TK0JUT2%MVS.CSO.NIU.EDU@UICVM.uic.edu (04/15/91)
**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.12 (April 15, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto POETICA OBSCIVORUM REI: Brendan Kehoe +++++ +++++ +++++ +++++ +++++ CONTENTS THIS ISSUE: File 1: Moderators' Corner File 2: From the Mailbag File 3: Business Week Article on The Dread Hacker Menace File 4: Using the CuD email archive server +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132); (2) cudarch@chsun1.uchicago.edu; (3) dagon.acc.stolaf.edu (130.71.192.18). E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Moderators' Corner Date: 15 April, 1991 ******************************************************************** *** CuD #3.12: File 1 of 4: From the Moderators *** ******************************************************************** +++++++++++++ NEW FTP SITE +++++++++++++ Another ftp site has been added where back issues of CuD, Phrack, and other documents can be obtained. Anonymous ftp to: dagon.acc.stolaf.edu (130.71.192.18 is the IP address for dagon). CD to the 'Next-ug/phrack' directory. NOTE: *!PLEASE!* use only between 1700-0600 (5 pm and 6 am)! We depend on courtesy of users to keep the sites running. Thanks. And thanks to the new ftpmaster for setting this up! For those wanting additional instructions on using the mail server, see file # 4 below. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Assorted Subject: From the Mailbag Date: April 15, 1991 ******************************************************************** *** CuD #3.12: File 2 of 4: From the Mailbag *** ******************************************************************** Subject: Len Rose, licenses, and piracy From: peter@TARONGA.HACKERCORP.COM(Peter da Silva) Date: Sun, 7 Apr 91 13:44:05 CDT We have some odd numbers here: could someone explain them? > The UNIX operating system, which is > licensed by AT&T at $77,000 per license, Last time I checked the UNIX source code was considerably more than this. The version of UNIX that was licenced for $77,000 for source is no longer offered. > The login program is licensed by AT&T at $27,000 per license. Is this true, that "login" is licensed separately? If so, it's unlikely that it was licensed separately back in V7 days. So what's the story? Is AT&T actually lowering the estimated value of UNIX here, or inventing a separate license for the login program, or is there actually some boilerplate license for portions of the UNIX source? In any case, the people claiming that the 77,000 figure is "obviously" just another exaggerated pricing are mistaken: that figure is an extreme understatement of the value of teh UNIX source. The price on the login.c program, $27,000, does seem out of line though. Finally, I would like to note that unlike many of the posters here I'm not going to try to excuse Rose's adding trapdoors to login.c as either educational or providing support to AT&T customers. His posession of this code was definitely illegal. His use of it was, while perhaps protected under the first amendment, hardly wise. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Subject: Len Rose From: jrbd@CRAYCOS.COM(James Davies) Date: Mon, 8 Apr 91 14:15:51 MDT Keith Hansen and Arel Lucas in CuD #3.11 shared with us their letter to AT&T expressing their anger at the arrest and conviction of Len Rose (among other things). Well, I have to disagree with their conclusions in this case -- Len Rose is not an innocent martyr, crucified by an evil corporation for benevolently giving unpaid support to AT&T software users, as Hansen and Lucas attempted to portray him. The press release published earlier in the same CuD issue makes it clear that Rose's intent was to steal passwords and invade systems. While the possession of AT&T source code was the charge of which Rose was convicted, his actual crime (in a moral sense) was the equivalent of manufacturing burglar's tools, or perhaps of breaking and entering (although there isn't any evidence that he actually did any of this, his intent was clearly to help others do so). Nothing makes this more obvious than Rose's own words, as quoted from the comments in his modified login.c by the Secret Service press release: Hacked by Terminus to enable stealing passwords. This is obviously not a tool to be used for initial system penetration, but instead will allow you to collect passwords and accounts once it's been installed. (I)deal for situations where you have a one-shot opportunity for super user privileges.. This source code is not public domain..