Computer underground Digest    Tue  Dec 31, 1996   Volume 8 : Issue 93
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Field Agent Extraordinaire:   David Smith
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.93 (Tue, Dec 31, 1996)

File 1--Unamailer Attacks on Christmas Day
File 2--Gray Areas hit by Mailbomb at Compuserve
File 3--The xchaotic story (Re Xmas Mailbombings) (fwd)
File 4--Kevin Mitnick placed in solitary
File 5--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Fri, 27 Dec 1996 23:04:35 -0500 (EST)
From: ptownson@MASSIS.LCS.MIT.EDU(TELECOM Digest Editor)
Subject: File 1--Unamailer Attacks on Christmas Day

  Date--Fri, 27 Dec 1996 05:59:05 PST
  From--Eric_Florack@xn.xerox.com (Florack,Eric)
  Subject---Unamailer Strikes on Christmas

Some interesting notes about mail-site security in this news dispatch.
An interesting read, but perhaps a warning, as well. Passed onto all
of you without further comment:

/E

-=-=-=-=-=-=-=-=-=-=-==-=

CyberWire Dispatch / Copyright (c)1996/ December 26, 1996 /

Jacking in from the "Spam in the Stocking" Port:
Unamailer Delivers Christmas Grief

by Lewis Z. Koch
Special to CyberWire Dispatch

"johnny xchaotic," also known as the "Unamailer," is back, and
twenty-one individuals -- many of whom are deeply involved in the
Internet ---journalists, the heads of computer companies such as
Mircrosoft, politicians, and religious figures -- received a "denial
of service" Christmas present they wished they didn't have.

johnny, and possible friends of johnny, effectively halted these
individuals' ability to send and receive E-mail, a denial of service
attack which may take days to restore.

Among those hit were prominent journalists including magazine
columnist Joel Snyder, because, in xchaotic's words,"your last article
in 'Internet World' places all the blame of my actions on an innocent
person."  Also hit was the magazine's editor Michael Neubarth because
of his failure to "apologize" for what were termed journalistic
errors.''

Political figures, such as former Presidential candidate Pat Buchanan
and U.S. Senate wannabe David Duke, also were targets.  Religious
figures such as Pat Robertson and Billy Graham were subject to e-mail
bombings, as were members of the Church of Scientology and members of
the KKK.

Microsoft's Bill Gates, several people from the cable channel MTV also
were among those apparently attacked.  Others hit include Carolyn
Meinel who operates a "Happy Hacker" mailing list, the Klu Klux Klan,
MTV and the Nazi party.

All told, 21  individuals were hit, some, like Gates for the second
time.  This is the second time in six months that the work of one or
more individuals has exploited relatively simple vulnerabilities in
Internet e-mail lists.

The first attack, in August, targeted more than 40 individuals,
including Bill Clinton and Newt Gingrich and brought a torrent of
complaints from the people who found their names sent as subscribers
to some 3,000 E- mail lists. By comparison to the Christmas attack,
even that relatively modest attack sent enough e-mail to the targeted
recipients that it effectively halted their computers' ability to
process the messages.

This attack is estimated to involve 10,139 listservs groups, 3 times
greater than the one that took place in the summer, also at xchaotic's
instigation. If each mailing list in this attack sent the targeted
individuals just a modest 10 letters to the subscribers' computer
those individuals would receive more than 100,000 messages. If each
listing system sent 100 messages -- and many do -- then the total
messages could tally 1,000,000.

Once again, johnny xchaotic has offered an "open letter," given to
this reporter before it was scheduled to be posted throughout the
Internet, as a way to explain the reasons behind the attack. He also
taunted the FBI, telling the agency not to "waste tax dollars trying
to track me" because "there are a lot more dangerous people out there
you should be concentrating on."  (The complete letter will be
released shortly to the Net by johnny.)

The open letter, and the information outlining the e-mail blast, were
give to this reporter as the "attack" was concluding. The attack began
the evening of December 24 just before midnight and took four hours,
eight minutes and twenty-nine seconds.

