Computer underground Digest Tue Dec 31, 1996 Volume 8 : Issue 93 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.93 (Tue, Dec 31, 1996) File 1--Unamailer Attacks on Christmas Day File 2--Gray Areas hit by Mailbomb at Compuserve File 3--The xchaotic story (Re Xmas Mailbombings) (fwd) File 4--Kevin Mitnick placed in solitary File 5--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 27 Dec 1996 23:04:35 -0500 (EST) From: ptownson@MASSIS.LCS.MIT.EDU(TELECOM Digest Editor) Subject: File 1--Unamailer Attacks on Christmas Day Date--Fri, 27 Dec 1996 05:59:05 PST From--Eric_Florack@xn.xerox.com (Florack,Eric) Subject---Unamailer Strikes on Christmas Some interesting notes about mail-site security in this news dispatch. An interesting read, but perhaps a warning, as well. Passed onto all of you without further comment: /E -=-=-=-=-=-=-=-=-=-=-==-= CyberWire Dispatch / Copyright (c)1996/ December 26, 1996 / Jacking in from the "Spam in the Stocking" Port: Unamailer Delivers Christmas Grief by Lewis Z. Koch Special to CyberWire Dispatch "johnny xchaotic," also known as the "Unamailer," is back, and twenty-one individuals -- many of whom are deeply involved in the Internet ---journalists, the heads of computer companies such as Mircrosoft, politicians, and religious figures -- received a "denial of service" Christmas present they wished they didn't have. johnny, and possible friends of johnny, effectively halted these individuals' ability to send and receive E-mail, a denial of service attack which may take days to restore. Among those hit were prominent journalists including magazine columnist Joel Snyder, because, in xchaotic's words,"your last article in 'Internet World' places all the blame of my actions on an innocent person." Also hit was the magazine's editor Michael Neubarth because of his failure to "apologize" for what were termed journalistic errors.'' Political figures, such as former Presidential candidate Pat Buchanan and U.S. Senate wannabe David Duke, also were targets. Religious figures such as Pat Robertson and Billy Graham were subject to e-mail bombings, as were members of the Church of Scientology and members of the KKK. Microsoft's Bill Gates, several people from the cable channel MTV also were among those apparently attacked. Others hit include Carolyn Meinel who operates a "Happy Hacker" mailing list, the Klu Klux Klan, MTV and the Nazi party. All told, 21 individuals were hit, some, like Gates for the second time. This is the second time in six months that the work of one or more individuals has exploited relatively simple vulnerabilities in Internet e-mail lists. The first attack, in August, targeted more than 40 individuals, including Bill Clinton and Newt Gingrich and brought a torrent of complaints from the people who found their names sent as subscribers to some 3,000 E- mail lists. By comparison to the Christmas attack, even that relatively modest attack sent enough e-mail to the targeted recipients that it effectively halted their computers' ability to process the messages. This attack is estimated to involve 10,139 listservs groups, 3 times greater than the one that took place in the summer, also at xchaotic's instigation. If each mailing list in this attack sent the targeted individuals just a modest 10 letters to the subscribers' computer those individuals would receive more than 100,000 messages. If each listing system sent 100 messages -- and many do -- then the total messages could tally 1,000,000. Once again, johnny xchaotic has offered an "open letter," given to this reporter before it was scheduled to be posted throughout the Internet, as a way to explain the reasons behind the attack. He also taunted the FBI, telling the agency not to "waste tax dollars trying to track me" because "there are a lot more dangerous people out there you should be concentrating on." (The complete letter will be released shortly to the Net by johnny.) The open letter, and the information outlining the e-mail blast, were give to this reporter as the "attack" was concluding. The attack began the evening of December 24 just before midnight and took four hours, eight minutes and twenty-nine seconds. "They [listserv-based mailing lists] could stop this kind of attack tomorrow," one source close to johnny said, "if they only took the simplest of precautions --like authentication." Authentication is a means by which the listing system, instead of agreeing to the ''subscription'' and then automatically forwarding tens or hundreds of letters to the subscriber, would first ask if the person really wanted to subscribe. This ''verification'' could come as an electronic mail message to the subscriber asking for confirmation. If this process had been in place, someone subject to an E-mail denial of service attack would only receive one letter from each list-- that one being the authentication confirmation query -- do you really want this E-mail -- before sending on 10 or 100 messages. "They're either too lazy or too dumb to do that -- so they