(so don't get caught with it). I'm sorry, but these aren't the words of an innocent man. Personally, I think that Rose is guilty of the exact same sort of behaviour that gives hackers a bad name in the press, and I think that you're crazy to be supporting him in this. Save your indignation for true misjustices, ok? +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= Subject: Re: Computers and Freedom of Speech From: elroy!grian!alex@AMES.ARC.NASA.GOV(Alex Pournelle) Date: Tue, 9 Apr 1991 09:02:53 GMT In CuD 3.11, works!LC1%das@HARVUNXW.BITNET wrote: >In response to an article in CuD 3.09 on computer publications... >What gives people the right to censor and deem something illegal in >the electronic media when paper, TV, radio, and the spoken word is >perfectly legal and protected by the first amendment. Why am I having to answer this? Wasn't this mentioned ten times in the past? I'll repeat: TV and radio are federally-minded resources "of the people", which have guidelines set up by the FCC, nominally in the interest by/for/of the people. (The rationale for the government minding the spectrum is that it's a scarce resource and one prone to huge abuse if not minded. That argument cuts both ways, doesn't it?) Telephones are covered by "common-carrier" laws, which prevent Pac*Bell from being confiscated because someone plans a murder over the wires. Ditto for cellular, Tymnet, telegraph and everything like them. This is a two-edged sword: the telcos have to give access to anyone who carries money, whether they "like" them or not. And they can have nothing (well, little--see "The Cuckoo's Egg" for one exception) to do with the content of what they carry. BBSes and for-pay services are NOT covered by common-carrier: THEY ARE PRIVATE SERVICES. The reason that CompuServe and BIX aren't confiscated every month is because H&R Block and McGraw-Hill have more lawyers than the Dept. of Justice--and they'd sue like crazy, and the government knows it. But since they're private, Prodigy can take off whatever messages it wants to. Whether it's violating privacy laws by reading people's mail is a matter I am not qualified to discuss. {I have, in fits of anger, wanted to take this "too big to confiscate" argument another step--say, building the computer into the foundation of a house, or better yet, into the foundation of an apartment building whose owner I didn't like. Or running it on an H-P 3000, the old kind that takes up an entire garage. And videotaping the attempts to remove the thing. But I digress.} >Q: Shouldn't electronic publications be protected under the same >article of the constitution that allows free presses? If they can be shown to be the same thing. Can you make this stand in a court of law? I can't; the EFF is trying to. It's incredibly important, no doubt. >A: Most definitly. [sic] Why? Stand right there and tell the judge why your PC and a modem should be accorded the same shield laws as the L.A. Times. Then explain that to the same L.A. Times, in short words, and get it printed. >The question now is why aren't they? No, that's only one question. Ignorance is probably the main reason for this state of affairs; ignorance that spawns "YOUR KIDS COULD BE TARGETS OF WHITE-SUPREMACIST PEDERASTS WHO NUKE DOLPHINS WHILE EATING HIGH-CHOLESTERAL FATS!!!! SCENES OF THEIR ILLICIT IMMORAL COMPUTER NETWORK LIVE FROM THE SCENE!!! FILM AT ELEVEN, RIGHT AFTER THE MISS NUDE BIKINI CONTEST WINNER INTERVIEW!!!!" so-called journalism on television. But that same ignorance, I'm afraid, pervades this very conference. If the Sixties, that period of unbounded and unfocussed optimism, taught me anything by hindsight, it's this: Know Reality. Wishful thinking won't change a thing. If you're concerned about the issues of electronic freedom--and we all should--Know Reality. That means understanding RCCs, RFCs, PSTNs, POTS, CLASS, CLIDs and FOIAs. For that scary future we can't stop _will_ be based on the past. It is up to us to make sure it is based on the right parts. Sincerely, Alex Pournelle +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= From: chron!magic322!edtjda@UUNET.UU.NET(Joe Abernathy) Subject: Defining Hackers for the Media Date: Wed, 10 Apr 91 19:31:01 CDT >From the you asked for it, you got it department: We've decided to do a brief sidebar treatment of the controversy over the use of words such as hacker, cracker, phreaker, codez kids, etc. Your brief, to-the-point comments are hereby invited for publication. Please fully identify yourself and your organization (or whatever job description best qualifies you to have an opinion on the subject). Please respond via electronic mail to: edtjda@chron.com or {nearbybighost}!uunet!chron!edtjda If there is an overwhelming volume of responses, I will not make individual acknowledgements. The resulting story will in any case be submitted for possible distribution in cud; and will be available electronically to those submitting their thoughts on the subject. Thanks in advance. Joe Abernathy Houston Chronicle (800) 735-3820 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= From: kadie@EFF.ORG(Carl Kadie) Subject: Computers and Academic Freedom - a new mailing list Date: Wed, 10 Apr 91 12:05:43 EDT Announcing a new mailing list: comp-academic-freedom-talk Purpose: To discuss questions such as: How should general principles of academic freedom (such as freedom of expression, freedom to read, due process, and privacy) be applied to university computers and networks? How are these principles actually being applied? How can the principles of academic freedom as applied to computers and networks be defended? To join: send email to listserv@eff.org. The body of the note should contain the line add comp-academic-freedom-talk To leave the list, send email with the line delete comp-academic-freedom-talk For more information about listserv, sent email with the line help After you join the list, to send a note to everyone on the list, send email to comp-academic-freedom-talk@eff.org (or caf-talk@org). The long version: When my grandmother attended the University of Illinois fifty-five years ago, academic freedom meant the right to speak up in class, to created student organizations, to listen to controversial speakers, to read "dangerous" books in the library, and to be protected from random searches of your dorm room. Today these rights are guaranteed by most universities. These days, however, my academic life very different from my grandmother's. Her academic life was centered on the classroom and the student union. Mine centers on the computer and the computer network. In the new academia, my academic freedom is much less secure. It is time for a discussion of computers and academic freedom. I've been in contact with Mitch Kapor. He has given the discussion a home on the eff.org machine. The suppression of academic freedom on computers is common. At least once a month, someone posts on plea on Usenet for help. The most common complaint is that a newsgroup has been banned because of its content (usually alt.sex). In January, a sysadmin at the University of Wisconsin didn't ban any newsgroups directly. Instead, he reduced the newsgroup expiration time so that reading groups such as alt.sex is almost impossible. Last month, a sysadmin at Case Western killed a note that a student had posted to a local newsgroup. The sysadmin said the information in the note could be misused. In other cases, university employees may be reading e-mail or looking through user files. This may happen with or without some prior notice that e-mail and files are fair game. In many of these cases the legality of the suppression is unclear. It may depend on user expectation, prior announcements, and whether the university is public or private. The legality is, however, irrelevant. The duty of the University is not to suppress everything it legally can; rather it is to support the free and open investigation and expression of ideas. This is the ideal of academic freedom. In this role, the University acts a model of how the wider world should be. (In the world of computers, universities are perhaps the most important model of how things should be). If you are interested in discussing this issues, or if you have first-hand experience with academic supression on computers or networks, please join the mailing list. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= From: Anonymous Subject: Fox Broadcasting, Hollywood Hacker, and Evil-doings Date: Sat, 7 Apr 91 19:18:15 MDT Given what Fox Television did to the Hollywood Hacker, I thought this might be of interest if anybody wants to read it. The following story appeared in the New York Times today: "Guns Found at Airport During Visit by Bush" LOS ANGELES, April 6 (AP)--Two television employees were detained but not arrested Friday night after two .22 caliber pistols were found intheir vehicles as they tried to enter an area at Los Angeles Airport that was secured for President Bush's departure. It was the first time that firearms had been found so close to a President, the White House spokesman, Marlin Fitzwater, said. --(stuff omitted) The two men were a cameraman from Fox Television and a courier for Cable News Network. Neither was identified. The article concludes by saying that the gun was carried in violation of company policy. Now, I ask this: If the HH was set up, I wonder if it's possible that Fox was maybe trying to do a sting of its own to see how close they could get The Prez without being caught? Did this story make the same splash on Fox that the HH story did? Did Fox come up with a cute name for these guys? Why didn't it have television cameras present when they got caught? Seems to me that getting caught with weapons so near the President is far more serious than logging on to a computer somewhere. I just wonder if Fox terminated its employee, and applied the same standards of fairness, lose as they may be, to these guys as they did to the HH? It's all gotta make ya wonder about Fox's credibility, doesn't it? +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= FROM: cybrview@EFF.ORG Subject: Looking at CyberSpace from