Computer underground Digest    Sun  Jun 18, 1995   Volume 7 : Issue 50
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Field Agent Extraordinaire:   David Smith
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Triviata:     How many Spams have C&S Done since April '94?

CONTENTS, #7.50 (Sun, Jun 18, 1995)

File 1--Review of Canter & Siegel's HOW TO MAKE A FORTUNE
File 2--some info on the health spam
File 3--C&S from a "Client's" Perspective
File 4--"Hacking" a Moderated Newsgroup - Why it's wrong
File 5--Flordia Bar v. Siegel & Canter (511 So.2d 995, 1987)
File 6--Cu Digest Header Info (unchanged since 19 Apr, 1995)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sun, 18 Jun 1995 20:43:54 CDT
From: Jim Thomas <cudigest@sun.soci.niu.edu>
Subject: File 1--Review of Canter & Siegel's HOW TO MAKE A FORTUNE

_How to Make a FORTUNE on the Information Superhighway:  Everyone's
Guerrila Guide to Marketing on the Internet and
other On-line Services_. Laurence A. Canter and Martha S. Siegel.
New York: Harper Collins. 234 pp. $20 (cloth).

Scott Adam's hilarious cartoon book, _Clues for the Clueless_, sprang
to mind as I read _Fortune_. Some people just don't get it.  When they
write books about what they don't get, the result is like setting
Ratbert at the typewriter to write a book about the Internet.

I recognize that it's difficult to write a book. As most authors know,
writing requires patience, considerable research, continual revision,
feedback from respected colleagues, and polishing of the logic, prose,
and logical organizational themes, qualities not evident in _Fortune_.
Despite my strong feelings against spamming, of which Canter and
Siegel (C&S) are self-proclaimed "experts," I was prepared to set
aside my personal views and review their work solely on its
intellectual and related merits. Having finished the volume, I find
little substantative merit.  It reads like a pulp rush job, the kind
that appear a week after a major event, written by authors attempting
to cash in on being "first with the worst." Perhaps this isn't
surprising, considering that it was obviously written quickly (after
April 1994, and in the bookstores in November).

If _Fortune_ were an undergraduate project, I might, on a good day,
give it a C+, mostly because of length. If it were a graduate paper, I
would return it and require that it be more thoroughly researched and
massively revised.  Which means, I suppose, that Harper Collins, the
publisher, has apparently begun accepting manuscripts that lie on the
cutting edge of mediocrity. I resist adding that Harper Collins, in
fact, now seems to accept manuscripts that lie, because there's a thin
line between intellectual dishonesty and lying: It's always possible
that falsehoods and argument by omission are the result of
incompetence or stupidity rather than intentional distortion.
Whatever the reasons, _Fortune_ impresses me as a mega-deception built
around distortions, half-truths, and flat-out falsehoods.  In fact,
other than it's cyber-connected title, there normally would be little
reason to review _Fortune_. At its best, it is poorly written, replete
with contradictions, self-serving, and simplistic. At its worst, it is
offensively illogical and filled with mean-spirited attacks,
intellectual dishonesty and stunning falsehoods.  Normally, such tomes
are safely ignored. However, because of the demonstrable possibility
that some readers of this volume might
uncritically accept the main premise (fortune awaits you on the Internet),
_Fortune_ requires a response.

Three central themes weave through _Fortune_.  The "first is a defense
of advertising on the Nets that unequivocally advocates and defends
"spamming." The second theme, evoking images of playground children
acting out, resembles a vendetta: C&S use much of the book to attack,
belittle, and even smear those who have in the past, might in the
present, or will in the future, disagree with them.  The final theme
is avariciousness. Lest the attention-challenged miss the point, the
authors repeat ad nauseam that fortune, riches, wealth, gold,
money-making, and more awaits the reader on what they call the
"I-way."

DEFENDING SPAMMING

Canter and Siegel were "absolutely amazed that there were people who
could become so distraught over the appearance of a simple, commercial
message on their computer screens (p. 21-22).  The disingenuousness of
this cavalier disregard for truth notwithstanding, it's even more
amazing that--after bragging throughout the volume about how many
people they could reach with their message, and advocating mass and
indiscriminate mailings (to include circumventing gatekeeping in
moderated groups), they believe the issue is a "simple message." All
they did, they claim, was anger a few stodgy hotheads who feel they
own the Net.  Not on one page, not in one sentence, not even in a
short phrase--do they acknowledge that people were offended by the
mass and disruptively indiscriminate nature of that "simple" post.
They defend their right to spam as a "free speech" issue, and label
those who criticize them as hypocrites who would suppress freedom of
speech (or worse). In an ironic bit of Orwellian double-think, Siegel
even claimed in an October New York Times profile:

     Ms. Siegel. Freedom of speech has become a cause for us. I
     continue to be personally appalled at the disrespect for freedom
     of speech by this handful of individuals who would take over the
     net if they could.

Surely they must have understood that spamming is to free speech as
is vandalizing a lawn by continually throwing unsolicited flyers on it.
It's unlikely that they'd recognize their spam as the cyber-equivalent
of littering, but even they acknowledge that clogging the Nets might
be a legitimate complaint. Sadly, they dismiss the complaint by
attacking the Nets:

     ((Canter)): The most common objection I hear, that on the surface
     makes sense, is how it's going to clog everything up.

     The truth is what's clogging up the Usenet and the Internet is
     that there are just too many people on it (New York Times, Oct
     16, 1994).

Now I'm confused. First, C&S claim that their spamming technique is
effective because there are so many of us out here, now approaching 50
million by some estimates, and then they argue that there are too many
people clogging the Net.  I guess it hasn't occurred to them that
sending multiple identical posts to millions of Net-cloggers, coupled
with the legitimate responses complaining about these posts, isn't a
factor.  Nah...it's not spam that's the problem. It's "old time
internetters" who are "(S)teeped in Internet tradition that they
seemed to hold as dear as life itself" who opposed any change in the
status quo (p. 28), and who are "arguably short on maturity of
attitude" and opposed to changes to the Net (p. 29).

