Computer underground Digest Sun Jun 18, 1995 Volume 7 : Issue 50 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Triviata: How many Spams have C&S Done since April '94? CONTENTS, #7.50 (Sun, Jun 18, 1995) File 1--Review of Canter & Siegel's HOW TO MAKE A FORTUNE File 2--some info on the health spam File 3--C&S from a "Client's" Perspective File 4--"Hacking" a Moderated Newsgroup - Why it's wrong File 5--Flordia Bar v. Siegel & Canter (511 So.2d 995, 1987) File 6--Cu Digest Header Info (unchanged since 19 Apr, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 18 Jun 1995 20:43:54 CDT From: Jim Thomas <cudigest@sun.soci.niu.edu> Subject: File 1--Review of Canter & Siegel's HOW TO MAKE A FORTUNE _How to Make a FORTUNE on the Information Superhighway: Everyone's Guerrila Guide to Marketing on the Internet and other On-line Services_. Laurence A. Canter and Martha S. Siegel. New York: Harper Collins. 234 pp. $20 (cloth). Scott Adam's hilarious cartoon book, _Clues for the Clueless_, sprang to mind as I read _Fortune_. Some people just don't get it. When they write books about what they don't get, the result is like setting Ratbert at the typewriter to write a book about the Internet. I recognize that it's difficult to write a book. As most authors know, writing requires patience, considerable research, continual revision, feedback from respected colleagues, and polishing of the logic, prose, and logical organizational themes, qualities not evident in _Fortune_. Despite my strong feelings against spamming, of which Canter and Siegel (C&S) are self-proclaimed "experts," I was prepared to set aside my personal views and review their work solely on its intellectual and related merits. Having finished the volume, I find little substantative merit. It reads like a pulp rush job, the kind that appear a week after a major event, written by authors attempting to cash in on being "first with the worst." Perhaps this isn't surprising, considering that it was obviously written quickly (after April 1994, and in the bookstores in November). If _Fortune_ were an undergraduate project, I might, on a good day, give it a C+, mostly because of length. If it were a graduate paper, I would return it and require that it be more thoroughly researched and massively revised. Which means, I suppose, that Harper Collins, the publisher, has apparently begun accepting manuscripts that lie on the cutting edge of mediocrity. I resist adding that Harper Collins, in fact, now seems to accept manuscripts that lie, because there's a thin line between intellectual dishonesty and lying: It's always possible that falsehoods and argument by omission are the result of incompetence or stupidity rather than intentional distortion. Whatever the reasons, _Fortune_ impresses me as a mega-deception built around distortions, half-truths, and flat-out falsehoods. In fact, other than it's cyber-connected title, there normally would be little reason to review _Fortune_. At its best, it is poorly written, replete with contradictions, self-serving, and simplistic. At its worst, it is offensively illogical and filled with mean-spirited attacks, intellectual dishonesty and stunning falsehoods. Normally, such tomes are safely ignored. However, because of the demonstrable possibility that some readers of this volume might uncritically accept the main premise (fortune awaits you on the Internet), _Fortune_ requires a response. Three central themes weave through _Fortune_. The "first is a defense of advertising on the Nets that unequivocally advocates and defends "spamming." The second theme, evoking images of playground children acting out, resembles a vendetta: C&S use much of the book to attack, belittle, and even smear those who have in the past, might in the present, or will in the future, disagree with them. The final theme is avariciousness. Lest the attention-challenged miss the point, the authors repeat ad nauseam that fortune, riches, wealth, gold, money-making, and more awaits the reader on what they call the "I-way." DEFENDING SPAMMING Canter and Siegel were "absolutely amazed that there were people who could become so distraught over the appearance of a simple, commercial message on their computer screens (p. 21-22). The disingenuousness of this cavalier disregard for truth notwithstanding, it's even more amazing that--after bragging throughout the volume about how many people they could reach with their message, and advocating mass and indiscriminate mailings (to include circumventing gatekeeping in moderated groups), they believe the issue is a "simple message." All they did, they claim, was anger a few stodgy hotheads who feel they own the Net. Not on one page, not in one sentence, not even in a short phrase--do they acknowledge that people were offended by the mass and disruptively indiscriminate nature of that "simple" post. They defend their right to spam as a "free speech" issue, and label those who criticize them as hypocrites who would suppress freedom of speech (or worse). In an ironic bit of Orwellian double-think, Siegel even claimed in an October New York Times profile: Ms. Siegel. Freedom of speech has become a cause for us. I continue to be personally appalled at the disrespect for freedom of speech by this handful of individuals who would take over the net if they could. Surely they must have understood that spamming is to free speech as is vandalizing a lawn by continually throwing unsolicited flyers on it. It's unlikely that they'd recognize their spam as the cyber-equivalent of littering, but even they acknowledge that clogging the Nets might be a legitimate complaint. Sadly, they dismiss the complaint by attacking the Nets: ((Canter)): The most common objection I hear, that on the surface makes sense, is how it's going to clog everything up. The truth is what's clogging up the Usenet and the Internet is that there are just too many people on it (New York Times, Oct 16, 1994). Now I'm confused. First, C&S claim that their spamming technique is effective because there are so many of us out here, now approaching 50 million by some estimates, and then they argue that there are too many people clogging the Net. I guess it hasn't occurred to them that sending multiple identical posts to millions of Net-cloggers, coupled with the legitimate responses complaining about these posts, isn't a factor. Nah...it's not spam that's the problem. It's "old time internetters" who are "(S)teeped in Internet tradition that they seemed to hold as dear as life