have to pay a price," this source said, indicating that the attacks would continue until the administrators "get it right," indicating that johnny and his friends want to pressure administrators into authentication. In these kinds of instances, individuals who have been hit wind up quickly canceling their e-mail accounts, thus passing the responsibility for canceling the "subscription" back to the list administrator. Many suspect the authentication-confirmation process is viewed by listserv systems administrators as an inconvenience and confusing to the subscriber and so, they just avoid it. The attack, however, may be a violation of federal law, punishable by up to five years in prison, or $250,000.00 in fines or both. While there are techniques for tracing this kind of attack when there is advance warning, knowledgeable sources say that this kind of attack is very difficult to trace once the attack has occurred. johnny xchaotic has been labeled a 'Net terrorist,' which, according to some, debases the meaning of the word "terrorism." No one knows who johnny is. He was misidentified earlier by Internet Underground magazine as a well known hacker who calls himself "se7en." This identification proved false. One person close to "johnny xchaotic" said the FBI and Secret Service had been contacted about the illegality of this kind of hack but said they had no interest in this kind of "Net" attack. "We have bigger fish to fry," was the response from law enforcement officials, according to this person. This attitude was confirmed by a former federal prosecutor who said the few federal investigators who understood computers and the Internet were stretched thin in their attempts to apprehend serious cyber-criminals, or to pursue high profile but relatively unimportant cases against hackers such as Kevin Mitnick. There has been a tendency on the part of law enforcement and the media to grossly overestimate the monetary damage caused by hackers. "johnny" and those close to him made it clear that there would be a continuation of these kinds of email "denial of service" attacks. These same sources say those few Federal investigators with the Secret Service and the FBI who are computer literate and savvy about hacking are stretched thin in attempts to solve serious multimillion dollar computer crimes, the vast majority of which are committed by insiders against the companies they work for. It is far easier, these sources say, to track down, arrest and jail 16-year-old hackers who brag about their exploits to friends and fellow hackers than to track down a true professional computer cracker on assignment from one company to search and steal the files of a competitor company. While it may take up to three years to investigate and prosecute one important computer thievery case, teenage hackers can be arrested every few months, thus improving the "stats" by which the FBI and other agencies make their mark and their budgets. This repeated E-mail denial of service attack will be sure to reignite the debate about the "moral" issues surrounding hackers and hacking. What may be ignored -- again --is the failure to rectify the problem after the first attack back in August. Immediately following the first E-mail bombing attack, the Computer Emergency Response Team (CERT) was quick to tell the media that while they had no "solution," they had "hopes" they would be able to "limit the impact" of these kinds of attacks. Today's three-fold attack showed that a six month period of study "hoping to limit the impact" has been futile. Vital communications do not appear to have been slowed down. The attack is a major "inconvenience" to be sure. Others argue that "complacency" is the only true victim of this attack. The temporary inconvenience caused by a few days loss of E-mail privileges might seem to pale in significance with those who were killed and maimed by the terrorists' bombing of the Federal Building, in Oklahoma City, or at the World Trade Center in New York, or in Atlanta at the 96 Olympics, or those who opened packages from the Unibomber and were killed. Prominent government officials like U.S. Deputy Attorney General Jamie Gorelick have called for the development of the equivalent of a "Manhattan project" to stop hackers, though the specifics of what kind of "bomb" Gorelick would develop and on whom she would drop "the bomb" are vague. Unsafe at Any Modem Speed On December 16, a computer attack against WebCom knocked out more than 3,000 Web sites for 40 hours, curtailing Website shopping. The attack --a "SYN-flood" -- sent as many as 200 messages a second against the WebCom host computer. This was the same kind of attack that brought down the popular New York Internet provider Panix for more than a week in September. While Seattle computer security consultant Joel McNamara is sympathetic toward WebCom's users problems, he allows less leeway to the company. "The SYN-flood denial of service attack has been known for months, and there are a variety of solutions for