Computer underground Digest Sun Apr 19, 1992 Volume 4 : Issue 18 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Associate Editor: Etaion Shrdlu, Jr. Arcmeisters: Brendan Kehoe and Bob Kusumoto CONTENTS, #4.18 (Apr 19, 1992) File 1--The Good, the Bad, and Ugly Facts File 2--"Internet tapped for global virtual publishing enterprise" File 3--Medical Data Base (WSJ) File 4--re California drug forfeiture increases File 5--First Amendment semi-void in electronic frontier ?? File 6--Summary of 2nd Conference on Computers, Freedom, Privacy File 7--SUMMARY AND UPDATE: alt.* Removal at UNL File 8--Those Evil Hackers (San Jose Busts AP Reprint) File 9--Nationwide Web of Criminal Hackers Charged (NEWSBYTES) File 10--"Hacker Ring Broken Up" (NYT) Issues of CuD can be found in the Usenet alt.society.cu-digest news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail with the subject "help" (without the quotes) to archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Fri, 17 Apr 92 15:07:13 EDT From: Jerry Leichter <leichter@LRW.COM> Subject: File 1--The Good, the Bad, and Ugly Facts CuD 4.11 contains a reprint of a DFP article by one "max%underg@uunet.uu.net". The article makes two broad sets of points: 1. There is no real difference between the "good" hackers of yore and the "bad" hackers of today. His quotes from Levy's "Hackers: Heroes of the Computer Revolution" demonstrate that these heroes were involved in such things as password cracking, phone phreaking, and so on. 2. "Information" and "computers" should be free, hackers are just trying to learn, there is nothing wrong with learning. Point 2 I don't want to get into; it's old, tired, and if you don't recognize it for its moral bankruptcy by this time, nothing I can say will change your mind. Point 1 I agree with. I was there, and I saw it happen. In fact, I was involved in it. I broke into my share of systems, used resources without paying for them, caused accidental system crashes that disrupted people's work, and so on. (I never did get involved with phone phreaking. I was one of many who dug up the Bell System Technical Journal article that gave you all the information you needed to build a blue box, and I knew the technical details of several other tricks - but I thought that phreaking was theft even in the early '70's.) Max ends by saying: It is my contention that hackers did not change. Society changed, and it changed for the worse. The environment the early hackers were working in correctly viewed these activities as the desire to utilize technology in a personal way.... In a way he is correct. (The rest of the paragraph continues with the usual pseudo-socialist twaddle about the evils of the profit motive, elitism, snobbery, and such, but we'll ignore that.) Moral decisions are not made in a vacuum. Nor, in a decent society, are laws chosen without a social and moral context. When the first "airplane hackers" began working on their devices, they were free to do essentially as they pleased. If they crashed and killed themselves well, that was too bad for them. If their planes worked - so much the better. After it became possible to build working airplanes, there followed a period in which anyone could build one and fly anywhere he liked. But in the long run that became untenable. An increasing number of planes became too much of a hazard, to each other and to uninvolved people on the ground. Further, people came to rely on air transport; interference with it came to be unacceptable. If you want to fly today, you must get a license. You must work within a whole set of regulations, regulations that may be inconvenient for *you*, but that's really too bad: You don't live alone, you live in a society that is entitled, in fact *required*, to protect its members. The same goes for many other technologies, ranging from automobiles to radio transmitters. Think about all the regulations governing your use of an automobile - not just the requirement that you be licensed, that you be insured (in most states), that you follow various rules of the road, but even that you have pollution control equipment that, for you personally, adds nothing but extra cost. Max seems to have no understanding of history, of how things change over time. He has no vision of the world that the early hackers were operating in. The computers they were hacking at were not being used for critical things. They were almost entirely at universities, being used for research. It's hard to imagine, with the reliable machines of today, but a system in those days that ran for 24 hours without a crash was doing very well. Yes, crashes caused by hackers were an inconvenience - but people expected crashes anyway, so they planned for them. Disks were small, expensive, and given to head crashes. Few people stored permanent data on them. There was little of interest to be found by browsing on most systems, and certainly nothing sensitive. Systems were stand-alone islands. There was no Internet; there were few dialins. Systems actually doing significant work, systems containing sensitive data - business and government systems - were locked in rooms with no external access. No one thought about hacking these because no one could get to them. Even in those times, what I and others did was at best ethically questionable. None of the people I hacked with ever doubted that; none of us doubted that if we got caught, we could get into trouble. As it happened, I was never caught - but several of my friends were. Their accounts were terminated, which could be a major inconvenience, as