Computer underground Digest    Sun June 27 1993   Volume 5 : Issue 47
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Copy Editor: Etaoin Shrdlu, Seniur

CONTENTS, #5.47 (June 27 1993)
File 1--Squelching the Rumor of the CuD ftp Sites
File 2--Another Stupid Rumor Bites the Dust
File 3--UPDATE #14-AB1624: bill-text as amended (*improved)*
File 4--Re: Full Disclosure TRIGGERFISH Hassle (CuD 5.46)
File 5--Response to Interview with a Virus Writer (CuD 5.44)
File 6--Virus Hits White House

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) 203-832-8441 NUP:Conspiracy
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493

ANONYMOUS FTP SITES:
  UNITED STATES:  ftp.eff.org (192.88.144.4) in /pub/cud
                  uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
                  halcyon.com( 202.135.191.2) in /pub/mirror/cud
  AUSTRALIA:      ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
  EUROPE:         nic.funet.fi in pub/doc/cud. (Finland)
                  ftp.warwick.ac.uk in pub/cud (United Kingdom)

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Sat, 26 June 1993 11:12:19 CDT
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Squelching the Rumor of the CuD ftp Sites

We have received a number of queries in the past few days regarding
the future of the /cud directory and files on the CuD ftp site at
ftp.eff.org.  The rumors focused on three basic "facts:" 1) The EFF
has removed all PHRACKS because of complaints from teleco and other
corporations; 2) The /pub/cud directory will be removed because it
does not coincide with the EFF mandate; 3) The EFF continues to sell
out by distancing itself from its original constituency.

These RUMORS are FALSE!
HERE ARE THE FACTS:

1) PHRACK will be removed for economic reasons. Mitch Kapor explains
the drain on EFF's limited resources in the following post, but the
bottom line is that the EFF pays $1,000 a month to make it available
to the public.

2) The /pub/cud directory *WILL NOT* be removed. We try to place
research articles, theses/dissertations, and other material there as
we obtain them, and the E-'Zines and other documents provide an
excellent resource for scholars, journalists, and students.

3) The EFF has not sold out. As soon as the rumors
began flying in, John Perry Barlow and Mitch Kapor immediately wrote,
expressing considerable concern over the unfounded rumors.  Both
recognize the value of the CuD and Comp-Academic-Freedom archives on
the eff.org system, and providing public access to documents not
readily available elsewhere is a continuation of the EFF goal of
making on-line information available to the public. Removing PHRACKS
is not a decision they made lightly, but reducing the costs by
removing one 'Zine readily available elsewhere (it is our
understanding the the CuD shadow sites will continue to carry them)
simply assures that other, less-available documents will continue to
be provided.

There are a few points to keep in mind on this issue:

1) The EFF is under no obligation to provide an ftp site for CuD.
They do it because they feel it provides a number of different points
of view on cyberspace issues.  As Mitch points out below, the files in
the /pub/cud directory impose a significant usage burden on the site
and this burden is not free. In a sense, the EFF is paying to provide
net-folk with a service that is unavailable elsewhere.

Perhaps we have all been taking EFF's donation of its system for
public ftp services for granted. While not a highly visible
activity, it nonetheless remains a critically important one.
Now is the time to thank them for their generosity. The CuD
editors receive numerous compliments from those who have found the
files in the cud/pub directory useful. It is EFF, as well as the
shadow sites (and, of course, the Brendan Kehoe and the other
archmeisters listed in the CuD masthead) who deserve the credit.
The generosity of those who provide the space and those who fill it
and keep it well-maintained make the nets a friendlier and more
productive space.

We also appreciate the support of those who wrote expressing
support in case the rumors were true. All of us, from Mitch and
John to the archmeisters and CuD editors are involved in enhancing
information flow out of a sense of voluntaristic service, and the
occasional expressions of support are about the only compensation
we receive.

We can more tangibly support the archives by supporting EFF. The most
obvious way to support them is to join at the relatively low cost of
$20 a year for students or low income, or $40 for regular membership.
In addition to the EFF newsletter, EFF members occasionally receive
"surprises," such as the first issue of Wired and other goodies.
Joining is one way of thanking them for offering their system for an
extensive ftp archive for a growing body of documents. So, if you use
the ftp site, consider sending a few bucks. Whether you agree with all
of their policies or not, we're certain that there is little
disagreement that it's not fair that they provide us all with a
valuable service while we simply leech from it.