itself" who opposed any change in the status quo (p. 28), and who are "arguably short on maturity of attitude" and opposed to changes to the Net (p. 29). It's as easy to find jerks on the Net as it is to find them off the Net. After all, there is no Cyber Earp to force people to check their weapons of nastiness in a drawer before sitting down at the keyboard. It's not difficult to imagine some of the intemperate and hostile posts directed toward C&S, just as it's not difficult to imagine the excessive response of an enraged motorist who's run off the road by an urban cowboy on a Chicago highway. Generalizing from a particular, however, seldom provides an accurate picture, and C&S continually reduce Net life to a fabricated image of loathsome geeks, all of whom love wielding power (p. 192). This, they say, is why we need YOU--"you" presumably being the would-be fortune hunter to add to the Net clutter (Chapter 15). Astute readers will note that, to this point, I've produced little of substance to elaborate C&S's defense of spamming. That's because there isn't much. Their "defense" is reduced primarily to ignoring the issue, substituting the term "advertising" for "spamming," and lashing out at their critics. Criminologists have a name for this: NEUTRALIZATION. Neutralization theorists argue that criminals and others who violate fundamental social norms redefine their actions to make them appear socially acceptable, or at least less deviant. Neutralization techniques include 1) Blaming the victim, 2) Denial of harm, 3) Denying responsibility, 4) Condemning the authorities (who enforce laws) and 5) Appealling to higher values or loyalties. C&S, it seems, are heavy-into denial. They blame the victims of their disruption for complaining; they deny that they did harm; they deny not only responsibility for their acts, but refuse to recognize the acts at all; they condemn those (such as systems administators and others) for taking actions to reduce the harm, and they appeal the lofty goal of getting rich to justify their actions. There are, of course, other theories to explain their deviance, but none are as striking as the manipulation and twisting of reality that oozes from their text. Spamming? Hey, what's wrong with a little advertising? AVARICE I stopped counting the explicit allusions to "making a fortune," "getting rich," "making money--is there ever enough of it?", striking gold, and other plugs for pulling in a quick buck at about 50. Nothing wrong with making money, but the book reads like a get-rich-quick formula, with C&S at the center of the matchbook cover, just waiting for the reader to tear it off and send it in. At least matchbook covers are short reading. Consider: Would a spare $50,000 come in handy? How about an extra $100,000? That's what we made as a result of one night's work using our knowledge of the Information Superhighway. We're going to turn that knowledge over to you, so you can do the same thing we did. It's both easy and fascinating (p 2). The central premise is that the market-seeking reader can follow C&S's strategy--preferably as C&S clients, and reach those millions of Net-connected people, even if they don't want to be reached. Redundancy isn't necessarily a bad thing, but it's poor literary style, unless paid by the word, in which case redundancy is gold. Perhaps Harper-Collins ran out of copy editors last fall, because the repetitive references to making a fortune on the Internet detract from the message, even if we agreed with it. All that aside, other than alluding to their own good fortune, an allusion about which one could raise some doubtful questions of credibility, there is no evidence or convincing logic that one will get rich, let alone have happy results, as one recent C&S "client" learned (see Sue Giles' account in a post below). We don't know if one reporter's claim that C&S requested $500 for an interview is hyperbole or whether, perhaps, the request was intended as a joke. The sum was apparently not paid, and the interview not given. But, the anecdote is consistent with the book's avaricious theme. If Michael Milken wrote a book about cyberspace, I can imagine it resembling _Fortune_. GETTING EVEN There is nothing like a good vendetta in print to make for an enjoyable evening's reading. Unfortunately, the vendetta in _Fortune_ is neither clever nor well-directed. C&S take swipes at virtually the entire net. In fact, they seem to loathe Netters, both as a group and individually. Now is their chance to get even with all those people---even those with whom they've had no contact. The venom in their attacks, like their spam, often seems indiscriminate and off-target. They continually call computer folk "geeks." After all, they say, they call themselves that as a "badge of honor" (p. 179). We can quibble about whether the term is as ubiquitous or complimentary as they claim, but what isn't a quibble is that C&S don't use the term as a "badge of honor." They use it to demean, to belittle, and to describe especially those computer professionals who they feel did them wrong. One can imagine them using the common pejorative word to describe African-Americans and, when challenged, saying.....well, you get the idea. C&S aren't pleased with the Electronic Frontier Foundation (EFF), who, with its founders Mitch Kapor and John Perry Barlow, are part of the inbred Net community. They single out especially The EFF's Mike Godwin, and accuse him in a not-so-subtle swipe of taking a hypocritical attitude toward defending (their) freedom of speech: In May of 1994, believing that the EFF really did support freedom of speech in the same broad and democratic manner as did the ACLU, we initiated a discussion with Mike Godwin, an EFF lawyer. We wanted his views on the censorship issues raised by the behavior of electronic vandals and access providers who had pulled our account for performing the perfectly legal act of Internet advertising. We were amazed when Godwin stated to us that he was so busy sympathizing with those who opposed us, that he had no sympathy left for the other side. So much for freedom of speech (p. 194). Anyone with even the slightest familiarity with Mike Godwin knows that his commitment to freedom of speech is unwavering. They also know that Godwin is known for his willingness to help, without pay, those who need it. C&S, who claim to know the internet with the proficiency of experts, apparently don't know this. So much for experts. Along the way, reporter Brock Meeks, The