Within Date: Thu, 11 Apr 91 16:20 CDT Looking At CyberSpace From Within On January 18, 1990, Craig Neidorf was visited by the United States Secret Service. Shortly afterwards he became the first victim in a war to preserve the rights guaranteed to all by the United States Constitution. He would not be alone. Steve Jackson Games, though not a target of any criminal investigation, was treated worse than most criminals when his company was inexplicably raided by the Secret Service. A dangerous trend was in evidence throughout the nation when Secret Service agents -- during Operation Sun-Devil and other related cases -- acted as if the interests of corporations like Bellcore are more important than those of individual citizens. Mitch Kapor, John Barlow, and others banded together to meet the challenge. They became the Electronic Frontier Foundation and they set forth to not only defend those wrongly accused of crimes, but to educate the public and law enforcement in general about computers and today's technology. EFF participated in a large public forum in March 1991. It was the first conference on Computers, Freedom, & Privacy, which was in general an opportunity to teach and learn from law enforcement officials, defense attorneys, and others with a more professional interest in the field. Now it is time to change gears a little and focus on a different group of people. Announcing... CyberView '91 St. Louis, Missouri The Weekend of June 21-23, 1991 A face-to-face opportunity to learn views, perspectives, and ideas from the people who live in CyberSpace on a day-to-day basis. CyberView '91 is a conference to discuss civil liberties in CyberSpace with the group of people that have been affected the most -- Hackers. It is not a forum to discuss computer or telecommunications systems in the context of security or accessibility. Instead this is the chance for the people who call themselves hackers to meet the Electronic Frontier Foundation in person and share their feelings with the people who might be able to make a difference and hopefully learn a few things at the same time. This conference is by INVITATION ONLY. If you are interested in attending this noteworthy event please leave electronic mail to "cybrview@EFF.ORG." +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= From: cosell@BBN.COM(Bernie Cosell) Subject: Re: Is hacking the same as Breaking and Entering? Date: 10 Apr 91 13:15:09 GMT The Works BBS Admin <works!root@UUNET.UU.NET> writes: }In response to the question: "Is computer hacking the same as B&E?" }Not by far. Breaking and entering has malicious intent, and usually is }solely to steal things and/or hurt something. Hacking although }portrayed negatively in the press is not like this at all. It is }merely looking around at what is in various systems, and learning from }it. ... While I'm sure this is sincerely felt, it so egregiously distorts the real issues involved it makes one wonder if Mr "root" even UNDERSTANDS what the dispute is all about. Consider: it is the middle of summer and you happen to be climbing in the mountains and see a pack of teenagers roaming around an abandoned-until-snow ski resort. There is no question of physical harm to a person, since there will be no people around for months. They are methodically searching EVERY truck, building, outbuilding, shed, etc,. Trying EVERY window, trying to pick EVERY lock. When they find something they can open, they wander into it, and emerge a while later. From your vantage point, you can see no actual evidence of any theft or vandalism, but then you can't actually see what they're doing while they're inside whatever-it-is. Should you call the cops? What should the charge be? Would the answer be different if you OWNED the ski resort and it was YOUR stuff they were sifting through? I grant you that one should temper the crime with the assessment of the ACTUAL intent and the ACTUAL harm done, but that certainly doesn't argue that the intrusion, itself, shouldn't be a crime. }... the majority of }hackers (in my opinion) are not trying to hurt anything, and only }allow themselves a little room to look at, and possible a small chair What a load of crap.... If you want a room and a chair, ask one of your friends for one, but include me out. } Say you find an unknown account }mysteriously pop up? Why not find out who it is, and what they are }looking for first, because as odds go, if they got in there once, }they can do it again, no matter what you do. For two reasons: 1) just because YOU have such a totally bankrupt sense of ethics and propriety, that shouldn't put a burden on *me* to have to waste my time deailing with it. Life is short enough to not have it gratuitously wasted on self-righteous, immature fools. 