Computer underground Digest Sun Dec 13, 1992 Volume 4 : Issue 65
ISSN 1066-652X
Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Junior
CONTENTS, #4.65 (Dec 13, 1992)
File 1--DOJ Authorizes Keystroke Monitoring
File 2--Teen "Computer Whiz" Strikes Store
File 3--Enviro. Tech. Policy
File 4--DELPHI Announces Full Access to the Internet
File 5--Virus Destroyed Report on Drug Lord
File 6--COM DAILY ON F.C.C. TRANSITION
File 7--Virus Conference (ACMBUL) Call for Papers
File 8--GRAY AREAS -- 'Zine Review
File 9--Bibliography on codes and ciphers
File 10--Comments on the Nov. 2600 Disruption in D.C.
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from [email protected]. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at [email protected].
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Date: Mon, 7 Dec 1992 22:48:06 +0000
From: Dave Banisar <[email protected]>
Subject: File 1--DOJ Authorizes Keystroke Monitoring
CA-92:19 CERT Advisory
December 7, 1992
Keystroke Logging Banner
The CERT Coordination Center has received information from the United
States Department of Justice, General Litigation and Legal Advice
Section, Criminal Division, regarding keystroke monitoring by
computer systems administrators, as a method of protecting computer
systems from unauthorized access.
The information that follows is based on the Justice Department's
advice to all federal agencies. CERT strongly suggests adding a
notice banner such as the one included below to all systems. Sites
not covered by U.S. law should consult their legal counsel.
+++++++++++++++++++
The legality of such monitoring is governed by 18 U.S.C. section
2510 et seq. That statute was last amended in 1986, years before
the words "virus" and "worm" became part of our everyday
vocabulary. Therefore, not surprisingly, the statute does not
directly address the propriety of keystroke monitoring by system
administrators.
Attorneys for the Department have engaged in a review of the
statute and its legislative history. We believe that such
keystroke monitoring of intruders may be defensible under the
statute. However, the statute does not expressly authorize such
monitoring. Moreover, no court has yet had an opportunity to
rule on this issue. If the courts were to decide that such
monitoring is improper, it would potentially give rise to both
criminal and civil liability for system administrators.
Therefore, absent clear guidance from the courts, we believe it
is advisable for system administrators who will be engaged in
such monitoring to give notice to those who would be subject to
monitoring that, by using the system, they are expressly
consenting to such monitoring. Since it is important that
unauthorized intruders be given notice, some form of banner
notice at the time of signing on to the system is required.
Simply providing written notice in advance to only authorized
users will not be sufficient to place outside hackers on notice.
An agency's banner should give clear and unequivocal notice to
intruders that by signing onto the system they are expressly
consenting to such monitoring. The banner should also indicate
to authorized users that they may be monitored during the effort
to monitor the intruder (e.g., if a hacker is downloading a
user's file, keystroke monitoring will intercept both the
hacker's download command and the authorized user's file). We
also understand that system administrators may in some cases
monitor authorized users in the course of routine system
maintenance. If this is the case, the banner should indicate
this fact. An example of an appropriate banner might be as
follows:
This system is for the use of authorized users only.
Individuals using this computer system without authority,
or in excess of their authority, are subject to having
all of their activities on this system monitored and
recorded by system personnel.
In the course of monitoring individuals improperly using
this system, or in the course of system maintenance, the
activities of authorized users may also be monitored.
Anyone using this system expressly consents to such
monitoring and is advised that if such monitoring reveals
possible evidence of criminal activity, system personnel
may provide the evidence of such monitoring to law
enforcement officials.
++++++++++++++++++++
Each site using this suggested banner should tailor it to their
precise needs. Any questions should be directed to your
organization's legal counsel.
++++++++++++++++++++
The CERT Coordination Center wishes to thank Robert S. Mueller, III,
Scott Charney and Marty Stansell-Gamm from the United States
Department of Justice for their help in preparing this Advisory.
If you believe that your system has been compromised, contact the
CERT Coordination Center or your representative in FIRST (Forum of
Incident Response and Security Teams).