WELL, author Howard Rheingold, and others, are adduced to show the "unlimited inbreeding of those who claim leadership" and wield power on the Net (pp 195-196). Even comedian Penn Jillette doesn't escape their attacks, as C&S allude to unattributed comments he made about Teri Hatcher (of tv's Lois and Clark) and C&S. This, they apparently feel, is evidence that shows how nasty the Net can be. It's interesting that the bulk of the text from the "Crimes in Cyberspace" chapter are devoted to non-criminals and non-criminal acts. From the chapter one would gather that the primary crime in cyberspace is failing to pay proper homage to Canter and Siegel. WHAT'S GOOD ABOUT THE VOLUME? It's rare that I've written a review in which I can't find something good to say. It's even rarer that I read one without finding something of value in it. Jeez, I was even sucked into Bridges of Madison County. But, I just can't find much worth in _Fortune_. Actually, I can't find ANY worth in it. Granted, a few chapters describe the Net, tell us that there are Macs and DOS computers, and give an overview of Gopher, the Web, and other topics. But, the descriptions are superficial and incomplete. They are also framed in too-cute headings, such as "Gopher the gold." In addition to the misrepresentation of the spamming incident, there are so many factual and logical flubs that either C&S did not do any serious research, or they did what they thought was research and botched it. Anecdotes are provided without citations, making it difficult to check the veracity. For example, the account of the Michigan "e-mail stalker" (p. 58) is not consistent with the facts of the nationally publicized stalking case in Michigan. It's impossible to determine which stalking case C&S refer to, however, because they fail to provide a site. The discussion of "Netiquette" is simply wrong---C&S depict it as invariant rules that a few power-hungry folk would impose on others. As anybody familiar with the Net knows, it's simply prescriptions of common courtesy. A table (p. 70) summarizing Usenet readership for the ten most popular newsgroups is either drawn from a very old source, or C&S misread it. For example, they cite alt.sex as having only 180,000 readers. This is a fraction cited by occasional Usenet Arbitron estimates, and even CuD has more total readers than the top-listed group cited by C&S, news.announce.newusers, which they list as 280,000. Some of these errors are gross, while others--such as claims of Usenet readership--are relatively minor. In the aggregate, however, they suggest that the authors have far less familiarization with their topic than they claim. In chapter 17, "Crimes in Cyberspace," a separate book could be written to correct the numerous errors. The history of the EFF is stunningly wrong, and they compound their errors with the claim that "The EFF was born to protect hackers" (194). Such an astonishing error suggests that they simply don't know what they're talking about. The misrepresentation of the PHRACK/E-911 case, in which they call the primary participant a criminal and tell the reader that he was convicted for computer theft is outrageous (p. 190). The stunningly erroneous misrepresentation of legal cases (eg, Brock Meeks' libel defense when sued by Benjamin Suarez, the Tennessee Amateur Action BBS "pornography" case, the David La Macchia case at MIT ((C&S also mistakenly call him Michael La Macchia)), and other summaries suggest the these lawyers have not only taken a few minutes to do some basic legal research, but are not aware of the most basic facts available to anyone who takes time to read the newspapers with minimal care. They tell us that "one of the main reasons Cyberspace crime is so rampant" is lack of face-to-face contact (p. 214), something that would likely come as a surprise to criminologists who study it. Perhaps the greatest irony is that they conclude the volume with 17 "Guidelines" that presumably specify ethical principles that Net advertisers should follow. If violation of those principles constitutes unethical behavior, then C&S might want to examine their ethics: I counted three principles that seem inconsistent with their spamming (identity, filtering, and sincerity), and others in which their book and dealings with a client might raise eyebrows (truth, omission, composition, and unprovable claims). Although this latter category would seem beyond the scope of Internet advertising, it does raise questions of intellectual integrity of claims and omissions C&S have presented in public. If the authors had taken the trouble to confront the issue of advertising on the Nets by examining appropriate methods and strategies, they could have contributed to a useful dialogue. If they had taken the trouble to examine the complexity and heterogeneity of the Net community, it could have been an interesting volume. If they had taken the trouble to explore the complexity of computer-mediated communication, they could have expanded their audience. If they had openly acknowledged or shown an understanding of the issues underlying spamming, instead of misrepresenting their own experience and lashing out at their victims, they might have won some of us over. Had they shown an awareness that some of us don't like our yards littered with flyers, had they been less mean-spirited, or had they even done a bit more research to avoid humiliating errors, they could have produced at least a mildly useful book for reference. They did none of this. The bibliography is sparce, there is no index, and I'm not sure what to do with my well-marked copy now that I'm done. Like P.T. Barnum said, one is born every minute. Maybe I'll send C&S my Scott Adams volume. ------------------------------ Date: Wed, 24 May 1995 17:38:02 -0500 (CDT) From: Chip Rosenthal <chip@chinacat.unicom.com> Subject: File 2--some info on the health spam I hesitate to bother moderators with this because it's really not on topic, but there might be some interest... I called the phone number in the posting to complain about somebody forging approval in a group that I moderate. The phone number is answered by a "fulfillment house". This is a company that answers questions, takes orders, and ships product. It is two or three steps above an answering service in the telephony food chain. The guy I talked to was willing to chat a bit. Some of the things I gleamed from the conversation: The book is published by a small company called Your Lifetime Health Planner. The guy stated that the spam