TK0JUT2%NIU.BITNET@UICVM.uic.edu (12/07/90)
**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.15 (December 5, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: Len Rose Indictment in Illinois File 3: 2600 Magazine Response to Atlanta Sentencing File 4: List of Computer Underground Clippings File 5: Computer Crime Laws list File 6: Media and the CU File 7: The Hermetic Underground ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #2.15: File 1 of 7: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: December 5, 1990 ++++++++++ In this file: 1. FTP INFORMATION 2. WITNESSES FOR LEN ROSE'S BALTIMORE CASE 3. ADDRESS CHANGES ++++++++++ +++++++++++++++++++++ FTP Information +++++++++++++++++++++ The current address for the widener ftp site is: ftp.cs.widener.edu The hours have been extended, and a number of files, including IIRG and NIA (Network Information Access), individual state computer crime statutes (eg, Calif, Fla, Ill.) have been added to all three sites. ++++++++++++ Request for Unix Witnesses for Len Rose ++++++++++++ Len Rose is currently planning the defense for his trial in Baltimore in February, and is looking for Unix experts/gurus able to testify about the Unix system. If you can recommend anyone, drop us a note or, better, call Len at (708) 527-1293. ++++++++++++++++ ADDRESS CHANGES ++++++++++++++++ If you are going to lose your account for any reason, be sure to drop us a line so we can delete your name from the mailing list. It reduces bounced mail and helps net traffic. Thanks. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators and others Subject: Len Rose Indictment in Illinois Date: December 5, 1990 ******************************************************************** *** CuD #2.15: File 2 of 7: Len Rose Indictment and News Article*** ******************************************************************** "Innocent Plea in Computer Case: Naperville Man Denies Taking Key Program from Firm" From: Chicago Tribune, December 4, 1990: Sect. 2, p. 7) By Joseph Sjostrom One of the first persons ever charged with computer tampering in Du Page County pleaded not guilty Monday. Leonard Rose, 31, of Naperville, entered the plea before Associate Du Page County Judge Thomas Callum, who set the next hearing for January 14. Rose is charged with gaining access to a computer at Interactive Systems, Inc., a Naperville software company where he worked for only a week last month, and with "removing" a program called AT&T Unix Source Code, which is the basic operating instructions that tell a computer how to receive and use all the other programs. If the case goes to trial, the prosecutor, Assistant State's Atty. David Bayer, will have to convince a jury that Rose removed the source code and that such action was illegal, even though the code remained in the computer from which he allegedly took it. Rose's attorney, Sheldon Zenner of Chicago, expects the case will never get beyond the first of those questions. "Quite simply, he didn't do it," Zenner said. Rose is under federal indictment in Baltimore for copying a similar program from a computer there and putting it on a computer bulletin board, where computer users could copy and use it without paying fees to AT&T. Rose was indicted on November 21 in Du Page County. Naperville police and state's attorney's investigators searched his apartment and confiscated two computers and a number of computer discs. "There were certain commands made on {the Interactive Systems} computer which suggest the source code was copied, or down-loaded {onto another computer}," Zenner said. "So they looked for the source code on Rose's computer, but it wasn't there. So they'll have to try to analyze the commands made on his computer and I expect they'll have an expert testify that, based on his analysis, the code was downloaded {onto Rose's computer}. "But the source code isn't there because Rose didn't do it," Zenner said. "I expect to show the court that a serious mistake has been made." Despite the large number of sophisticated research and business computers in Du Page County, the only other recent prosecution for computer tampering was the case of a woman who used a computer about two years ago to take revenge on an employer for firing her. She was put on probation after admiting that, in a fit of anger, she purged several programs from the company computer before departing the office for the last time. Otherwise, the extent of computer tampering and fraud is impossible to know, though experts say the opportunities for such activities are extensive. (end article) ******************************* {Moderator's note: The story is a fair overview, but there is one major inaccuracy. Len Rose's Baltimore five count indictment *DOES NOT* charge him with "copying a similar program from a computer there and putting it on a computer bulletin board, where computer users could copy and use it without paying fees to AT&T." The federal indictment in Baltimore charges him with two counts of sending a trojan horse login file (which is not, in itself, illegal), and with three counts of transporting a very small portion of a Unix file across state lines. He is *NOT* charged with