"They [listserv-based mailing lists] could stop this kind of attack
tomorrow," one source close to johnny said, "if they only took the
simplest of precautions --like authentication."  Authentication is a
means by which the listing system, instead of agreeing to the
''subscription'' and then automatically forwarding tens or hundreds of
letters to the subscriber, would first ask if the person really wanted
to subscribe. This ''verification'' could come as an electronic mail
message to the subscriber asking for confirmation.

If this process had been in place, someone subject to an E-mail denial
of service attack would only receive one letter from each list-- that
one being the authentication confirmation query -- do you really want
this E-mail -- before sending on 10 or 100 messages.

"They're either too lazy or too dumb to do that -- so they have to pay
a price," this source said, indicating that the attacks would continue
until the administrators "get it right," indicating that johnny and
his friends want to pressure administrators into authentication.

In these kinds of instances, individuals who have been hit wind up
quickly canceling their e-mail accounts, thus passing the
responsibility for canceling the "subscription" back to the list
administrator. Many suspect the authentication-confirmation process is
viewed by listserv systems administrators as an inconvenience and
confusing to the subscriber and so, they just avoid it.

The attack, however, may be a violation of federal law, punishable by
up to five years in prison, or $250,000.00 in fines or both.  While
there are techniques for tracing this kind of attack when there is
advance warning, knowledgeable sources say that this kind of attack is
very difficult to trace once the attack has occurred.

johnny xchaotic has been labeled a 'Net terrorist,' which, according
to some, debases the meaning of the word "terrorism."  No one knows
who johnny is.  He was misidentified earlier by Internet Underground
magazine as a well known hacker who calls himself "se7en." This
identification proved false.

One person close to "johnny xchaotic" said the FBI and Secret Service
had been contacted about the illegality of this kind of hack but said
they had no interest in this kind of "Net" attack.  "We have bigger fish
to fry," was the response from law enforcement officials, according to
this person.  This attitude was confirmed by a former federal prosecutor
who said the few federal investigators who understood computers and the
Internet were stretched thin in their attempts to apprehend serious
cyber-criminals, or to pursue high profile but relatively unimportant
cases against hackers such as Kevin Mitnick. There has been a tendency
on the part of law enforcement and the media to grossly overestimate the
monetary damage caused by hackers.

"johnny"  and those close to him made it clear that there would be a
continuation of these kinds of email "denial of service" attacks.

These same sources say those few Federal investigators with the Secret
Service and the FBI who are computer literate and savvy about hacking
are stretched thin in attempts to solve serious multimillion dollar
computer crimes, the vast majority of which are committed by insiders
against the companies they work for.

It is far easier, these sources say, to track down, arrest and jail
16-year-old hackers who brag about their exploits to friends and fellow
hackers than to track down a true professional computer cracker on
assignment from one company to search and steal the files of a
competitor company. While it may take up to three years to investigate
and prosecute one important computer thievery case, teenage hackers can
be arrested every few months, thus improving the "stats" by which the
FBI and other agencies make their mark and their budgets.

This repeated E-mail denial of service attack will be sure to reignite
the debate about the "moral" issues surrounding hackers and hacking.
What may be ignored -- again --is the failure to rectify the problem
after the first attack back in August. Immediately following the first
E-mail bombing attack, the Computer Emergency Response Team (CERT) was
quick to tell the media that while they had no "solution," they had
"hopes" they would be able to "limit the impact" of these kinds of
attacks.  Today's three-fold attack showed that a six month period of
study  "hoping to limit the impact" has been futile.

Vital communications do not appear to have been slowed down.  The attack
is a major "inconvenience" to be sure.  Others argue that "complacency"
is the only true victim of this attack.

The temporary inconvenience caused by a few days loss of E-mail
privileges might seem to pale in significance with those who were killed
and maimed by the  terrorists' bombing of  the Federal Building, in
Oklahoma City, or at the World Trade Center in New York, or in Atlanta
at the 96 Olympics, or those who opened packages from the Unibomber and
were killed.