was done with the assistance of a company called Cybersell. I asked for contact information, and he told me that people named Siegel and Larry Cantor were involved. He said he had a phone number for them, but it has been reported as disconnected. I got the impression that C&S charged on the order of a thousand bucks to launch this spam. He stated that a count of phone calls was being kept. It was at about 100 when I called. He also said that the company's owner was working with RTD.COM (the ISP) to resolve the problem. He said RTD.COM has received something like 3500 email messages. Also interestingly, he mentioned that the owner's husband is a lawyer. I suggested that Your Lifetime Health Planner was seriously mislead (potentially in a fraudulent fashion) about this form of advertising, and if the company had any sort of good reputation prior to this incident, it has been irreparably damaged. To me, these suggest that both criminal and civil proceedings might be considered. In fact, I suggested that they consider them. :-) My personal opinion is that both RTD.COM and YLHP are victims in this. I do NOT, however, hold YLHP blameless. They instituted the spam, and I will not absolve them of responsibility simply because they were ignorant of it. I hope they consider action against C&S. It would help them restore their reputation, and it would make amends for the damage they have done. The phone number in the posting was 520-798-1530. If you feel so inclined to express your opinion, I'd encourage you to do so. I also strongly encourage you NOT to be abusive to the people who answer the phone. They didn't do it, they don't know nothing, and all they can do is tally up the calls and pass along what people say. ------------------------------ Date: Thu, 15 Jun 1995 21:32:45 CDT From: Jim Thomas <cudigest@sun.soci.niu.edu> Subject: File 3--C&S from a "Client's" Perspective Sue Giles was simply looking for somebody to help her small company with some marketing advice. Instead, she walked into a hornet's nest stirred up by Laurence A. Canter and Martha A. Siegel, authors of "How to Make a Fortune on the Information Superhighway." Ms. Giles, a co-partner in The Life Time Health Planner, is the most recent client of May's Canter and Siegel-inspired net-spam. "Spamming" is the practice of flooding the Net with multiple and identical messages that are sent indiscriminately to multiple addresses and arrive in millions of Usenet groups and private mailboxes. In fact, Canter and Siegel brag in their book that they can reach 30 million people quickly, cheaply, and effectively in a "no-wait marketing campaign" (pp 38-46). In their book, and according to one client, they bill themselves as "pioneers" and experts in the spamming technique, which they see as nothing more than "advertising" protected by the First Amendment. It is unfortunate that writing a book tends to confer an aura of respectability and credibility on the authors, even if it isn't deserved. It's this aura that contributed to Sue Giles's belief that Canter and Siegel were experienced cyber-marketers. WHO IS SUE GILES? Sue Giles, with two friends, puts out a legitimate product called The Life Time Health Planner. The Planner is a 5 by 7 binder with various categories for organizing personal and family medical history. It sells for $19.95, and provides a means to chart medicines, health problems, and other information that will help track family medical problems through life. Those of us who have dealt with aging parents, childhood illnesses, and similar problems recognize the value of such a tool. The last thing Sue Giles wanted was to convey the negative image of her product that she feels resulted from Canter and Siegel's "expertise." In looking for an inexpensive way to advertise the planner, a friend mentioned the Internet to her. Although the friend knew little about the Net, he was aware of Canter and Siegel's book. Because they were in the area in Arizona, the friend encouraged Ms. Giles to contact C&S, and together, the friend and Ms. Giles, met with them. Ms. Giles isn't on the Net, has no e-mail address, has never read a Newsgroup, and knows nothing about the way messages travel. She believed Canter and Siegel when they told her it was an honest and legitimate way to reach an audience. As she later said, "I didn't even know what questions to ask them. I was a soft-sell." But she tried. The following is her account of the scenario. Ms. Giles told CuD that when her friend initiated contact with Canter and Siegel, they assured him that they were "the Internet marketing people." They re-affirmed this claim when Ms. Giles spoke to them, and assured her that they were experts. And, why shouldn't they believe C&S? After all, C&S wrote a book, and in that book they declared themselves "an instantly established leader" in the field. In fact, when the New York Times (October 16, 1994) did a featured profile on Canter and Siegel, the reporter asked: Question: Are you really the ones who ought to be writing such a book? Answer: Ms. Siegel: Who would be better? We know exactly what's going on. We know exactly how it should be done. Canter: We know all the pros and cons we experienced everything positive and negative. Hey, it's in the New York Times, so it must be true. But, Ms. Giles asked how many previous clients they provided a similar service to, and they told her, she said, over a dozen. Had she read the New York Times profile, in which C&S claimed that they "have over 100 people who are involved with us now," she might have asked for some clarification about the apparent discrepancy in figures. She asked for a reference, and they gave her the name of a "client" who had recently spammed the net with an an add that began as follows: Date--9 Feb 1995 03:35:10 -0500 From--ccapc@CYBER.SELL.COM(Consumer Credit Advocates) Subject--<ad> GUARANTEED CREDIT REPAIR BY LAW FIRM Consumer Credit Advocates, PC 11 Pennsylvania Plaza, Suite 2101 New York, NY 10001 (212) 629-5261 (telephone) (212) 629-4762 (fax) E-MAIL--ccapc@cyber.sell.com Our LAW FIRM offers direct guaranteed effective credit restoration services by experienced attorneys. THIS IS NOT A DO-IT-YOURSELF KIT. She called the "client" and, in a brief conversation, was told that the client had many responses. What she was not told, either by the client or by Canter and Siegel, was that the client received hostile responses, both on e-mail and to the telemarketing service who answered the telephone. Canter and Siegel only told