jcp@cgch.uucp (Joseph C Pistritto) (06/02/90)
> From: TELECOM Moderator <telecom@eecs.nwu.edu> [some stuff about Kapor considering defending the "Sun Devil" crackers deleted here - all factual data] > Maybe if Mr. Kapor had his Lotus 1-2-3 ripped off good he might change > his tune. Anyone know other projects of his we might steal and start > handing out freely around the net? Ahem. Really now Patrick. I know you're kidding, you know it, probably every one of the intelligent people on this planet would know it ... but DO YOU REALLY WANT TO HAVE A COMMENT LIKE THIS DISTRIBUTED ON THE INTERNET??? > If you can't find a way to steal it outright, then borrow a > pirated copy from someone else. And how many people, not knowing the 'context' of your remarks, would view this as a blatant invitation to piracy??? There can be valid concerns about possibly prosecuters overstepping their authority and government abuse of power, etc. without condoning either piracy or theft. If these guys really ripped off source from AT&T or elsewhere, then they deserve what happens next, on the other hand, I can't really say that about people who run BBS systems that merely have the message passed thru their system, unknowingly. If the result of this "Sun Devil" operation is that private BBS owners start closing down their systems due to fear of prosecutors, and things like FIDOnet disappear, then America will have lost a valuable resource indeed, and Mr. Kapor may be correct in being concerned. Note that your article didn't say he 'decided' to support these folks, merely that he was considering it. Let's wait for him to make up his mind before condemning, shall we? Joseph C. Pistritto (bpistr@ciba-geigy.ch, jcp@brl.mil) Ciba Geigy AG, R1241.1.01, Postfach CH4002, Basel, Switzerland Tel: +41 61 697 6155 (work) +41 61 692 1728 (home) GMT+2hrs! [Moderator's Note: And what about people who pick up the {Washington Post} for the first time in their life and see credence given to the theory that burglary and theft are not really that at all, and that government attempts to prosecute burglary and theft are 'damaging to technical innovation and to dissemination of information'. Maybe you should write a letter to the Post and complain about them spreading that stuff all over the world in their paper. I doubt *they* would give you the courtesy I have -- of printing your letter. PT]
news@accuvax.nwu.edu (USENET News System) (07/04/90)
It's real disturbing to read the comments that have been posted recently on TELECOM Digest concerning Operation Sun Devil and Mitch Kapor's involvement. While I think the moderator has been chastised sufficiently, there are still a few remarks I want to make. First of all, I understand the point he was trying to get across. But I think he shot from the hip without rationalizing his point first, thereby leaving many of us in a kind of stunned silence. If I understand it correctly, the argument is: Kapor says he wants to help people that the Moderator believes are thieves. Therefore, using that logic, it's okay to steal from Kapor. Well, I don't agree. Obviously, Kapor DOESN'T believe these people are criminals. Even if one or two of them ARE criminals, he is concerned with all of the innocent bystanders that are being victimized here. And make no mistake about that - there are many innocent bystanders here. I've spoken to quite a few of them. Steve Jackson, Craig Neidorf, the friends and families of people who've had armed agents of the federal government storm into their homes and offices. It's a very frightening scenario - one that I've been through myself. And when it happens there are permanent scars and a fear that never quite leaves. For drug dealers, murderers, hardened criminals, it's an acceptable price in my view. But a 14 year old kid who doesn't know when to stop exploring a computer system? Let's get real. Do we really want to mess up someone's life just to send a message? I've been a hacker for a good part of my life. Years ago, I was what you would call an "active" hacker, that is, I wandered about on computer systems and explored. Throughout it all, I knew it would be wrong to mess up data or do something that would cause harm to a system. I was taught to respect tangible objects; extending that to encompass intangible objects was not very hard to do. And most, if not all, of the people I explored with felt the same way. Nobody sold their knowledge. The only profit we got was an education that far surpassed any computer class or manual. Eventually, though, I was caught. But fortunately for me, the witch-hunt mentality hadn't caught on yet. I cooperated with the authorities, explained how the systems I used were flawed, and proved that there was no harm done. I had to pay for the computer time I used and if I stayed out of trouble, I would have no criminal record. They didn't crush my spirit. And the computers I used became more secure. Except for the fear and intimidation that occurred during my series of raids, I think I was dealt with fairly. Now I publish a hacker magazine. And in a way, it's an extension of that experience. The hackers are able to learn all about many different computer and phone systems. And those running the systems, IF THEY ARE SMART, listen to what is being said and learn valuable lessons before it's too late. Because sooner or