Internet E-mail: [email protected]
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
------------------------------
Date: Thu, 26 Nov 92 10:57:18 CST
From: [email protected]
Subject: File 2--Teen "Computer Whiz" Strikes Store
From--Winnipeg Free Press (Winnipeg,Manitoba,Canada) on Nov 26,1992:
STAFF THREATENED, FILES RUINED AS TEEN COMPUTER WHIZ STRIKES
By George Nikides
Staff Reporter
A teen hacker uncovered a hole in a downtown software shop's
computer system and went on a rampage, destroying every file and
threatening employees.
"It's an ego thing. 'Boy look what i've accomplished,' " said
Sgt. Dennis Loupin of the Winnipeg police fraud unit. "He's very,
very intelligent. He's got a tremendous future in the computer world."
An 18 year-old, who can't be named because he's charged under the
Young Offender's Act, faces fraud charges.
Police say a hacker discovered a "hole" - an opening that allows
a user to circumvent a computer system's passwords - in the bulletin
board program at Adventure Software Ltd., a Hargrave Street software
shop.
The computer whiz unlocked the program several times, at one
point destroying every file.
Bulletin Board
The hacking is believed to have been carried out with an
IBM-style computer from a home.
Adventure Software offers a computer bulletin board where
customers can communicate, read about news products, or leave messages
from their home systems. The system has about 400 users, police say.
An Adventure Software employee, who asked not to be identified,
said threatening messages were left in the system, some suggesting
that selling software was immoral. Some messages attacked a store
employee. The system was out of operation at one point for 3 1/2
weeks, he said.
But the employee said police are overstating the hacker's skills.
"It doesn't take a genius to hear about a 'hole' in the program," said
the man.
The system was infiltrated four to six times, he said.
"It's not crippling. It's just extremely annoying, " the employee
said. By breaking into the system the computer bandit found home
phone numbers and addresses, he said.
Police say they are also investigating the teen in connection
with break-ins at other systems across North America.
Mischief
"He's now going to have to face the consequences of something he
thought was just a challenge but it's more than that - it's a crime, "
said Loupin.
A Victor Street teenager was arrested Tuesday night and charged
with using a computer service to commit mischief, an offence that
carries a maximum 10-year sentence.
The teen is now 18, but police say he was 17 when the alleged
crimes occured.
------------------------------
Date: Fri, 4 Dec 1992 14:33:31 EDT
From: Rick Crawford <[email protected]>
Subject: File 3--Enviro. Tech. Policy
Saw this on the net and found much of it relevant to various
efforts to develop an explicit national technology policy
(vs. a default, pork-barrel-driven policy vacuum).
RENEWABLE ENERGY 'ENVIRONMENTALLY CRITICAL', SAYS NEW WRI REPORT
Renewable energy technologies are part of a list of "environmentally
critical" technologies that the federal government should support,
according to a new report from the World Resources Institute, a
Washington, DC, policy organization.
The report, entitled Backs to the Future: U.S. Government Policy
Toward Environmentally Critical Technology, was authored by George
Heatton and Robert Repetto, and is billed by the Institute as "the
first attempt in this country to define and identify areas of
technological advance that would markedly reduce the environmental
burdens of economic progress."
The authors focus on government policy because it strongly influences
the development of new technologies, "from research dollars and
procurement decisions to infrastructure design and standard-setting,"
an Institute news release added.
"Among the most promising environmental R&D areas," it said, " . . .
are methods of non-fossil fuel energy production and use ... and
hydrogen and other storage methods. Many such technologies, now in
early stages of development, would yield large social returns from
technical advances ... "
Backs to the Future's recommendations, the release said, include the
creating of a national research and development (R&D) institute,
altering the missions of the national laboratories, and changing
criteria for funding environmental R&D.
Copies of Backs to the Future can be obtained for $9.95 plus $3
shipping and handling from WRI Publications, PO Box 4852, Hampden
Station, Baltimore, MD 21211, USA, phone (800) 822-0504.