her, she said, that there were some people on the Internet who believe that ads don't belong on the net, and that something new can upset some people. What they DID NOT tell her, to the best of her recollection, is that they, Canter and Siegel, faced disciplinary problems in Florida (see the accompanying post in this post detailing the C&S legal problem in Florida). Nor did they tell her that they, Canter and Siegel, had lost their accounts on other systems for their spamming technique. Nor did they tell her that their own "expertise" was not sufficient to give them a reliable e-mail or www site, which, to our mind, is a sign that the "experts" might not be what they claim. Nor did they indicate that that they were not simply "advertising," but provoking with an in-your-face strategy that would generate backlash that would make her next few weeks a nightmare. In short, by Ms. Giles account, C&S omitted significant information that, had she known it, would have given her significant second thoughts. When CuD informed her of some of the facts surrounding C&S, their reputation, their apparent misrepresentation, and their previous legal problems in Florida (some of which she had learned after-the-fact), she indicated that she would not have utilized their services had she known of all this at the time. Ms. Giles was charged $995 for what by all accounts is a relatively simple procedure (net spamming, disruptive as it is, is hardly high-tech). In their book, C&S note that a "Geek" wrote their program in "a matter of days" for $12 an hour (pp 183-184). Despite his labors, they belittle him in their book, even though respecting his request for anonymity. According to Ms. Giles, she was asked if she had an Internet account. She did not, but she had a friend who did. The friend--believing that nothing extraordinary would occur--allowed use of the account. C&S apparently logged on via telephone (rather than from their own system on cyber.sell.com), and what happened next is described by Mark Beeson of rtd.com: From--mark@nin.com (Mark Beeson) Newsgroups--news.admin.net-abuse.misc Subject--NOTICE--Free Health Spam INFO Date--24 May 1995 18:09:01 GMT Let me introduce myself. I'm Mark Beeson, the one who generated the cancel messages for the Free Health Spam. You may reach me at mark@rtd.com. I am, more or less, news administrator for RTD Systems & Networking, Inc., a Tucson-Arizona based Internet Provider. All comments about this ordeal should be directed to me. Yes, I know the cancel messages were possibly broken, and I'm sorry, but I'm sort of a newbie at auto-cancelling messages. Anyways.. a little information.. FIRST: David Siegel is in no way related to Martha Siegel. So all the "conspiracy theories" can be thrown out the window. Okay, now for the real info: - Last night at approximately 9PM MST I received e-mail from one of our users complaining about a message in comp.infosystems.www.authoring. I sighed and looked at the message. - 9:15 PM -- This same user complains that the message is showing up "everywhere in the rec.* hierarchy". At this point my heart rate begins to go on a rollercoaster ride. - 9:30 PM -- I am logged into the news machine (baygull.rtd.com) and executing a find . -print | xargs grep baygull on each of the major news hierarchies. Results of that: - comp.* was the worst hit, with 790 groups hit. - rec.*, sci.*, soc.*, bit.*, biz.*, and misc.* each got about 150 groups hit. - Unfortunately I was not able to target the alt.* groups because the command you see above always terminated with a broken pipe. (Probably because of the enormous amount of newsgroups one step away from the top level). I am told, however, that someone is working on auto-cancelling the alt.* messages. - 10:00 PM -- I have hastily written up a perl script to generate cancel messages and pipe them into inews. Yes, I know this perl script had errors in it, and unfortunately it cancelled approximately 20 articles that did not appear at our site. For that, I'm sorry, but again, I was rather rushed. - 10:15 PM -- I do another grep on the sci.* hierarchy, and find that the output is _larger_. Much to my horror, I realize what has happened and quickly execute (as superuser) top, look and see who is doing what on the system, and find user "trasoff" running a ".may" command, and also a few instances of inews. I kill these in a heartbeat, and disable the account. - 3:00 AM -- The perl scripts finish up with the last of the comp.* messages and I go home and fall asleep in a cold sweat, sensing impending doom. IMPORTANT INFO HERE: - 9:00 AM -- I am awakened by the phone. Our office has called me, and according to them, the user trasoff@rtd.com is part of a company who contacted CyberSell (Lawrence Canter and Martha Siegel, who we all know and love). Apparently Lawrence Canter logged onto our machine by calling long distance from Phoenix and executing a perl script that invoked inews for a long list of newsgroups. I apparently caught this script in the middle of rec.*. The veracity of whether CyberSell is actually responsible for this or not is unknown (by me at this time). - 10:00 AM -- I log in from home, to find 1400 messages in my inbox. It's currently 11:08, and I'm sure I'll have more details for everyone as I get them. Speaking for RTD Systems & Networking, Inc., --Mark -- Mark Beeson | Same Broken (MB178) President, Neural InterNetworking To my mind, Ms. Giles' primary "flaw" is that she (and the person who directed her to C&S) are decent, trusting people who assume that people are basically "good." This is fine, unless you deal with people with a record of misrepresentation. Had she read the book prior to her experience (she began reading it only afterwards), and had she been aware of C&S's reputation, alarm bells might have gone off. However, Ms. Giles indicated that she's hesitating, at this point, to define her experience as one of "victimization:" I can't say that I've been victimized....I should have investigated more. You do have to take responsibility for your own mistakes, and we made a mistake. We didn't want to give this kind of image to our business. But, what if she had read the decision of the Florida Supreme Court (The Florida Bar v. Martha Siegel and Laurence Canter, 511 So.2d 995, 1987), of which the following is an excerpt? In an attorney disciplinary proceeding, the Supreme Court held that engaging in deliberate scheme to misrepresent facts to senior mortgagee in order to secure full financing of purchase for law office