You can send your sub to:

     Electronic Frontier Foundation
     1001 G Street, N.W.
     Suite 950 East
     Washington, DC  20001
     202/347-5400 voice
     202/393-5509 fax

EFF's e-mail address is: eff@eff.org

------------------------------

Date: Sat, 26 Jun 1993 10:17:51 -0600
From: mkapor@KEI.COM(Mitchell Kapor)
Subject: File 2--Another Stupid Rumor Bites the Dust

We have never contemplated removing CuD from the EFF ftp archive.  We
have believed and continue to believe it is important to let all
voices be heard and we are happy to do what we can.  It astounds me
and saddens me the extent to which unfounded rumor propagates on the
net.  People need to have a little more faith, and, oh, maybe, ask us
what we're doing before jumping off in paranoid fantasies of EFF
selling-out.

Here are the facts.  EFF's carriage of Phrack, not CuD, was costing us
$1,000 per month in additional transmission charges.  After an internal
review, we decided we could not justify absorbing this rather
substantial expense for a single publication.  Monthly downloads of
Phrack constituted 2 gigabytes or more.  We have communicated with the
editor of Phrack who has accepted our decision and has arranged for an
alternate site.

An analysis of the past year of traffic on eff.org revealed an
interesting pattern.  Roughly 40% of the total byte flow was due to a
single publication -- Phrack.  Another 40% was due to all other FTP
traffic from CuD and other publications.  The remaining 20% included
all of our email, FTP from the EFF archive, USEET, etc.

EFF contracted with UUNET to provide what is called low-volume T-1
service.  That is, our instantaneous bandwidth to the net is a T-1,
which enables fast through-put, but the $1,000 per month we pay is
only intended to give us an average bandwidth of 128 kilobits.  UUNET
measures the 5 minute average load in every segment and sends
statistics to its customers.  Because of the growth of traffic over
the past year, EFF has been running at as much as twice our
contractual limit.  UUNET has been billing us a surcharge of another
$1,000 per month and was about to permanently convert us to a full
T-1 customer at $2,000 per month.  We felt we couldn't justify this
expense, as the $12,000 per year could pay for nearly half of a
full-time staff member, for instance.

The solution we chose was to make a decision that we will stop
carrying Phrack in the near future.  This will enable us to continue
to provide all the rest of the services on our server for a good long
time without causing us more in the way of expenses.

People tend to think of FTP as a "free good".  It isn't.  Both storage
and transmission cost money.  Maybe it's time Phrack started charging?

Mitch Kapor
Chairman, EFF
                Mitchell Kapor, Electronic Frontier Foundation
     Note permanent new email address for all correspondence as of 6/1/93
                              mkapor@kei.com

------------------------------

Date:   Sat, 26 Jun 1993 09:04:46 -0700
From: Jim Warren <jwarren@WELL.SF.CA.US>
Subject: File 3--UPDATE #14-AB1624: bill-text as amended (*improved)*

((MODERATORS' NOTE: Through the efforts of Jim Warren, and others,
California is coming very close to passing a bill that would provide
on-line access to computerized public records. This is a crucial bill
and has national implications. It's passage could provide the stimulus
for other states and provide the public with greater access to crucial
legislative and other information. See back issues of CuD for the
history of the bill)).

June 25, 1993

This summarizes the latest set of amendments to AB1624 that were done
by bill-author Debra Bowen on June 17th, and - thanks to Ray of Apple
- includes the complete bill-text, as amended.

NEW VERSION HAS SIGNIFICANT IMPROVEMENTS

  1.  It removes the permission and fee requirements that had been
placed on anyone who charged anything to "republish or otherwise
duplicate" the [electronic-only] public records - a requirement
demanded by John Burton (who, incidentally, may kill the bill when it
returns to the Assembly for concurrence - unless we can change
Burton's mind; yes, he has that much clout).

  2.  It [generically] specifies that the files are to be available
via the Internet - as opposed to leaving open the option for the state
to create its own, closed network (e.g., as Hawaii has done).