It's as easy to find jerks on the Net as it is to find them off the
Net. After all, there is no Cyber Earp to force people to check their
weapons of nastiness in a drawer before sitting down at the keyboard.
It's not difficult to imagine some of the intemperate and hostile
posts directed toward C&S, just as it's not difficult to imagine the
excessive response of an enraged motorist who's run off the road by an
urban cowboy on a Chicago highway. Generalizing from a particular,
however, seldom provides an accurate picture, and C&S continually
reduce Net life to a fabricated image of loathsome geeks, all of
whom love wielding power (p. 192). This, they say, is why we need
YOU--"you" presumably being the would-be fortune hunter to add to
the Net clutter (Chapter 15).

Astute readers will note that, to this point, I've produced little of
substance to elaborate C&S's defense of spamming. That's because there
isn't much. Their "defense" is reduced primarily to ignoring the
issue, substituting the term "advertising" for "spamming," and lashing
out at their critics. Criminologists have a name for this:
NEUTRALIZATION.  Neutralization theorists argue that criminals and
others who violate fundamental social norms redefine their actions to
make them appear socially acceptable, or at least less deviant.
Neutralization techniques include 1) Blaming the victim, 2) Denial of
harm, 3) Denying responsibility, 4) Condemning the authorities (who
enforce laws) and 5) Appealling to higher values or loyalties. C&S, it
seems, are heavy-into denial. They blame the victims of their
disruption for complaining; they deny that they did harm; they deny
not only responsibility for their acts, but refuse to recognize the
acts at all; they condemn those (such as systems administators and
others) for taking actions to reduce the harm, and they appeal the
lofty goal of getting rich to justify their actions.  There are, of
course, other theories to explain their deviance, but none are as
striking as the manipulation and twisting of reality that oozes from
their text. Spamming? Hey, what's wrong with a little advertising?

AVARICE

I stopped counting the explicit allusions to "making a fortune,"
"getting rich,"   "making money--is there ever enough of it?",
striking gold, and other plugs for pulling in a quick buck at about
50. Nothing wrong with making money, but the book reads like a
get-rich-quick formula, with C&S at the center of the matchbook cover,
just waiting for the reader to tear it off and send it in.  At least
matchbook covers are short reading. Consider:

     Would a spare $50,000 come in handy? How about an extra $100,000?
     That's what we made as a result of one night's work using our
     knowledge of the Information Superhighway.  We're going to turn
     that knowledge over to you, so you can do the same thing we did.
     It's both easy and fascinating (p 2).

The central premise is that the market-seeking reader can follow C&S's
strategy--preferably as C&S clients, and reach those millions of
Net-connected people, even if they don't want to be reached.
Redundancy isn't necessarily a bad thing, but it's poor literary
style, unless paid by the word, in which case redundancy is gold.
Perhaps Harper-Collins ran out of copy editors last fall, because the
repetitive references to making a fortune on the Internet detract from
the message, even if we agreed with it. All that aside, other than
alluding to their own good fortune, an allusion about which one could
raise some doubtful questions of credibility, there is no evidence or
convincing logic that one will get rich, let alone have happy results,
as one recent C&S "client" learned (see Sue Giles' account in a post
below).  We don't know if one reporter's claim that C&S requested $500
for an interview is hyperbole or whether, perhaps, the request was
intended as a joke. The sum was apparently not paid, and the interview
not given. But, the anecdote is consistent with the book's avaricious
theme.  If Michael Milken wrote a book about cyberspace, I can imagine
it resembling _Fortune_.

GETTING EVEN

There is nothing like a good vendetta in print to make for an
enjoyable evening's reading.  Unfortunately, the vendetta in _Fortune_
is neither clever nor well-directed. C&S take swipes at virtually the
entire net.  In fact, they seem to loathe Netters, both as a group and
individually. Now is their chance to get even with all those
people---even those with whom they've had no contact.  The venom in
their attacks, like their spam, often seems indiscriminate and
off-target. They continually call computer folk "geeks." After all,
they say, they call themselves that as a "badge of honor" (p. 179).
We can quibble about whether the term is as ubiquitous or
complimentary as they claim, but what isn't a quibble is that C&S
don't use the term as a "badge of honor." They use it to demean, to
belittle, and to describe especially those computer professionals who
they feel did them wrong.  One can imagine them using the common
pejorative word to describe African-Americans and, when challenged,
saying.....well, you get the idea.

C&S aren't pleased with the Electronic Frontier Foundation (EFF), who,
with its founders Mitch Kapor and John Perry Barlow, are part of the
inbred Net community.  They single out especially The EFF's Mike
Godwin, and accuse him in a not-so-subtle swipe of taking a
hypocritical attitude toward defending (their) freedom of speech:

     In May of 1994, believing that the EFF really did support freedom
     of speech in the same broad and democratic manner as did the
     ACLU, we initiated a discussion with Mike Godwin, an EFF lawyer.
     We wanted his views on the censorship issues raised by the
     behavior of electronic vandals and access providers who had
     pulled our account for performing the perfectly legal act of
     Internet advertising.  We were amazed when Godwin stated to us
     that he was so busy sympathizing with those who opposed us, that
     he had no sympathy left for the other side. So much for freedom
     of speech (p. 194).

Anyone with even the slightest familiarity with Mike Godwin knows that
his commitment to freedom of speech is unwavering. They also know that
Godwin is known for his willingness to help, without pay, those who
need it.  C&S, who claim to know the internet with the proficiency of
experts, apparently don't know this. So much for experts.