theft of that program in the indictment. Nor is he charged with downloading it or with placing it on a BBS where it could be downloaded. This portion of the story sounds like information provided by a prosecutor, because the reporter indicated he had not read the Baltimore indictment. ******************************* The following is a voice-transcribed version of Len Rose's indictment of December 3, 1990 (Illinois, Du Page County; Case # 90-CF-2635). The form may not correspond exactly with the original, but it approximates the wording as closely as possible. The status hearing is set for January 14, 1991. ****************** The grand jurors chosen, selected, and sworn, in and for the County of Du Page in the State of Illinois, IN THE NAME AND BY THE AUTHORITY OF THE PEOPLE OF THE STATE OF ILLINOIS, upon their oaths present that on or about the 17th day of October, 1990, at and within Du Page County, Illinois, Leonard Rose committed the offense of Computer Tampering in that said defendant accessed a computer belonging to Interactive Services, a corporation doing business at 1901 S. Naper Boulevard, Naperville, Du Page County, Illinois, and removed a program known as AT&T Unix System without the authority of the computer's owner, in violation of Illinois revised statutes, 1989, Chapter 38, Section 16D-3(a)(3) AGAINST THE PEACE AND DIGNITY OF THE SAME PEOPLE OF THE STATE OF ILLINOIS. (end indictment) ************************ Following is the relevant language of the Illinois Criminal Code (Chapter 38): ************************ 16D-3. COMPUTER tampering s 16D-3. COMPUTER Tampering. (a) A person commits the offense of COMPUTER tampering when he knowingly and without the authorization of a COMPUTER'S owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him: (1) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data; (2) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and obtains data or services; (3) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and damages or destroys the COMPUTER or alters, deletes or removes a COMPUTER program or data; (4) Inserts or attempts to insert a "program" into a COMPUTER or COMPUTER program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that COMPUTER, or any other COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or may alter, delete or remove a COMPUTER program or data from that COMPUTER, or any other COMPUTER program or data in a COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or ma cause loss to the users of that COMPUTER or the users of a COMPUTER which accesses or which is accessed by such "program". (b) Sentence. (1) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(1) of this Section shall be guilty of a Class B misdemeanor. (2) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(2) of this Section shall be guilty of a Class A misdemeanor an a Class 4 felony for the second or subsequent offense. (3) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(3) or subsection (a)(4) of this Section shall be guilty of a Class 4 felony and a Class 3 felony for the second or subsequent offense. (c) Whoever suffers loss by reason of a violation of subsection (a)(4) of this Section may, in a civil action against the violator, obtain appropriate relief. In a civil action under this Section, the court may award to the prevailing party reasonable attorney's fees and other litigation expenses. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: well!emmanuel@APPLE.COM(Emmanuel Goldstein) Subject: 2600 Magazine Response to Atlanta Sentencing Date: Fri, 30 Nov 90 00:23:06 pst ******************************************************************** *** CuD #2.15: File 3 of 7: 2600 Response to Atlanta Sentences *** ******************************************************************** The following article is from the Autumn 1990 issue of 2600 Magazine, The Hacker Quarterly. We encourage its distribution to anyone interested. If anyone needs to get in touch with us, we can be reached at: 2600@well.sf.ca.us or (516) 751-2600. ******************************************************************** Over the past year there has been a great deal of publicity concerning the actions of computer hackers. Since we began publishing in 1984 we've pointed out cases of hackers being unfairly prosecuted and victimized. We wish we could say things were getting better but we cannot. Events of recent months have made it painfully clear that the authorities, above all else, want to "send a message". That message of course being that hacking is not good. And there seems to be no limit as to how far they will go to send that message. And so we come to the latest chapter in this saga: the sentencing of three hackers in Atlanta, Georgia on November 16. The three, Robert Riggs (The Prophet), Frank Darden, Jr. (The Leftist), and Adam Grant (The Urville) were members of the Legion of Doom, one of the country's leading hacker "groups". Members of LOD were spread all over the world but there was no real organization, just a desire to learn and share information. Hardly a gang of terrorists, as the authorities set out to prove. The three Atlanta hackers had pleaded guilty to various charges