  3.  It makes explicit that the Legislative Counsel cannot limit how
many files someone can request, and that there will be no monitoring
or reporting of who is interested in what files except as it might
explicitly pertain to computer operations (i.e., normal sysop
operations monitoring).

  4.  It makes explicit that no fees or other charges can be imposed
for this public access to public records - since it will cost the
state perhaps $200/month to provide free access throughout the entire
state (and globe).

  5.  It makes explicit that the *complete* print-files will be
available, as opposed to the possibility of only having some
dumbed-down, limited version of the data from which page- and
line-numbers could not be recalculated - though there's no prohibition
on them *also* offering ASCII-dumbed versions in *addition* to the
full data-files.

  6.  It specifies that the data is to be made available to the public
*immediately* after being sent to the printing plant - which is
*after* it has become public record - instead of waiting until it is
available on the Legislative Inquiry System.  (That turns out to
sometimes be days or even weeks after some of the AB1624-mandated
records are public.)

  7.  It assures that older versions of bills will remain available
from the Legislature's file-server for at least 90 days they are
amended.

  8.  And, it makes documentation of their data formats available
online, uh, IF it's available in computerized form at all - a question
to which I have been unable to obtain an answer.

                              ++++++++++

THE NEW BILL-TEXT, AS AMENDED 6/17  [THERE WILL BE MORE AMENDMENTS, LATER]
From apple!ganymede.apple.com!ray Tue Jun 22 00:13:07 1993
Subject--AB1624 - newly amended text

hello jim -

i just got the new text for AB1624 from Mary today and typed it in.
I posted it around (alt.etext, ca.politics, comp.society.cu-digest),
but if you could put it on an ftp server i would be grateful.
   ...

              AMENDED IN SENATE JUNE 17, 1993
              AMENDED IN ASSEMBLY MAY 18, 1993
      CALIFORNIA LEGISLATURE--1993-94 REGULAR SESSION

ASSEMBLY BILL                                       No. 1624

         Introduced by Assembly Member Bowen
         Principal coauthor: Senator Torres)
   Coauthors: Assembly Members Areias, Bornstein,
     Goldsmith, Isenberg, Johnson, Karnette, Katz
         Mountjoy, Nolan, Polanco, Speier, and
                    Vasconcellos
 Coauthors: Senators Dills, Hayden, Killea, Morgan, and
                     Rosenthal

March 4, 1993

An act to add Section 10248 to the Government Code,
relating to the Legislature;

LEGISLATIVE COUNSEL'S DIGEST

  AB 1624, as amended, Bowen. Legislature: legislative
information: access by computer network.
  Under existing law, all meetings of a house of the Legislature
or a committee thereof are required to be open and public, unless
specifically exempted, and any meeting that is required to be open
and public, including specified closed sessions, may be held only
after full and timely notice to the public as provided by the
Joint Rules of the Assembly and Senate.
  This bill would make legislative findings and declarations that
the public should be informed to the fullest extent possible as to
the time, place, and agenda for each meeting.
  This bill would require the Legislative Counsel, with the advice
of the Joint Rules Committee of the Senate and Assembly, to make
available to the public, by means of access by way of the largest
nonproprietary, nonprofit cooperative public computer network,
specified information concerning bills, the proceedings of the
houses and committees of the Legislature, statutory enactments,
and the California Constitution.
  Vote: 2/3 majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: no.

  The people of the State of California do enact as follows:

 1    SECTION 1. Section 10248 is added to the
 2  Government Code, to read:
 3    10248. (a) The Legislature finds and declares that
 4  the public should be informed to the fullest extent
 5  possible as to the time, place, and agenda for each
 6  meeting of the houses and committees of the Legislature.
 7  The Legislature further finds and declares that it is
 8  desirable to make timely information regarding these
 9  proceedings available to each member of the public,
10  irrespective of where he or she resides, for the least cost
11  possible.
12    (b) The Legislative Counsel shall, with the advice of
13  the Joint Rules Committee, make all of the following
14  information available to the public in electronic form:
15    (1) The most recent Assembly Daily File and most
16  recent Daily Senate File.
17    (2) The text of each bill introduced in each current
18  legislative session, including all amended forms of the
19  bill.
20    (3) The bill history of each bill introduced and
21  amended in each current legislative session.
22    (4) The bill status of each bill introduced and
 1  amended in each current legislative session.
 2    (5) All bill analyses prepared in connection with each
 3  bill in each current legislative session.
 4    (6) All vote information concerning each bill in each
 5  current legislative session.
 6    (7) Veto messages concerning each bill, when issued,
 7  in each current legislative session.
 8    (8) The California Codes.
 9    (9) The California Constitution.
10    (10) All uncodified statutes enacted on or after
11  January 1, 1993.
35    (11) Documentation that is available to the public and
36  maintained in computerized form by the Legislative
37  Counsel which describes the computerized digital
38  formats of the files containing the information specified
39  in this subdivision.
40    (c) The Legislative Counsel shall automatically
 1  transmit copies of files of the information specified in
 2  subdivision (b) by way of the largest nonproprietary,
 3  nonprofit cooperative public computer network upon
 4  receiving any computerized request for the files. These
 5  files shall be made available in this manner immediately
 6  after they are transmitted to the Office of State Printing.
 7  The files shall contain all of the text and formatting
 8  information transmitted to the Office of State Printing. In
 9  the event that a technical malfunction prevents these
10  files from being transmitted immediately after they are
11  transmitted to the Office of State Printing, the
12  Legislative Counsel shall report that fact to the Joint
13  Rules Committee within one business day.
14    (d) Any file that is available pursuant to subdivision
15  (c) shall remain available to the public upon request by
16  electronic digital data transmission until it is updated.
17  When a file is updated, a copy of the file without the
18  updated information shall remain available to the public
19  by electronic data digital transmission for at least 90 days
20  after the update.
21    (e) The Legislative Counsel may not control which or
22  how many files are available to a person who requests the
23  files nor monitor or keep any records about those persons
24  who request files, except for the purpose of assuring the
25  quality of computer operations. No fee or other charge
26  shall be imposed as a condition to public access to any files
27  that are made available to the public pursuant to this
28  section.
29    (f) No action taken pursuant to this section shall be
30  deemed to alter or relinquish any copyright or other
31  proprietary interest or entitlement of the State of
32  California relating to any of the information made
33  available pursuant to this section.

=========
Ray -

------------------------------

Date: Thu, 24 Jun 93 12:49:49 -0700
From: Phil Karn <karn@UNIX.KA9Q.AMPR.ORG>
Subject: File 4--Re: Full Disclosure TRIGGERFISH Hassle (CuD 5.46)

In CU Digest 5.46:
|> Harris Law Enforcement Products
|>
|> TRIGGERFISH has a number of cellular phone based applications:
|> determining a suspects phone number, dialed number recorder, and
|> wiretapping.  According to Harris, 'for the first time, law
|> enforcement is not at a disadvantage in tracking the high-tech
|> criminal." Additionally, the unit 'collects and integrates all
|> relevant data, including voice, directly from the ether."

|> Reprinted from Full Disclosure, Box 903, Libertyville, Illinois 60048

I find the phrase "directly from the ether" *most* illuminating given
a rather heated exchange I had with Mr. Jim Kallstrom of the FBI at
the recent CPSR Cryptography Conference in Washington DC earlier this
month.

Kallstrom is the FBI's chief public advocate for their "Digital
Telephony Initiative". Among other things, they want the ability to
intercept suspects' cellular telephone calls at the MTSO (switch).
Only with a valid warrant, naturally.

At the meeting, I made the following comments.  I had seen the
standards-setting process for the new digital cellular telephone
systems from the inside as they related to security and privacy. And I
was wondering why the government (specifically NSA, through its export
control reviews) was so strongly opposed to meaningful air link
encryption, even if the encryption were to stop at the switch as it
would have to in order to be compatible with existing telephones on
the land side of a cellular call. Such encryption would secure the air
link, the most easily intercepted portion of a cellular telephone
call, while leaving the conversation in the clear at the MTSO where it
could be tapped, if necessary.