they had actual work to do on those systems. And in those days, running off to the local Sears and buying a PC was not an option. Let's not put halos on hackers past. The times were different; the systems were different. The social scale was different: The hackers Levy celebrates were operating within communities of at most a few tens of people, most of whom knew each other. Today's hacker works in an Internet community numbering in the tens of thousands. It's much easier to trust people you know or "might easily know". Besides, within those communities, even the people were different: Systems were not being used by non-technical people. Much of what we know now - about how to build secure systems, about the existence of deliberately destructive programmers - we didn't know then. The same actions we might have applauded in "the golden age" would draw only opprobrium today. This is not just a matter of *technological* change, nor is it a matter of society becoming less understanding: Even if the only thing that had happened between 1970 and today were that *the same* computers had been duplicated and had become widely used for important things, the argument would have remained the same. The following is broad generalization, but I don't think it's completely out of line. Today's college kids are caught in a time of diminished expectations. Whatever the actual *realities*, they must certainly look back at the romanticized '60's and '70's they hear about as a time of free sex without worry, wild parties with free consumption of drugs or alcohol, revolution and hope and grass in the air, and so on. They've been led to expect that they will start their lives at an economic level comparable to what their parents have today, but they also see that for many of them that will prove impossible to accomplish. The dissonance is painful; the feeling that somehow they've been cheated out of something they are due must be profound. Hacking, in the broad sense, has always provided an escape from the harsh realities of the outside world, escape to a world that seems manageable, a world in which the hacker could imagine himself superior to the "establishment" which everywhere else imposes controls on him. The '60's-style language, the pseudo-socialism, the utopian views of the world as an information-based commune within which greed and hate and the profit motive would all fade away, all this in the language of the cracker apologists is a clear echo of the rhetoric of the '60's. That's where those dreams spring from. America is no longer to be "greened"; it's to be "fibered" and "digitized". Timothy Leary no longer needs to preach dropping out through acid; he can now preach dropping out to virtual reality. There really isn't all that much of a difference. I'm sorry Max and his friends missed out on those wild and wooly times; they seem to come along every forty or fifty years or so, so perhaps their (our) children will see them again. I'm sorry that it must seem unfair and "elitist" to him that things we could get away with in those days bring severe punishment today. But history marches on; all of us, individually and collectively, must grow up. ------------------------------ Date: Mon, 13 Apr 92 1:55:34 EDT From: <Michael.Rosen@LAMBADA.OIT.UNC.EDU> Subject: File 2--"Internet tapped for global virtual publishing enterprise" Computerworld, 3/23/92, p.? By Gary H. Anthes, CW Staff "At negligible cost, in the span of a few weeks, an entirely virtual global publishing network involving nearly 150 correspondents has been assembled," Anthony M. Rutkowski, editor in chief of the _Internet Society News_, wrote in the first issue of the magazine, which was recently published. The cover of the slick, 50-page publication asks, "Where in the world is the Internet?" The answer is nearly everywhere -- in 107 countries from Afghanistan to Zimbabwe. The 150 correspondents who make up the virtual publishing enterprise are similarly dispersed. "We have people in virtually every corner of the globe. We even have an Antarctica correspondent," Rutkowski said. The nonprofit Internet Society was formed last year to foster the evolution of the Internet, to educate users and to provide a forum for user collaboration. The quarterly news magazine offers information about Internet technology, growth of the Internet and related private networks and activities of the society and its members. A slippery concept Rutkowski, an Internet Society trustee and director of technology assessment at Sprint International in Reston, Va., said he started planning the magazine last August but ran into a conceptual challenge right away. "We wanted to provide a very timely snapshot of the Internet and the Internet community. But what is the Internet? That's what's difficult. It's so heterogeneous, almost amorphous." Rutkowski and two co-editors decided to define the Internet broadly and include representatives from many countries and interest groups. The correspondents come from telecommunications and publishing companies, academia and legal and public policy interests, he said. Topics include Internet activities by region, application and user groups, technology, Internet administration and operations, public policy and law. Concept development, coordination, information transfer and editing for the magazine were all done over the Internet. "Such a [publishing] network in many respects equals the complexity of those of Reuters or _Time_ magazine," Rutkowski said. "The ability to do this with relative ease across the entire globe is a