Along the way, reporter Brock Meeks, The WELL, author Howard
Rheingold, and others, are adduced to show the "unlimited inbreeding
of those who claim leadership" and wield power on the Net (pp
195-196).  Even comedian Penn Jillette doesn't escape their attacks,
as C&S allude to unattributed comments he made about Teri Hatcher (of
tv's Lois and Clark) and C&S.  This, they apparently feel, is evidence
that shows how nasty the Net can be. It's interesting that the bulk of
the text from the "Crimes in Cyberspace" chapter are devoted to
non-criminals and non-criminal acts. From the chapter one would gather
that the primary crime in cyberspace is failing to pay proper homage
to Canter and Siegel.

WHAT'S GOOD ABOUT THE VOLUME?

It's rare that I've written a review in which I can't find something
good to say. It's even rarer that I read one without finding something
of value in it. Jeez, I was even sucked into Bridges of Madison
County.  But, I just can't find much worth in _Fortune_. Actually, I
can't find ANY worth in it. Granted, a few chapters describe the Net,
tell us that there are Macs and DOS computers, and give an overview of
Gopher, the Web, and other topics. But, the descriptions are
superficial and incomplete. They are also framed in too-cute headings,
such as "Gopher the gold."

In addition to the misrepresentation of the spamming incident, there
are so many factual and logical flubs that either C&S did not do any
serious research, or they did what they thought was research and
botched it.  Anecdotes are provided without citations, making it
difficult to check the veracity. For example, the account of the
Michigan "e-mail stalker" (p. 58) is not consistent with the facts of
the nationally publicized stalking case in Michigan.  It's impossible
to determine which stalking case C&S refer to, however, because they
fail to provide a site.  The discussion of "Netiquette" is simply
wrong---C&S depict it as invariant rules that a few power-hungry folk
would impose on others.  As anybody familiar with the Net knows, it's
simply prescriptions of common courtesy.  A table (p. 70) summarizing
Usenet readership for the ten most popular newsgroups is either drawn
from a very old source, or C&S misread it. For example, they cite
alt.sex as having only 180,000 readers.  This is a fraction cited by
occasional Usenet Arbitron estimates, and even CuD has more total
readers than the top-listed group cited by C&S,
news.announce.newusers, which they list as 280,000.  Some of these
errors are gross, while others--such as claims of Usenet
readership--are relatively minor. In the aggregate, however, they
suggest that the authors have far less familiarization with their
topic than they claim.

In chapter 17, "Crimes in Cyberspace," a separate book could be
written to correct the numerous errors. The history of the EFF is
stunningly wrong, and they compound their errors with the claim that
"The EFF was born to protect hackers" (194).  Such an astonishing
error suggests that they simply don't know what they're talking about.
The misrepresentation of the PHRACK/E-911 case, in which they call the
primary participant a criminal and tell the reader that he was
convicted for computer theft is outrageous (p. 190). The stunningly
erroneous misrepresentation of legal cases (eg, Brock Meeks' libel
defense when sued by Benjamin Suarez, the Tennessee Amateur Action BBS
"pornography" case, the David La Macchia case at MIT ((C&S also
mistakenly call him Michael La Macchia)), and other summaries suggest
the these lawyers have not only taken a few minutes to do some basic
legal research, but are not aware of the most basic facts available to
anyone who takes time to read the newspapers with minimal care.

They tell us that "one of the main reasons Cyberspace crime is so
rampant" is lack of face-to-face contact (p. 214), something that
would likely come as a surprise to criminologists who study it.

Perhaps the greatest irony is that they conclude the volume with 17
"Guidelines" that presumably specify ethical principles that Net
advertisers should follow. If violation of those principles
constitutes unethical behavior, then C&S might want to examine their
ethics: I counted three principles that seem inconsistent with their
spamming (identity, filtering, and sincerity), and others in which
their book and dealings with a client might raise eyebrows (truth,
omission, composition, and unprovable claims). Although this latter
category would seem beyond the scope of Internet advertising, it does
raise questions of intellectual integrity of claims and omissions C&S
have presented in public.

If the authors had taken the trouble to confront the issue of
advertising on the Nets by examining appropriate methods and
strategies, they could have contributed to a useful dialogue.  If they
had taken the trouble to examine the complexity and heterogeneity of
the Net community, it could have been an interesting volume.  If they
had taken the trouble to explore the complexity of computer-mediated
communication, they could have expanded their audience. If they had
openly acknowledged or shown an understanding of the issues underlying
spamming, instead of misrepresenting their own experience and lashing
out at their victims, they might have won some of us over. Had they
shown an awareness that some of us don't like our yards littered with
flyers, had they been less mean-spirited, or had they even done a bit
more research to avoid humiliating errors, they could have produced at
least a mildly useful book for reference. They did none of this.  The
bibliography is sparce, there is no index, and I'm not sure what to do
with my well-marked copy now that I'm done. Like P.T. Barnum said, one
is born every minute.  Maybe I'll send C&S my Scott Adams volume.

------------------------------

Date: Wed, 24 May 1995 17:38:02 -0500 (CDT)
From: Chip Rosenthal <chip@chinacat.unicom.com>
Subject: File 2--some info on the health spam

I hesitate to bother moderators with this because it's really not
on topic, but there might be some interest...

I called the phone number in the posting to complain about somebody
forging approval in a group that I moderate.

The phone number is answered by a "fulfillment house".  This is a
company that answers questions, takes orders, and ships product.
It is two or three steps above an answering service in the telephony
food chain.

The guy I talked to was willing to chat a bit.  Some of the things
I gleamed from the conversation:

The book is published by a small company called Your Lifetime Health
Planner.  The guy stated that the spam was done with the assistance
of a company called Cybersell.  I asked for contact information, and
he told me that people named Siegel and Larry Cantor were involved.
He said he had a phone number for them, but it has been reported as
disconnected.  I got the impression that C&S charged on the order of
a thousand bucks to launch this spam.

He stated that a count of phone calls was being kept.  It was at about
100 when I called.  He also said that the company's owner was working
with RTD.COM (the ISP) to resolve the problem.  He said RTD.COM has
received something like 3500 email messages.