In a private conversation, one of the senior members of the committee
who didn't want his name mentioned told me why. "It's very simple", he
said.  "Anybody can intercept the radio link. It's easy. But tapping a
call at the switch requires the cooperation of the telephone company,
and they generally require warrants. And law enforcement says that
sometimes, warrants are, well, just too damn inconvenient."

This really set Kallstrom off. He attacked my unwillingness to name my
source. I challenged him, unsuccessfully, to back up *his* shrill
claims for the absolute necessity of Digital Telephony with anything
more than handwaving. In a one-on-one conversation during a break, he
insisted to me that the FBI was never interested in intercepting the
air link portion of cellular calls - "too difficult, too
labor-intensive", he said. They only wanted the capability to tap in
at the switch, and he couldn't care less if the air link were securely
encrypted (though he still wanted the keys to be escrowed for some
reason...hmmm...)

Perhaps it was a desperate attempt to maintain this "we're not
interested in the air link" fiction that triggered Harris's silly
overreaction to the public mention of TRIGGERFISH.

Phil

------------------------------

Date: Fri, 18 Jun 93 08:45:52 EDT
From: morgan@ENGR.UKY.EDU(Wes Morgan)
Subject: File 5--Response to Interview with a Virus Writer (CuD 5.44)

Re: CuD 5.44 - Interview with a Virus Writer

>We're certainly interested in your reactions, pro and con. Did you get
>hit by a virus that was more than a minor inconvenience?

Yup; our students are hit by viruses on a regular basis.  Just last
week, a student lost 3 months' work in a virus attack from a friend's
home system.  Personally, I'm not hit that often; of course, I burn up
time scanning every time I boot my system, and I scan *every* floppy that
goes into my PC...not everyone has the time/resources to do that, and PC
networks (StarLAN, Novell, etc) make it extremely simple to spread viruses.

>GA: Do you want to mention that you are running a BBS (computer
>bulletin board)?
>
>UK: Yeah, sure. Call anytime. It exists for people to come and get the
>Crypt Newsletter if they are interested in finding it without going
>through the usual hassles of underground channels like the cool, elite
>bulletin board systems. The underground world has become very
>exclusive.  In a sense it is cliquey..........

Gee, why isn't his newsletter distributed more widely?  If it's all
so innocent, I should be able to subscribe via email, right?  Are back
issues available via ftp?  How about an email server?

>GA: Aren't they all written in programming languages?
>
>UK: Assembly mostly. By far most viruses are written in assembly
>language.

Did this strike anyone else as a rather silly question?  Unless
someone's hacking with DEBUG, they *have* to write in a "program-
ming language"........

>GA: So how many viruses have you made and which ones are they?
>
>UK: I don't know all of them. Well, there was the Encroacher. That was
>in one of the Newsletters. That was a Mutation virus that attacks
>Central Point Software's anti-virus program. There might have been
>three variants to that.

This guy writes a virus that attacks a specific commercial product,
and he still has the chutzpah to claim innocence for viruses?  Pfui.

>GA: What's so exciting about viruses and source codes?
>
>UK: [...]
>I don't think there's a
>lot of mystery associated with viruses. Viruses, in my opinion, are
>rather trivial programs that, once you're thoroughly cognizant of what
>a virus can and can't do, become more like a pest if you ever run into
>one.

Viruses are "trivial," but this fellow keeps cranking them out?
Sounds like doublespeak to me.....8)

>People think it's a major catastrophe when they are
>hit by a virus. I do not take seriously claims of people being set
>back for hours. If they are completely ignorant of a virus, yes. But
>someone in the department or in the household knows about viruses.

No, "someone in the department or in the household" does NOT necessarily
"know about viruses."  College and universities are loaded with students
who, in many cases, never used a PC before their arrival.

>GA: That's becoming very interesting to me.
>
>UK: Politically incorrect terms. There's always been a great deal of
>controversy surrounding this. And so for this reason alone, viruses to
>me are interesting.  For example, on Prodigy it is okay for dozens of
>people to advertise adult bulletin boards, with gigs of pornographic
>files available for download. These are not  expunged from the Prodigy
>computer club as inappropriate. However, if anyone posted a note on
>Prodigy saying they want to find a virus, can someone help them locate
>a virus, that is immediately spiked. Why is that? I'm not sure. But
>it's interesting.

