TK0JUT2%MVS.CSO.NIU.EDU@UICVM.uic.edu (05/04/91)
We have been flooded with queries about CuD 3.14: Many people
did not receive it. We sent it out and it appeared to leave NIU
without a problem, and we had no indication (bounces, error messages
or other hints) that glitches occured. So, here it is again.
We apologize for those who receive it twice, but most, it seems,
never received it.
Jim and Gordon
--------------------------------------------------------------------
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 3, Issue #3.14 (April 26, 1991) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto
GAELIC GURU: Brendan Kehoe
+++++ +++++ +++++ +++++ +++++
CONTENTS THIS ISSUE:
File 1; Moderators' Corner
File 2; Comments on your comments on Len Rose
File 3; Moving toward Common Ground? Reply to Gene Spafford
File 4; CERT Advisory - Social Engineering
File 5; And Fox is after the Hollywood Hacker?
File 6; MONDO -- GREAT NEW 'ZINE!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
(2) cudarch@chsun1.uchicago.edu;
(3) dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission. It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground. Articles are preferred
to short responses. Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Contributors assume all
responsibility for assuring that articles submitted do not
violate copyright protections.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Moderators
Subject: Moderators' Corner
Date: 26 April, 1991
********************************************************************
*** CuD #3.14: File 1 of 6: Moderators Corner ***
********************************************************************
++++++++++++++++++++
Mail and Corrupted Issues
++++++++++++++++++++
We received a number of notes asking about the resend of CuD 3.13.
Our system is an IBM clone, and the mailer is patched in. When we have
mail problems, we are not able to determine the status of any mail we
send out because of the limited capabilities of the patch. On
occasion, especially during net-jams, this leads to some readers
receiving duplicate files. If a number of files are corrupted, as
sometimes happens when the nets are jammed or a gateway is not
operating properly, it is sometimes necessary to resend a file or, in
the case 3.13, the entire list. Optimal size is about 40K, and the
last issue ran well over that. To facilitate mailing, we deleted the
single file that brought us to the 40 K file size and re-sent. If
people are experiencing problems receiving CuD, drop us a note.
We have also received on 23 April a horde of email posts dated between
30 March-2 April. The bulk of it seemed to originate from the west and
southwest. We generally reply to posts on the same day they are
received, so if you do not receive a reply, let us know.
++++++++++++
LET US KNOW IF YOUR ACCOUNT EXPIRES
++++++++++++
If your account is about to expire, please drop a note simply saying
"unsub," and be sure to include at the bottom your account number.
++++++++++++++++
Information on subversive software wanted
++++++++++++++++
Gordon is in the beginning stages of research for a technical paper on
'subversive' software. The article will discuss software that has
been written for unusual purposes and circumstances, not all of which
may be legal. Examples in this "genre" would be 'Fuckin' Hacker',
'Code Thief', and 'Receipt Writer'.
It would be helpful to gather as many examples as possible, from many
different computer platforms. He is *not* seeking executable copies,
but just the name and description of the program. Any additional
historical information, such as author name, date, innovative
features, etc would be a bonus. If you can recall having seen, used,
or heard of any unusual software that you feel fits in this category
He would appreciate it if you'd drop me a line. The article has not,
as of yet, been slated for publication, but he will supply a finished
copy to anyone who responds or requests one. The finished work may
also appear in a future issue of CuD.
Thanks for your time and assistance! Gordon Meyer
72307.1502@Compuserve.com GRMEYER (GEnie and Delphi) or via CuD at
tk0jut2@niu.bitnet
+++++++++++++++++++++
PhD Seeks info on Computer Security
+++++++++++++++++++++
Paul Taylor, a PhD candidate in England, sent the following note
along. He is doing some interesting research, and is trying to
obtain additional data.
+++++++
From: P.A.Taylor@EDINBURGH.AC.UK
Subject: PhD Seeks Info on Computer Security
Date: 18 Apr 91 14:17:16 bst
I'm into the second year of a PhD looking at the rise of the computer
security industry and the concomitant rise of cracking/browsing and
viruses, here at the University of Edinburgh.