Also interestingly, he mentioned that the owner's husband is a lawyer.
I suggested that Your Lifetime Health Planner was seriously mislead
(potentially in a fraudulent fashion) about this form of advertising,
and if the company had any sort of good reputation prior to this
incident, it has been irreparably damaged.  To me, these suggest that
both criminal and civil proceedings might be considered.  In fact, I
suggested that they consider them. :-)

My personal opinion is that both RTD.COM and YLHP are victims in this.
I do NOT, however, hold YLHP blameless.  They instituted the spam,
and I will not absolve them of responsibility simply because they were
ignorant of it.  I hope they consider action against C&S.  It would
help them restore their reputation, and it would make amends for the
damage they have done.

The phone number in the posting was 520-798-1530.  If you feel so
inclined to express your opinion, I'd encourage you to do so.  I also
strongly encourage you NOT to be abusive to the people who answer the
phone.  They didn't do it, they don't know nothing, and all they can
do is tally up the calls and pass along what people say.

------------------------------

Date: Thu, 15 Jun 1995 21:32:45 CDT
From: Jim Thomas <cudigest@sun.soci.niu.edu>
Subject: File 3--C&S from a "Client's" Perspective

Sue Giles was simply looking for somebody to help her small company
with some marketing advice. Instead, she walked into a hornet's nest
stirred up by Laurence A. Canter and Martha A. Siegel, authors of "How
to Make a Fortune on the Information Superhighway."

Ms. Giles, a co-partner in The Life Time Health Planner, is the most
recent client of May's Canter and Siegel-inspired net-spam. "Spamming"
is the practice of flooding the Net with multiple and identical
messages that are sent indiscriminately to multiple addresses and
arrive in millions of Usenet groups and private mailboxes.  In fact,
Canter and Siegel brag in their book that they can reach 30 million
people quickly, cheaply, and effectively in a "no-wait marketing
campaign" (pp 38-46). In their book, and according to one client, they
bill themselves as "pioneers" and experts in the spamming technique,
which they see as nothing more than "advertising" protected by the
First Amendment.  It is unfortunate that writing a book tends to
confer an aura of respectability and credibility on the authors, even
if it isn't deserved. It's this aura that contributed to Sue Giles's
belief that Canter and Siegel were experienced cyber-marketers.

WHO IS SUE GILES?

Sue Giles, with two friends, puts out a legitimate product called The
Life Time Health Planner. The Planner is a 5 by 7 binder with various
categories for organizing personal and family medical history. It
sells for $19.95, and provides a means to chart medicines, health
problems, and other information that will help track family medical
problems through life.  Those of us who have dealt with aging parents,
childhood illnesses, and similar problems recognize the value of such
a tool.  The last thing Sue Giles wanted was to convey the negative
image of her product that she feels resulted from Canter and Siegel's
"expertise."

In looking for an inexpensive way to advertise the planner, a friend
mentioned the Internet to her. Although the friend knew little about
the Net, he was aware of Canter and Siegel's book. Because they were
in the area in Arizona, the friend encouraged Ms. Giles to contact
C&S, and together, the friend and Ms. Giles, met with them.

Ms. Giles isn't on the Net, has no e-mail address, has never read a
Newsgroup, and knows nothing about the way messages travel. She
believed Canter and Siegel when they told her it was an honest and
legitimate way to reach an audience.  As she later said, "I didn't
even know what questions to ask them. I was a soft-sell." But she
tried.  The following is her account of the scenario.

Ms. Giles told CuD that when her friend initiated contact with Canter
and Siegel, they assured him that they were "the Internet marketing
people." They re-affirmed this claim when Ms. Giles spoke to them, and
assured her that they were experts.  And, why shouldn't they believe
C&S? After all, C&S wrote a book, and in that book they declared
themselves "an instantly established leader" in the field.  In fact,
when the New York Times (October 16, 1994) did a featured profile on
Canter and Siegel, the reporter asked:

     Question: Are you really the ones who ought to be writing
     such a book?

     Answer: Ms. Siegel: Who would be better? We know exactly
     what's going on. We know exactly how it should be done.

     Canter: We know all the pros and cons we experienced
     everything positive and negative.

Hey, it's in the New York Times, so it must be true. But, Ms. Giles
asked how many previous clients they provided a similar service to,
and they told her, she said, over a dozen.  Had she read the New York
Times profile, in which C&S claimed that they "have over 100 people
who are involved with us now," she might have asked for some
clarification about the apparent discrepancy in figures.  She asked
for a reference, and they gave her the name of a "client" who had
recently spammed the net with an an add that began as follows:

     Date--9 Feb 1995 03:35:10 -0500
     From--ccapc@CYBER.SELL.COM(Consumer Credit Advocates)
     Subject--<ad> GUARANTEED CREDIT REPAIR BY LAW FIRM

     Consumer Credit Advocates, PC
     11 Pennsylvania Plaza, Suite 2101
     New York, NY  10001
     (212) 629-5261 (telephone)  (212) 629-4762 (fax)
     E-MAIL--ccapc@cyber.sell.com

     Our LAW FIRM offers direct guaranteed effective credit
     restoration services by experienced attorneys.  THIS IS
     NOT A DO-IT-YOURSELF KIT.