profound statement." A subject-matter outline and a list of correspondents was turned into a "mail exploder," an electronic-mail list in which any person on the list can broadcast mail to the entire list by sending mail to one address. A second Internet address was established for receipt of articles by the three editors and a third was established as a repository of finished material. The mailboxes are on a computer at the Corporation for National Research Initiatives in Reston, Va. Articles were sent in by E-mail from around the world, and when all had been edited, Rutkowski pulled up the whole mass for final formatting via Microsoft Corp.'s Word for Windows. Then it was output on a laser printer and sent to a commercial printer. Circulation: 4 million Rutkowski said the magazine will be published quarterly and will soon be available electronically to any of the Internet's 4 million users. He said later this year the society will also publish a journal containing more analytical articles, "archival-quality" pieces about the Internet. Editors and correspondents of the _Internet Society News_ will have their work cut out for them as they try to keep up with Internet growth. An article in the magazine predicted there will be between 29 million and 45 million computers on local-area networks in the U.S. in 1995. ++++++++++++++++++++++++++++++++++++= Long reach The Internet extends to thousands of computers around the world Internet Society * 1000 individual members * 24 corporate members Internet * 770,000 computer hosts attached * 4 million-plus users * 7,000 operational networks, 30,000 registered networks. * 107 countries served Source: The Internet Society CW Chart: Janell Genovese *** [No e-mail addresses were mentioned in the letter; do you have any knowledge of the addresses of anyone involved in this publication?] ------------------------------ Date: 16 Apr 92 20:38:51 EDT From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 3--Medical Data Base (WSJ) IBM LINK TO PHYSICIAN COMPUTER NETWORK RAISES SOME QUESTIONS (paraphrased from th Wall Street Journal, 2/27/92) Unknown to the patients, every week or two a company dials into physicians' PCs and fishes out all their confidential files. With plans to reach 15,000 physicians within the next four years, the company, Physician Computer Network Inc., thinks its swelling database of patient records could become a commercial treasure. Fears about the sale of medical records are causing some physicians and pharmacists to resist the collectors' surveillance efforts. Others are pushing for legislation, noting that privacy law covers videotape rentals and cable-TV selections, but not most medical records. Physicians Computer Network has an impressive list of investors. Among them is IBM, which owns a 23% stake. Another holder, with 4.7% stake, is Macmillan Inc., part of the Maxwell electronic-information conglomerate. ------------------------------ Date: Sun, 19 Apr 92 18:42:40 PDT From: jwarren@AUTODESK.COM(Jim Warren) Subject: File 4--re California drug forfeiture increases >From autodesk!hibbert%xanadu.com Sun Apr 19 18:35:39 1992 >To: cpsr-civilLiberties@Pa.dec.com, cpsr-activists@csli.stanford.edu >Subject: hearing on forfeiture laws in CA Senate Judiciary Committee The California Senate Judiciary Committee is holding hearings on Tuesday on proposed legislation to strengthen the state's drug asset forfeiture law. I hope the civil liberties connection in this issue is clear. The computer connection (why I think it's reasonable to talk about this on a CPSR list) is that similar laws have been used to justify the seizure of the assets of accused computer crackers. There is so little control of the use of these laws, and it's proven so hard to get property back in every particular case in which they were used, that I believe the laws should be fought every time they come up. According to yesterday's (Saturday, April 18) San Jose Mercury News, Senate Minority Leader Ken Maddy, (R) Fresno, introduced a bill that would repeal the 1994 expiration date of California's drug asset forfeiture law. State Attorney General Dan Lungren was quoted as urging the legislature to pass the bill. Forfeiture laws are an affront to our constitutional guarantees against being deprived of our property without due process of law. The forfeiture laws allow law enforcement agents to confiscate any property of an accused person and use it until and unless the accused can *prove* that it wasn't purchased with illegally obtained money. Does it make sense for CPSR to speak out against forfeiture laws in general? I think it's possible to take a position against this bill by saying that forfeiture laws are bad in general, without talking about drug laws or the drug war. Is that enough to allow us to take a position on this bill, considering the arguments that came up when we were talking about Les' proposed Employer code of ethics? ------------------------------ Date: Sun, 19 Apr 92 18:58:22 PDT From: jwarren@AUTODESK.COM(Jim Warren) Subject: File 5--First Amendment semi-void in electronic frontier ?? IS POLITICAL SPEECH, PRESS & ASSEMBLY PERMITTED IN THE ELECTRONIC FRONTIER? There is no purpose for which the freedoms of speech, press and assembly are more essential than for unfettered participation in the political process. Yet, such personal freedoms -- permitted in 18th Century voice, paper and face-to-face form -- may be severely suppressed in electronic form. Although *personal* computer-based speech, press and assembly by employees, students and others is