Part of my research involves e-mail interviews and questionnaires. If
you would be willing to take part in it, then please get in touch.
I'll send you a yes/no type questionnaire and after that if you are
willing, a set of questions designed more to start a dialogue about
some of the issues surrounding computer security, which could form the
basis of an on-going e-mail interview to be acknowledged or kept
anonymous in my final thesis, depending on the wishes of the
respondent.
ALL MY WORK IS FOR PURELY ACADEMIC PURPOSES AND TOTAL CONFIDENTIALITY
IS GUARANTEED.
IF IN DOUBT AS TO MY ACADEMIC STATUS PLEASE CONTACT ME AND INDEPENDENT
VERIFICATION CAN BE SUPPLIED.
Thank you in advance,
Paul A. Taylor,
Depts of Economics and Politics,
Edinburgh University.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: Comments on your comments on Len Rose
Date: Sat, 30 Mar 91 14:41:02 EST
********************************************************************
*** CuD #3.14: File 2 of 6: Comments on Len Rose Articles ***
********************************************************************
{Moderators' comment: Spaf just sent his latest book, PRACTICAL UNIX
SECURITY, co-authored with Simson Garfinkel to the publishers
(O'Reilly and Associates ((the Nutshell Handbook people). It's
approximately 475 pages and will available in mid-May. From our
reading of the table of contents, and from preview comments
("definitive," destined to be the "standard reference"), it looks like
something well-worth the $29.95 investment.}
There is little doubt that law enforcement has sometimes been
overzealous or based on ignorance. That is especially true as
concerns computer-related crimes, although it is not unique to that
arena. Reporting of some of these incidents has also been incorrect.
Obviously, we all wish to act to prevent future such abuses,
especially as they apply to computers.
However, that being the case does not mean that everyone accused under
the law is really innocent and the target of "political" persecution.
That is certainly not reality; in some cases the individuals charged
are clearly at fault. By representing all of them as innocents and
victims, you further alienate the moderates who would otherwise be
sympathetic to the underlying problems. By trying to represent every
individual charged with computer abuse as an innocent victim, you are
guilty of the same thing you condemn law enforcement of when they
paint all "hackers" as criminals.
In particular, you portray Len Rose as an innocent whose life has been
ruined through no fault of his own, and who did nothing to warrant
Federal prosecution. That is clearly not the case. Len has
acknowledged that he was in possession of, and trafficing in, source
code he knew was proprietary. He even put multiple comments in the
code he modified stating that, and warning others not to get caught
with it. The patch he made would surreptitiously collect passwords
and store them in a hidden file in a public directory for later use.
The argument that this patch could be used for system security is
obviously bogus; a system admin would log these passwords to a
protected, private file, not a hidden file in a public directory.
Further, your comments about having root access are not appropriate,
either, for a number of reasons -- sometimes, root access can be
gained temporarily without the password, so a quick backdoor is all
that can be planted. Usually, crackers like to find other ways on
that aren't as likely to be monitored as "root", so getting many user
passwords is a good idea. Finally, if passwords got changed, this
change would still allow them to find new ways in, as long as the
trojan wasn't found.
The login changes were the source of the fraud charge. It is
certainly security-related, and the application of the law appears to
be appropriate. By the comments Len made in the code, he certainly
knew what he was doing, and he knew how the code was likely to be
used: certainly not as a security aid. As somebody with claimed
expertise in Unix as a consultant, he surely knew the consequences of
distributing this patched code.
An obvious claim when trying to portray accused individuals as victims
is that their guilty pleas are made under duress to avoid further
difficulties for their family or some other third party. You made
that claim about Len in your posting. However, a different
explanation is just as valid -- Len and his lawyers realized that he
was guilty and the evidence was too substantial, and it would be more
beneficial to Len to plead guilty to one charge than take a chance
against five in court. I am inclined to believe that both views are
true in this case.