of hacking, particularly concerning SBDN (the Southern Bell Data Network, operated by BellSouth). Supposedly Riggs had accessed SBDN and sent the now famous 911 document to Craig Neidorf for publication in PHRACK. Earlier this year, BellSouth valued the document at nearly $80,000. However, during Neidorf's trial, it was revealed that the document was really worth $13. That was enough to convince the government to drop the case. But Riggs, Darden, and Grant had already pleaded guilty to accessing BellSouth's computer. Even though the facts in the Neidorf case showed the world how absurd BellSouth's accusations were, the "Atlanta Three" were sentenced as if every word had been true. Which explains why each of them received substantial prison time, 21 months for Riggs, 14 months for the others. We're told they could have gotten even more. This kind of a sentence sends a message all right. The message is that the legal system has no idea how to handle computer hacking. Here we have a case where some curious people logged into a phone company's computer system. No cases of damage to the system were ever attributed to them. They shared information which we now know was practically worthless. And they never profited in any way, except to gain knowledge. Yet they are being treated as if they were guilty of rape or manslaughter. Why is this? In addition to going to prison, the three must pay $233,000 in restitution. Again, it's a complete mystery as to how this staggering figure was arrived at. BellSouth claimed that approximate figure in "stolen logins/passwords" which we have a great deal of trouble understanding. Nobody can tell us exactly what that means. And there's more. BellSouth claims to have spent $1.5 million tracking down these individuals. That's right, one and a half million dollars for the phone company to trace three people! And then they had to go and spend $3 million in additional security. Perhaps if they had sprung for security in the first place, this would never have happened. But, of course, then they would have never gotten to send the message to all the hackers and potential hackers out there. We think it's time concerned people sent a message of their own. Three young people are going to prison because a large company left its doors wide open and doesn't want to take any responsibility. That in itself is a criminal act. We've always believed that if people cause damage or create a nuisance, they should pay the price. In fact, the LOD believed this too. So do most hackers. And so does the legal system. By blowing things way out of proportion because computers were involved, the government is telling us they really don't know what's going on or how to handle it. And that is a scary situation. If the media had been on top of this story and had been able to grasp its meaning, things might have been very different indeed. And if BellSouth's gross exaggerations had been taken into account at the sentencing, this injustice couldn't have occurred. Consider this: if Riggs' sentence were as much of an exaggeration as BellSouth's stated value of their $13 document, he would be able to serve it in full in just over two hours. And the $233,000 in restitution would be under $40. So how much damage are we really talking about? Don't look to BellSouth for answers. In early 1991, the three are to begin their sentences. Before that happens, we need to reach as many people as possible with this message. We don't know if it will make a difference in this particular case if the general public, government officials, and the media hear this side of the story. But we do know it would be criminal not to try. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: <KRAUSER@SNYSYRV1.BITNET> Subject: List of Computer Underground Clippings Date: Fri, 30 Nov 90 21:41 EDT ******************************************************************** *** CuD #2.15: File 4 of 7: List of CU News Articles *** ******************************************************************** Computer Hackers News Articles Compiled By Bob Krause KRAUSER@SNYSYRV1.BITNET The following is a list of articles that I have found concerning the computer underground in various magazines and news-papers. The list is in chronological order. If you know of an article that should be included in this list or correction, send me the information and I will add it to the listing. Nov 18 '90 Crackdown on computer crime is raising question of computer rights. Chicago Tribune pg.17 Oct 29 '90 Users paying big price for PBX fraud. Network World pg.1 Oct 28 '89 Halting hackers. The Economist pg.18 Oct 15 '90 Target: The Corporate PBX Information Week pg.24 Sept 9 '90 Can invaders be stopped but civil liberties upheld? The New York Times pg.F12 Sept 1 '90 United States v Zod The Economist pg.23 Sept '90 Digital Desperados; hackers indictments raise constitutional questions. Scientific American pg.34 Aug 26 '90 The rights of computer users. Los Angles Times pg.D9 Aug 22 '90 Open sesame; in the arcane culture of computer hackers, few doors stay closed. The Wall Street Journal pg.A1 Aug 20 '90 NY State Police round up hackers. Computerworld pg.99 Aug 17 '90 U.S. Arrests boy, 