2) I'm just as happy having that kind of "finding out" done by the police and the courts --- that's their job and I'd just as soon not get involved in the messy business [even if I could spare the time]. If you can't learn to act like a reasonable member of society for its own sake, perhaps somewhat more painful measures will dissuade you from "doing it again". If you want to 'play' on my system, you can ASK me, try to convince me *a*priori* of the innocence of your intent, and if I say "no" you should just go away. And playing without asking is, and should be, criminal; I have no obligation, nor any interest, in being compelled to provide a playpen for bozos who are so jaded that they cannot amuse themselves in some non-offensive way. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators, J&B McMullen, and H. Silverglate and S. Beckman Subject: Business Week Article on The Dread Hacker Menace Date: April 15, 1991 ******************************************************************** *** CuD #3.12: File 3 of 4: Responses to Business Week Article *** ******************************************************************** In the April 15, 1991, issue of BUSINESS WEEK (p. 31), Mark Lewyn and Evan I. Schwartz combined to write "Why 'the Legion of Doom' has Little Fear of the Feds." The article has been criticized by attorneys, journalists, and computer professionals for its flagrant inaccuracies, potentially libelous commentary, and distortion of facts and issues. A superficial reading of the article might lead others to agree with the criticisms we print below. We, however, rather like the article and find it a refreshing narrative. Clearly, as we read Lewyn and Schwartz, they were writing satire. The article is obviously an attempt at postmodernist fiction in which truth is inverted and juxtaposed in playful irony in an attempt to illustrate the failure of Operation Sun Devil. The clever use of fiction underscores the abuses of federal and other agents in pursuing DHs ("Dreaded Hackers") by reproducing the symbols of bad acts (as found in government press releases, indictments and search affidavits) *as if* they were real in a deconstructionist style in which the simulacra--the non-real--become the substance. Let's take a few examples: In a table listing the suspect, the alleged crime, and the outcome of five hackers to show the "latest in a a series of setbacks for the government's highly publicized drive against computer crime (table)," the table lists Robert Morris, Steve Jackson, Craig Neidorf, the Atlanta Three, and Len Rose. Steve Jackson was not charged with a crime, even though the table tells us the case was dismissed for lack of evidence. The article calls Craig Neidorf a hacker (he was never charged with, nor is there any indication whatsoever, that he ever engaged in hacking activity), and fails to mention that the case was dropped because there was, in fact, no case to prosecute. We interpret this as a subtle way of saying that all innocent computerists could be accused of a crime, even if there were no evidence to do so, and then be considered a computer criminal. This, and other factual errors of readily accessable and common public knowledge suggests to us that the table is a rhetorical ploy to show the dangerous procedures used by the Secret Service. Why else would the authors risk a libel suit? In another clever bit of satirical prose, the authors write: Jerome R. Dalton, American Telephone & Telegraph Co.'s corporate security manager, is convinced that the feds simply can't convict. He points to Leonard Rose Jr., a computer consultant who pleaded guilty on Mar. 22 to wire-fraud charges in Chicago and Baltimore. Prosecutors said he sent illegal copies of a $77,000 AT&T computer-operating system known as Unix to hackers around the country after modifying it so it could be used to invade corporate and government systems. The article adds that Dalton contends that without AT&T's help, the government wouldn't have had a case. It was AT&T--not the feds--that verified that Rose wasn't a licensed Unix user and that the program had been modified to make breaking into computer systems easier." Now, this could be considered an innocuous statement, but the subtleness is obvious. To us, the authors are obviously saying that AT&T helped the feds by inflating the value of material available for about $13.95 to an astronomical value of $78,000 (later lowered to $23,000). And, why should the feds know who Unix is licensed to? Last we checked, AT&T, not the government, was responsible for keeping track of its business records, and AT&T was responsible for pursuing the charges. The Len Rose case was not a hacker case, the program was not sent to other "hackers," there was no evidence (or charges) that anybody had even tried to use the login.c program that allegedly was modified, and the case was not a hacker case at all, but rather a case about unlicensed software. So, it seems to us that the authors are trying to illustrate the arrogance of AT&T and the evidentiary aerobics used to try to secure indictments or convictions in cases that are more appropriately civil, rather than criminal matters. So, we say congrats to the authors for taking the risk to write news as fiction, and suggest that perhaps they should consider changing their career line. But, we recognize that others might interpret article as irresponsible, ignorant, and journalistically bankrupt. We reprint (with permission) two letters sent to Business Week in response to the article. Others wishing either to complain to BW or to commend their reporters on their fiction writing can fax letters to Business Week at (212) 512-4464. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ MCMULLEN & MCMULLEN, INC April 9, 1991 Readers Report Business Week 1221 Avenue of the Americas New York, NY 10020 Dear Madam or Sir, As a long time admirer of your coverage of technological issues, I was dismayed to find an appalling number of inaccuracies in "Why 'The Legion OF Doom' Has Little Fear Of The Feds" (BW, 04/15/91). The article, unfortunately, shows little attention to detail in its presentation of "facts" and winds up being unfair to those "accused" and law enforcement officials alike. The article states that Steve Jackson, "President of computer-game maker accused of publishing a 'handbook of computer crime' had his "case dismissed because of lack of evidence." In fact, Steve Jackson was never accused of anything (there was a remark made by a Secret Service Agent that the game about to be published read like a "handbook of computer crime" -- the game is a role playing game set in a future totalitarian society). Steve Jackson's computers, diskettes and printed records were seized pursuant to an investigation of one of his employees who was thought to be a recipient of information related to the investigation of Craig Neidorf's electronic publishing activities. Jackson's equipment has since been returned and law enforcement officials attending the recent "Computers, Freedom & Privacy" conference in San Francisco referred to the Jackson case as one that should not have happened (One of the authors of your piece, Evan Schwartz, was listed as an attendee at the conference. Copies of the search warrant used in obtaining Jackson's equipment were available to all attendees at the conference. The warrants clearly indicate that Jackson was not a subject of the investigation. It is my information that Jackson will shortly file suit against the government as a result of the damage that the "search and seizure" did to his business. I suggest that you, by your description, have made Jackson fit the public image of John Gotti -- a person "everyone knows is guilty" but for whom insufficient evidence exists to make him pay his just deserts. In Jackson's case, nothing could be further from the truth. The article states that Franklin Darden, Jr, Adam Grant and Robert Riggs were "each sentenced to one year split between a half-way house and probation." In fact, Riggs received 21 months in prison while Grant and Darden received 14 months with the stipulation that 7 may be served in a half-way house. Additionally, the three were ordered to jointly and/or separately make restitution to BellSouth for $233,000. After reading the article, I spoke to Kent Alexander, US Attorney responsible for the prosecution of Riggs, Darden and Grant to confirm the sentences. Alexander not only confirmed the sentences; he objected to the calling of the cases as other than a victory for the government (There are many in the computer community who feel that the sentence was, in fact, too harsh. None would consider it other than a government "victory".). Alexander also affirmed that each of the defendants is actually doing prison time, rather than the type of split sentence mentioned in the article. Alexander also told me, by the way, that he believes that he sent a copy of the sentencing memorandum to one of your reporters. The actual sentences imposed on Riggs, Darden and Grant also, of course, makes the article's statement that Rose's one-year sentence is "by far the stiffest to date" incorrect. The treatment of the Neidorf case, while perhaps not factually incorrect, was superficial to the point of dereliction. Neidorf, the publisher of an electronic newsletter, Phrack, was accused of publishing, as part of his newsletter, a document which later was proven to be unlawfully obtained by Riggs, Darden and Grant -- an activity that many saw as similar to the Pentagon Papers case. The case was, in fact, eventually dropped when it turned out that the document in question was publicly available for under $20. Many believe that the case should never have been brought to trian in the first place and it is to this kind of electronic publishing activity that Professor Tribe's constitutional amendment attempts to protect. It is a bit of a reach to call Neidorf a "hacker". He is a college senior