Your comments about Len's family and career are true enough, but they
don't mean anything about his guilt or innocence, do they? Are bank
robbers or arsonists innocent because they are the sole means of
support for their family? Should we conclude they are "political"
victims because of their targets? Just because the arena of the
offenses involves computers does not automatically mean the accused is
innocent of the charges. Just because the accused has a family which
is inconvenienced by the accused serving a possible jail term does
not mean the sentence should be suspended.
Consider that Len was under Federal indictment for the login.c stuff,
then got the job in Illinois and knowingly downloaded more source code
he was not authorized to access (so he has confessed). Does this
sound like someone who is using good judgement to look out for his
family and himself? It is a pity that Len's family is likely to
suffer because of Len's actions. However, I think it inappropriate to
try and paint Len as a victim of the system. He is a victim of his
own poor judgement. Unfortunately, his family has been victimized by
Len, too.
I share a concern of many computer professionals about the application
of law to computing, and the possible erosion of our freedoms.
However, I also have a concern about the people who are attempting to
abuse the electronic frontier and who are contributing to the decline
in our freedoms. Trying to defend the abusers is likely to result in
a loss of sympathy for the calls to protect the innocent, too. I
believe that one reason the EFF is still viewed by some people as a
"hacker defense fund" is because little publicity has been given to
the statements about appropriate laws punishing computer abusers;
instead, all the publicity has been given to their statements about
defending the accused "hackers."
In the long term, the only way we will get the overall support we need
to protect innocent pursuits is to also be sure that we don't condone
or encourage clearly illegal activities. Groups and causes are judged
by their icons, and attempts to lionize everyone accused of computer
abuse is not a good way to build credibility -- especially if those
people are clearly guilty of those abuses. The Neidorf case is
probably going to be a rallying point in the future. The Steve
Jackson Games case might be, once the case is completed (if it ever
is). However, I certainly do not want to ask people to rally around
the cases of Robert Morris or Len Rose as examples of government
excess, because I don't think they were, and neither would a
significant number of reasonable people who examine the cases.
I agree that free speech should not be criminalized. However, I also
think we should not hide criminal and unethical behavior behind the
cry of "free speech." Promoting freedoms without equal promotion of
the responsibility behind those freedoms does not lead to a greater
good. If you cry "wolf" too often, people ignore you when the wolf is
really there.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Moderators (Jim Thomas)
Subject: Moving toward Common Ground? Reply to Gene Spafford
Date: April 26, 1991
********************************************************************
*** CuD #3.14: File 3 of 6: Moving toward Common Ground? ***
********************************************************************
Gene Spafford's comments raise a number of issues, and my guess is
that he and other "moderates" are not that far apart from those of us
considered "extremists." His post was sent in March, but we received
it on April 24, so some of his comments about Len Rose have already
received sufficient response (see Mike Godwin in CuD 3.13). We are
more concerned with the potential points of converenge on which
"moderates" and "radicals" might agree.
Gene raises several issues: 1) The tone of some critics of recent
"hacker" cases tends to be divisive and inhibits coming together on
common ground; 2) There exists a danger in "crying wolf" in that cases
in which legitimate abuses may have occured or that directly raise
important issues about civil liberties will be ignored because of
excessive concern with cases that are perceived as less meritorious or
in which the defendants may not seem sympathetic; c) An aggressive
social response is required to reverse the apparent trend in computer
abuse. We disagree with none of these issues. There is, however, room
for legitimate disagreement on how these issues should be addressed,
and there is room for conciliation and compromise.
Although many cases of law enforcement response to alleged computer
abuse have been reported, only a few have generated any significant
attention. These cases have not generally centered around issues of
guilt or innocence, but on broader concerns. Other than general
reporting of cases, CuDs own attention has been limited to:
STEVE JACKSON GAMES: Few, if any, think the search of Steve Jackson's
company and seizure of his equipment was acceptable. The seizure
affidavit indicated that the justification for the raid was grossly
exaggerated and its implementation extreme. There have been no
arrests resulting from that raid, but the questions it raised have not
yet been resolved.