addressing it," McNamara said, "I'd be curious as to what, if any, security measures WebCom, a large provider, had in place to deal with a well-known SYN-flood attack. If I couldn't conduct business for 40 hours, I'd have some serious questions to ask." McNamara believes a great deal of the responsibility for the success of these kinds of known attacks rests on the shoulders of managers and systems administrators who do not fully "understand the implications of poor security practices. While the industry hasn't seen this happen yet, it's just a matter of time before a customer files a lawsuit against a service provider because of damages caused by ineffective security," he predicts. FBI agents have been undergoing some education in computer related crimes, but sources say the educated ones are few in number and burdened by too many cases. On the other hand, the FBI has singled out small but prominent hackers for arrest and prosecution, hoping the jailing of these individuals who are well-known to the Net would be a deterrent to other younger people considering hacking. The recent adolescent-like hacking of the Department of Justice Web site seems to indicate that hackers aren't all that deterred. There are other indications that Web page hacks are going to become more political, and perhaps even more dangerous than in the past. The recent hack of the Kriegsman Furs company Web page by animal rights activists indicates one new, sophisticated path. In this attack, the hackers left a manifesto, as well as links to animals rights sites throughout the Web. How easy was it to do? "Security for the site was extremely weak," says McNamara, "The commonly known PHF exploit was likely used to retrieve a system file, which contained a series of easy to crack passwords." Presto, chango. Pro-fur into anti-fur. "It's too easy to pass the blame off on hackers," McNamara says. Like the keys in the car or in the front door, "maintaining an insecure site is just an invitation to problems." Those who were responsible for today's denial of service attack were careful to repeatedly point out to this reporter how "unsophisticated" their attack was and how easily it could have been avoided if the list managers had only taken minimal precautions. "It's kind of like buying new locks and getting an alarm system after everything in the house is stolen. Sure it will probably prevent it from happening again, but if you took the precautions in the first place, the damn thing wouldn't have occurred," he concludes. -------------------- Lew Koch can be reached at: lzkoch@mcs.net ------------------------------ Date: Tue, 31 Dec 1996 10:27:11 -0600 (CST) From: Gray Areas <greyarea@gti.gti.net> Subject: File 2--Gray Areas hit by Mailbomb at Compuserve ((MODERATORS' NOTE: Netta Gilboa, publisher of Gray Areas Magazine, reports Compuserve's response to her queries about the Christmas mailbombing)) gray areas got hit at out cserve acct over xmas. cserve has chosen to deny this has ever happened there before even though i know of at least 4 users there (including ross perot and rush limbaugh who were definitely hit in the past). cserve has refused to check the sendmail headers, to fix the problem, to credit us for the time spent unsubscribing (cserve charges by the minute to be online writing or reading mail), etc. we don't even know the full extent of the newsgroups we got subscribed to because cserve only stores 102 pieces of mail at a time :) we feel cserve was grossly negligent by not having anyone with access to the mail servers available on xmas (traditionally one of the biggest hacking days of the year) and by having the entire corporate billing dept. and corporate headquarters closed on xmas. by contrast, smaller isp's like mindspring notified all of their users that their full staff would be working on xmas because of possible problems like this one. we wish to publicize compuserve's abysmal response, the fact that they lied knowing i was tape recording the calls regarding previous incidents, and we are curious as to whether anyone else got hit at the same time as generally that is the case with reporters... we may be contacted at grayarea@gti.gti.net or grayarea@well.com for however long those addresses hold out ;) ------------------------------ Date: Sun, 29 Dec 1996 14:10:14 -0800 (PST) From: Declan McCullagh <declan@eff.org> Subject: File 3--The xchaotic story (Re Xmas Mailbombings) (fwd) ((MODERATORS' NOTE: From the fight-censorship discussion group, one of the best on the net, comes the following forwarded commentary, allegedly written by the Xmas mailbomber)) ================= [A followup to the Christmas Day email bombings. --Declan] ---------- Forwarded message ---------- today's act of "cyber-terrorism" is brought to you by the letters 'A', 'D', and the number '1'. and the person who brought it to you? you know who you are. <p> before i continue, lets have a quick look at a few interesting comments from past articles as well as some notable quotes from various fans. <p> "What's