------------------------------
Date: 09 Dec 1992 00:13:55 -0500 (EST)
From: "WALT HOWE, DELPHI INTERNET SIG MANAGER" <[email protected]>
Subject: File 4--DELPHI Announces Full Access to the Internet
FOR IMMEDIATE RELEASE:
DELPHI Online Service Announces Full Access to the Internet
Cambridge MA, December 9, 1992 -- DELPHI, an international online
service, today announced full access to the Internet including
real-time electronic mail, file transfers with "FTP," and remote
log-ins to other Internet hosts using "Telnet." With this
announcement, DELPHI becomes the only leading consumer online service
to offer such a wide variety of Internet features.
Russell Williams, DELPHI's general manager, explains the significance
of this announcement. "Prior to now, anyone interested in accessing
the Internet had a very limited number of options. In most cases you
had to be connected directly through your company or school. DELPHI
is now an important low-cost access option available to home computer
users. Anyone can connect to DELPHI with a local call from over 600
cities and towns throughout the US and in many other countries."
The Internet is considered the world's largest computer network. It
is comprised of thousands of companies, colleges, schools, government
agencies, and other organizations. There are currently an estimated 4
million users. "This incredible collection of resources will mean
better and more specialized services for all users" adds Mr. Williams.
"For example, users can take electronic courses conducted by leading
universities, access databases and reports from government agencies,
and get product information and support directly from companies. There
are also mailing lists and discussion groups for almost every special
interest imaginable. Electronic mail can be used to send private
messages to anyone on the Internet and even many commercial networks
like Compuserve and MCI Mail."
DELPHI's connection to the Internet works both ways: In addition to
offering access out to other networks, DELPHI provides value-added
services to people already on the Internet. Any user of the Internet
can access DELPHI to use services such as Grolier's Academic American
Encyclopedia, the Dictionary of Cultural Literacy, Reuters and UPI
newswires, stock quotes, computer support, travel reservations,
special interest groups, real-time conferencing, downloadable
programs, and multi-player games. All these services can be reached
through the Internet simply by joining DELPHI and then telnetting to
the address "delphi.com" via the commercial Internet.
In order to help new users with questions related to the Internet,
DELPHI has an area online to provide support. The Internet Special
Interest Group (SIG) includes an active message forum where members
and staff can exchange useful information. Comprehensive guide books,
downloadable software, and information files are also available.
DELPHI has two membership plans: the 10/4 Plan is $10 per month and
includes the first 4 hours of use; additional use is $4 per hour. The
20/20 Advantage Plan is $20 per month, includes 20 hours of use, and
is only $1.80 per hour for additional time. The Internet service
option is an extra $3 per month and includes a generous transfer
allocation of 10 megabytes (the equivalent of about 3,000 type-written
pages). Access during business hours via Sprintnet or Tymnet carries
a surcharge.
Through a special trial membership offer, anyone interested in
learning more about DELPHI and the Internet can receive 5 hours of
access for free. To join, dial by modem, 1-800-365-4636 (current
Internet users should telnet to "delphi.com" instead). After
connecting, press return once or twice. At the Username prompt, enter
JOINDELPHI and at the password prompt, type INTERNETSIG. DELPHI Member
Service Representatives can also be reached by voice at
1-800-695-4005.
DELPHI is a service of General Videotex Corporation, a leading
developer of interactive and online services based in Cambridge,
Massachusetts. For more information, call either of the above numbers
or send email to Walt Howe, Internet SIG manager at
[email protected].
------------------------------
Date: 05 Dec 92 15:51:46 EST
From: Gordon Meyer <[email protected]>
Subject: File 5--Virus Destroyed Report on Drug Lord
Virus Destroyed Report on Drug Lord Say Colombian Officials
Colombian politicians allege a mysterious computer virus this week
wiped out conclusions of a Senate investigation into the jailbreak of
cocaine king Pablo Escobar just hours before the data was due to be
presented.