warrants 90-day suspension from practice of law. Suspension ordered. Engaging in deliberate scheme to misrepresent facts in order to secure full financing of purchase used for law office, giving vendor junior mortgage contrary to promise to senior mortgagee, misrepresenting amount of down payment to senior mortgagee, failing to report junior mortgage to senior mortgagee in connection with application for loan secured by another junior mortgage, submitting personal financial statement without disclosing junior mortgage, and submitting sworn affidavit to senior mortgagee that no facts existed as basis for dispute as to title violate rules that prohibit conduct involving dishonesty or misrepresentation and illegal conduct and warrant 90-day suspension from practice of law. Had Ms. Giles been on the Net in 1994, she might have read the post in comp.org.eff.talk that raised further questions about C&S's legal practices, and an excerpt, described as a press release under the heading of the Tampa Office of the Florida Bar dated 13 October, 1988, read as follows: SUPREME COURT GRANTS ATTORNEY'S PETITION TO RESIGN PERMANENTLY TALLAHASSEE, Oct.13-- The Florida Supreme Court has granted attorney Laurence A. Canter's petition to resign permanently, effective November 7, 1988. ........... Several of the complaints against Canter involved his failure to file the necessary or appropriate documents with the United Stated Immigration and Naturalization Services in matters of permanent residency and work visas. In addition, Canter refused to refund clients' funds and neglected to notify his clients that he has been suspended from the practice of law as a result of a previous discipline. There appears to be sufficient evidence to indicate that Canter and Siegel are not strangers to misrepresentation, as the disciplinary ruling demonstrates. Their book is fraught with misrepresentation of the "Green Card incident" (see the review in this CuD issue). And, if Ms. Giles' account of her experience is correct, it appears that substantial questions arise about their ethics and honesty in their latest spam. Ms. Giles indicated that she would try to meet with C&S within the next few weeks to discuss the incident, and would not decide what course of remedial action to take, if any, until that time. I would suggest several questions that she might ask them at that meeting, including (but hardly limited to): 1. Why did C&S not tell her up-front that, from their previous experience, the response to her "spam" likely would be swift, hostile, and stir up a hornets nest? If Ms. Giles is correct, C&S minimized this possibility by alluding only to "a few" people who would be upset by "advertising." 2. Why did C&S not tell Ms. Giles that the issue isn't advertising, but spamming? Why did they not fully describe the practice and assure that she knew what she was getting into? 3. How can C&S, in their book (p. 230) claim on one hand that Internet users have the right to filter out inappropriate messages, while on the other describing in their book (pp 101, 105) ways to circumvent this right? Why did they not tell her that what they would do for her would unequivocally violate this guideline? 4. Why did C&S charge $995 for such a relatively simple task? 5. Ms. Giles recollects that C&S claimed to have over a dozen satisfied clients of, she understood, this mass-mailing technique. In the October New York Times profile, Canter stated: Canter: We have over 100 people who are involved with us now. We plan to have a grand opening soon, primarily on a Web site. Perhaps I'm mistaken, But I remember only two (prior to Ms. Giles): The Green Card spam in April, 1994, which doesn't count as a "client," because C&S did it on their own behalf, and the Feb. 9, 1995, "guaranteed credit repair" spam, which originated from cyber.sell.com. Were there others? Ms. Giles might ask for the list of that dozen plus and contact them. And, who are those 100 other people with whom C&S claimed involvement? Were these customers? Inquirers? The implication from the the October article was rather clear: C&S were phenomenally successful in acquiring customers for their Internet marketing business. They did, after all, claim to have made $100,000 in one night's work (_Fortune_, p. 2). If so, how come there were (if in fact there were) only a shadowy dozen seven months later? Ms. Giles might ask for some precise details on precisely who C&S have had as clients to justify their claim of "expertise" in this form of marketing. 6. Why, Ms. Giles might ask, would C&S not possess or use their own account if they are the "experts" and if this marketing strategy is so successful? Shouldn't one be proud to have their name, cyber.sell.com, associated with a product in which they are a professed leader? In fact, why does e-mail sent to cyber.sell.com bounce? Why is it described as "unreachable?" Why are attempts to access the web site mentioned in the book timed-out? Shouldn't Internet experts have a reliable account of their own? 7. Ms. Giles has absolutely no recollection of even a hint that the account and the system from which her messages originated would receive such dramatic feedback, as Mark Beeson at rtd.com describes above. Why did they not warn her of the risks? 8. In their book (p. 230), C&S explicitly state that distribution should be limited to the demographics and interests of the targeted newsgroups. Yet, in both the text of their book and in their practice, they explicitly violate this guideline. Why did they not tell her that they advocate such violation and that their "service" would indiscriminately hit all groups? 