to their FOIA request is substantial.
In this case, the Secret Service's compliance with Bill and Glen's
request would do a lawyer litigating a defective product claim for GE
proud.  One of the documents provided, a list of the name of every
file on one individual's computer, is the size of a major city's
phonebook.  Filing an FOIA request is like asking a genie for "a
little head":  You may not be happy with the results.

> The government, as an entity, demands
> more privacy for themselves than they wish to permit to society as
> a whole.

What else can a collective consciousness like a government
organization say on the subject of personal privacy but "Privacy is
irrelevant.  Society is irrelevant.  We do what we have to do to
enforce whatever rules that we set." (I'd have thrown in "Resistance
is futile" but everybody gets the Secret Service - The Next Generation
metaphor by now, right?)

> But of course, the folks
> reviewing the documents hadn't a clue. They don't really know
> what they are doing, and it isn't their fault. The system, which
> has succumbed to entropy, is at fault.

Of course it's their fault.  Computers have been with us in one form
or another for almost half of this century, and personal computers
have been around for over a decade.  What keeps the ignorance level
high as a whole is the "us and them" principle.  Paranoia and
laziness, nothing more.

> Glen Roberts and I have a lot of analysis
> to do. In some respects, the government has made the analysis a bit
> more difficult, a bit more time consuming. In spite of their generally
> contrary nature in such regards, they have nonetheless given us a
> better insight into some of the issues and detail perplexing us.

Well, then it was accidental.  Governmental replies to FOIA requests
are grudging at best, and can take the form of the legal threat "I'm
going to paper you to death."  Bill and Glen should be commended, or
at least bought a beer, for slogging through the pounds of old laundry
lists, public messages scissored up like WWII V-mail and whatever else
these rabid pitbulls salvage from their cockeyed monitoring of our
publicly expressed thoughts and deeds.  Side note: It would have been
interesting to read the response to a request for these documents *in
electronic form*.  We are talking about email, online newsletters and
digests, after all.  A case could be made that the original
information that was requested was on a disk, not on paper.
Considering all the names whited out of the documents, a form
outlining chain of ownership of the documents from disk to paper would
have so many omissions as to be meaningless.  The assertion that the
documents, which were evidence in a criminal investigation, were not
altered before printing is one that I'd like to see someone's name
associated with without concealment.

------------------------------

TRANSCRIPTION NOTES:

The following is a transcription of documents received from the US
Secret Service in response to a Freedom Of Information Act (FOIA)
request I filed in April of 1991.  In that request I asked for all
records pertaining to myself, and those of SummerCon '88 which I
attended.

I received three, heavily censored, photocopies in response.  The
complete contents of those pages are reproduced here.  Because the SS
uses a "white out" technique to censor information, it is difficult
to determine exactly how many lines or words have been deleted.  The
places marked [censored] below are my estimates of the number of
missing lines of text.  GRM 10/30/91

+++++++++++++++++++++++++++++++++++


                      DEPARTMENT OF THE TREASURY
                     UNITED STATES SECRET SERVICE

                                              X-REF: 404-704-13800
                                           X-REF: J-201-775-115386-S
ORIGIN: Field     OFFICE: Chicago, Illinois  CASE NO: 201-775-115729-S

TYPE OF CASE          STATUS               TITLE OR CAPTION

Computer Fraud        Closed               Gordon R. Meyer
                          10/12/90
                     [written in]

INVESTIGATION MADE AT            PERIOD COVERED

Chicago & DeKalb,
Illinois                          01/19/90 - 08/01/90

INVESTIGATION MADE BY

SA [censored]


                            _SYNOPSIS_
                Investigation has not disclosed any
                illegal activity by Meyer, only [censored]
                [censored]
                [censored]
                [censored]              This case is being
                closed.