LEN ROSE: Whatever one thinks of Len Rose's behavior, the actions of
AT&T and law enforcement raise too many issues to be ignored whatever
Len's own culpability (or lack of it). The initial indictments, press
releases, and prosecutor media comments connected Len to E911, the
Legion of Doom, and computer security when the case was actually about
possesion of unlicensed proprietary software. We have never denied the
importance of either issue. Our concern continues to be the
misconceptions about the nature of the case, what we see as an extreme
response to a relatively minor incident, and the way the laws were used
to inflate charges. These are all debatable issues, but the nets were
buzzing with claims of Len's guilt, the need to "send a message to
hackers," and other claims that reinforced the legitimacy of charges
and sanctions that still seem inappropriate. The fact that some still
see it as a security case, others as a piracy case, others as
justice-run-amok, and still others as a signal to examine the limits
of criminalization illustrates the significance of the events: If we
can't agree on the issues involved without yelling at each other, then
how can we even begin to address the issues?
3. CRAIG NEIDORF/PHRACK: When the prosecution dropped the case against
Craig Neidorf for publishing alleged proprietary information valued at
nearly $80,000 when it was found that the information was available to
the public for under $14, most people thought it was a victory.
However, the logic that impelled prosecution did not stop with Craig,
and our concern continues to be over the apparent unwillingness of
some law enforcement agents to recognize that this was not just a
prosecutorial "mistake," but part of a pattern in which excessive
claims are made to justify raids, indictments, or prosecution.
THE HOLLYWOOD HACKER: Again, this is not a case of guilt or innocence,
but one in which existing laws are sufficiently vague to
over-criminalize relatively minor alleged acts. The apparent
philosophy of prosecutors to "send a message" to "hackers" in a case
that is not a hacker case but the sting of an investigative journalist
seems another use of over-prosecution. There is also the possibility
of a vindictive set-up by Fox of a freelance reporter who is alleged
to have done what may be a common practice at Fox (see the post, this
issue, citing Murray Povich).
RIPCO: Dr. Ripco's equipment was seized and his BBS shut down, but no
charges have been filed against him. He remains in limbo, his
equipment has not been returned, and he still does not know why.
Here, the issue of sysop liability, the reliability of informants, and
the legal status of private e-mail are raised.
THE "ATLANTA THREE:" The Riggs, Darden, and Grant case became an issue
after the guilty verdict. We can think of no instance of anybody ever
defending their actions for which they were indicted or in proclaiming
them innocent after (or even before) their plea. At state in the
debates was not that of guilt or a defense of intrusions, but of
sentencing and the manner in which it was done.
OPERATION SUN DEVIL: Operation Sun Devil, according to those
participating in it, began in response to complaints of fraudulent
credit card use and other forms of theft. The "hacking community"
especially has been adamant in its opposition to "carding" and
rip-off. Here, the issue was the intrusive nature of searches and
seizures and the initial hyperbole of law enforcement in highly
visible press releases in their initial euphoria following the raids.
In an investigation that began "nearly two years" prior to the May 8,
1990 raids, and in the subsequent 12 months of "analysis of evidence,"
only two indictments have been issued. Both of those were relegated to
state court, and the charges are, in the scheme of white collar crime,
are relatively minor. There have also been questions raised about
whether the evidence for prosecution might not have either already
existed prior to Sun Devil or that it could have readily been obtained
without Sun Devil. The key to the indictment seems to be a ubiquitous
informant who was paid to dig out dirt on folks. For some, Sun Devil
raises the issue of use of informants, over-zealousness of
prosecutors, and lack of accountability in seizures. We fully agree
that if there is evidence of felonious activity, there should be a
response. The question, however, is how such evidence is obtained and
at what social and other costs.
Many may disagree with our perspective on these cases, but several
points remain: 1) Each of them raises significant issues about the
methods of the criminal justice system in a new area of law; 2) Each
of them serves as an icon for specific problems (privacy, evidence,
ethics, language of law, media images, sysop liability to name just a
few); and 3) In each of them, whatever the culpable status of the
suspects, there exists an avenue to debate the broader issue of the
distinction between criminal and simply unethical behavior.