She called the "client" and, in a brief conversation, was told that
the client had many responses. What she was not told, either by the
client or by Canter and Siegel, was that the client received hostile
responses, both on e-mail and to the telemarketing service who
answered the telephone.  Canter and Siegel only told her, she said, that
there were some people on the Internet who believe that ads don't
belong on the net, and that something new can upset some people. What
they DID NOT tell her, to the best of her recollection, is that they,
Canter and Siegel, faced disciplinary problems in Florida (see
the accompanying post in this post detailing the C&S legal problem in
Florida). Nor did they tell her that they, Canter and Siegel, had lost
their accounts on other systems for their spamming technique. Nor did
they tell her that their own "expertise" was not sufficient to give
them a reliable e-mail or www site, which, to our mind, is a sign that
the "experts" might not be what they claim.  Nor did they indicate
that that they were not simply "advertising," but provoking with an
in-your-face strategy that would generate backlash that would make her
next few weeks a nightmare.  In short, by Ms. Giles account, C&S
omitted significant information that, had she known it, would have
given her significant second thoughts.  When CuD informed her of some
of the facts surrounding C&S, their reputation, their apparent
misrepresentation, and their previous legal problems in Florida (some
of which she had learned after-the-fact), she indicated that she would
not have utilized their services had she known of all this at the
time.

Ms. Giles was charged $995 for what by all accounts is a relatively
simple procedure (net spamming, disruptive as it is, is hardly
high-tech). In their book, C&S note that a "Geek" wrote their program
in "a matter of days" for $12 an hour (pp 183-184).  Despite his
labors, they belittle him in their book, even though respecting his
request for anonymity.  According to Ms. Giles, she was asked if she
had an Internet account. She did not, but she had a friend who did.
The friend--believing that nothing extraordinary would
occur--allowed use of the account. C&S apparently logged on via
telephone (rather than from their own system on cyber.sell.com), and
what happened next is described by Mark Beeson of rtd.com:

     From--mark@nin.com (Mark Beeson)
     Newsgroups--news.admin.net-abuse.misc
     Subject--NOTICE--Free Health Spam INFO
     Date--24 May 1995 18:09:01 GMT

     Let me introduce myself.  I'm Mark Beeson, the one who
     generated the cancel messages for the Free Health Spam.  You
     may reach me at mark@rtd.com. I am, more or less, news
     administrator for RTD Systems & Networking, Inc., a
     Tucson-Arizona based Internet Provider.  All comments about
     this ordeal should be directed to me.

     Yes, I know the cancel messages were possibly broken, and
     I'm sorry, but I'm sort of a newbie at auto-cancelling
     messages.

     Anyways..  a little information..

     FIRST:  David Siegel is in no way related to Martha Siegel.
             So all the "conspiracy theories" can be thrown out
        the window.

     Okay, now for the real info:

     - Last night at approximately 9PM MST I received e-mail from
       one of our users complaining about a message in
       comp.infosystems.www.authoring. I sighed and looked at the
       message.

     - 9:15 PM -- This same user complains that the message is
       showing up "everywhere in the rec.* hierarchy".  At this
       point my heart rate begins to go on a rollercoaster ride.

     - 9:30 PM -- I am logged into the news machine
       (baygull.rtd.com) and executing a   find . -print | xargs
       grep baygull  on each of the major news hierarchies.

       Results of that:

         - comp.* was the worst hit, with 790 groups hit.  -
         rec.*, sci.*, soc.*, bit.*, biz.*, and misc.* each got
         about 150
           groups hit.  - Unfortunately I was not able to target
         the alt.* groups because
           the command you see above always terminated with a
           broken pipe.  (Probably because of the enormous amount
           of newsgroups one step away from the top level).  I am
           told, however, that someone is working on
           auto-cancelling the alt.* messages.

     - 10:00 PM -- I have hastily written up a perl script to
       generate cancel messages and pipe them into inews.  Yes, I
       know this perl script had errors in it, and unfortunately
       it cancelled approximately 20 articles that did not appear
       at our site.  For that, I'm sorry, but again, I was rather
       rushed.

     - 10:15 PM -- I do another grep on the sci.* hierarchy, and
       find that the output is _larger_.  Much to my horror, I
       realize what has happened and quickly execute (as
       superuser) top, look and see who is doing what on the
       system, and find user "trasoff" running a ".may" command,
       and also a few instances of inews.  I kill these in a
       heartbeat, and disable the account.

     - 3:00 AM -- The perl scripts finish up with the last of the
       comp.* messages and I go home and fall asleep in a cold
       sweat, sensing impending doom.

     IMPORTANT INFO HERE:

     - 9:00 AM -- I am awakened by the phone.  Our office has
       called me, and according to them, the user trasoff@rtd.com
       is part of a company who contacted CyberSell (Lawrence
       Canter and Martha Siegel, who we all know and love).
       Apparently Lawrence Canter logged onto our machine by
       calling long distance from Phoenix and executing a perl
       script that invoked inews for a long list of newsgroups.
       I apparently caught this script in the middle of rec.*.
       The veracity of whether CyberSell is actually responsible
       for this or not is unknown (by me at this time).

     - 10:00 AM -- I log in from home, to find 1400 messages in
       my inbox.

      It's currently 11:08, and I'm sure I'll have more details
      for everyone as I get them.

      Speaking for RTD Systems & Networking, Inc.,

      --Mark --
        Mark Beeson | Same Broken   (MB178)     President, Neural
        InterNetworking

To my mind, Ms. Giles' primary "flaw" is that she (and the person who
directed her to C&S) are decent, trusting people who assume that
people are basically "good." This is fine, unless you deal
with people with a record of misrepresentation. Had she read the book
prior to her experience (she began reading it only afterwards), and
had she been aware of C&S's reputation, alarm bells might have gone off.
However, Ms. Giles indicated that she's hesitating, at this point, to
define her experience as one of "victimization:"

     I can't say that I've been victimized....I should have
     investigated more. You do have to take responsibility for
     your own mistakes, and we made a mistake. We didn't want to
     give this kind of image to our business.

But, what if she had read the decision of the Florida Supreme Court
(The Florida Bar v. Martha Siegel and Laurence Canter, 511 So.2d 995,
1987), of which the following is an excerpt?

      In an attorney disciplinary proceeding, the Supreme Court
      held that engaging in deliberate scheme to misrepresent
      facts to senior mortgagee in order to secure full financing
      of purchase for law office warrants 90-day suspension from
      practice of law.
       Suspension ordered.