5 others in computer hacker case. The Wall Street Journal pg.82 Aug 6 '90 Computer anarchism calls for a tough response. Business Week pg.72 Aug 6 '90 Charges dropped against alleged BellSouth hacker. Telephony pg.12 July 30 '90 Hacker trial begins in Chicago. Computerworld pg.8 July 30 '90 'Hacking' crackdown is dealt a setback in trial in Chicago The Wall Street Journal pg.B3 July 21 '90 Crackdown on hackers 'may violate civil rights'. New Scientist pg.22 July 21 '90 Group to defend civil rights of hackers founded by computer industry pioneer. The Wall Street Journal pg.B4 July 10 '90 Group to fight for computer users' rights. Los Angles Times pg.D5 July 10 '90 Computer hackers plead guilty in case involving BellSouth. The Wall Street Journal pg.84 July 2 '90 Hackers of the World, Unite! Newsweek pg.36 May 21 '90 Throwing the book at computer hackers. Business Week pg.148 May 14 '90 Justice failed in refusing to make Morris an example. Computerworld pg.23 May 14 '90 Morris sentence spurs debate. Computerworld pg.128 May 14 '90 Wheels of justice grind to a halt in 'worm' case. PC Week pg.16 May 7 '90 Three-year probation for Morris. Computerworld pg.1 May '90 Just say No Communications of the ACM pg.477 May '90 Uncovering the mystery of Shadowhawk. Security Management pg.26 Apr 30 '90 The hacker dragnet: the Feds put a trail on computer crooks - and sideswipe a few innocent bystanders. Newsweek pg.50 March 26'90 Internet interloper targets hacker critics. Computerworld pg.127 March '90 Cyber Thrash SPIN pg.24 March '90 Is Computer Hacking a Crime? Harper's pg.45 Wntr '90 Comp. crime and the Computer Fraud and Abuse Act of 1986 Computer Law Journal pg.71 Feb 19 '90 Morris code. The New Republic pg.15 Feb 12 '90 Alleged hackers charged wit theft of BellSouth 911 data. Telephony pg.10 Feb 12 '90 Babes in high-tech toyland nabbed. Computerworld pg.8 Feb 11 '90 Revenge on the nerds; sure, jail our hackers - who needs software stars anyway? Washington Post pg.C5 Feb 9 '90 Hacked to pieces. New Statesman and Society pg.27 Feb 2 '90 Prevention is better than cure. Public Finance and Accountancy pg.9 Jan 5 '90 Computer hacking: is a new law needed. Public Finance and Accountancy pg.7 Feb 7 '90 Four charged with scheme against phones. The Wall Street Journal pg.B5 Dec 4 '89 Hackers: Is a cure worse than the disease? Business Week pg.37 Sept '89 Free the hacker two. Harper's Magazine pg.22 June 19 '89 Hacker invades So. Bell switch. Telephony pg.11 June '89 Consensual realities in cyberspace Communication of the ACM pg.664 Apr 3 '89 Strong scruples can curb computer crime. Computerworld pg.100 March 9 '90 Hackers revealed as spies. Nature pg.108 March 6 '89 Are ATM's easy targets for crooks? Business Week pg.30 Feb 20 '89 Prison term for first U.S. hacker-law convict. Computerworld pg.1 Jan 9 '89 Hacker prosecution: suspect held, denied phone access by district court. Computerworld pg.2 Jan 9 '89 Drop the phone: busting a computer whiz. Time pg.49 Dec 26 '88 The Cyberpunk People pg.50 Dec 11 '88 Computer intruder is urged by authorities to contact the laboratory he invaded. The New York Times pg.24 Nov 14 '88 Portrait of an artist as a young hacker. Computerworld pg.6 Nov '88 Robopsychology Omni pg.42 Aug 1 '88 Is your computer Secure? Business Week pg.64 Apr 28 '88 Hacker runs rings around military security. New Scientist pg.25 April '88 Computer hackers follow Guttman-like progression. Sociology and Social Research pg.199 Oct '87 Brian Reid, A Graphics Tale of a Hacker Tracker Communications of the ACM pg.820 April '86 Positive Alternatives: A report on an ACM Panel on Hacking Communications of the ACM pg.297 Jan '84 Hacking away at morality. Communications of the ACM pg.8 ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: brendan@CS.WIDENER.EDU(Brendan Kehoe) Subject: Computer Crime Laws list Date: Sun, 2 Dec 90 18:15:07 EST ******************************************************************** *** CuD #2.15: File 5 of 7: State Computer Crime Laws *** ******************************************************************** The following are the computer crime laws for various states for those wishing to track them down. AL Computer Crime Act, Code of Alabama, Sections 13A-8-100 to 13A-8-103 AK Statutes, Sections 11.46.200(a)(3), 11.46.484(a)(5), 11.46.740, 11.46.985, 11.46.990 AZ Revised Statues Annotated, Sections 13-2301(E), 13-2316 CA Penal Code, Section 502 CO Revised Statutes, Sections 18-5.5-101, 18-5.5-102 CT General Statutes, Sections 53a-250 to 53a-261, 52-570b DE Code Annotated, Title 11, Sections 931-938 FL Computer Crimes Act, Florida Statutes Annotated, Sections 815.01 to 815.07 GA Computer Systems Protection Act, Georgia Codes Annotated, Sections 16-9-90 to 16-9-95 HI Revised Statutes, Sections 708-890 to 780-896 ID Code, Title 18, Chapter 22, Sections 18-2201, 18-2202 IL Annotated Statutes (Criminal Code), Sections 15-1, 16-9 IN Code, Sections 35-43-1-4, 35-43-2-3 IO Statutes, Sections 716A.1 to 716A.16 KS Statutes Annotated, Section 21-3755 KY Revised Statutes, Sections 434.840 to 434.860 LA Revised Statutes, Title 14, Subpart D. Computer Related Crimes, Sections 73.1 to 73.5 ME Revised Statutes