later, someone will figure out a way to get in. And you'd better hope it's a hacker who can help you figure out ways to improve the system and not an ex-employee with a monumental grudge. In all fairness, I've been hacked myself. Someone figured out a way to break the code for my answering machine once. Sure, I was angry -- at the company. They had no conception of what security was. I bought a new machine from a different company, but not before letting a lot of people know EXACTLY what happened. And I've had people figure out my calling card numbers. This gave me firsthand knowledge of the ineptitude of the phone companies. And I used to think they understood their own field! My point is: you're only a victim if you refuse to learn. If I do something stupid like empty my china cabinet on the front lawn and leave it there for three weeks, I don't think many people will feel sympathetic if it doesn't quite work out. And I don't think we should be sympathetic towards companies and organizations that obviously don't know the first thing about security and very often are entrusted with important data. The oldest hacker analogy is the walking-in-through-the-front- door-and-rummaging-through-my-personal-belongings one. I believe the Moderator recently asked a critic if he would leave his door unlocked so he could drop in and rummage. The one fact that always seems to be missed with this analogy is that an individual's belongings are just not interesting to someone who simply wants to learn. But they ARE interesting to someone who wants to steal. A big corporation's computer system is not interesting to someone who wants to steal, UNLESS they have very specific knowledge as to how to do this (which eliminates the hacker aspect). But that system is a treasure trove for those interested in LEARNING. To those that insist on using this old analogy, I say at least be consistent. You wouldn't threaten somebody with 30 years in jail for taking something from a house. What's especially ironic is that your personal belongings are probably much more secure than the data in the nation's largest computer systems! When you refer to hacking as "burglary and theft", as the Moderator frequently does, it becomes easy to think of these people as hardened criminals. But it's just not the case. I don't know any burglars or thieves, yet I hang out with an awful lot of hackers. It serves a definite purpose to blur the distinction, just as pro-democracy demonstrators are referred to as rioters by nervous leaders. Those who have staked a claim in the industry fear that the hackers will reveal vulnerabilities in their systems that they would just as soon forget about. It would have been very easy for Mitch Kapor to join the bandwagon on this. The fact that he didn't tells me something about his character. And he's not the only one. Since we published what was, to the best of my knowledge, the first pro-hacker article on all of these raids, we've been startled by the intensity of the feedback we've gotten. A lot of people are angry, upset, and frightened by what the Secret Service is doing. They're speaking out and communicating their outrage to other people who we could never have reached. And they've apparently had these feelings for some time. Is this the anti-government bias our Moderator accused another writer of harboring? Hardly. This is America at its finest. Emmanuel Goldstein Editor, 2600 Magazine - The Hacker Quarterly emmanuel@well.sf.ca.us po box 752, middle island, ny 11953
peter@ficc.ferranti.com (peter da silva) (07/08/90)
In article <9452@accuvax.nwu.edu> it is written: System) writes: > You wouldn't threaten somebody > with 30 years in jail for taking something from a house. AT&T and DEC aren't houses. Peter da Silva. `-_-' +1 713 274 5180. <peter@ficc.ferranti.com>
zweig@ida.org (Johnny zweig) (07/11/90)
My two cents: There is a difference between someone who waltzes into the unlocked front door of my house to peruse the contents of my underwear drawer(*) and someone who wanders through my garden (the gate has a latch but no lock, by the way) to look at my flowers. I do not support anybody doing something illegal, but I think the "in your house messing with your stuff" analogy for phreaking/cracking (I abhor the use of the word hacking to describe such activities; it is technically incorrect). I think the "wandering through the garden sniffing the flowers" analogy might be more appropriate. Crackers who go in to see what's there and pat themselves on the back are n a morally different category than people who break into systems to screw things up and/or to steal sensitive information. If you look at how sensitive information is protected by the DoD, you will get a perspective on why DEC saying that they were not being unspeakably negligent in letting an 11 year old break into their system and look at "sensitive" data is so ridiculous. If I were to take a classified document out of myself and leave it on the desk while I go to the bathroom, I could be prosecuted legally. If I put it into a shoebox and wrote "leave this stuff alone" on the outside, I could also. Security is as much what you do as what you outlaw. Johnny (*) Burglars tend to look in underwear drawers as the first part of the houses they break into since many people keep valuables and guns and stuff like that in there.