Among the issues that, if discussed and debated, would move the level
of discussion from personalities to common concerns are:
1. Overzealous law enforcement action: Prosecutors are faced with the
difficult task of enforcing laws that are outstripped by technological
change. Barriers to this enforcement include lack of resources and
technical expertise, ambiguity of definitions, and vague laws that
allow some groups (such as AT&T) who seem to have a history of
themselves attempting to use their formidable economic and corporate
power to jockey for legal privilege. Legal definitions of and
responses to perceived inappropriate behavior today will shape how
cyberspace is controlled in the coming decades. Questionable actions
set bad precedents. That is why we refer to specific cases as ICONS
that symbolize the dangers of over-control and the problems
accompanying it.
2. Media distortions: This will be addressed in more detail in a
future CuD, because it is a critically important factor in the
perpetuation of public and law enforcements' misconceptions about the
CU. However, concern for distortion should be expanded to include how
we all (CuD included) portray images of events, groups, and
individuals. Some law enforcers have complained about irresponsible
media accuracy when the alleged inaccuracies have in fact come from
law enforcement sources. But, media (and other) distortions of CU news
is not simply a matter of "getting the facts straight." It also
requires that we all reflect on how we ourselves create images that
reinforce erroneous stereotypes and myths that in turn perpetuate the
"facts" by recursive rounds of citing the errors rather than the
reality.
CuD AS PRO HACKER: The CuD moderators are seen by some as defending
cybercrime of all kinds, and as opposing *any* prosecution of
"computer criminals. Why must we constantly repeat that a) we have
*never* said that computer intrusion is acceptable, and b) we fully
believe that laws protecting the public against computer abuse are
necessary. This, so I am told, "turns many people off." We have been
clear about our position. There are occasions when discussion can
reflect a variety of rhetorical strategies, ranging from reason to
hyperbole. As long as the issues remain forefront, there seems nothing
wrong with expressing outrage as a legitimate response to outrageous
acts.
4. Crime and ethics in the cyber-frontier: These issues, although
separate, raise the same question. Which behaviors should be
sanctioned by criminal or civil penalties, and which sanctioned by
collective norms and peer pressure? Unwise acts are not necessarily
criminal acts, and adducing one's lack of wisdom as "proof" of
criminality, and therefore sanctionable, is equally unwise. There are
degrees of abuse, some of which require criminal penalties, others of
which do not. The CU has changed largely because the number of
computer users has dramatically increased make the "bozo factor" (the
point at which critical mass of abusing bozos has been reached making
them a group unto themselves) has a significant impact on others.
There are also more opportunities not only to abuse, but to identify
and apprehend abusers, which increases the visibility of the bozos. We
can, as we did with the problems of crime, poverty, drugs, and other
ills, declare a "war" on it (which most certainly means that we've
lost before we've begun). Or, we can peruse a more proactive course
and push for equitable laws and just responses to computer abuse while
simultaneously emphasizing ethics. We fully agree that netethics
should occur in schools, on the nets, in articles, and every other
place where cybernauts obtain models and images of their new world.
But, just as we should identify and work toward ethical behavior
within the CU, we must also demand that others, such as AT&T, some law
enforcement agents, BellSouth, et. al., do the same. It is hardly
ethical to claim that a commodity valued at under $14 is worth over
$79,000, and it is hardly ethical to compare possession of proprietary
software with index crimes such as theft, arson, or embezzlement.
Whether our own perspective is correct or not, the point is that what
does or does not count as ethical behavior can no longer be assumed,
but requires a level of debate the extends beyond netlynchings of
individual suspects.
Gene Spafford, like many others who share his view, is a productive
and competent computer specialist who sees the dark side of computer
abuse because he defends against it. I, like many others who share my
view, see the dark side of law enforcement because, as a
criminologist, I have been immersed in the abuses and fight against
them. Our different experiences give us different demons to fight, an
occasional windmill or two with which to joust, and a dissimilar
arsenal that we use in our battles. Nonetheless, even though there is
not total agreement on precisely which is a windmill and which a
monster, Gene suggests that there is shared agreement on a minimal
common reality and some common goals for making it more manageable. I
fully, absolutely, and unequivocally agree with Gene:
I agree that free speech should not be criminalized.