Annotated, Chapter 15, Title 17-A, Section 357 MD Annotated Code, Article 27, Sections 45A and 146 MA General Laws, Chapter 266, Section 30 MI Statutes Annotated, Section 28.529(1)-(7) MN Statutes (Criminal Code), Sections 609.87 to 609.89 MI Code Annotated, Sections 97-45-1 to 97-45-13 MS Revised Statutes, Sections 569.093 to 569.099 MT Code Annotated, Sections 45-2-101, 45-6-310, 45-6-311 NE Revised Statutes, Article 13(p) Computers, Sections 28-1343 to 28-1348 NV Revised Statutes, Sections 205.473 to 205.477 NH Revised Statutes Annotated, Sections 638:16 to 638:19 NJ Statutes, Title 2C, Chapter 20, Sections 2C:20-1, 2C:20-23 to 2C:20-34, and Title 2A, Sections 2A:38A-1 to 2A:38A-3 NM Statutes Annotated, Criminal Offenses, Computer Crimes Act, Sections 30-16A-1 to 30-16A-4 NY Penal Law, Sections 155.00, 156.00 to 156.50, 165.15 subdiv. 10, 170.00, 175.00 NC General Statutes, Sections 14-453 to 14-457 ND Century Code, Sections 12.1-06.1-01 subsection 3, 12.1-06.1-08 OH Revised Code Annotated, Sections 2901.01, 2913.01, 2913.04, 2913.81 OK Computer Crimes Act, Oklahoma Session Laws, Title 21, Sections 1951-1956 OR Revised Statutes, Sections 164.125, 164.377 PA Consolidated Statutes Annotated, Section 3933 RI General Laws (Criminal Offenses), Sections 11-52-1 to 11-52-5 SC Code of Laws, Sections 16-16-10 to 16-16-40 SD Codified Laws, Sections 43-43B-1 to 43-43B-8 TN Code Annotated, Computer Crimes Act, Sections 39-3-1401 to 39-3-1406 TX Codes Annotated, Title 7, Chapter 33, Sections 33.01 to 33.05 UT Computer Fraud Act, Utah Code Annotated, Sections 76-6-701 to 76-6-704 VA Computer Crime Act, Code of Virginia, Sections 18.2-152.1 to 18.2-152.14 WA Revised Code Annotated, Sections 9A.48.100, 9A.52.010, 9A.52.110 to 9A.52.130 WI Statutes Annotated, Section 943.70 WY Statutes, Sections 6-3-501 to 6-3-505 ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators, Joe Abernathy, and "4 8" Subject: Media and the CU Date: December 4, 1990 ******************************************************************** *** CuD #2.15: File 6 of 7: Media and the CU *** ******************************************************************** {Moderators' note: We received a number of responses, including logs from various net sources, about the DEA/PBX story in CuD 2.14. We invited Joe to respond, and received another, unsolicited, commentary. We add a final concluding comment at the end of this file}. ***************** From: chron!magic322!edtjda@UUNET.UU.NET(Joe Abernathy) Subject: A Response to recent critics by Joe Abernathy Date: Thu, 29 Nov 90 20:35:30 CST The debate of the word hacker, while worthy and fascinating, is not something that makes proper material for a daily newspaper. The fact is that the force of society has made "hacker" into the bad guys, despite the fact that it used to refer to people like myself, who sit around playing with modems and assembly language. Most people in the press possess more knowledge about things like this -- and things like the difference between worm and virus, or usenet and Internet -- than they're given credit for. What the critics always miss is that reporters don't write just for computer scientists --they write for their grandmothers, their children, and for the public record. So what happens is that the reporters always choose the most accurate word or description that can be understood by the largest number of people. Screaming at reporters, or suggesting their ignorance, won't change the way hacker is used in stories. That definition is already written in the public consciousness, and in the laws of the land. Jack Minard, the second correspondent, invalidated his complaint by failing to read my article. I don't have time to do his reading for him, but I will respond to the one thing he alluded to that really does matter from a standpoint of journalist ethics: why the "hackers" weren't identified. They weren't because they wanted it that way ... which raises the issue of why anyone would allow one's accusers to go faceless. The answer is that we didn't -- the facts of that story were provided by the DEA itself, albeit upon my request, with the members of the computer underground identified only to provide color and perspective. Best Regards. *************************************************** From: 4 8 (Figure it out) Subject: In regards to the comments about the "DEA article" in the last CuD Date: 11/30/90 @ 4:43 PM In regards to the comments about the "DEA article" by Joe Abernathy of the Houston Chronicle: I find that what you have stated is limited in your knowledge to the story and exactly what happened. I'm very upset at the fact that you present Joe Abernathy as an "anti-hacker" journalist. Furthermore, you continue to present the quotes in the article as also being "anti-hacker". As it may be, I tipped off Joe about the story and it's background so he could publish it. Now, you may not know who wrote this, but if you did-- I'm almost positive you wouldn't dare to call me an "anti-hacker". Hell man, I'd make you eat those words. [And trust me, you don't want that] (Thank you for letting my ego surpass yours for that last paragraph) The PBX that was mentioned was abused