It sounds like this guy gets a charge out of being a gadfly.

>UK: Well, I enjoy publishing the Crypt Newsletter. [...]
>You want to see if you can top yourself and make it more interesting.

I believe that this is the crux of the matter.  Most virus authors
seem to look at viruses as a competition.  Just pick up a virus family
tree and check out the derivations; everyone's trying to top everyone
else, and none of them care about the damage/lost time they cause.

>UK: And, so, why is that interesting? Well, he explains why viruses
>are interesting for a number of reasons. Part of it because of the
>controversy that the concepts brings up. In a way, I think studying
>viruses gives you a good understanding of the computer on a really low
>level basis, and that's worthwhile. For some people that makes the
>computer much more enjoyable as they start to unlock some of its
>secrets or understand what is actually going on inside it a little
>better. Viruses are kind of an indirect way of getting at that
>information.

I'll be the first to agree that viruses are educational in some
respects; you can certainly pick up a lot of low-level information
during the programming cycle.  My point is (and has always been) that
release of viruses into the world is completely unnecessary.  If you
were really taking a scholastic bent, you'd never release a live
virus; you'd write one, test it, say "it works," put it in your logs,
and move on......

>UK: You don't need anti-virus software to get rid of something like
>Michelangelo or Stoned. You can do it with undocumented commands. If
>you've talked to someone who does know something about viruses, and
>you didn't have anti-virus software, you could use that and dispatch
>something like Michelangelo and Stoned rather quickly.

Yeah, we can really expect our secretaries, clerks, and data entry
operators to be conversant with all those undocumented commands and
virus scanners.

>GA: So you think the reports about problems in other countries are
>over exaggerated?
>
>UK: Well, there's an article which analyzes the media coverage of
>Michelangelo and I think that really puts it into perspective. It
>really shows the people that tried to actually come up with hard data
>after March 6. They just weren't able to come up with anything that I
>consider serious data.

The only reason that our labs weren't hit was that we went on a massive
eradication mission; we made scanning automatic, and we found several
hundred infections in the week prior to the target date.

>Actually, it is more annoying. It is a
>boot sector infector like Michelangelo but once you discover it, you
>usually don't have much time left before it activates. It has a very
>short activation period after it has been first placed on a disk and
>then it encrypts the information on a disk which essentially makes it
>useless to you. So he removed it, but it wasn't Michelangelo, he had a
>different virus.  So where were all the Michelangelo infections? Were
>there any? I think it was vastly overstated.

Of course, this "different virus" doesn't really jibe with UK's earlier
comment of "I do not take seriously claims of people being set back for
hours."

>UK: No, I think colleges are still pretty vulnerable, don't you? They
>are always going to have computer labs, where people can bring stuff
>in indiscriminately.  That really hasn't changed and maybe it has
>moved a little more to the individuals because computers have moved
>more into the homes of individuals.

This guy is talking through his hat.  He follows comments about
the "trivial" nature of viruses with analyses of "vulnerability."
The comments that "only a few viruses are truly bad" are ludicrous.
This fellow sounds like every other virus author I've read; he
comes across with the attitude of "you should be watching out for
this stuff anyway; it doesn't matter what I do."  This strikes me
as the height of irresponsibility (and immaturity).

------------------------------

Date: Thu, 24 Jun 93 03:37:40 -0400
From: ci330@CLEVELAND.FREENET.EDU(Jack McNeeley)
Subject: File 6--Virus Hits White House

((MODERATORS' NOTE: The following was excerpted from a longer
article from The Washington Post)).

     The following article moved on the Washington Post news wire
March 13.  I confess that I expected some other CuD reader to go to
the trouble of passing the thing along, with enough comment and
criticism to pass muster with the fair-use copyright gods, so I
neglected to toss the thing your way.

     Since no one else has done so, and since the on-line shriek
community has inexplicably let George Bush's vandalism of the White
House computers pass virtually unnoticed, I must submit the following
for your perusal.  Readers who want the complete article will have to
visit their local (paper) library, armed with a dime to plug into the
photocopying machine, so that the Post's copyright may be properly
violated.  Those of you with a social conscience will send some spare
change to Katy Graham to buy a legal copy of the newspaper.