9. Why did they not explain to Ms. Giles the meaning of the book's subtitle, "Guerrilla Guide to Marketing?" The list could be expanded, but my guess is that C&S would be hardpressed to answer most, if not all, of those questions in a way that would provide a consistent explanation for their practices. In addition to Ms. Giles experience with C&S, her introduction to Netfolk was, she said, equally as troubling. C&S only took her money. The harassing phone calls she received extended far beyond acceptable limits. Netters can be verbally vicious, and she felt the brunt of some nasty phone calls. The spam hit just as she was preparing for her daughter's wedding. During what should have been an exciting time of celebration, she was confronted with death threats and hate-calls, which involved both her and her family. When told that on many newsgroups she was perceived sympathetically and as a victim, she was surprised, because all she heard was the hostility and threats from callers. When told that, while some might see her as a villain, the cooler heads were advocating calm and emphasizing that the source, not the "victim" should bear the brunt, she said quietly, "Tell them 'thank you.'" Ms. Giles impressed me as gentle, laid back, and a sincere person trying to market a strong product. She and her marketing friend have class. They may or may not make their fortune off the Internet, but they will retain their credibility and class long after Canter and Siegel have left the scene. There is one passage in the C&S book that, in retrospect, seems prophetic: "....a high price tag on a consultant's time is no assurance that you are getting what you pay for" (p. 185). ------------------------------ Date: Thu, 8 Jun 1995 09:56:33 -0500 (CDT) From: Chip Rosenthal <chip@unicom.com> Subject: File 4--"Hacking" a Moderated Newsgroup - Why it's wrong In their latest net.attack, Canter and Siegel left no newsgroup untouched. That includes comp.society.cu-digest -- the Usenet group that distributes the CuD. Their attack on this very digest demonstrates why their actions are reprehensible, and illustrates some of the costs of their inappropriate behavior. On most of the Usenet, anything goes. People can post whatever and wherever they want. (Of course, the local constable might want to talk to you if you elect to post certain sorts of materials.) Only common courtesy and established convention prevent people from spewing megabyte binary programs or inappropriate advertisements into discussion groups. Except in the case of the ignorant (the so-called "newbies") and the socially maladjusted (such as the "spammers"), courtesy and convention are enough to hold the net together. Not all the net is open in that way. A small number of groups, such as comp.society.cu-digest, are "moderated". When you send a message to a moderated newsgroup, that message is not posted to the net, but instead routed to the group's moderator via email. The moderator will review the message, and, if approved, post it to the net. The moderator adds a special token to the message that tells the Usenet software, "This has been approved. Go ahead and post it." There is nothing particularly magical or secret about this token. It is openly documented in the Usenet transport standard (RFC-1036). It is trivial for anybody who knows this token to bypass the moderation mechanism. The news software doesn't look at the approval token very closely. All it does is see that one is there. You can use "eat me! I'm spam!" as your token, and the Usenet software will accept it. Any idiot can bypass the moderator -- even a pair of Phoenix lawyers. Moderators have a widely recognized right (some would say a duty) to remove rogue postings that bypass the moderation process. Ironically, it is easier to create a rogue message than it is for a moderator to remove it. The moderator does this by transmitting a cancellation request control message. The news software verifies that the cancel request appears to come from the original sender, so the moderator must masquerade as the sender of the rogue posting. For better or worse, this is not particularly difficult to do this. It must, however, be done *precisely* correct. A single miniscule discrepancy, and the Usenet software will disregard the moderator's cancellation request. I am the moderator of comp.society.cu-digest. While most moderators are responsible for the newsgroup's content, I merely operate a gateway that distributes the CuD throughout Usenet. Nonetheless, I have the authority to delete rogue postings from this group. When the C&S spam posting hit comp.society.cu-digest, I acted on that authority. I generated a cancellation message to remove their posting. But I goofed! I botched the header, and the news software refused the request. (Hey! Not my fault! This new "inews" works differently than the old one.) This botch, unfortunately, had a horrible consequence. Certain conventions have evolved for spam-removal cancellation messages. Without these conventions, the cure could be worse than the disease. More net bandwidth and disk space could be burned by de-spam control messages than was wasted on the original spam. The conventions prevent this. These conventions allow the news software to recognize duplicate cancellation requests. The duplicates are discarded rather than passed along through the network. My botched attempt followed these conventions. As I result, not only did I fail to remove the rogue posting, I actually inoculated it! Any attempt additional attempt to remove the message was rejected as a duplicate. Fortunately, a lot of people committed similar mistakes as me. Chris Lewis noted the problem, and issued a batch of de-spam control messages following an alternate convention. These messages *were* accepted, and the spam eventually was deleted. A lot of people wasted a lot of time cleaning up after the latest C&S spam. This illustrates one of the tangible results of their misuse of the net. I believe this incident shows how the C&S net.marketing tactics are bankrupt and phony. They wave their hands and spew rhetoric about how the net is becoming commercialized and only a handful of old farts oppose their efforts. Even stipulating the perverse C&S view of the net, the most you can do is justify the spamming of open newsgroups. When C&S break into moderated newsgroups, they demonstrate their rhetoric is nothing more than dishonest rationalization. ------------------------------ From: eck@panix.com (Mark Eckenwiler) Subject: File 5--Flordia Bar v. Siegel & Canter (511 So.2d 995, 1987) Date: 7 Jan 1995 01:36:33 -0500 Most of you have probably seen the 1988 report documenting Canter's (and Siegel's) resignation from the Florida Bar. However, that report mentions their prior suspension "as a result of a previous discipline," which has not (to my knowledge) been publicized. Below is the text of the 1987 Florida Supreme Court decision suspending our two friends for 90 days. Best line: "The respondents are guilty of a deliberate scheme to misrepresent facts in order to secure full financing of their purchase [of the real estate in question]." (Although I've crossposted this article to all the groups where C&S discussion seems to be happening, I've also limited followups in the spirit of good net.citizenship.) ======================= THE FLORIDA BAR, Complainant, v Martha SIEGEL, Respondent. THE FLORIDA BAR, Complainant, v LAURENCE CANTER, Respondent Nos. 68956, 68957. Supreme Court of Florida. Sept. 10, 1987. 