ridiculously to the point at which someone had to come forward and tell who owned the lines. As many as 200+ were using this PBX nationally. The story wasn't done to "thrash" hackers, nor to embarrass the government (Well.. maybe a little bit!), it was done to show how stupid toll fraud can be if not exposed over a period of time. Now, I have something to say regarding the author of the article. Joe Abernathy is a very important symbol of these times. He what the community needs more of: A journalist who sees "grey" and has the power to reach people. I think you've made a great mistake in publicly voicing your opinion on the article and Joe. We need more Journalists like Abernathy who do see "grey" in this community. It appears to me that you didn't actually read the story. Otherwise, it would be obvious to you that it wasn't one sided. The quotes taken were from REAL hackers, ones that fed up with the BS of the current state of the community. You are "ragging" on a very good ally of this community, the press. In the past the press "bashed" hackers. I seldom see journalists hacker-bash anymore. Furthermore, the 1.8 million figure that Joe published was incorrect. Hell, I think it was more than 1.8 million! The PBX was accessable for about 1 year. And don't tell me that it would take 9.7 hackers dialing 24 hours a day to get that total. Hell! One hacker could EASILY surpass that total. I suggest you re-evaluate your views. YOU ARE THE ONE-SIDED STORY. Take heed to this warning: Your comments were taken personally by me. I believe that if YOU continue to bash the "grey-journalists" of this period, than you'll destroy a needed link between these journalists and the community. Regards, 4 8 PS: Most of the material that was in your comments came directly from various other news-posts around the net ************************************ {Moderators' Comment}: An important goal of CuD remains that of stimulating debate, and we try to print, uncensored and without commentary, the views as expressed by contributors, whatever they may be. The media stands in an ambiguous relationship with the CU. One one hand, we encourage them to print favorable, or at least factual, stories but, on the other, we are suspicious or hostile when those stories are not to our liking. Reporters, like the rest of us, learn, and when we feel they are in error, it's most helpful to engage in dialogue and let the "dialectic of knowledge" take its course, keeping an ever-watchful eye that the course paints a clearer picture not only of "reality," whatever and wherever that may be, but also tries to understand the "reality" of others as well. The danger in criticizing individual reporters, especially those who are actively reporting on issues in which we are interested, is that we remain blind to their positive contributions and remain focused on a perceived past grievance. This, in the long run, seems unproductive. We run the risk of becoming our own worst enemy, fragmenting into splinter groups supporting, opposing, squabbling, over sometimes important , but--more often--short-term issues. When this happens, we divert attention from the broader issues of Constitutional rights, civil liberties, crackdowns, and the rest. Rather than castigate an individual, we would, as moderators, prefer to see reasoned alternatives developed, argued, examined, and clarified. We printed both articles in the last issue because they typified the shorter concerns we read. One contributor identified four points that, despite the tone of the post, we thought legitimate for debate. Borrowing from that article, and paraphrasing (perhaps beyond the original meaning of the post), we identify: 1. What is a hacker, and who gets to define the term? This is a crucial issue, and not merely a semantic quibble, because law enforcement defines hackers as felons by definition. 2. What is the relationship between law enforcement and media? We tend to agree that the figure of $1.8 seems high when one calculates it. This is an issue that extends beyond our own interests (as the recent uncritical articles of the "earthquake scare" and other stories indicate). The question, as we see it, is: To what degree do those with an interest in prosecuting hackers manipulate the media by distorting definitions, the English language, and facts and figures to create an alternative reality more to their liking? It would seem we should be working to alert the media to be more critical of the information they receive. 3. News media tend to rely on law enforcement sources because most do not know any hackers and because many reports perhaps give law enforcement more credibility than to their targets. Punching them in the nose is not likely to make the media want to get to know us. Like all of us, most reporters are just doing their job, and most who write these stories cover a variety of other topics as well. Therefore, they are often simply not computer literate. One of our goals is to expand their literacy. Sometimes this is successful, but other times not. But, the struggle must continue, and struggle is as long as history. We see most of the CU issues (privacy, judicial process, who gets to define "crime") as broader issues, and our collective participation is not simply an attempt to make the world safe for hackers, a rather silly and myopic goal, but to address broad issues in one tiny slice of our existence, that of cyberspace, and hopefully the implications will, in the aggregate, contribute to a more tolerable world. When aging radicals begin to sound like moderate liberals, perhaps they've fought one fight too many. Nonetheless (there's always a "nonetheless"), we find it more productive to "keep our eye on the prize" rather than continue internal bickering over "who's right" or "who's wrong." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Subject: The Hermetic Underground From: Dark Adept Date: Wed, 28 Nov 90 2:15:52 CST ******************************************************************** *** CuD #2.15: File 7 of 7: The Hermetic Underground *** ******************************************************************** Reinforcing the cloak of the Underground... The Hermetic Underground by The Dark Adept Greetings! This phile will take a different twist than the previous ones. In the past few philes, I have given security (common sense) advice to the members of the "real" world. The purpose was to try and build a rapport between industry and computer society. However, there is a question as to whether computer society will survive or not. In an effort to keep the Underground alive, I will be relating some ideas for survival during the "witch-hunt." ---------------------- | Modern-day Wizards | ---------------------- A long time ago in a place far, far away there were once many wizards. Now wizards did not really raise the dead or turn gold into lead. What they did do was to try and learn about and explain the universe as best as they could. They delved into dark territories such as death, alchemy, and mechanical engineering in order to improve the world they lived in. From these evil doings, two things were produced. Science, including Philosophy, Logic, Math, Chemistry, Physics, etc. And witch-hunts. They weren't witch-hunts as one may see by looking at Salem. The effect was much more devastating. Not only were wizards wiped from the face of the earth, but the way they viewed life was also removed. You see, a wizard was a jack-of-all-trades. The wizards believed that everything was interrelated. Physics was actually related to Philosophy, and Alchemy was a form of religion. So, the wizards studied everything possible so as to see how the ideas interrelate. (Sort of a twisted Unified Field Theory). There was also another reason why wizards tried to master everything. This was because they could not come together and form a wizards guild. They were not liked or trusted by society since they had access to information that society did not. If they had come together they would have been wiped from the face of the earth. Yes, I lied. In the previous paragraph I said that wizards no longer existed. The fact is that they do and always will. A wizard is a person who believes everything is interrelated and attempts to find the interrelation and control his universe by it. One such branch of wizardry is known as the Computer Underground. (To read about a real wizard who lived in ancient times, pick up John Dee by Peter French. You will see everything I have said is true). So, what can we modern-day mages learn from the wise wizards of yesteryear? -------------------- | Atomic Particles | -------------------- The worst thing the underground could do now is organize on a mass level. Our strength is to be found in that we are a mass of atomic entities operating against a concerted effort. The attacks on the Underground by the witch-hunters may smash a few individuals here and there, but the overall body lives on. Just as the United States Army failed to fight effectively against a dispersed phantom force like the Vietnamese, so too will the onslaught fail against a patternless weaving of hackers. What the opposition is trying to do is like trying to shoot gnats with a shotgun. As long as the Underground remains dispersed and loosely organized, there is no way they can search out and destroy the entire bunch of us. If we band together, then, of course, they have a much larger target. ---------------------- | As Above, So Below | ---------------------- The Underground is shaped by the events that occur in the "real" world. If Company ABC gives a grant to University XYZ to add a node to the Net, then the Underground is expanded. If there are laws passed banning cross-state telecommunications, then the Underground is diminished. The topics of discussion in the Underground are also determined by "real" world events. For this reason, the battle must be fought in the "real" world and in the "real" world alone. The only way to conclusively affect the existence of the Underground is to affect society. This means to affect society in the Courts, Congress, and Senate. There are already legitimate and capable vehicles for doing so: the EFF, for example. These organizations need your support. Support them, but as citizens of the United States, and not as hackers. The only way to decisively defeat our opponents is