However, I also think we should not hide criminal and
unethical behavior behind the cry of "free speech.
Promoting freedoms without equal promotion of the
responsibility behind those freedoms does not lead to a
greater good. If you cry "wolf" too often, people ignore
you when the wolf is really there.
I would only respond that his observation be taken to heart by all
sides.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: Thu, 18 Apr 91 16:57:35 EDT
From: CERT Advisory <cert-advisory-request@CERT.SEI.CMU.EDU>
Subject: CERT Advisory - Social Engineering
********************************************************************
*** CuD #3.14: File 4 of 6: CERT Advisory ***
********************************************************************
CA-91:04 CERT Advisory
April 18, 1991
Social Engineering
DESCRIPTION:
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received several incident reports concerning users receiving requests
to take an action that results in the capturing of their password.
The request could come in the form of an e-mail message, a broadcast,
or a telephone call. The latest ploy instructs the user to run a
"test" program, previously installed by the intruder, which will
prompt the user for his or her password. When the user executes the
program, the user's name and password are e-mailed to a remote site.
We are including an example message at the end of this advisory.
These messages can appear to be from a site administrator or root. In
reality, they may have been sent by an individual at a remote site,
who is trying to gain access or additional access to the local machine
via the user's account.
While this advisory may seem very trivial to some experienced users,
the fact remains that MANY users have fallen for these tricks (refer
to CERT Advisory CA-91:03).
IMPACT:
An intruder can gain access to a system through the unauthorized use
of the (possibly privileged) accounts whose passwords have been
compromised. This problem could affect all systems, not just UNIX
systems or systems on the Internet.
SOLUTION:
The CERT/CC recommends the following actions:
1) Any users receiving such a request should verify its
authenticity with their system administrator before acting on
the instructions within the message. If a user has received
this type of request and actually entered a password, he/she
should immediately change his/her password to a new one and
alert the system administrator.
2) System administrators should check with their user communities
to ensure that no user has followed the instructions in such a
message. Further, the system should be carefully examined for
damage or changes that the intruder may have caused. We also
ask that you contact the CERT/CC.
3) The CERT/CC urges system administrators to educate their users
so that they will not fall prey to such tricks.
SAMPLE MESSAGE as received by the CERT (including spelling errors,
etc.)
OmniCore is experimenting in online - high resolution graphics
display on the UNIX BSD 4.3 system and it's derivatives [sic].
But, we need you're help in testing our new product -
TurboTetris. So, if you are not to busy, please try out the
ttetris game in your machine's /tmp directory. just type:
/tmp/ttetris
Because of the graphics handling and screen-reinitialization
[sic], you will be prompted to log on again. Please do so, and
use your real password. Thanks you for your support. You'll be
hearing from us soon!
OmniCore
END OF SAMPLE MESSAGE
If you believe that your system has been compromised, contact CERT/CC
via telephone or e-mail.
Computer Emergency Response Team/Coordination Center (CERT/CC),
Software Engineering Institute, Carnegie Mellon University,
Pittsburgh, PA 15213-3890
412-268-7090 24-hour hotline: CERT/CC personnel answer
7:30a.m.-6:00p.m. EST, on call for emergencies during other hours.
E-mail: cert@cert.sei.cmu.edu
Past advisories and other computer security related information are
available for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5)
system.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Anonymous <xxx.xxxx.COMPUSERVE.COM>M>
Subject: And Fox is after the Hollywood Hacker?
Date: 23 Apr 91 05:12:22 CDT
********************************************************************
*** CuD #3.14: File 5 of 6: Fox and the Hollywood Hacker ***
********************************************************************
Fox's assault on the Hollywood Hacker gets even more bizarre. First
one of their camera people is busted with a weapon by the Secret
Service when they found him near President Bush, and now Murray Povich
has come out with his book that makes us wonder what goes on inside
the corporate board rooms, bedrooms, and computer rooms.