Prominent government officials like U.S. Deputy Attorney General Jamie
Gorelick have called for the development of the equivalent of a
"Manhattan project" to stop hackers, though the specifics of what kind
of "bomb" Gorelick would develop and on whom she would drop "the bomb"
are vague.

Unsafe at Any Modem Speed

On December 16, a computer attack against WebCom knocked out more than
3,000 Web sites for 40 hours, curtailing Website shopping.  The attack
--a "SYN-flood" -- sent as many as 200 messages a second against the
WebCom host computer. This was the same kind of attack that brought down
the popular New York Internet provider Panix for more than a week in
September.

While Seattle computer security consultant Joel McNamara is sympathetic
toward WebCom's users problems, he allows less leeway to the company.
"The SYN-flood denial of service attack has been known for months, and
there are a variety of solutions for addressing it," McNamara said, "I'd
be curious as to what, if any, security measures WebCom, a large
provider, had in place to deal with a well-known SYN-flood attack. If I
couldn't conduct business for 40 hours, I'd have some serious questions
to ask."

McNamara believes a great deal of the responsibility for the success of
these kinds of known attacks rests on the shoulders of managers and
systems administrators who do not fully "understand the implications of
poor security practices.  While the industry hasn't seen this happen
yet, it's just a matter of time before a customer files a lawsuit
against a service provider because of damages caused by ineffective
security," he predicts.

FBI agents have been undergoing some education in computer related
crimes, but sources say the educated ones are few in number and burdened
by too many cases.  On the other hand, the FBI has singled out small but
prominent hackers for arrest and prosecution, hoping the jailing of
these individuals who are  well-known to the Net would be a deterrent to
other younger people considering hacking.  The recent adolescent-like
hacking of the Department of Justice Web site seems to indicate that
hackers aren't all that deterred.

There are other indications that Web page hacks are going to become more
political, and perhaps even more dangerous than in the past.  The recent
hack of the Kriegsman Furs company  Web page by animal rights activists
indicates one new, sophisticated path.  In this attack, the hackers left
a manifesto, as well as links to animals rights sites throughout the
Web. How easy was it to do? "Security for the site was extremely weak,"
says McNamara, "The commonly known PHF exploit was likely used to
retrieve a system file, which contained a series of easy to crack
passwords." Presto, chango.  Pro-fur into anti-fur.

"It's too easy to pass the blame off on hackers," McNamara says.  Like
the keys in the car or in the front door, "maintaining an insecure site
is just an invitation to problems."  Those who were responsible for
today's denial of service attack were careful to repeatedly point out to
this reporter how "unsophisticated" their attack was and how easily it
could have been avoided if the list managers had only taken minimal
precautions.  "It's kind of like buying new locks and getting an alarm
system after everything in the house is stolen.  Sure it will probably
prevent it from happening again, but if you took the precautions in the
first place, the damn thing wouldn't have occurred," he concludes.

                         --------------------

Lew Koch can be reached at: lzkoch@mcs.net

------------------------------

Date: Tue, 31 Dec 1996 10:27:11 -0600 (CST)
From: Gray Areas <greyarea@gti.gti.net>
Subject: File 2--Gray Areas hit by Mailbomb at Compuserve

((MODERATORS' NOTE: Netta Gilboa, publisher of Gray Areas
Magazine, reports Compuserve's response to her queries about the
Christmas mailbombing))

gray areas got hit at out cserve acct over xmas.
cserve has chosen to deny this has ever happened there before
even though i know of at least 4 users there (including ross perot
and rush limbaugh who were definitely hit in the past).
cserve has refused to check the sendmail headers, to fix the
problem, to credit us for the time spent unsubscribing (cserve
charges by the minute to be online writing or reading mail), etc.
we don't even know the full extent of the newsgroups we got subscribed
to because cserve only stores 102 pieces of mail at a time :)
we feel cserve was grossly negligent by not having anyone with access to
the mail servers available on xmas (traditionally one of the biggest
hacking days of the year) and by having the entire corporate billing
dept. and corporate headquarters closed on xmas. by contrast, smaller
isp's like mindspring notified all of their users that their full
staff would be working on xmas because of possible problems like this
one.