with an interest in hacking who published a newsletter about the activities and interest of hackers. It is totally inaccurate to call Jackson a hacker, no matter what definition of that oft-misused terms is applied. The article further states that the target of the Sundevil investigation was the "Legion of Doom". According to Gail Thackeray, ex-Assistant Attorney General of the State of Arizona and one of the key players in the Sundevil investigation, and the aforementioned Kent Alexander (both in conversations with me and, in Thackeray's case, in published statements), this is untrue. The Legion of Doom was a loosely constructed network of persons who, it has been alleged and, in some cases, proven, illegally accessed computers to obtain information considered proprietary. The subjects of the Sundevil investigations were those suspected of credit card fraud and other crime for profit activities. On April 1st, commenting on the first major Sundevil indictment, Thackeray was quoted by the Newsbytes News Service as saying "The Sundevil project was started in response to a high level of complaint of communications crimes, credit card fraud and other incidents relating to large financial losses. These were not cases of persons accessing computers 'just to look around' or even cases like the Atlanta 'Legion of Doom' one in which the individuals admitted obtaining information through illegal access. They are rather cases in which the accused allegedly used computers to facilitate theft of substantial goods and services." The article further, by concentrating on a small number of cases, gives the reader the impression that so-called "hackers' are free to do whatever they like in the global network that connects businesses, government and educational institutions. There have been many arrests and convictions in recent months for computer crime. In New York State alone, there have been arrests for unlawful entries into PBX's, criminal vandalism, illegal access to computers, etc. Heightened law enforcement activity, greater corporate and government concern with security and a better understanding by "hackers" of acceptable limits are, if anything, making a safer climate for the global net while the concern of civil libertarians coupled with greater understanding by law enforcement officials seems to be reducing the possibility of frivolous arrests and overreaching. This improved climate, as evidenced by the recent conference on "Computers, Freedom and Privacy", is a far cry from the negative atmosphere evidenced in the conclusion of your article. I have spent the last few years discussing the issues of computer crime, access to information and reasonable law enforcement procedures with a wide range of individuals --police officers, prosecutors, defense attorneys, "hackers", civil libertarians, lawmakers, science fiction writers, etc. and have found that their opinions, while often quite different, warrant presentation to the general public. Unfortunately, your article with its factual errors and misleading conclusions takes away from this dialog rather than providing enlightenment; it is a great disappointment to one who has come to expect accuracy and insightful analysis from Business Week. I urge you to publish an article explaining these issues in full and correcting the many errors in the April 15th piece. Yours truly, John F. McMullen Executive Vice President +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Response #2 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ April 8, 1991 Readers Report Business Week 1221 Avenue of the Americas New York, NY 10020 Dear Editor, Mark Lewyn and Evan Schwartz are correct that the Secret Service's "Operation Sundevil" has been a disaster ("Why `The Legion of Doom' has little fear of the Feds", BW April 15th), but the rest of their article completely misses the point. The problem with the government's war on computers is not that "it's much harder to nail hackers for electronic mayhem than prosecutors ever imagined," but rather, that lack of computer sophistication has caused prosecutors and investigators to treat law-abiding citizens like criminals. Their reporting on Steve Jackson Games is particularly egregious. To call Steve Jackson a "suspect" in the "war on hackers" is to allege criminal conduct that even the government never alleged. Steve Jackson Games is a nationally known and respected, award-winning publisher of books, magazines, and adventure company was ever accused of any criminal activity. The government has verified that Jackson is not the target of any investigation, including "Operation Sundevil." There was no criminal case "dismissed because of lack of evidence" --there simply was no criminal case at all. Lewyn and Schwartz missed the real story here. Based on allegations by government agents and employees of Bellcore and AT&T, the government obtained a warrant to seize