If what Povich says is true, it seems that some of these tabloid tv
types routinely bustle around spying and snooping, but when somebody
turns the tables the scream and yell.
Consider this from
"Current Affairs: A Life on the Edge" by Maury Povich with Ken Gross.
Published 1991 by GP Putnam's Sons.
Chapter 14, pgss 207-208.
"The launch date for 'Inside Edition' was January of 1989 and we
went shopping around the satellites, trying to find out what
stories they were going to do. That's how shows worked--they
fiddled around with frequencies and latched onto the
communications channels and listened in on the shop talk. It was
spying. We all did it, switching around the dials, trying to
pick up their satellite, pointing the transponders to find their
bird so we could listen to their teleconferences and their
stations, trying to winkle out what stories they were after.
They were also doing the same thing to us, because they knew how
we worked and it was part of the game. Young and Tomlin were not
there for nothing. I knew 'Inside Edition' was into our computer
because that's the way it is. Maybe it's illegal, but that's the
'Front Page' mentality."
Throughout the entire book, Povich brags about the many and sundry
ploys, devious tactics, and outright lies used by Current Affair
staffers to get material (tapes and/or interviews) for their show. He
constantly puts down the stuffed-shirt/establishment news types and
makes he and his minions out to be heroic characters-- pioneers of a
newer, braver school of journalism. "Killer journalists of the
nineties," he calls them. Their battle cry: "Maybe it's not ethical,
mate, but it's legal." (pg 254).
I thought that maybe inquiring minds would want to know.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: MONDO -- GREAT NEW 'ZINE!
Date: 10 Apr 91 01:24:08 EDT
********************************************************************
*** CuD #3.14: File 6 of 6: MONDO -- Great new 'Zine! ***
********************************************************************
After hearing many good things about a magazine called "Mondo 2000" we
were pleased to finally locate a copy on a SF Bay area newsstand. In
the interest of helping to spread the word about this very interesting
publication we pres-ent a brief overview of the Winter 1991 issue.
"Mondo 2000" (issue 3), from Fun City MegaMedia, is a sort of
cyper-punk/PoMo/Discordian publication covering diverse (and
fascinating) topics such as designer drugs, a Congressional assault on
the Constitution, growth hormones, cybernetic jewelry, House Music,
computer graphics, Frank Zappa's political ambitions, interviews with
Debbie Harry, Tina Weymouth & Chris Franz, and cracking Macintosh
software. There is a lot of material here (about 175 pages all total)
and there is sure to be something to interest most anyone. The
"reader mail" column indicates that past issues have covered vir-tual
reality, UFO's, and The Church of the Sub-Genius.
In addition the above topics, issue three also contains a number of
articles of direct relevance to CuD. Namely, articles on the LoD,
EFF, and the CU in general. [How's that for a plethora of acronyms in
one sentence?! -GRM] In the "Hackers and Crackers" section we find the
following selections:
* "Do G-Men Dream of Electric Sheep?" by R.U. Sirius and George
Gleason (pp 40-43) This article essentially presents a time line of
CU related events beginning with Hackers' 4.0 misrepresentation by
CBS, thru the Internet worm, NuPrometheus, Operation Sun Devil, and
Zod's bust. In all, 22 of some of the most significant events are
chronicled and the article serve as a handy, and disturbing, summary
of the last couple of years.
* "Civilizing the Electronic Frontier: an interview with Mitch
Kapor and John Barlow of the Electronic Frontier Foundation" by David
Gans and R.U. Sirius (pp45-49) Kapor and Barlow discuss the FBI's
investigation of the NuPrometheus League, the origin of the EFF, and
the future of the law and cyberspace.
* "Synergy Speaks: Goodbye Banks, Goodbye Telephones, Goodbye
Welfare Checks" by Michael Synergy (pp 51-54) A self-professed
cyberpunk offers brief comments on a variety of topics such as
viruses, blackmail, the EFF, modern justice, criminal evidence, and
many more. Synergy's comments aren't in depth, but present views on a
wide enough selection of topics for someone un-familiar with the
movement to get an idea of the cyberpunk philosophy.