striking to me is how cowardly they are; anonymous, I mean, if you have something to say, say it." <p> - John Markoff <p> [signing a letter isn't quite anonymous John.] <p> "We're on Defcon 4 alert here, We expect an attack, possibly over the weekend. We said a lot of things in our special report the unamailer will not like. We called him names." <p> - Stephen Baldwin <p> [if i don't stop, will you call me more names? trying to insult me through name calling is quite childish of you. amusing, but childish.] <p> "Clearly the guy's a nutcase, This guy should get a life instead of running around annoying people.",p> - Helena Kobrin <p> [well, it looks like you and I have something in common. difference? you run around harassing people for a living.] <p> "I hope they hang this guy by some vital personal part, I don't know what he's trying to prove. He seems to be a smart guy with too much time on his hands." <p> - John Markoff <p> [thanks for the compliment, i think.] <p> "I hope they fry the little fuck. Can I say 'fuck?'" <p> - Michelle Slatalla <p> [cry for me you insipid bitch.] <p> from the Netly News: He also calls himself, "Final Result." Desperate <p> for publicity from the same people he ridicules, FR posted a manifesto of sorts to.... <p> [can we not read the last paragraph of the first letter i posted? that was a random hacked account. we had nothing to do with the name on it.] <p> from every source: "johnny xchaotic" <p> [brackets indicate a group affiliation, not a last name.] <p> from josh at Netly: We wrestled long and hard over the journalistic ethics of printing your "Manifesto." In the end, we decided we had to do it, if only to get more hits. Surely a man with your keen instincts for the media spotlight can understand that, eh, SpamBoy? <p> Give it up, Unamailer. Come in from the cold. We're waiting for your call. <p> [i would guess this qualifies as the "names" Stephen talked about. if so, that was really pathetic.] <p> and finally, after soliciting my article for Netly, Noah decides to let Philip Elmer-Dewitt take a few cheap shots at my article, without giving me a chance to reply. if memory serves, he apologized on the phone for that, but either way it was a cheap move. so, my reply to PED: <p> >going to need quite a bit of work. I find the "writing >style," as the author calls it, generally flabby and <p> come on PED, you should at least be able to admit that it is a little different than the lock and stock method you and the others use. let me tell you what kind of excitement YOUR writing brings out. <cough> <p> >undisciplined. Why "certain well known public figures"? >If they're public figures, they're well known by <p> duh. how much do you know about the head of the NSA? he is a textbook definition of 'public figure', yet you probably don't even know his name. <p> >definition, no? If he mailbombed the President, why not >say so? Also, note the overuse of the first person if you stole a car, would you tell the whole world? no. <p> >singular. Why all these "i"s? We are not e.e. cummings. <p> i speak for more than myself. <p> >me. More important: I remain unconvinced by his central >argument. How can this possibly be the "first time in >history" that the average joe has the technical means to >take revenge? Has the author never heard of >saboteurs? The Luddites? Political assassins? Peasants ?have legitimate grievances; how far can a people's <p> gee. are you trying to provoke me with this unfounded stupidity? remember, we talked on the phone. i know you are not as inept as you sound right now. since when have the luddites been grouped as a 'technical revenge'? yes, that does sound stupid now that you think about it, huh? how many assassins have hit their mark AND gotten away to tell about it? a very low percentage. saboteurs is your best argument, but coupled with the rest is pathetic. look at the above again and think about it. the 'average joe' has the means to enact revenge, without getting caught, and doing equal or greater damaage. it just hasn't been that way until now.<p> >revolt against a bad ISP? Finally, can we do something <p> incomplete sentence PED. and you insult MY writing? <p> >about the byline? Johnny [xchaotic] seems so early >eighties. Hasn't this guy read anything since Neuromancer? <p> if you recall, i was correcting your outdated terms in your magazine. once again, another cheezy attempt to provoke me or something. i can say one thing about the early eighties comment though.. at least i was on the net then. how about you? <p> >On second thought, maybe we should just tell him his >story was spaced out by breaking news and thank him for >thinking of us. <p> how unappreciative. i called you on my dime, and called back when you asked. i did the same for Steve at IU, Noah at the Netly News, as well as other journalists. i even wrote the article requested of me regarding all this. instead of insulting your computer literacy, i chose to shed some light on a popular subject and show another viewpoint. i'm