      Engaging in deliberate scheme to misrepresent facts in
      order to secure full financing of purchase used for law
      office, giving vendor junior mortgage contrary to promise
      to senior mortgagee, misrepresenting amount of down payment
      to senior mortgagee, failing to report junior mortgage to
      senior mortgagee in connection with application for loan
      secured by another junior mortgage, submitting personal
      financial statement without disclosing junior mortgage, and
      submitting sworn affidavit to senior mortgagee that no
      facts existed as basis for dispute as to title violate
      rules that prohibit conduct involving dishonesty or
      misrepresentation and illegal conduct and warrant 90-day
      suspension from practice of law.

Had Ms. Giles been on the Net in 1994, she might have read the post in
comp.org.eff.talk that raised further questions about C&S's legal
practices, and an excerpt, described as a press release under the heading of
the Tampa Office of the Florida Bar dated 13 October, 1988, read as
follows:

   SUPREME COURT GRANTS ATTORNEY'S PETITION TO RESIGN PERMANENTLY

       TALLAHASSEE, Oct.13-- The Florida Supreme Court has
    granted attorney Laurence A. Canter's petition to resign
    permanently, effective November 7, 1988.

                           ...........

       Several of the complaints against Canter involved his
    failure to file the necessary or appropriate documents with
    the United Stated Immigration and Naturalization Services in
    matters of permanent residency and work visas. In addition,
    Canter refused to refund clients' funds and neglected to
    notify his clients that he has been suspended from the
    practice of law as a result of a previous discipline.

There appears to be sufficient evidence to indicate that Canter and
Siegel are not strangers to misrepresentation, as the disciplinary
ruling demonstrates. Their book is fraught with misrepresentation of
the "Green Card incident" (see the review in this CuD issue). And, if
Ms. Giles' account of her experience is correct, it appears that
substantial questions arise about their ethics and honesty in their
latest spam.

Ms. Giles indicated that she would try to meet with C&S within the
next few weeks to discuss the incident, and would not decide what
course of remedial action to take, if any, until that time.

I would suggest several questions that she might ask them at that
meeting, including (but hardly limited to):

1. Why did C&S not tell her up-front that, from their previous
experience, the response to her "spam" likely would be swift, hostile,
and stir up a hornets nest? If Ms. Giles is correct, C&S minimized
this possibility by alluding only to "a few" people who would be upset
by "advertising."

2. Why did C&S not tell Ms. Giles that the issue isn't advertising,
but spamming? Why did they not fully describe the practice and assure
that she knew what she was getting into?

3. How can C&S, in their book (p. 230) claim on one hand that Internet
users have the right to filter out inappropriate messages, while on
the other describing in their book (pp 101, 105) ways to circumvent
this right?  Why did they not tell her that what they would do for
her would unequivocally violate this guideline?

4. Why did C&S charge $995 for such a relatively simple task?

5. Ms. Giles recollects that C&S claimed to have over a dozen
satisfied clients of, she understood, this mass-mailing technique.  In
the October New York Times profile, Canter stated:

     Canter: We have over 100 people who are involved with us now. We
     plan to have a grand opening soon, primarily on a Web site.

Perhaps I'm mistaken, But I remember only two (prior to Ms. Giles):
The Green Card spam in April, 1994, which doesn't count as a "client,"
because C&S did it on their own behalf, and the Feb. 9, 1995,
"guaranteed credit repair" spam, which originated from cyber.sell.com.
Were there others? Ms. Giles might ask for the list of that dozen plus
and contact them.  And, who are those 100 other people with whom C&S
claimed involvement? Were these customers? Inquirers? The implication
from the the October article was rather clear: C&S were phenomenally
successful in acquiring customers for their Internet marketing
business.  They did, after all, claim to have made $100,000 in one
night's work (_Fortune_, p. 2).  If so, how come there were (if in
fact there were) only a shadowy dozen seven months later?  Ms. Giles
might ask for some precise details on precisely who C&S have had as
clients to justify their claim of "expertise" in this form of
marketing.

6. Why, Ms. Giles might ask, would C&S not possess or use their own
account if they are the "experts" and if this marketing strategy is so
successful? Shouldn't one be proud to have their name, cyber.sell.com,
associated with a product in which they are a professed leader?  In
fact, why does e-mail sent to cyber.sell.com bounce? Why is it
described as "unreachable?" Why are attempts to access the web site
mentioned in the book timed-out? Shouldn't Internet experts have a
reliable account of their own?

7. Ms. Giles has absolutely no recollection of even a hint that the
account and the system from which her messages originated would
receive such dramatic feedback, as Mark Beeson at rtd.com describes
above. Why did they not warn her of the risks?

8. In their book (p. 230), C&S explicitly state that distribution
should be limited to the demographics and interests of the targeted
newsgroups. Yet, in both the text of their book and in their practice,
they explicitly violate this guideline. Why did they not tell her that
they advocate such violation and that their "service" would
indiscriminately hit all groups?

9. Why did they not explain to Ms. Giles the meaning of the book's
subtitle, "Guerrilla Guide to Marketing?"

The list could be expanded, but my guess is that C&S would be
hardpressed to answer most, if not all, of those questions in a way
that would provide a consistent explanation for their practices.

In addition to Ms. Giles experience with C&S, her introduction to
Netfolk was, she said, equally as troubling. C&S only took her money.
The harassing phone calls she received extended far beyond acceptable
limits. Netters can be verbally vicious, and she felt the brunt of
some nasty phone calls.  The spam hit just as she was preparing for
her daughter's wedding.  During what should have been an exciting time
of celebration, she was confronted with death threats and hate-calls,
which involved both her and her family. When told that on many
newsgroups she was perceived sympathetically and as a victim, she was
surprised, because all she heard was the hostility and threats from
callers.  When told that, while some might see her as a villain, the
cooler heads were advocating calm and emphasizing that the source, not
the "victim" should bear the brunt, she said
quietly, "Tell them 'thank you.'"