generally permitted in companies, schools and organizations, within reasonable limits of time and place, some folks say they must be monitored, accounted for, evaluated and reported -- or suppressed and prohibited -- when they contain *personal* political expression or advocate political support or opposition for candidates or ballot issues. There are experienced net-users who are political candidates who say this. THE PROBLEM Most folks access the nets via company, school or institutional computer accounts. Many are permitted to use that access for personal email, personal messages broadcast to email-alias lists and personal participation in public and private teleconferences -- provided they do so without adversely impacting their work or official basis for having their account. But: Federal and state regulations governing political campaign disclosures require that "contributions-in-kind" for or against candidates and ballot measures be accounted for and their value reported, just like cash donations. Contributions-in-kind include such things as postage, office space, printing, loans of furniture, office machines, etc. They also include use of telephones, faxes, computers, computer supplies, computer services, etc. Furthermore, donations by corporations are often restricted or prohibited. Most nonprofit organizations, including educational institutions, are entirely prohibited from making political donations -- or even lobbying for or against legislation (freedom is forfeited for tax perks). OVERT CORPORATE SUPPORT IS CLEARLY REGULATED If a corporation overtly underwrites political action by intentionally providing labor, staff, facilities, equipment or services to support or oppose a political campaign, then the fair-market value ot those services or facilities must clearly be reported as an in-kind contribution. (Such regulations appear to be much less enforced against unions and schools, and appear to be not-at-all enforced against churches or synagogues, regardless of how sectarian their political efforts may be.) THE 21st CENTURY QUESTION Is *personal* electronic political speech, press and assembly protected at work or school -- or is it a corporate or institutional political donation? PERSONAL POLITICAL SPEECH APPEARS PERMISSIBLE -- BY VOICE Within reasonable limits on time and place, citizens are not *legally* prohibited from discussing politics with their office associates, or in the company or school or church hallway, or in the cafeteria or employee lounge, or in telephone conversations with callers and professional associates with whom they have a personal relationship as well as business association. (Note: This concerns *legal* restrictions; *not* the issue of whether political discussions are *wise* in a business, school or church setting.) PERSONAL POLITICAL PRESS APPEARS PERMISSIBLE -- BY PAPER It is also common for employees, students and teachers to use *authorized* access to printers and copiers, to create and copy *personal* leaflets about political issues and activities that they hand to friends and post on company, school, church and synagogue bulletin boards. When they do so within the institutional limits placed on their general personal use of equipment and bulletin boards, the use has almost-certainly never been reported as an institutional contribution-in-kind. PERSONAL POLITICAL ASSEMBLY APPEARS PERMISSIBLE -- FACE-TO-FACE It is common for corporations, schools, unions, religious institutions, etc., to permit their their cafeterias, lounges, union halls, meeting rooms and parking lots to be used for candidate presentations, campaign debates and meet-the-candidate(s) receptions -- as well as for both public and internal meetings to hear presentations by incumbent elected represenatives and/or by leaders of various community, legislative and regulatory groups. Participants are rarely charged for such use (except by sites that routinely derive revenue from renting meeting space), and the value of the meeting facility is rarely reported as an in-kind contribution to the speaker(s). In fact, it is considered to be "good institutional citizenship" for organizations to provide their facilities for meetings between citizens and their current and potential elected and appointed representatives. CAN CORPORATIONS AND SCHOOLS ABSOLUTELY PROHIBIT POLITICAL SPEECH? Now, consider those workplaces and educational institutions that permit *personal* conversation, usually within reasonable limits on time and place. And recognize that such personal speech may be one-to-one or within formal or informal personal groups, e.g. a lunch group in the cafeteria. When such personal speech and personal assembly *is* permitted: * Must those companies and institutions then prohibit all *personal* employee or student conversation that has political content? * Must they prohibit all *personal* advocacy of political positions? * Must they prohibit all *personal* advocacy for or against candidates? * And if they don't prohibit it, must they monitor it and report it? **************************************************************************** * If corporations and schools can not or should not suppress all on-site * * personal speech and association having political content -- but must * * report all in-kind donations -- then how shall they evaluate the desks, * * offices, hallways, cafeterias, lounges, phones, phone bills, computers, * * and bulletin boards where personal political speech, personal political * * "press"/notices and personal political assembly occurs? And, how shall * * they monitor such speech. press and assembly, so as to identify which * * campaign is receiving how much value in in-kind contributions? * **************************************************************************** AND, WHY SHOULD *ELECTRONIC* SPEECH AND *ELECTRONIC* ASSEMBLY BE DIFFERENT? When *personal* conversation and personal political expression is permitted by voice or telephone in workplace, union hall or school, why should personal political speech be prohibited when it by electronic mail? When *personal* notices and copying and personal political leaflets are permitted if they are on paper and/or posted on wall-mounted bulletin boards, why should such personal political press be prohibited when it is by electronic origin and distribution? When *personal* meetings and personal political discussion in groups is permitted if it is face-to-face in the cafeteria, lounge or parking lot of school or workplace, why should personal assembly with others be prohibited when it is by electronic newsgroups or teleconferences? **************************************************************************** * TO THE EXTENT THAT employees and students, within their institutions, * * are permitted freedom of personal political expression by voice and in * * writing, and freedom of personal political association by face-to-face * * meeting, why should personal political speech, press or assembly be * * suppressed -- or monitored and reported -- merely when it is electronic? * ------------------------------ Date: Fri, 17 Apr 92 21:19:52 CST From: jdavis@well.sf.ca.us Subject: File 6--Summary of 2nd Conference on Computers, Freedom, Privacy Source: CPSR/Berkeley Newsletter (Second Quarter, 1992) THE 2ND CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY: A REPORT By Steve Cisler [Editors Note: The following are selected excerpts from an online report. The complete report may be found on the Internet in ftp.apple.com in the alug directory; or on the Well in the cfp conference.] The Second Conference on Computers, Freedom, and Privacy, March 18-20, 1992. Washington,D.C.was sponsored by the Association for Computing Machinery and thirteen co-sponsors including the American Library Association and a wide variety of advocacy groups. The diversity of the attendees, the scope of the topics covered, and the dynamism of the organized and informal sessions brought a perspective I had lost in endless conferences devoted only to library, information, and network issues. I can now view the narrower topics of concern to me as a librarian in new ways, and for that it was one of the best conferences I have attended. There does exist a danger of these issues being re-hashed each year with the usual suspects invited each time to be panelists, so I urge you, the readers, to become involved and bring your own experiences to the next conference in 1993 in the San Franciso Bay Area. Keynote: Al Neuharth, The Freedom Forum and founder of USA Today, speaking on "Freedom in cyberspace: new wine in old flasks." First amendment freedoms are for everyone. Newspaper publishers should not relegate anyone to 2d class citizens to the back of the bus. The passion for privacy may make our democracy falter. Publishing of disinformation is the biggest danger, not info-glut. Comments on American Newspaper Publishers Assn to keep RBOCs out of information business: Free press clause does not only apply to newspapers. Telcos have first amendment rights too. "ANPA is spitting into the winds of change", and some newspaper publishers are not happy with this stance, so there is a lot of turmoil. People should get their news when, how and where they want it: on screen or tossed on the front porch. Who Logs On?: Al Koeppe of New Jersey Bell outlined the many new services being rolled out in NJ at the same time they are maintaining low basic rates. In 1992 there will be narrowband digital service for low quality video conferencing. 1994 wideband digital service. video on demand, entertainment libraries and distance learning applications. He predicted a 99% penetration by 1999. with complete fiber by 2010. This will be a public network not a private one. It will still be a common carrier. This is a very aggressive and optimistic plan, an important one for all of us to watch. Lucky said he had never seen a study that shows video on demand services can be competitive with video store prices. The big question remains: how does a business based on low-bandwidth voice services charge for broadband services? It remains a paradox. Discussion during Q&A: "A lot of the last hour has been discussing how to make the services better for the elite, but it does not seem very democratic. people don't even have touch tone, let alone computers or ISDN." NREN was characterized as gigabits to the elite to kilobits to the masses. "Don't expect anything for the next three years on telecomm issues from Congress." Computers in the Workplace: Elysium or Panopticon: Because computer technology provides new opportunities for employee surveillance, what rights to privacy does the employee have? Alan Westin, Columbia University, outlined some interesting trends in the 90s where employers have moved into a new intervention in the activities and private lives of employees. There is a liability against bad hiring. Forced adoption of drug testing (with public support). They want to select employees on the basis of health costs and liability, so there is a desire to control employees on and off the job. Who Holds the Keys?: In a sense the cryptography session was one