all of the company's computer hardware and software, and all documentation related to its computer system. Many of the allegations were false, but even if they had been true, they did not provide any basis for believing that evidence of criminal activity would be found at Steve Jackson Games. The Secret Service raid caused the company considerable harm. Some of the equipment and data seized was "lost" or damaged. One of the seized computers ran an electronic conferencing system used by individuals across the country to discuss adventure games and related literary genres. The company used the system to communicate with its customers and writers and to get feedback on new game ideas. The seizure shut the conferencing system down for over a month. Also seized were all of the current drafts of the company's about-to-be-released book, GURPS Cyberpunk. The resulting delay in the publication of the book caused the company considerable financial harm, forcing it to lay off half of its employees. Jackson has resuscitated his electronic conferencing system and his business. GURPS Cyberpunk was partially reconstructed from old drafts and eventually published. It has been nominated for a prestigious game industry award and is assigned reading in at least one college literature course. But what happened at Steve Jackson Games demonstrates the vulnerability of computer users -- whether corporate or individual -- to government ineptitude and overreaching. What the Secret Service called a "handbook for computer crime" was really a fantasy role playing game book, something most twelve-year-olds would have recognized after reading the first page. Sincerely, Harvey A. Silverglate Sharon L. Beckman Silverglate & Good Boston, Massachusetts Counsel for Steve Jackson Games ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: kusumoto@CHSUN1.UCHICAGO.EDU(Bob Kusumoto) Subject: Using the CuD email archive server Date: Mon, 8 Apr 91 18:23:52 CDT ******************************************************************** *** CuD #3.12: File 4 of 4: Using the CuD mailserver *** ******************************************************************** A note about the e-mail archive server at chsun1.uchicago.edu: please send any and all requests for files/help to: archive-server@chsun1.uchicago.edu this is not the address for receiving the latest issue of CuD from the mailing list. Either subscribe to alt.society.cu-digest on USEnet or send mail to TK0JUT2@NIU.BITNET (although I'm not sure, you might be able to do uunet!NIU.BITNET!TK0JUT2 if you do not have a definition for .BITNET sites). The archive server is automated and it only understands a few commands placed in the body of the message you send. These commands are HELP, INDEX, SEND, and PATH (case doesn't matter). In short: help: sends a help file describing each command in detail index: sends an index of available topics. If the topic is on the same line, it will send a detailed index of that topic. Available CuD topics are: ane ati bootlegger chalisti cud hnet law lod narc network nia papers phantasy phrack phun pirate school synd tap send: sends a file. Commands for send must be in the following format: send topic filename send topic filename1 filename2 filename3 ... Please note that the arguments are separated by spaces, not slashes or any other characters. Also, some mailers between this site and yours might not be able to handle mail messages larger than 50k in size. You will have to make special arrangements to receive these files (see address below). path: This command forces a specified return path. Normally, the server will guess what the return address should be (most of the time, successfully), but in some cases, it will cause the requested files to bounce, leaving you without your files. If this is the case, you should use the path command to set the return address. Please note, the mailer here cannot handle .uucp addresses, these addresses must be fully expanded. Here are some examples: path user@host.bitnet [for BITNET hosts, direct] path user%hosta.major.domain@hostb.major.domain path hosta!hostb!hostc@uunet.uu.net some useful commands to give to the server (once you know your mailing address is OK) are: send cud cud-arch which sends the master Index for the CuD archive. send cud chsun1.email.files which sends a directory of all files that are in the CuD archives by topic, filename, size of the file, and other less useful information. This file is updated whenever new files are added to the archives. If you have any problems and wish to have someone help you with the server, please send mail to: archive-management@chsun1.uchicago.edu (also cudarch@chsun1.uchicago.edu) Bob Kusumoto chsun1 archive manager ******************************************************************** ------------------------------ **END OF CuD #3.12** ********************************************************************