to defeat them in their own lairs, and by using their means. To win the fight to get the Constitution to protect the rights of the computer user, we must fight intelligently, morally, and ethically. We must not succumb to the temptation to use terrorist tactics in order to extort rights from the opposition. To do so would just anger potential supporters. To do so would be to lower ourselves to the level of our antagonists. We must fight with honor, with dignity, and with tenacity. ----------------------------------------------- | Of the Bloody Sacrifice and Matters Cognate | ----------------------------------------------- We have lost a few valuable members during the Computer Revolution. We should not let their "deaths" be in vain. Let us learn from their mistakes in order to better ourselves. One example is security hacking. Yeah, it's fun. Yeah, it's better than the last Zork (tm Infocom, Inc.) game that came out. But it's illegal. It gives the Underground a bad name. It causes problems, and things get real ugly real fast. Way back when security hacking first started, there were no problems since no one caused any real trouble. Then came the few idiots who tried such things as mercenary work, extortion, and a couple of other assorted nasty dealings that caused corporations to RIGHTFULLY fear and dislike hackers. We caused the problem ourselves. The blame cannot be laid on people who are trying to protect their own property. I am therefore asking that we all cease and desist from hacking into private computers from this point on. There are plenty of things we can do without inciting death threats from telephone companies. Why not set up our own networks? A decent Unix system can be built for under $8,000. If we can get a bunch of people together to donate some money (hey, you big businesses, here's a hint!), then we can have our own "playground" so that the "adults" won't be bothered by us snot-nosed (Cyber)punks. Slap together a couple of nodes, and we can send worms and hack all we want LEGALLY. Again, there are other methods that can be used to gain the free flow of information than illegal system entry. Laws could be passed that require detailed descriptions of systems to be made public if the use of those systems directly affects the public. An example is the infamous 911 info. The 911 system is paid for by the public, services the public, and the public is now dependent on it. Yet, the public knows nothing about it. Does it make sense that something upon which human lives depend should be classified as a "trade secret"? Should not the public be made aware of its limitations so as to know whether it is feasible? This obviously does not require disclosure of the source code, but it does require the disclosure of specifications, limitations, testing data, and all instances of failure. It would also require the general algorithm so as to prove the value of the method. The whole point of this section is that the day of the security hacker is dead along with that of the Blue Boxer. Let them lie peacefully. We can still hack code, transfer messages across the country, access tons of information, and many other things. Is it worth risking that in order to get into some TSO system? --------------------- | Forbidden Secrets | --------------------- The final icing on the cake is the fact that the people persecuting the Underground are incompetent for the task at hand. After reading the SJG affidavit, I am positive that they are excellent purveyors of law enforcement, but don't know beans about computers. The belief that Kermit was some type of illegal information is, obviously, ridiculous. When all of this explodes, it is they who will have egg on their faces, and not we. While doing research on the events, I came across a statement by someone in law enforcement who said that when the results of Operation Sundevil are made public, Mitch Kapor will be embarrassed since he is defending common criminals. No, in reality I think it is they who will be embarrassed. They are the ones who destroyed private property and valuable data. They are the ones who destroyed lives and businesses with incompetence, not hackers. -------------------- | And finally..... | -------------------- To sum up: Stay dispersed and unorganized. Help out the EFF. Fight for your rights using legal means in court. Don't hack security, but start building public access systems. Expose the truth every chance you get. My next article will once again deal with security issues in general. Specifically, I will begin talking about the problem of copyrighting and patenting things other than source code. Keep up the faith, people. We can't lose. I chose the handle The Dark Adept because I believe that out of darkness comes light. Out of the darkness of lies and oppression comes the light of truth and freedom. One just needs to be Adept enough to catalyze the reaction. So, as always, I remain.... The Dark Adept 11/26/90, Chicago, IL E-Mail: Ripco BBS (312)-528-5020 ******************************************************************** ------------------------------ **END OF CuD #2.15** ********************************************************************