we wish to publicize compuserve's abysmal response, the fact that
they lied knowing i was tape recording the calls regarding previous
incidents, and we are curious as to whether anyone else got hit at
the same time as generally that is the case with reporters... we may
be contacted at grayarea@gti.gti.net or grayarea@well.com for
however long those addresses hold out ;)

------------------------------

Date: Sun, 29 Dec 1996 14:10:14 -0800 (PST)
From: Declan McCullagh <declan@eff.org>
Subject: File 3--The xchaotic story (Re Xmas Mailbombings) (fwd)

((MODERATORS' NOTE: From the fight-censorship discussion group,
one of the best on the net, comes the following forwarded
commentary, allegedly written by the Xmas mailbomber))

=================

[A followup to the Christmas Day email bombings. --Declan]

---------- Forwarded message ----------

today's act of "cyber-terrorism" is brought to you by the
letters 'A', 'D', and the number '1'.  and the person who
brought it to you?  you know who you are. <p>

before i continue, lets have a quick look at a few interesting
comments from past articles as well as some notable quotes
from various fans. <p>

        "What's striking to me is how cowardly they are; anonymous,
         I mean, if you have something to say, say it." <p>
                                                - John Markoff <p>

        [signing a letter isn't quite anonymous John.] <p>


        "We're on Defcon 4 alert here, We expect an attack, possibly
         over the weekend. We said a lot of things in our special report
         the unamailer will not like. We called him names." <p>
                                                - Stephen Baldwin <p>

        [if i don't stop, will you call me more names?
         trying to insult me through name calling is quite
         childish of you.  amusing, but childish.] <p>


        "Clearly the guy's a nutcase, This guy should get a life instead
         of running around annoying people.",p>
	    - Helena Kobrin <p>

        [well, it looks like you and I have something in
         common.  difference?  you run around harassing people for
         a living.] <p>


        "I hope they hang this guy by some vital personal part, I don't
         know what he's trying to prove. He seems to be a smart guy with
         too much time on  his hands." <p>
	- John Markoff <p>

        [thanks for the compliment, i think.] <p>


        "I hope they fry the little fuck. Can I say 'fuck?'" <p>
                                                - Michelle Slatalla <p>

        [cry for me you insipid bitch.] <p>


from the Netly News:    He also calls himself, "Final Result." Desperate <p>
                        for publicity from the same people he ridicules,
                        FR posted a manifesto of sorts to.... <p>

[can we not read the last paragraph of the first letter i
posted?  that was a random hacked account.  we had nothing to
do with the name on it.] <p>


from every source:      "johnny xchaotic" <p>

[brackets indicate a group affiliation, not a last name.] <p>


from josh at Netly:     We wrestled long and hard over the journalistic
                        ethics of printing your "Manifesto." In the end,
                        we decided we had to do it, if only to get more
                        hits. Surely a man with your keen instincts for
                        the media spotlight can understand that, eh,
                        SpamBoy? <p>

                        Give it up, Unamailer. Come in from the cold. We're
                        waiting for your call. <p>

[i would guess this qualifies as the "names" Stephen talked
about.  if so, that was really pathetic.] <p>


and finally, after soliciting my article for Netly, Noah
decides to let Philip Elmer-Dewitt take a few cheap shots at
my article, without giving me a chance to reply.  if memory
serves, he apologized on the phone for that, but either way
it was a cheap move.  so, my reply to PED: <p>

  >going to need quite a bit of work. I find the "writing
  >style," as the author calls it, generally flabby and <p>

  come on PED, you should at least be able to admit that it is a little
  different than the lock and stock method you and the others use.  let me
  tell you what kind of excitement YOUR writing brings out. <cough> <p>

  >undisciplined. Why "certain well known public figures"?
  >If they're public figures, they're well known by <p>

  duh.  how much do you know about the head of the NSA?  he is a textbook
  definition of 'public figure', yet you probably don't even know his name.
<p>