* "Freaked by Phrack: an interview with Craig Neidorf" by John
Perry Barlow (pp 55-56) An extract from on online interview with
Neidorf, former publisher of Phrack, Inc. Neidorf discusses the
nature of Phrack, his trial, and effect it has had on his life.
* "A Message to You From Legion of Doom Member 'The Mentor'" by
The Mentor (p 58) An edited version of "The Conscience of a Hacker"
or "Hacker Manifesto" as widely published in Phrack, CuD, Thrasher,
and a number of other places.
* "On the Road to Chaos in East Berlin" by Morgan Russell (pp
60-63) A gonzo-esque account of the Chaos Computer Club Kongress in
East Berlin. Also mentions the squatters' movement and The Foundation
for the Advancement of Il-legal Knowledge (AKILKNO).
* "The Worlds Oldest Secret Conspiracy: Fronted by Steve Jackson
Games, Inc." by Gareth Branwyn (pp 64-67) An interview with Steve
Jackson, concern-ing his business and Secret Service raids brought
about by _GURPS Cyberpunk_. An excerpt from the book is included.
* "Guess Work: an interview with August Bequai" by Gareth
Branwyn (pp 70-71) This is a particularly enlightening interview with
Bequai, a well-published expert of computer crime. Although brief,
Bequai has some 'inter-esting' things to say. Here are some excerpts,
in the same question/answer format found in the original article:
Mondo: ...what do you think about the criticism that, with
Operation Sun Devil, they've [the feds] unconstitutionally confiscated
equipment such as public bulletin boards? This sort of thing has
struck fear in the hearts of many systems operators. The seizure of
the Steve Jackson Games BBS is a case in point. They were, by the
admission of the Secret Service, not the target of the investigation.
And yet their BBS was confiscated.
Bequai: Then they have the option to go to court and challenge
it. We have laws and legal system, and they work!
Mondo: If you have the resources!
Bequai: You don't necessarily need a lot of resources. It
doesn't take a heck of a lot of money to go to court and challenge
some of these things.
Mondo: You're telling me it doesn't take a lot of time and
money to challenge the US Secret Service!?
Bequai: No sir, it does not. If you hire a small firm, no.
[...]
Mondo: What sort of groups do you lecture to:
Bequai: Computer professionals, security professionals,
executive-types, management-types, supervisors, lawyers, government
officials.
Mondo: In a recent speech, you stated that "Millions of
Americans find themselves the victims of computer crimes" and "The
public is called upon to pick up the tab for billions of dollars in
annual losses...at the hands of computer criminals, hackers, and
pranksters." [...] Where did you get those figures?
Bequai: Oh, that's just guess work. White collar crime runs in
excess of a hundred billion dollars. My sympathy goes to the public.
I'm not so in-terested in technophiles who think they have an inherent
right to do whatever they feel. I'm concerned for the average Joe
Blow American.
Bequai is an oft-quoted expert when anti-CU types discuss the hacker
underground. This article was particularly insightful, and in many
ways makes the pursuit of MONDO 2000 worthwhile in and of itself.
* "Phreaks R Us: an interview with hacker publishers Emmanuel
Goldstein of 2600 and Rop Gonggrijp of Hack-Tic" by R.U. Sirius and
George Gleason (pp 74-76) Goldstein and Gonggrijp discuss their
journals, the CU movement, and freedom of information.
In conclusion, MONDO 2000 (issue 3) is worth searching out. It is a
more than worthy successor to Reality Hackers, and offers many
articles of interest. It is one of the most fascinating and
refreshing publications to hit the stands, and will be very enjoyable
to any CU-attentive individual.
Mondo 2000 (published quarterly)
(subscriptions)
Fun City MegaMedia
PO Box 10171
Berkeley, CA 94709-5171 USA
(correspondence)
PO Box 40271
Berkeley, CA 94704
Fax: 415.649.9630 MCI Mail: MONDO2000
$24.00 (US) for 5 issues
********************************************************************
------------------------------
**END OF CuD #3.14**
********************************************************************