Ms. Giles impressed me as gentle, laid back, and a sincere person
trying to market a strong product. She and her marketing friend have
class. They may or may not make their fortune off the Internet, but
they will retain their credibility and class long after Canter and
Siegel have left the scene.

There is one passage in the C&S book that, in retrospect, seems
prophetic: "....a high price tag on a consultant's time is no
assurance that you are getting what you pay for" (p. 185).


------------------------------

Date: Thu, 8 Jun 1995 09:56:33 -0500 (CDT)
From: Chip Rosenthal <chip@unicom.com>
Subject: File 4--"Hacking" a Moderated Newsgroup - Why it's wrong

In their latest net.attack, Canter and Siegel left no newsgroup
untouched.  That includes comp.society.cu-digest -- the Usenet group
that distributes the CuD.  Their attack on this very digest demonstrates
why their actions are reprehensible, and illustrates some of the costs
of their inappropriate behavior.

On most of the Usenet, anything goes.  People can post whatever and
wherever they want.  (Of course, the local constable might want to
talk to you if you elect to post certain sorts of materials.)  Only
common courtesy and established convention prevent people from spewing
megabyte binary programs or inappropriate advertisements into discussion
groups.  Except in the case of the ignorant (the so-called "newbies")
and the socially maladjusted (such as the "spammers"), courtesy and
convention are enough to hold the net together.

Not all the net is open in that way.  A small number of groups, such
as comp.society.cu-digest, are "moderated".  When you send a message
to a moderated newsgroup, that message is not posted to the net, but
instead routed to the group's moderator via email.  The moderator will
review the message, and, if approved, post it to the net.  The moderator
adds a special token to the message that tells the Usenet software,
"This has been approved.  Go ahead and post it."

There is nothing particularly magical or secret about this token.
It is openly documented in the Usenet transport standard (RFC-1036).
It is trivial for anybody who knows this token to bypass the moderation
mechanism.  The news software doesn't look at the approval token very
closely.  All it does is see that one is there.  You can use "eat me!
I'm spam!" as your token, and the Usenet software will accept it.
Any idiot can bypass the moderator -- even a pair of Phoenix lawyers.

Moderators have a widely recognized right (some would say a duty) to
remove rogue postings that bypass the moderation process.  Ironically,
it is easier to create a rogue message than it is for a moderator to
remove it.  The moderator does this by transmitting a cancellation
request control message.  The news software verifies that the cancel
request appears to come from the original sender, so the moderator
must masquerade as the sender of the rogue posting.  For better or
worse, this is not particularly difficult to do this.  It must, however,
be done *precisely* correct.  A single miniscule discrepancy, and the
Usenet software will disregard the moderator's cancellation request.

I am the moderator of comp.society.cu-digest.  While most moderators
are responsible for the newsgroup's content, I merely operate a gateway
that distributes the CuD throughout Usenet.  Nonetheless, I have the
authority to delete rogue postings from this group.

When the C&S spam posting hit comp.society.cu-digest, I acted on that
authority.  I generated a cancellation message to remove their posting.
But I goofed!  I botched the header, and the news software refused
the request.  (Hey!  Not my fault!  This new "inews" works differently
than the old one.)

This botch, unfortunately, had a horrible consequence.  Certain
conventions have evolved for spam-removal cancellation messages.
Without these conventions, the cure could be worse than the disease.
More net bandwidth and disk space could be burned by de-spam control
messages than was wasted on the original spam.  The conventions prevent
this.  These conventions allow the news software to recognize duplicate
cancellation requests.  The duplicates are discarded rather than passed
along through the network.

My botched attempt followed these conventions.  As I result, not only
did I fail to remove the rogue posting, I actually inoculated it!
Any attempt additional attempt to remove the message was rejected as
a duplicate.

Fortunately, a lot of people committed similar mistakes as me.  Chris
Lewis noted the problem, and issued a batch of de-spam control messages
following an alternate convention.  These messages *were* accepted,
and the spam eventually was deleted.

A lot of people wasted a lot of time cleaning up after the latest C&S
spam.  This illustrates one of the tangible results of their misuse of
the net.

I believe this incident shows how the C&S net.marketing tactics are
bankrupt and phony.  They wave their hands and spew rhetoric about
how the net is becoming commercialized and only a handful of old
farts oppose their efforts.  Even stipulating the perverse C&S view
of the net, the most you can do is justify the spamming of open
newsgroups.  When C&S break into moderated newsgroups, they demonstrate
their rhetoric is nothing more than dishonest rationalization.

------------------------------

From: eck@panix.com (Mark Eckenwiler)
Subject: File 5--Flordia Bar v. Siegel & Canter (511 So.2d 995, 1987)
Date: 7 Jan 1995 01:36:33 -0500

Most of you have probably seen the 1988 report documenting Canter's
(and Siegel's) resignation from the Florida Bar.  However, that report
mentions their prior suspension "as a result of a previous discipline,"
which has not (to my knowledge) been publicized.

Below is the text of the 1987 Florida Supreme Court decision suspending
our two friends for 90 days.  Best line: "The respondents are guilty of
a deliberate scheme to misrepresent facts in order to secure full
financing of their purchase [of the real estate in question]."

(Although I've crossposted this article to all the groups where C&S
discussion seems to be happening, I've also limited followups in the
spirit of good net.citizenship.)

                       =======================

                          THE FLORIDA BAR, Complainant,
                                        v
                           Martha SIEGEL, Respondent.
                          THE FLORIDA BAR, Complainant,
                                        v
                           LAURENCE CANTER, Respondent
                               Nos. 68956, 68957.
                            Supreme Court of Florida.
                                 Sept. 10, 1987.
                                  511 So.2d 995

  In an attorney disciplinary proceeding, the Supreme Court held
 that engaging in deliberate scheme to misrepresent facts to
 senior mortgagee in order to secure full financing of purchase
 for law office warrants 90-day suspension from practice of law.
  Suspension ordered.