Reports from various committee members call the virus the "ghost of
La Catedral," a reference to the prison from which Escobar and nine
of his lieutenants escaped on July 22 during a bungled military
operation to transfer them to another prison.
"The committee's conclusions, reached after more than two months of
investigation, supposedly held top military officials, ministers and
former ministers responsible for the escape." REPRINTED FROM STREPORT
#8.46 WITH PERMISSION
------------------------------
Date: Tue, 8 Dec 1992 12:27:28 CST
From: LOVE%[email protected]
Subject: File 6--COM DAILY ON F.C.C. TRANSITION
* Communications Daily article on Clinton transition
appointment for Federal Communications Commission
(F.C.C.)
The following article, written by Art Brodsky (202/872-9202, x252), is
reprinted from the December 7, 1992 issue of Communications Daily,
with permission. Communications Daily is published by Warren
Publishing, Inc., 2115 Ward Court, N.W. Washington, DC 20037.
%Far End of Spectrum'
PLESSER TRANSITION APPOINTMENT DRAWS FIRE
Public interest groups friday criticized naming of Washington
attorney Ronald Plesser to head up communications issues for Clinton
transition effort (CD Dec4, p1). Groups said Plesser, partner in
Washington office of Baltimore law firm Piper & Marbury, represents
clients that characterize Washington special interests. As might be
expected, Plesser's appointment was defended by Clinton confidants.
Plesser will head one of 2 groups in science and technology
transition section led by ex-astronaut Sally Ride. Other group in
Ride's section will evaluate hard science agencies such as NASA and
National Science Foundation. Those transition groups were established
to assess policies and agencies, not to make appointment
recommendations. Personnel matters for permanent jobs are to be
handled by ex-S.C. Gov. Richard Riley (CD Nov 20 p1).
Clinton confidants praised Plesser's designation. "He's the
right guy," we were told. "He'll take a snapshot of the agency,"
covering budget needs, personnel and similar matters. Transition team
"will look to Ron for insights. He's the guy." Referring to much
speculation in press about what Clinton has in mind and who his
appointments might be, source said: "I wonder what on earth motivates
some of this stuff...most of which is wildly inaccurate."
Most criticism of Plesser centers on his advocacy on behalf of
Direct Marketing Assn. (DMA) and Information Industry Assn. (IIA),
particularly for advocating private sector control of databases
constructed by public agencies. Taxpayer Assets Project Dir. James
Love said Plesser "himself is the architect of the basic privatization
policies that came about in the Reagan Administration." Plesser, he
said, is "most ferocious opponent of librarians, citizen groups and
the research community, who want to broaden public access to
government, taxpayer-supported information systems. He's the devil
himself when it comes to government information policy."
Similarly, Marc Rotenberg, dir. of Washington office of Computer
Professionals for Social Responsibility (CPSR), said that "while there
is personal regard for Ron Plesser, there is not happiness about this
decision." Rotenberg said that Plesser's clients have great deal at
stake at FCC, including decisions on 800 number portability and
automatic number identification (ANI) that affect direct marketers, as
well as on video dial tone and access to networks. Plesser represents
"a far end of the spectrum in the policy debates," Rotenberg said. He
said CPSR's main concerns are in areas of privacy protection, public
access to govt. information, communications infrastructure. In each
of those areas, "Ron has been from our viewpoint on the opposite side
of the issue."
Rotenberg said that if transition effort is merely to be brief
fact-finding exercise, Clinton team could have sought out "someone
with less bias," perhaps in academic community. Jeff Chester, co-dir.
of Center for Media Education, said his group is "very concerned"
about Plesser because "of the special interest lobbying baggage he
carries with him." Chester said his group believes that Plesser's
appointment "places an extra burden, a double duty on the Clinton
Administration, to find people for the FCC and other
telecommunications policy positions who don't come with any kind of
lobbying baggage and reflect the kind of public interest concerns the
Commission definitely needs."