afraid that is something that has long since escaped you and other journalists. <p> so, that leaves me with today's letter (not manifesto). i would like to first give thanks to a few journalist types (believe it or not). <p> Steve Knopper. Steve has shown more than his share of proffesional courtesy in the past. he also has shown that he is more than fair when writing articles by getting both sides of the story as well as remaining objective. <p> Noah Robischon. despite a few minor annoyances, you too have extended some professional courtesy after a few poorly worded articles at the beginning. if you could put a leash on josh, i think you would be more successful. <p> Lewis Koch. thank you for going out of your way to get both sides of the story. <p> the state of the net hasn't improved of course. however, i can say the quality of journalism has gone up one small step since my last letter to the internet community. i have noticed more articles being written that are technically accurate, quote better sources, or withold the typical bias found in most articles. <p> that alone tells me something is going right. wether or not i had something to do with it doesn't really matter. as long as better journalism continues, the more i lay off. of course, there are plenty of other people who deserve some special attention so my jihad continues. <p> in the mean time, let me give thanks and/or greets to the following people. <p> P0E: hey babe! this act of terrorism is for you! keep up the great music, and feel free to write a song about me. :) <p> FBI: don't waste my tax dollars trying to track me. there are a lot more dangerous people out there you should be concentrating on. <p> on a separate tangent..<p> seems that since the late 50s, the government has been doing its best to keep young citizens from exploring their full potential. rather than look at what they do and use it as a template for fixing problems, they would rather put all of their energy into jailing those that explore. it started with "beatniks", moved to "radicals", and has landed on "hackers" <p>. people like me point out problems in the system. wether it is the social system or computer system, it ends up with the same result. instead of responsible parties fixing the problem, they are much too intent upon trying to place blame on the people that found the problem. don't make excuses, fix the problem. <p> one last thing before we move on. so many articles today say something along the lines of "the average person is vulnerable to these evil terrorists". wrong isn't quite the word for it. yes, everyone can be a victim, but why? don't even presume you are important enough to occupy my time or anyone elses for that matter. as usual, there are always bigger and better fish to fry out there, why stop on the first step of the ladder? <p> on to the bombs... <p> 76042.3624@compuserve.com Netta Gilboa what does it take to make you realize you are not part of the scene, and that we don't want you in it? all you do is cry about the injustices committed against you, but you won't take the hint and go away. <p> askbill@microsoft.com bill gates <p> you still suck.<p> bb748@FreeNet.Carleton.CA neo-nazi recruiter <p> misfitx@gnn.com <p> micetrap@cyberenet.net <p> the net is not a place to recruit more neo-nazi chimps. <p> cmeinel@swcp.com carolyn meinel <p> your happy hacker mail list is demented. you are trying to get those people busted, aren't you? you give them enough rope for them to hang themselves with, and then try to preach about not using the information. give up. <p> crunch@well.com john draper <p> shouldn't have tried to narc me to the feds. and you definitely shouldn't have bragged about doing so. <p> feedback@mtv.com mtv <p> loveline3@aol.com <p> minutes120@aol.com <p> mtvnews@aol.com <p> yomail96@aol.com <p> you still censor your videos. when will you realize the hypocrisy of your actions? you talk about freedom of speech, but don't practice it. <p> grossa@sdsc.edu helped track mitnick <p> mis@seiden.com <p> each of you helped track down kevin mitnick. in the process, you helped another felon gain public acceptance creating a double standard. you should have been going after the real crook: tsutomu <p> hud@netcom.com Co$ Supporter or Member <p> jaarobin@aol.com <p> koreenb@jovanet.com <p> vjohnson@psyber.com <p> the cult of scientology needs to be shut down. it is a criminal organization and should be treated as such. <p> jms@opus1.com joel snyder <p> your last article in 'internet world' places all the blame of my actions on an innocent person. needless to say, you were wrong. quality journalism is what you should strive for. <p> neubart@iw.com editor of joel's article <p> unremorseful bastard. you put someone else through a lot of shit over my actions, and didn't have the balls to apologize for it? <p> kkk@members.iglou.com kkk <p> have a warm feeling knowing a nice white boy did this to you. <p> root@duke.org david duke <p> politics are fucked up already. no need to drag even more fucked