  >definition, no? If he mailbombed the President, why not
  >say so? Also, note the overuse of the first person

  if you stole a car, would you tell the whole world?  no. <p>

  >singular. Why all these "i"s? We are not e.e. cummings. <p>

  i speak for more than myself. <p>

  >me. More important: I remain unconvinced by his central
  >argument. How can this possibly be the "first time in
  >history" that the average joe has the technical means to
  >take revenge? Has the author never heard of
  >saboteurs? The Luddites? Political assassins? Peasants
  ?have legitimate grievances; how far can a people's <p>

  gee.  are you trying to provoke me with this unfounded stupidity?
  remember, we talked on the phone.  i know you are not as inept as you
  sound right now.  since when have the luddites been grouped as a
  'technical revenge'?  yes, that does sound stupid now that you think about
  it, huh?  how many assassins have hit their mark AND gotten away to tell
  about it?  a very low percentage.  saboteurs is your best argument, but
  coupled with the rest is pathetic.  look at the above again and think
  about it.  the 'average joe' has the means to enact revenge, without
  getting caught, and doing equal or greater damaage.  it just hasn't been
  that way until now.<p>

  >revolt against a bad ISP? Finally, can we do something <p>

  incomplete sentence PED.  and you insult MY writing? <p>

  >about the byline? Johnny [xchaotic] seems so early
  >eighties. Hasn't this guy read anything since Neuromancer? <p>

  if you recall, i was correcting your outdated terms in your magazine.
  once again, another cheezy attempt to provoke me or something.  i can say
  one thing about the early eighties comment though.. at least i was on the
  net then.  how about you? <p>

  >On second thought, maybe we should just tell him his
  >story was spaced out by breaking news and thank him for
  >thinking of us. <p>

  how unappreciative.  i called you on my dime, and called back when you
  asked.  i did the same for Steve at IU, Noah at the Netly News, as well as
  other journalists.  i even wrote the article requested of me regarding all
  this.  instead of insulting your computer literacy, i chose to shed some
  light on a popular subject and show another viewpoint.  i'm afraid that is
  something that has long since escaped you and other journalists. <p>


so, that leaves me with today's letter (not manifesto).  i
would like to first give thanks to a few journalist types
(believe it or not). <p>

        Steve Knopper.  Steve has shown more than his share of
        proffesional courtesy in the past.  he also has shown
        that he is more than fair when writing articles by
        getting both sides of the story as well as remaining
        objective. <p>

        Noah Robischon.  despite a few minor annoyances, you too
        have extended some professional courtesy after a few
        poorly worded articles at the beginning.  if you could
        put a leash on josh, i think you would be more
        successful. <p>

        Lewis Koch.  thank you for going out of your way to get
        both sides of the story. <p>


the state of the net hasn't improved of course.  however, i can
say the quality of journalism has gone up one small step since
my last letter to the internet community.  i have noticed more
articles being written that are technically accurate, quote better
sources, or withold the typical bias found in most articles. <p>

that alone tells me something is going right.  wether or not i
had something to do with it doesn't really matter.  as long as
better journalism continues, the more i lay off.  of course,
there are plenty of other people who deserve some special
attention so my jihad continues. <p>

in the mean time, let me give thanks and/or greets to the
following people. <p>

        P0E: hey babe!  this act of terrorism is for you!
             keep up the great music, and feel free to
             write a song about me. :) <p>

        FBI: don't waste my tax dollars trying to track me.
             there are a lot more dangerous people out
             there you should be concentrating on. <p>


on a separate tangent..<p>

seems that since the late 50s, the government has been doing
its best to keep young citizens from exploring their full
potential.  rather than look at what they do and use it as
a template for fixing problems, they would rather put all of
their energy into jailing those that explore.  it started
with "beatniks", moved to "radicals", and has landed on
"hackers" <p>.