   John F. Harkness, Jr., Executive Director and John T. Berry,
 Staff Counsel, Tallahassee, and Thomas E. DeBerg, Asst. Staff
 Counsel, Tampa, for complainant.
  John E. Lund, Tampa, for respondents.

  PER CURIAM.


 These disciplinary proceedings are before us on complaint of the
Florida Bar and the reports of the referee, which are contested
by the Bar and by both respondents.  We have jurisdiction,
article V, section 15, Florida Constitution.

 These complaints involve alleged misrepresentations made by the
respondents, as law partners, in connection with the purchase of
the building used primarily as their law offices.  While the
facts are not in dispute, the interpretation of those facts is
heavily disputed:  Because the referee's findings of fact are
supported by competent and substantial evidence, we accept them
as stated in the reports.  Those reports are set out as follows
(because they are identical, they have been consolidated into one
document):

  I. Findings of Fact as to Each Item of Misconduct With Which
 the Respondents are Charged:  After a hearing on the matter
 before me I find the following:
  On October 7, 1983, respondents executed a mortgage and
 security agreement on property they were purchasing for use as
 their law office.  The agreement required that no secondary
 financing on that real estate would be obtained without the
 express consent of the lender, Southeast Bank, N.A., and
 F.D.I.C. bank.

   On or before October 7, 1983, respondents had agreed with
 Robert F. Bluck, the seller, to secondary financing in lieu of a
 cash downpayment.  On October 7, they signed a mortgage
 agreement with Mr. Bluck for $50,000.00 on the subject real
 estate, and as consideration for the mortgage, executed a
 promissory note for $50,000.00.  Southeast Bank, N.A., was not
 informed of the mortgage agreement between the respondents and
 Bluck, nor was the mortgage ever recorded.

   The contract to purchase from Robert F. Bluck specified a
 deposit of $20,000.00, new mortgage of $150,000.00, and a
 balance of $30,000.00 to close.  On a personal financial
 statement, dated August 4, 1983 and submitted in support of the
 application for The $150,000.00 loan, respondents misrepresented
 that they had made a $20,000.00 downpayment on the subject
 property.  Based on representations made by respondents to
 Southeast Bank, N.A., the bank's mortgage loan report listed the
 equity of Siegel and Canter in the real estate as $50,000.00 and
 the source of equity as cash.

   On June 30, 1984, respondents submitted additional documents
 to Southeast Bank in support of an application for a $45,000.00
 loan to be secured by a second mortgage on the subject real
 estate.  On a balance sheet dated June 30, 1984, respondents
 listed the mortgage to Southeast Bank, N.A. as a liability, but
 did not disclose the mortgage to Bluck.

   On a personal financial statement dated July 1, 1984,
 respondents listed the mortgage balance on the first mortgage
 with the bank, but did not disclose the unrecorded mortgage with
 Bluck.  Loan officers at the bank again believed respondents to
 have $50,000.00 cash equity in the property, and were unaware of
 the debt to Robert F. Bluck.

   On August 10, 1984, respondents submitted to the bank a sworn
 affidavit representing that they were aware of no facts by
 reason of which the title to, or possession of, the subject
 property or any part of it or any personal property on it might
 be disputed or questioned.

   At the time of both loans in question, Southeast Bank, N.A.
 was insured under the Federal Deposit Insurance Act.

   II. Recommendation as to Whether or Not the Respondent Should
 Be Found Guilty:  I recommend that the respondents be found
 guilty of violating the following sections of the Code of
 Professional Responsibility:  Florida Bar Integration Rule,
 article XI, Rule 11-02(3)(a) (Conduct contrary to honesty); DR
 1-102(A)(4) (Conduct involving dishonesty or misrepresentation);
 DR 1-102(A)(3) (Illegal conduct).

   III. Recommendation as to Disciplinary Measures to be Applied:
 I recommend that the respondents receive a public reprimand, and
 be suspended from the practice of law for two weeks.  The
 suspensions of respondents, based on the same conduct, need not
 run concurrently.  I further order that respondents be assessed
 their share of the costs of these proceedings.


 We accept in their entirety the referee's findings of fact and
recommendations as to guilt.  However, we must reject the
referee's recommendations as to discipline.  The respondents are
guilty of a deliberate scheme to misrepresent facts in order to
secure full financing of their purchase.  We believe that this
sort of fraudulent activity cannot be sufficiently disciplined by
a two week suspension and public reprimand.  We do believe,
however, that the Bar's request for a ninety-one day suspension,
thus requiring proof of rehabilitation, is not warranted.

 Accordingly, we accept the referees findings of fact and
recommendations of guilt.  It is the judgment of this Court that
the respondents, Martha Siegel and Laurence Canter, be suspended
from the practice of law for a period of ninety days, commencing
30 days after the date of this opinion so that the respondents
may close out their business, protect the interests of their
clients, but accept no new business.  These suspensions are to be
served concurrently.  Judgment for costs in the amount of
$1,630.01 is hereby entered against respondent Siegel, and
judgment for costs in the amount of $1,679.51 is hereby entered
against respondent Canter, for which sums let execution issue.

 It is so ordered.

  McDONALD, C.J., and OVERTON, EHRLICH, SHAW, BARKETT, GRIMES and KOGAN, JJ.,
 concur.

------------------------------

Date: Sun, 19 Apr 1995 22:51:01 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 6--Cu Digest Header Info (unchanged since 19 Apr, 1995)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to  LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CUDIGEST <your name>
Send it to  LISTSERV@VMD.CSO.UIUC.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org
         In ITALY: Bits against the Empire BBS:  +39-464-435189
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES:  etext.archive.umich.edu (192.131.22.8)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

  JAPAN:          ftp://www.rcac.tdi.co.jp/pub/mirror/CuD

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu:80/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #7.50
************************************