_INTRODUCTION_

This case developed as an extension of the Chicago cross-referenced
case.  [censored]
[censored]                               A high interest of
"hacking" and the "Phrack" magazine on the part of Gordon Meyer, a
student at Northern Illinois University.  Meyer, aka: "Hatchet Molly",


DISTRIBUTION     COPIES     REPORT MADE BY       DATE DICTATED

Chicago          Orig.      [censored]            08/23/90
                            Special Agent        DATE TYPED
Fraud Division   1cc                              08/24/90
                            APPROVED             DATE SIGNED
                              [signature]         8/27/90
                            Patrick T McDonnel   DATE APPROVED
                            SPECIAL AGENT IN      9/20/90
                            CHARGE

                      ++++[end of page one] ++++


                                          201-775-115729-S
                                          08/23/90
                                          Page 2

also appears on the "Internet Directory of hackers, January 5, 1989",
a list of hackers released in a "Phrack" issue by
[censored]

Reference is made to all M/R's in the Chicago cross-referenced case,
J-201-775-115386-S, the latest being that of SA [censored] dated
5/190, [sic] wherein that case was continued pending judicial action.

_DETAILS OF INVESTIGATION_

[censored]
[censored]
[censored]  an attempted was made to determine the extent, if any, of
Gordon Meyer's, aka: Hatchet Molly, involvement with [censored] and
the Legion of Doom.

On 2/23/90, a Grand Jury subpoena was served on [censored]
[censored]

[rest of page has been censored]

              +++++++++++[end of page two]++++++++++++++

                                  201-775-115729-S
                                  08/23/90
                                  Page 3
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]
[censored]

Investigation to date has not revealed any "hacking" activities by
Gordon Meyer.  As discussed with AUSA [censored] and SA [censored]
Meyer's possession of the E911 text as published in the Phrack
newsletter, did not warrant a personal interview.

NCIC checks were conducted with negative results.

_DEFENDANTS/SUSPECTS_

Gordon R. Meyer - Suspect

_JUDICIAL ACTION_

On 3/22/90, AUSA [censored] issued a Grand Jury subpoena

[censored]
[censored]
[censored]
[censored]
[censored]

After review of the above material, I discussed this case with AUSA
[censored].  Based on this review and the lack of significant
findings, a personal interview of Meyer was deemed no appropriate.

_DISPOSITION_

No substantive leads were developed in this case.  This case is being
closed.

            ++++++++[end of page three]+++++++++++++++++++

         ++++++++[end of FOIA-obtained documents]++++++++++++

------------------------------

Date: Thu, 24 Oct 91 4:21:33 EDT
From: "Len.Rose@federal.prison.on.our.tax.dollars.edu"
Subject: File 4--Letters from Prison: Installment #1

((Moderators' Note: Len Rose pled guilty to possession of unlicensed
source AT&T Unix source code and was sentenced to a year in prison.
Many of us feel that Len's sentence was unjustly harsh.  We've
received several long letters from Len, and he has given us permission
to reprint them in installments.  The single dominant theme is that
prisons are lonely, desolate places, and that even a minimum security
(Level-I) institution can by psychologically devastating)).

"Letters from Prison: Part of the Story."
By Len Rose (October, 1991)

Greetings from prison!

I have been here almost four months, and have six and a half left
before I can return to my family. Time passes very slowly here. I am
not sure if I will have a family to return to, but there is nothing I
can do to save them.  I'll discuss all of that in a few moments.

First, a general scenario. Prison life has been what I expected, with
a few excruciating exceptions. I'll elaborate on these, but let me say
that my life here has been easy. I live in a dormitory, along with 80
other convicts.  We have small, open cubicles, each containing a bunk
bed, two small lockers, a small desk, and one waste basket. For
someone with military experience, (I had six years of it), having to
perform tasks such as making beds (military style), stripping and
waxing floors, and generally maintaining the room in spotless
conditions is easy.