Transition team still having difficulty deciding how to apply its
proposed tough ethics requirements for Presidential appointees (CD Nov
5 p1). There's still been no decision as "to how deep the 5-year
restriction will be applied," we're told. That means, according to
sources, restrictions--when they finally come out--may not go below
Cabinet level. As for FCC appointees and top staffers (such as bureau
chiefs) brought in, it hasn't been decided whether attempt will be
made to extend period they couldn't practice or lobby agency to 5
years from one year. Proposal has been roundly criticized by
Democrats who are know to be, or expect to be, in line for top jobs in
Clinton Administration.
------------------------------
Date: Thu, 10 Dec 92 17:28:07 EST
From: [email protected](Sara Gordon)
Subject: File 7--Virus Conference (ACMBUL) Call for Papers
C A L L F O R P A P E R S
ACMBUL's 1st INTERNATIONAL COMPUTER VIRUS PROBLEMS AND
ALTERNATIVES CONFERENCE
April, 1993 - Varna, Bulgaria
The purpose of the 1993 International Computer Virus Conference is to
provide a forum for anti-virus product developers, researchers and
academicians to exchange information among themselves, the students,
the public and the industry. ICVC'93 will consist of open forums,
distinguished keynote speakers, and the presentation of high-quality
accepted papers. A high degree of interaction and discussion among
Conference participants is expected, as a workshop-like setting is
promoted.
Because ICVC'93 is a not-for-profit activity funded primarily by
registration fees, all participants are expected to have their
organizations bear the costs of their expenses and registration.
Accommodations will be available at reduced rates for conference
participants.
WHO SHOULD ATTEND
The conference is intended for computer security researchers,
managers, advisors, EDP auditors, network administrators, and help
desk personnel from government and industry, as well as other
information technology professionals interested in computer security.
CONFERENCE THEME
This Conference, devoted to advances in virus prevention, will
encompass developments in both theory and practice. Papers are
invited in the areas shown and may be theoretical, conceptual,
tutorial or descriptive in nature. Submitted papers will be refereed,
and those presented at the Conference will be included in the
proceedings.
Possible topics of submissions include, but are not restricted to:
o Virus Detection o Virus Trends and Forecast
o Virus Removal o Virus Prevention Policies
o Recovering from Viruses o Incident Reporting
o Viruses on various platforms o Emergency Response
(Windows, Unix, LANs, WANs, etc.) o Viruses and the Law
o Virus Genealogy o Education & Training
o The "Virusology" as scientific o Costs of virus protection
discipline o Communications and viruses
o Psychological aspects of computer
viruses
THE REFEREEING PROCESS
All papers and panel proposals received by the submission deadline and
which meet submission requirements will be considered for presentation
at the Conference.
All papers presented at ICVC'93 will be included in the Conference
proceedings, copies of which will be provided to Conference attendees.
All papers presented, will also be included in proceedings to be published
by the ACMBUL.
INSTRUCTIONS TO AUTHORS
[1] Two (2) copies of the full paper, consisting of up-to 20
double-spaced, typewritten quality pages, including diagrams, must
be received no later than 28 February 1993.
[2] The language of the Conference is English.
[3] The first page of the manuscript should include the title of
the paper, full name of all authors, their complete addresses
including affiliation, telephone numbers and e-mail addresses,
as well as an abstract of the paper.
[4] Authors willing to submit their manuscripts electronically
should contact the Organizering Committee at the address below.
IMPORTANT DATES
o Full papers to be received in camera-ready form by the Organizing
Committee by 28 February 1993.
o Notification of accepted papers will be mailed to the author on
or before 10 March 1993.
o Conference: 5-11 April 1993, St. Konstantine Resort, Varna, Bulgaria
WHOM TO CONTACT
Questions or matters related to the Conference Program should be directed
to the ACMBUL:
ICVC'93
Attn: Mr. Nickolay Lyutov
ACMBUL Office
Varna University of Economics
77 Boris I Blvd, 9002 P.O.Box 3
Varna
Bulgaria
Date: Sun, 13 Dec 92 20:38:01 EST
From: Moderators <[email protected]>
Subject: File 8--GRAY AREAS -- 'Zine Review
We've come across another new periodical, GRAY AREAS, that promises to
be a useful resource for anybody interested in counter-culture or
alternative lifestyles. As the name implies, GRAY AREAS intends to
focus on a broad range of topics that normally fall between the cracks
of conventional magazines, especially in the realm of technology,
music, video, art, and other snippets of (unconventional) culture.