of the most difficult to follow, yet the outlines of a very large battlefield came into view by the end of the session. The two sides are personal privacy and national security. Should the government be allowed to restrict the use of cryptography? (Only weakened schemes are allowed to be legally exported.) What legal protections should exist for enciphered communications? Public Policy for the 21st Century: "How will information technologies alter work, wealth, value, political boundaries?... What will the world be like in a decade or two?... What public policies now exist that may pull the opposite direction from the economic momentum and will lead to social tension and breakage if not addressed properly?" Mitchell Kapor: He sees digital media as the printing press of the 21st century. The WELL and others make us realize we are not prisoners of geography, so our religious, hobby, or academic interests can be shared by the enabling technologies of computers. "Individuals flourish from mass society with this technology" Openness, freedom, inclusiveness will help us make a society that will please our children and grandchildren. Simon Davies, Privacy International: "There is possibly a good future, but it's in the hands of greedy men. I see a world with 15 billion beings scrambling for life, with new frontiers stopping good things. 14 billion [will be] very pissed off, and our wonderful informational community (the other billion) becomes the beast... If we recognize the apocalypse now we can work with the forces." ------------------------------ Date: Fri, 17 Apr 92 16:31:12 CST From: mike.riddle@inns.omahug.org@ivgate.omahug.org Subject: File 7--SUMMARY AND UPDATE: alt.* Removal at UNL As of April 17, 1992, when I write this summary and update, the noise on the nets has abated somewhat. But those readers of the CuD who have access to Usenet news have almost certainly seen and remember the brouhaha over the deletion of the alt.* hierarchy at the University of Nebraska. The following is the story, as I understand it, pieced together from several sources and personal inquiries. It is only as accurate as the information I was able to obtain, and if anyone has corrections or additions, please submit them to the CuD. The furor started on March 2nd, 1992, when the alt.* hierarchy was eliminated by the UNL Computing Resource Center (CRC). The termination was so abrupt that some downstream sites did not know in advance, and had to immediately scramble for alternate feeds. The decision was supposedly resource-based, and supported by a February 27th recommendation by the UNL Academic Senate Computational Services and Facilities Committee. Almost immediately, however, it became obvious that content-control had played a major part. Leo Chouinard, the "Academic Senate representative on the Computational Committee" [sic], reportedly said the committee discussed several considerations before making a decision about the alt groups, including possible violations of state pornography laws and concerns about computer resources being used for non-educational purposes. The memorandum announcing the termination read as follows: CRC Policy on Providing Information Resources 2/27/92 The Computing Resource Center provides information resources to the UNL community in support of the University's mission of research, instruction, and service. These resources commonly take the form of databases, archives, and bulletin boards. The Computing Resource Center makes available those information resources that are requested by faculty at UNL and approved by the Computing Resource Center in consultation the Academic Senate Computational Committee as useful in supporting the University's mission. If a user desires information resources not provided by the Computing Resource Center, they are free to acquire that information elsewhere, subject only to the requirements of the information provider, relevant federal and state laws, and applicable University policies. Adopted UNL Academic Senate, 2/27/92 The UNL Academic Senate Computational Services and Facilities Committee is chaired by Professor (of English) Les Whipp. He told me that, in hindsight, he felt his committee did not have all the facts before them when they concurred in the CRC recommendation that the following Usenet newsfeeds (and only these newsgroups) be made available: bionet, bit, biz, ci, comp, general, gnu, misc, news, rec, sci, soc, talk, unix-pc, unl, and vmsnet. In particular, he was not aware of the connotations of censorship that could (and did) become attached to the wholesale removal of the alt.* hierarchy, and as of the date I talked with him, felt that someone at the CRC had a hidden agenda to remove certain "objectionable" groups. Professor Whipp did not claim to be expert on the management of hardware resources, and sounded disturbed that a decision officially based on "limited resources" was so open to question on its basis. (The debate about the percentage, cost, etc., of carrying the alt.* groups went on at length in comp.org.eff.talk and other newsgroups. It is not my purpose to reiterate that discussion). Mr. Kent Landfield (kent@imd.sterling.com), a UNL alumnus, systems manager at a major software contractor, and moderator of comp.sources.misc, posted a thoughtful "Open Letter to UNL CRC" regarding the alt.