My work is easy. I pick up cigarette butts all day. We work seven hours
a day, five days a week. I get paid 12 cents an hour. It sounds like a
bad deal, unless you consider I get other benefits such as a place to
sleep, clothing, and of course food. Ah. The food. Well, I don't eat
breakfast often. It's not bad as far as breakfasts go. I won't say
anything more about that meal, except to mention the coffee. If you
can call it that. I don't. It's brown colored water. We have developed
theories as to where the coffee goes, but no one is certain. We
just know that we don't get it. Lunch isn't bad either. There are days
when it's actually edible. Ditto for supper. From looking at the weekly
menu, one could say that we are fed well.  However, the food is not
prepared correctly, and is often ruined. There are several factors
involved, none of which reflect anything wrong with the Bureau of
Prisons. The food is prepared by convicts, some of whom actually care
about their fellow convicts and take pride in their work.  The
majority of kitchen workers here, however, are bitter, unhappy people
who do the least they can get by with, and not face disciplinary
actions. The dishes and utensils are dirty. I have learned how to
sort through stacks of plates, rummage through utensil dispensers,
and choose clean cups. Again, I don't blame the BoP for this, since
they have to use the employees--whoops, convicts--they have available.

We compete weekly for the privilege of being called first to lunch and
supper. It's based on the scores we receive from an inspection of our
dorms. Once a week, we're inspected, and the dormitory that looks the
best wins the chance to eat first. There is a paradox here. One could
wonder why people are motivated to strive for this honor, but after
adapting to the food, learning that hunger is worse, you would be
surprised. Also, when you are the fifth or sixth dorm, you discover
that a lot of the "good" food is gone, and you have to eat what's
left. The dining hall is organized like a large cafeteria, with
two lines for food. There is also a salad bar.  (Thank God for the
salad bar). Well, enough said about the food.

Mail. When I first got here, we were called by dormitory each evening
to receive mail. An officer (or "hack") in convict language) would
pass out the mail in a circle of approximately 80 convicts. (If the word
"convict" assaults your sensibilities, feel free to substitute the word
inmate, guest, members, etc). It reminds me of army boot camp. I
cannot ever impress upon anyone the enormous importance of mail to
someone who has not been in jail or prison for any length of time. I am
not being dramatic.  It is a lifeline to a life that used to be. A link
with people you love and miss so badly it hurts. An affirmation that
you are still a person and somewhere out there is someone who
still cares. One letter can make the difference between sinking in utter
despair or gaining enough strength to last one more day. I will
never, never forget those kind people who've had the patience and
compassion to carry on a correspondence with me here. It has not been
easy for them, I am sure. God bless them all.

We can only receive mail Monday thru Friday, thus the weekends are
bleak for me. Many other convicts feel differently since they can
receive visits on the weekends. Since my wife and children are so far
away and can't afford to come see me, I'll never get a visit. To
combat my growing depression that seemed to materialize every Friday
evening, I volunteered to work on the weekends. It has helped a lot.
For those who are fortunate enough to receive visits, it's very nice.

There is a large visitor area with both indoor and outdoor areas.
They can spend an entire day with their visitors (usually wives and
children), often being able to hug and kiss a lot. I have been told
there is a lot of opportunity for mutual masturbation. Pitiful when
viewed by someone outside the system, but it's amazing what lovers
will do when they are forced into this situation. I have also heard of
the occasional brave souls who have actually consummated the act of
making love. I am told it's difficult, but not impossible. The visitor
area is under the constant scrutiny of at least two oficers. I would
not demean myself or my wife in such circumstances, but then again--I
have not been imprisoned very long.

I would give a year of my life to just be able to see my wife and
children. I can't express myself any other way, since it really is
the truth. I don't intend to be histrionic. "Just the facts, Man!" I
think that's enough on that subject too. (Sigh!).

------------------------------

Date: Thu, 31 Oct 91 16:42:31 AST
From: iq/sju@OAMICUS.FIDONET.ORG(Timothy Buchanan)
Subject: File 5--Diehard 2 And Hacking

KB>terrorists.  The second piece related to computer terrorism.  In it we
KB>showed footage of Die Hard 2, which was viewed at a congressional
KB>hearing as an example of how vulnerable we are, and how what happened
KB>in that movie could happen in real life.

No, Krista, it could NOT.

In this movie, terrorists cut a cable near a major airport and "hack"
into "the air traffic control system". They seize communications,
control radar and flight data, and cause an airliner to crash by
resetting an instrument landing system.