up individuals into the fray. <p> toddpeak@usa.net todd stauffer <p> don't write about the internet until you actually know what it is. you are way too sheltered to make such naive statements about the net. <p> root@cbn.org pat robertson <p> abradshaw@graham-assn.org billy graham <p> "doing my part to piss off the religious right" <p> root@buchanan.org pat buchanan <p> what part of "seperation between church and state" is so hard to understand? changing the names of the days is just about the most fanatical thing i have heard in my life. <p> once again, the internet can not be controlled by a single body. the religious fanatics fall into that category. as long as you try to control the net, people will slip through your fingers. the tighter your control, the more that slip through. i am one of many.. <p> angry johnny<p> ------------------------------ Date: Sat, 28 Dec 1996 18:14:57 -0800 From: Rich Burroughs <richieb@teleport.com> Subject: File 4--Kevin Mitnick placed in solitary Source - fight-censorship@vorlon.mit.edu More on Kevin Mitnick. http://cause-for-alarm.com/flash/mitnick.html >>>>>>>>> [updated Saturday, 28-Dec-96 17:48:32 PST] Kevin Mitnick was placed in solitary confinement yesterday for possessing reading materials related to hacking. Mitnick, whose hacking exploits and capture generated a media frenzy, is currently being held in the Metropolitan Detention Center in Los Angeles. This is not the first time he has been placed in solitary there. I first learned of Mitnick's move to solitary through the following email, sent by Fernanda Serpa: "URGENT!!! KEVIN MITNICK WAS PLACED UNDER SOLITARY CONFINEMENT TODAY, DECEMBER 27 TH, AT 1.00 PM, ON THE GROUNDS OF BEING A SECURITY RISK, DUE TO HIS READING LEGAL BOOKED IN THE LIBRARY. IT IS OBVIOUS THAT HE WAS EXERCISING HIS RIGHTS. WE ARE AFRAID THAT THE SANE THING THAT HAPPENED IN NORTH CAROLINA IS HAPPENING AGAIN WHEN KEVIN WAS PLACED IN SOLITARY CONFINEMENT FOR 7 DAYS AND HAD TO WAYVE HIS LEGAL RIGHTS IN ORDER TO BE RELEASED. WE KNOW THAT THE ONLY WAY FBI IS ABLE TO PRESSURE KEVIN IS TROUGH SOLITARY CONFINEMENT. PLEASE, DO SOMETHING AND INFORM THE PRESS URGENTLY ABOUT THIS SITUATION. WE ARE DOING OUR BEST HERE. FERNANDA SERPA SUPPORT KEVIN CAMPAIGN" Serpa, who maintains a web site supporting Mitnick, further wrote me that "We do not have details about yesterday's events concerning Kevin Mitnick..... His cell was searched, and his personal belongings were seized. MDC does not release any information whatsoever.... Due to the case backgrounds, we are concerned about Kevin's life and physical integrity." Since receiving Serpa's email, I have confirmed the story with a source who is knowledgeable about the details of Mitnick's incarceration. According to my source, Mitnick's additional punishment came after a search of his cell revealed written materials related to hacking, including back issues of 2600 magazine. The magazines were allegedly sent to Mitnick by Emmanuel Goldstein, editor of 2600. Prisoners are able to receive written materials if they are sent directly from the publisher, and those materials are routinely searched. The reason the authorities gave for Mitnick's isolation? He's a "security risk." This latest twist in Mitnick's case begs several questions: Why is Mitnick being punished for possessing materials that he received through legitimate prison channels? How can he possibly be a "security risk" when he has no access to computers, and can't even use a phone for anything but collect, operator-assisted calls? Why place a prisoner in solitary confinement for their choice of reading materials? And how much did Markoff and Shimomura really make off of Mitnick's bust? Ironically, several recent issues of 2600 covered the imprisonment of Ed Cummings (aka Bernie S), a 2600 writer who was convicted of possessing a red box and software capable of cloning cell phones. Cummings, who was subjected to inhumane prison conditions, was attacked by another inmate after being transferred to a maximum security facility for "protective custody." He received a fractured jaw and arm in the incident, and was released soon after due to a grassroots protest campaign. Cummings served about a year and a half in jail. Maybe Mitnick was reading 2600 to catch up on Cummings' case, or maybe he was reading about how to do a SYN flood, who knows? Either way, he wasn't going to be able to do much with the information while behind bars. I'll try to pass on more news about Mitnick's situation, as it becomes available. Check back here for updates. >>>>>>>> Serpa's site is at: http://www.netmarket.com.br/mitnick Kevin's defense fund is at: http://www.kevinmitnick.com/ Rich -- Rich Burroughs, rich@cause-for-alarm.com Editor and Publisher, cause for alarm A web zine about electronic freedoms http://cause-for-alarm.com/ ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators <cudigest@sun.soci.niu.edu> Subject: File 5--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.93 ************************************