511 So.2d 995 In an attorney disciplinary proceeding, the Supreme Court held that engaging in deliberate scheme to misrepresent facts to senior mortgagee in order to secure full financing of purchase for law office warrants 90-day suspension from practice of law. Suspension ordered. John F. Harkness, Jr., Executive Director and John T. Berry, Staff Counsel, Tallahassee, and Thomas E. DeBerg, Asst. Staff Counsel, Tampa, for complainant. John E. Lund, Tampa, for respondents. PER CURIAM. These disciplinary proceedings are before us on complaint of the Florida Bar and the reports of the referee, which are contested by the Bar and by both respondents. We have jurisdiction, article V, section 15, Florida Constitution. These complaints involve alleged misrepresentations made by the respondents, as law partners, in connection with the purchase of the building used primarily as their law offices. While the facts are not in dispute, the interpretation of those facts is heavily disputed: Because the referee's findings of fact are supported by competent and substantial evidence, we accept them as stated in the reports. Those reports are set out as follows (because they are identical, they have been consolidated into one document): I. Findings of Fact as to Each Item of Misconduct With Which the Respondents are Charged: After a hearing on the matter before me I find the following: On October 7, 1983, respondents executed a mortgage and security agreement on property they were purchasing for use as their law office. The agreement required that no secondary financing on that real estate would be obtained without the express consent of the lender, Southeast Bank, N.A., and F.D.I.C. bank. On or before October 7, 1983, respondents had agreed with Robert F. Bluck, the seller, to secondary financing in lieu of a cash downpayment. On October 7, they signed a mortgage agreement with Mr. Bluck for $50,000.00 on the subject real estate, and as consideration for the mortgage, executed a promissory note for $50,000.00. Southeast Bank, N.A., was not informed of the mortgage agreement between the respondents and Bluck, nor was the mortgage ever recorded. The contract to purchase from Robert F. Bluck specified a deposit of $20,000.00, new mortgage of $150,000.00, and a balance of $30,000.00 to close. On a personal financial statement, dated August 4, 1983 and submitted in support of the application for The $150,000.00 loan, respondents misrepresented that they had made a $20,000.00 downpayment on the subject property. Based on representations made by respondents to Southeast Bank, N.A., the bank's mortgage loan report listed the equity of Siegel and Canter in the real estate as $50,000.00 and the source of equity as cash. On June 30, 1984, respondents submitted additional documents to Southeast Bank in support of an application for a $45,000.00 loan to be secured by a second mortgage on the subject real estate. On a balance sheet dated June 30, 1984, respondents listed the mortgage to Southeast Bank, N.A. as a liability, but did not disclose the mortgage to Bluck. On a personal financial statement dated July 1, 1984, respondents listed the mortgage balance on the first mortgage with the bank, but did not disclose the unrecorded mortgage with Bluck. Loan officers at the bank again believed respondents to have $50,000.00 cash equity in the property, and were unaware of the debt to Robert F. Bluck. On August 10, 1984, respondents submitted to the bank a sworn affidavit representing that they were aware of no facts by reason of which the title to, or possession of, the subject property or any part of it or any personal property on it might be disputed or questioned. At the time of both loans in question, Southeast Bank, N.A. was insured under the Federal Deposit Insurance Act. II. Recommendation as to Whether or Not the Respondent Should Be Found Guilty: I recommend that the respondents be found guilty of violating the following sections of the Code of Professional Responsibility: Florida Bar Integration Rule, article XI, Rule 11-02(3)(a) (Conduct contrary to honesty); DR 1-102(A)(4) (Conduct involving dishonesty or misrepresentation); DR 1-102(A)(3) (Illegal conduct). III. Recommendation as to Disciplinary Measures to be Applied: I recommend that the respondents receive a public reprimand, and be suspended from the practice of law for two weeks. The suspensions of respondents, based on the same conduct, need not run concurrently. I further order that respondents be assessed their share of the costs of these proceedings. We accept in their entirety the referee's findings of fact and recommendations as to guilt. However, we must reject the referee's recommendations as to discipline. The respondents are guilty of a deliberate scheme to misrepresent facts in order to secure full financing of their purchase. We believe that this sort of fraudulent activity cannot be sufficiently disciplined by a two week suspension and public reprimand. We do believe, however, that the Bar's request for a ninety-one day suspension, thus requiring proof of rehabilitation, is not warranted. Accordingly, we accept the referees findings of fact and recommendations of guilt. It is the judgment of this Court that the respondents, Martha Siegel and Laurence Canter, be suspended from the practice of law for a period of ninety days, commencing 30 days after the date of this opinion so that the respondents may close out their business, protect the interests of their clients, but accept no new business. These suspensions are to be served concurrently. Judgment for costs in the amount of $1,630.01 is hereby entered against respondent Siegel, and judgment for costs in the amount of $1,679.51 is hereby entered against respondent Canter, for which sums let execution issue. It is so ordered. McDONALD, C.J., and OVERTON, EHRLICH, SHAW, BARKETT, GRIMES and KOGAN, JJ., concur. ------------------------------ Date: Sun, 19 Apr 1995 22:51:01 CDT From: CuD Moderators <cudigest@sun.soci.niu.edu> Subject: File 6--Cu Digest Header Info (unchanged since 19 Apr, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CUDIGEST <your name> Send it to LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: Bits against the Empire BBS: +39-464-435189 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu:80/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.50 ************************************