people like me point out problems in the system.  wether it is
the social system or computer system, it ends up with the same
result.  instead of responsible parties fixing the problem,
they are much too intent upon trying to place blame on the
people that found the problem.  don't make excuses, fix
the problem. <p>

one last thing before we move on.  so many articles today say
something along the lines of "the average person is vulnerable
to these evil terrorists".  wrong isn't quite the word for
it.  yes, everyone can be a victim, but why?  don't even
presume you are important enough to occupy my time or anyone
elses for that matter.  as usual, there are always bigger and
better fish to fry out there, why stop on the first step of the
ladder? <p>


on to the bombs... <p>

        76042.3624@compuserve.com     Netta Gilboa
        what does it take to make you realize you are not part
        of the scene, and that we don't want you in it?  all you
        do is cry about the injustices committed against you,
        but you won't take the hint and go away. <p>


        askbill@microsoft.com         bill gates <p>
        you still suck.<p>


        bb748@FreeNet.Carleton.CA     neo-nazi recruiter <p>
        misfitx@gnn.com <p>
        micetrap@cyberenet.net <p>
        the net is not a place to recruit more neo-nazi chimps. <p>


        cmeinel@swcp.com              carolyn meinel <p>
        your happy hacker mail list is demented.  you are trying
        to get those people busted, aren't you?  you give them
        enough rope for them to hang themselves with, and then
        try to preach about not using the information.  give up. <p>


        crunch@well.com               john draper <p>
        shouldn't have tried to narc me to the feds.  and you
        definitely shouldn't have bragged about doing so. <p>


        feedback@mtv.com              mtv <p>
        loveline3@aol.com             <p>
        minutes120@aol.com           <p>
        mtvnews@aol.com               <p>
        yomail96@aol.com              <p>
        you still censor your videos.  when will you realize the
        hypocrisy of your actions?  you talk about freedom of
        speech, but don't practice it. <p>


        grossa@sdsc.edu               helped track mitnick <p>
        mis@seiden.com        <p>
        each of you helped track down kevin mitnick.  in the
        process, you helped another felon gain public acceptance
        creating a double standard.  you should have been going
        after the real crook: tsutomu <p>


        hud@netcom.com                Co$ Supporter or Member <p>
        jaarobin@aol.com              <p>
        koreenb@jovanet.com          <p>
        vjohnson@psyber.com          <p>
        the cult of scientology needs to be shut down.  it is a
        criminal organization and should be treated as such. <p>


        jms@opus1.com                 joel snyder <p>
        your last article in 'internet world' places all the
        blame of my actions on an innocent person.  needless
        to say, you were wrong.  quality journalism is what
        you should strive for. <p>


        neubart@iw.com                editor of joel's article <p>
        unremorseful bastard.  you put someone else through a
        lot of shit over my actions, and didn't have the balls
        to apologize for it? <p>


        kkk@members.iglou.com         kkk <p>
        have a warm feeling knowing a nice white boy did this
        to you. <p>


        root@duke.org                 david duke <p>
        politics are fucked up already.  no need to drag even
        more fucked up individuals into the fray. <p>


        toddpeak@usa.net              todd stauffer <p>
        don't write about the internet until you actually know
        what it is.  you are way too sheltered to make such
        naive statements about the net. <p>


        root@cbn.org                  pat robertson <p>
        abradshaw@graham-assn.org     billy graham <p>
        "doing my part to piss off the religious right" <p>


        root@buchanan.org             pat buchanan <p>
        what part of "seperation between church and state" is
        so hard to understand?  changing the names of the days
        is just about the most fanatical thing i have heard in
        my life. <p>


once again, the internet can not be controlled by a single
body.  the religious fanatics fall into that category.  as
long as you try to control the net, people will slip
through your fingers.  the tighter your control, the more that
slip through.  i am one of many.. <p>


                           angry johnny<p>

------------------------------

Date: Sat, 28 Dec 1996 18:14:57 -0800
From: Rich Burroughs <richieb@teleport.com>
Subject: File 4--Kevin Mitnick placed in solitary

Source -  fight-censorship@vorlon.mit.edu

More on Kevin Mitnick.

http://cause-for-alarm.com/flash/mitnick.html

>>>>>>>>>

[updated Saturday, 28-Dec-96 17:48:32 PST]

Kevin Mitnick was placed in solitary confinement
yesterday for possessing reading materials related to
hacking. Mitnick, whose hacking exploits and capture
generated a media frenzy, is currently being held in the
Metropolitan Detention Center in Los Angeles. This is
not the first time he has been placed in solitary there.