Each tower has several means of talking to airplanes, including a
portable radio. It would be impossible to block all radio channels. Do
you think that the pilot would circle helplessly until out of fuel, as
shown in the film? He would contact another FAA facility and his
company, and if necessary exercise his pilot in command authority and
take his aircraft elsewhere.

Radar and Flight Data processing are two different functions. It is
not possible to connect into a computer and steal these functions,
although they could be disrupted. Again, the pilot and the FAA have
other means to deal with loss of data.

The landing system depicted does not exist, but appears to be a
combination of an ILS (instrument landing system) and GCA (ground
controlled approach). This last is only used at a few military fields.
It would be possible to interfere with an ILS, but not to reset it as
shown so as to lead a pilot into the ground. Also, the pilot has
several systems in his aircraft to provide altitude information,
including a radar altimeter and ground proximity warning system which
are independent of the ground. When these warned him of low altitude,
he would go-around.

In short, the movie is entertaining but has little basis in fact. Air
traffic functions, like any aspect of society, are vulnerable to
terrorists but this would involve hacking with an axe, not computer
hacking.

What is your reason for stating so baldly that such a film could
happen in real life? It is entertainment, like Geraldo's TV show.
Don't confuse it with information.

I have worked for the FAA for eleven years as a controller and
trainer, and have some knowledge of the automation systems. I am also
an IFR rated pilot.

------------------------------

From: chris@ZETACO.COM(Chris Johnson)
Subject: File 6--Re: CuD - Now It Can Be Told
Date: Wed, 30 Oct 91 13:22:34 CST

I have a strong disagreement with Krista's position as stated above
(CuD 3.38). Yes, the "media" is made up of individual "reporters", just
as the software industry is made up of individual "programmers" in
part.  It is also true that we, as parties interested in fair
representation of, and public education about cyberspace, have an
obligation (to ourselves) to make sure the media individuals get the
information and education they need to deliver the messages we want to
see delivered.

However, this does not excuse those individuals in "media" in any way.
They have chosen to work in the field, and thus can be assumed to have
chosen "journalism" as a profession.  A professional journalist makes
it her or his duty to become educated about the topics she or he will
be reporting and presenting to the public.  A professional journalist
has a set of ethics and standards to adhere to, and ignorance and
misrepresentation are _not_ among them.

Krista's statements sound much like those of other media apologists.
I argue it is her and other "media" reporters' obligation to find out
the facts, to educate themselves about their chosen topics, and to
contact individuals who have expertise in those areas to get the
correct message.

We will do our part, I hope.  Will the "media" do theirs?

------------------------------

Date: 03 Nov 91 20:57:47 EST
From: Adam Rice <76177.42@COMPUSERVE.COM>
Subject: File 7--Is the Government creating malign hackers?

Permit me to tell you all a story from my college days.

I had a friend, John, who was a resident advisor at a big dorm on
campus. His residents were all freshmen, and it adjoined the section
where most of the football players lived. As you can probably imagine,
these football players could get pretty rowdy, and especially liked to
give freshmen a hard time. Now one of John's residents was a
politically-conscious hacker, who had a lot of politcal cartoons on
his door. One of the football players ripped these down one day. The
next day, this freshmen posted a sign on his door that read something
like this: "To the guy who ripped down all my cartoons: I know who you
are. Your credit rating and your GPA are history."

John walked into his room with a grin, ripped the sign down, and said
"Hey, why advertise?"

It occurs to me that up to now, most of the hacking that this country
has seen has been relatively benign: more on the level of pranks than
sabotage, although it easily could become the latter. I have to wonder
if any of these gung-ho law enforcement officials have considered that
they could, possibly, take a "benign" hacker and piss him off
sufficiently to turn him "cancerous," probably striking back
specifically at those who had given him grief. What to do about this?
I don't know, really. As long as cyberspace remains in the legal
twilight zone it's in, we can probably expect more unprovoked arrests
and unconstitutional infringements of liberties, though. Sooner or
later, the authorities will tangle with the wrong guy, I have a
feeling.

------------------------------

End of Computer Underground Digest #3.39
************************************