* group removal. As a result of my own feelings, and encouraged by Mr. Landfield's letter, I contacted several individuals at UNL. Acting at approximately the same time, a number of UNL students formed the "Nebraska Students for Electronic Freedom (NUSEF)." The thrust of our comments was if resources were at issue, tell us what was needed and we would lobby to get them. If content was actually at issue, admit it openly, apply generally accepted educational/library standards, and bring back at least those alt.* groups with recognized value. As a result of the lobbying efforts, including telephone call from Mike Godwin at the Cambridge office of the Electronic Frontier Foundation, the involvement of librarians both knowledgeable regarding computer services and resource allocation and selection criteria, and the general education several of the faculty participants received during the discussions, the UNL Academic Senate Executive Committee, meeting on April 6th, voted to request restoration of the majority of the alt.* groups. Their minutes reflect: 7.0 ALT Network Disconnect Wise and McShane indicated they had been contacted regarding CRC discontinuing the ALT network because of the potential for transmitting erotic pictures via the network. Users have indicated these pictures can be blocked under copyright law restrictions and the general network be continued. The committee requested the ALT network be added back with the designated restrictions. When I discussed the committee recommendation with one of its members, I came away with the feeling that the digitized pictures would be removed due to copyright concerns, and that the rest of the group would be evaluated using American Library Association criteria (as often advocated and explained by Carl Kadie, kadie@cs.uiuc.edu). I also came away with the feeling that similar decisions will, in the future, be conducted substantially more in the open. To use a trite saying, "time will tell." In Nebraska we are still waiting and watching for the return of the alt.* groups, will work to obtain legislative support if additional resources are in fact needed, and will continue to support resource allocation decisions based on academic criteria, as opposed to censorship. ------------------------------ Date: 18 Apr 92 19:34:30 EDT From: Net Wrider <nwrider@uanonymous.uunet.uu.net> Subject: File 8--Those Evil Hackers (San Jose Busts AP Reprint) Just FYI, here's more hyperbole from the Associated Press, this time courtesy of the local cops in San Diego and the ignorance of the San Diego Times-Union: ===================================================================== R,A,7 - AM-COMPUTERHACKERS, 04-17 0481 - AM-Computer Hackers,0448 Police Uncover Nationwide Fraud Ring Of Computer Hackers SAN DIEGO (AP) _ Authorities say they've cracked a nationwide electronic network of young computer hackers who were able to make fraudulent credit card purchases and break into confidential credit rating files. "These kids can get any information they want on you _ period," San Diego police Detective Dennis Sadler said. "We didn't believe it until it was demonstrated to us." The investigation has led to two arrests in Ohio and seizures of computers and related material in New York City, the Philadelphia area and Seattle, Sadler said. But those cases are just an offshoot of the main investigation, he said. He refused to discuss details, saying an investigation is continuing and scores of arrests are pending nationwide. Members of the informal underground network know how to break computer security codes, make charges on other people's cards and create credit card accounts, said Sadler. "There's one kid who bragged about using the same credit card number for eight months," he said. As many as 1,000 hackers nationwide have shared such information for at least four years. Sadler estimated that illegal credit card charges could total millions of dollars. Fraudulent credit card charges typically are made by computer criminals who illegally gather detailed information from computerized accounts on file at credit reporting agencies, banks and other businesses. The hackers also have learned how to break personal security codes for automatic teller machines, Sadler said, and can obtain telephone access codes to make long-distance calls without paying. A crucial break in the case occurred in late March when an out-of-state hacker was picked up in San Diego and agreed to cooperate with local police and the FBI, Sadler told The San Diego Union-Tribune in a story published Friday. At least part of the investigation is focusing on information that hackers obtained illegally from computers at Equifax Credit Information Services, an Atlanta-based credit reporting agency that provides information to lenders. "We're still in the process of investigating, and we're working very closely with San Diego police," company spokeswoman Tina Black said. Equifax, one of the nation's three largest credit bureaus, has a database of about 170 million credit files. The company suffered no financial losses itself and is notifying the few consumers whose accounts were compromised, Black said. MasterCard International reported $381 million in losses from credit card fraud worldwide in 1991, said Warner Brown, MasterCard's director of security and fraud control. Visa International's losses amounted to $259 million in 1989, about one-tenth of 1 percent of Visa's worldwide sales volumes, spokesman Gregory Holmes said. ------------------------------ Date: Sun, 19 Apr 92 15:17:00 PDT From: John F. McMullen (mcmullen@well.sf.ca.us) Subject: File 9--Nationwide Web of Criminal Hackers Charged (NEWSBYTES) Nationwide Web Of Computer Criminal Hackers Charged 4/20/92 SAN DIEGO, CALIFORNIA, U.S.A., 1992 APR 20 (NB) -- .According to a San