I first learned of Mitnick's move to solitary through
the following email, sent by Fernanda Serpa:

"URGENT!!!

KEVIN MITNICK WAS PLACED UNDER SOLITARY CONFINEMENT
TODAY, DECEMBER 27 TH, AT 1.00 PM, ON THE GROUNDS OF
BEING A SECURITY RISK, DUE TO HIS READING LEGAL BOOKED
IN THE LIBRARY. IT IS OBVIOUS THAT HE WAS EXERCISING HIS
RIGHTS. WE ARE AFRAID THAT THE SANE THING THAT HAPPENED
IN NORTH CAROLINA IS HAPPENING AGAIN WHEN KEVIN WAS
PLACED IN SOLITARY CONFINEMENT FOR 7 DAYS AND HAD TO
WAYVE HIS LEGAL RIGHTS IN ORDER TO BE RELEASED. WE KNOW
THAT THE ONLY WAY FBI IS ABLE TO PRESSURE KEVIN IS
TROUGH SOLITARY CONFINEMENT. PLEASE, DO SOMETHING AND
INFORM THE PRESS URGENTLY ABOUT THIS SITUATION. WE ARE
DOING OUR BEST HERE.

FERNANDA SERPA
SUPPORT KEVIN CAMPAIGN"

Serpa, who maintains a web site supporting Mitnick,
further wrote me that "We do not have details about
yesterday's events concerning Kevin Mitnick..... His
cell was searched, and his personal belongings were
seized. MDC does not release any information
whatsoever.... Due to the case backgrounds, we are
concerned about Kevin's life and physical integrity."

Since receiving Serpa's email, I have confirmed the
story with a source who is knowledgeable about the
details of Mitnick's incarceration.

According to my source, Mitnick's additional punishment
came after a search of his cell revealed written
materials related to hacking, including back issues of
2600 magazine. The magazines were allegedly sent to
Mitnick by Emmanuel Goldstein, editor of 2600. Prisoners
are able to receive written materials if they are sent
directly from the publisher, and those materials are
routinely searched.

The reason the authorities gave for Mitnick's isolation?
He's a "security risk."

This latest twist in Mitnick's case begs several
questions: Why is Mitnick being punished for possessing
materials that he received through legitimate prison
channels? How can he possibly be a "security risk" when
he has no access to computers, and can't even use a
phone for anything but collect, operator-assisted calls?
Why place a prisoner in solitary confinement for their
choice of reading materials? And how much did Markoff
and Shimomura really make off of Mitnick's bust?

Ironically, several recent issues of 2600 covered the
imprisonment of Ed Cummings (aka Bernie S), a 2600
writer who was convicted of possessing a red box and
software capable of cloning cell phones. Cummings, who
was subjected to inhumane prison conditions, was
attacked by another inmate after being transferred to a
maximum security facility for "protective custody." He
received a fractured jaw and arm in the incident, and
was released soon after due to a grassroots protest
campaign. Cummings served about a year and a half in
jail.

Maybe Mitnick was reading 2600 to catch up on Cummings'
case, or maybe he was reading about how to do a SYN
flood, who knows? Either way, he wasn't going to be able
to do much with the information while behind bars.

I'll try to pass on more news about Mitnick's situation,
as it becomes available. Check back here for updates.

>>>>>>>>

Serpa's site is at: http://www.netmarket.com.br/mitnick
Kevin's defense fund is at: http://www.kevinmitnick.com/


Rich

--
Rich Burroughs, rich@cause-for-alarm.com
Editor and Publisher, cause for alarm
A web zine about electronic freedoms
http://cause-for-alarm.com/

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 5--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         In ITALY: ZERO! BBS: +39-11-6507540
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #8.93
************************************