      11th-Hour Covenant: Lost Memory Computers to Gain for Bush
                        By George Lardner Jr.
                    (c) 1993, The Washington Post

         WASHINGTON -- When President Clinton's top aides moved
     into the White House in January, many of them had trouble
     getting their computers to work.

         That's because during the night of Jan. 19 and into the
     next morning -- President Bush's last hours in office --
     officials wiped out the computerized memory of the White House
     machines.

         The hurried operation was made possible only by an
     agreement signed close to midnight by the archivist of the
     United States, Don W.  Wilson. The ensuing controversy has
     added to allegations that the archives, beset for years by
     political pressures and slim resources, is prone to
     mismanagement and ineptitude in its mission of preserving for
     the public the nation's documentary history.

         It also has raised strong doubts about the efficacy of a
     15-year-old law that says a former president's records belong
     to the people.

         Just what information was purged remains unknown, but it
     probably ranged from reports on the situation in
     Bosnia-Herzegovina to details about Bush's Iran-Contra pardons
     to evidence concerning the pre-election search of Clinton's
     passport files. In the warrens of the secretive National
     Security Council, only a month's worth of foreign cable
     traffic was retained to help enlighten the incoming
     administration.

    [At this point we must pause for fair-use commentary:  It's
obvious from merely the first five paragraphs of this article that a
crime of historic proportions has been committed.  If some
cyber-rambling teenager had wiped the hard disks of the White House
computers, you can bet that legions of doomed SS agents would spare no
expense to run the scoundrel to ground.  The article continues:]

         Bush and his lawyers had wanted to leave no trace of the
     electronic files, arguing they were part of an internal
     communications system, not a records system. But court orders
     issued a few days earlier required that the information be
     preserved if removed from the White House.

         So backup tapes were made of the data on mainframe
     computers and carted off to the National Archives by a special
     task force.  Hard disk drives were plucked out of personal
     computers and loosely stacked into boxes for the trip. Despite
     such measures, there are indications some material may have
     been lost.

     [Indications?  Tell me more, tell me more!  As in "General
Failure Reading Drive C: (A)bort (R)etry (I)gnore"?  Oh, I get it:
Somebody must have accidentally entered "wipefile *.*".
     [The article continues:]

         The transfer had been authorized by Wilson, who at 11:30
     p.m. on Jan. 19 put his signature on what would prove to be a
     highly controversial "memorandum of agreement.' It gave Bush
     "exclusive legal control' over the computerized records of his
     presidency as well as "all derivative information.'

         Critics have denounced Wilson's agreement with Bush as a
     clear violation of a post-Watergate law that made presidential
     records public property. And they fear that the authority
     granted Bush is far broader than officials so far have
     acknowledged.

         For their part, archives officials say they did the best
     they could under difficult circumstances and contend they
     deserve some credit for getting physical custody of the
     electronic material.  Chided days later about the broad scope
     of the agreement in a meeting with outside historians, Wilson
     protested that they just did not appreciate "the political
     environment in which I was operating.'

         On Feb. 12, Wilson compounded his difficulties by
     announcing he was taking a $129,000-a-year job as executive
     director of the George Bush Center for Presidential Studies at
     Texas A&M University. The Justice Department has said it is
     considering a criminal investigation of a possible conflict of
     interest by Wilson.

     [Now, that is rich.  Not even in Texas could you get this kind of
nonsense past a grand jury.

     [The article goes on to say that the archivist agreed with Bush's
claim that the electronic materials were not records but were internal
communications.  However, the article says, a federal judge had
already rejected that claim.

     [Specifically, the article says, U.S. District Judge Charles
Richey had ruled on Jan. 6, in a case brought at the end of the Reagan
administration, that information in the White House computer systems
not only "fit into an everyday understanding' of what a record is,
but also met the statutory definition in the Federal Records Act.  The
article continues:]

         Richey said he was worried that the [Bush] administration
     was about to destroy information "of tremendous historical
     value.' He also said that making paper copies of the
     electronic data would not be sufficient, because the paper
     copies would not necessarily show who had received the
     information and when.

         "The question of what government officials knew and when
     they knew it has been a key question in not only the
     Iran-Contra investigations, but also in the Watergate matter,"
     Richey observed.