Diego Union-Tribune report, San Diego police have uncovered "an electronic web of young computer hackers who use high-tech methods to make fraudulent credit card charges and carry out other activities." The Friday, April 17th story by Bruce V. Bigelow and Dwight C. Daniels. quotes San Diego police detective Dennis Sadler as saying that this informal underground network has been trading information "to further their political careers." He said that the hackers know how to break how to break computer security codes, create credit card accounts, and make fraudulent credit card purchases. Sadler estimated that as many as 1,000 hard-core hackers across the United States have shared this data although he said that it's unclear how many have actually used the information to commit crimes. Sadler added that he estimated that illegal charges to credit cards could total millions of dollars. While the police department did not release details to support the allegations, saying that the investigation is continuing, Sadler did say that cooperation from an "out-of-state hacker", picked up in San Diego, provided important information to the police and the FBI. Although police would not release the identity of this individual or his present where abouts, information gather by Newsbytes from sources within the hacker community identifies the so-called hacker as "Multiplexer", a resident of Long Island, NY, who, according to sources, arrived in San Diego on a airline flight with passage obtained by means of a fraudulent credit card purchase. The San Diego police, apparently aware of his arrival, allegedly met him at the airport and took him into custody. The same sources say that, following his cooperation, Multiplexer was allowed to return to his Long Island home. The Union-Tribune article linked the San Diego investigation to recent federal search and seizures in the New York, Philadelphia and Seattle areas. Subjects of those searches have denied to Newsbytes any knowledge of Multiplexer, illegal credit card usage or other illegal activities alleged in the Union-Tribune story. Additionally, law enforcement officials familiar with on-going investigations have been unwilling to comment, citing possible future involvement with the San Diego case. The article also compared the present investigation to Operation Sun Devil, a federal investigation into similar activities that resulted in a massive search and seizure operation in May 1990. Although individuals have been sentenced in Arizona and California on Sun Devil related charges, civil liberties groups, such as the Computer Professionals for Social Responsibility, have been critical about the low number of criminal convictions resulting from such a large operation. (Barbara E. McMullen & John F. McMullen//19920420) ------------------------------ Date: Mon, 20 Apr 92 0:35:50 CDT From: Net Wrider <nwrider@uanonymous.uunet.uu.net> Subject: File 10--"Hacker Ring Broken Up" (NYT) "A Nationwide Computer-Fraud Ring Run by Young Hackers Is Broken Up" SAN DIEGO, April 18 (AP) -- The authorities say they have cracked a nationwide network of young computer hackers who were able to break into the electronic files of at least one credit-rating company and make fraudulent credit-card purchases that may have run into the millions of dollars. For the last four years or more, as many as 1,000 members of the informal underground network have shared information about how to break computer security codes, make charges on other people's credit cards and create credit card accounts, said Dennis Sadler, a detective with the San Diego police, whose officers stumbled upon the network last month while investigating a local case of credit-card fraud. The hackers also learned how to break personal security codes for automated bank teller machines, Mr. Sadler said, and obtained telephone access codes to make long distance calls without paying. "These kids can get any information they want on you -- period," Mr. Sadler told the San Diego Union-Tribune, which first reported on the ring of hackers in an article on Friday. "We didn't believe it until it was demonstrated to us." The investigation has led to two arrests in Ohio and to the seizure of computers and related material in New York City, the Philadelphia area and Seattle, Mr. Sadler said. But he described those cases as merely off-shoots of the main investigation, which he refused to discuss in detail, saying that the inquiry was continuing and that scores of arrests were pending around the country. Computer criminals typically make fraudulent credit-card purchases by gathering detailed information from the electronic files of credit reporting agencies, banks and other businesses. MasterCard International reported $381 million in losses from credit-card fraud around the world last year, and Visa International says its fraud losses amounted to $259 million in 1989, about 0.1 percent of its worldwide sales. At least part of the investigation here is focusing on information that the hackers obtained illegally from computers at Equifax Credit Information Services, an Atlanta-based credit-reporting agency. Tina Black, a spokeswoman for the company, said, "We're still in the process of investigating, and we're working very closely with San Diego police." Equifax, one of the nation's three largest credit bureaus, has a data base of about 170 million credit files, but Ms. Black said fewer than 25 files had been compromised. ------------------------------ End of Computer Underground Digest #4.18 ************************************