         The judge ordered the defendants, including Wilson and the
     Bush White House, not to delete or alter any of the electronic
     records systems until archivists could preserve the material
     protected by the Federal Records Act.

         Richey's Jan. 6 order obliged the archives to make sure
     that the "federal' or "agency' records on White House
     computers were preserved, even though they might be commingled
     with "presidential records.' Figuring out the difference is a
     chore affecting primarily NSC computer files.

     [At this point the article explains that a memo written by the
national security director to the president would be a presidential
record, and not disclosable, but that if the president signs it and
sends it to the Pentagon for implementation, then it is a federal
record and is disclosable.
     [The article then says:]

         According to records churned up by the lawsuit, Richey's
     Jan.  6 order precipitated numerous meetings of archives
     officials, often with Justice Department and White House
     representatives.  Government lawyers, meanwhile, went to
     Richey to ask if they could make backups and purge the
     computers before Clinton moved in.

         Richey, uneasy about past foul-ups and what he called
     "inconsistencies' in the backup taping plan, turned them down
     on Jan. 14. But the Bush administration promptly appealed. The
     next day, the U.S. Court of Appeals in Washington said backups
     would be acceptable "so long as the information is preserved
     in identical form' until the appeal could be decided on its
     merits.

         But the inventories given to the archives task force
     were not complete. "Many dates are missing,' an after-action
     archives memo said of the backup tapes, and more than 100
     had no dates.  It was impossible to tell how many erasures
     might have been made after Richey's ruling. And according to
     a certificate from the White House Communications Agency,
     six tapes packed with NSC messages and memos were
     "overwritten due to operator error.'

     [Holy Ned!  Does this sound familiar?  Where is Rose Marie Woods
and her six-and-one-half-minute gap when we need her?  The amount of
information we're talking about here is staggering. Six nine-track
tapes overwritten "due to operator error"?  C'mon.]

         In all, more than 5,000 tapes and hard disk drives were
     delivered to the archives. Most had to be preserved because of
     the lawsuit, but a number of hard drives were added at the
     last minute because of a grand-jury subpoena related to the
     pre-election search of Clinton's passport files. Once that
     investigation is over, the grand-jury materials, under the
     Bush-Wilson agreement, will become "the personal records of
     George Bush.'

     [How conveeenient!

     [The next section of the story details Wilson's background as a
Reagan appointee and former director of the Gerald Ford Presidential
Library (beg your pardon?).  It says that Wilson (shocking though it
may seem) declined to comment for this article.  It then says,
however, that in a March 2 deposition, Wilson testified that he didn't
see the Bush agreement until the night of Jan. 19, was unfamiliar with
its terms, and signed it only "upon advice of counsel,' namely, one
Gary Brooks, the archives general counsel.  That's some general
counsel, that Gary Brooks!

     [The article continues:]

         The Bush-Wilson agreement went far beyond the presidential
     records law. It gave the ex-president exclusive legal control
     of all "presidential information, and all derivative
     information in whatever form' that was in the computers. And
     it gave Bush the veto power in retirement to review all the
     backup tapes and hard drives at the archives and make sure
     that all the information he considers "presidential' is kept
     secret. He can even order the archivist to destroy it.

         "It's history repeating itself almost 20 years later,' one
     official close to the case said, alluding to the September
     1974 agreement that gave former President Nixon, who had just
     been pardoned, ownership and control of his White House tape
     recordings and papers and allowed him to destroy the tapes
     over a five-year period.  Congress quickly canceled that
     agreement in a law that applies only to Nixon, but to this day
     most of the 4,000 hours of Nixon's tapes remain tied up by the
     maneuvering of Nixon and his lawyers.

     [The article goes on at considerable length here, and it just
gets worse and worse.  All I can say is, where is the attorney
general?  Where is the FBI?  Where is the freaking Secret Service and
their computer-crime goons?  Conspicuously missing, that's where.

     [The last paragraph of the story is worth reading:]

         Skeptics are still wondering what's in the [Bush computer]
     tapes.  "There must be something important in them,'
     [historian Page] Miller said. "You don't have agreements late
     at night, just like that.'

------------------------------

End of Computer Underground Digest #5.47
************************************