According to the editorial statement of purpose:
GRAY AREAS exists to examine the gray areas of life. We hope
to unite people involved in all sorts of alternative
lifestyles and deviant subcultures. We are everywhere! We
feel that the government has done a great job of splitting
people up so that we do not identify with other minority
groups anymore. There are so many causes now that we often
do not talk to others not directly involved in our chosen
causes. We believe that the methods used to catch criminals
are the same regardless of the crime and that much can be
learned by studying how crimes in general are prosecuted and
how people's morals are judged. It is our mission to educate
people so they begin to care more about the world around
them. Please join our efforts by subscribing, advertising
your business with us and by spreading the word about what
we're up to.
The first issue (Fall, 1992) includes snippets of news, reviews of
books, alternative magazines, music, and videos, and other nifty
esoteria. Two feature-interviews captivated us. The first, with John
Barlow (by editor and publisher Netta Gilboa), is incisive and ranges
from The Grateful Dead to the EFF. The second, also by Gilboa, is
with former "X-rated" movie queen Kay Parker. The latter is a
sensitive look at the changes she has gone through in the past 20
years. The tenor of both interviews, as with much of the magazine
itself, is about personal and social transformation as we, and
society, move through a succession of phases as we age and change.
Upcoming features include an article on Howard Stern (New York
"shock-DJ"), audio sampling, law enforcement search & seizure,
interviews with John Trubee about prank phone calls, Jefferson
Airplane/Hot Tuna guitarist Jorma Kaukonen, porn director Candida
Royalle, criminal attorney and professional musician Barry Melton (an
original member of Country Joe & The Fish), and an interview with Bob
Dobbs. Some of the items reviewed in issue 2 will include a tape sold
to police departments on how to seize computers, and Bruce Sterling's
_Speaking_ _For_ _The_ _Unspeakable_, Mystic Fire's _Cyberpunk_.
The editors also plan to include an on-going series on viruses
and offer anonymity to virus writers and software crackers willing to
discuss their views of the issues.
The type of topics--rock music, films, off-beat cultural
interests--are the type that easily encourage fluff pieces and
superficial treatment. But, if the first issue of GRAY AREAS is
representative of what's to follow, there will be no fluff here. The
'Zine seems targeted to BBWBs (baby-boomers with brains) and appears
intended to reflect changing times with commentary and analysis by
those making the changes.
A one-year (four issue) subscription is available for $18 (US) or $24
(foreign), and a twelve-issue sub is $50 (US) or $75 (foreign). The
editors, Netta Gilboa and Alan Sheckter, can be contacted through
e-mail at [email protected]
For subscriptions, submissions, or other information, write:
GRAY AREAS
PO Box 808
Broomall, PA 19008-0808
------------------------------
Date: Sun, 6 Dec 92 07:47 EST
From: "Michael E. Marotta" <[email protected]>
Subject: File 9--Bibliography on codes and ciphers
number 006 CLACKER'S DIGEST December 6, 1992.
philosophy and applications for analytical engines
+++++++++++++++++++++++++
A Cryptography Bibliography by [email protected]
(Technically, cryptography is MAKING codes while cryptanalysis is
BREAKING them. Both are subsumed under cryptology. A CIPHER is a
regular transposition such as A=Z, B=Y, etc., while a CODE is a table
of arbitrary symbols.)
Kahn, David, THE CODEBREAKERS, MacMillan, 1967. The MOST complete
history with specific examples. Written before public keys, RSA,
etc., but still THE place to start.
Marotta, Michael, THE CODE BOOK, Loompanics, 1987, Overview of history
and post-1967 developments.
Sinkov, Abraham, ELEMENTARY CRYPTANALYSIS: A MATHEMATICAL APPROACH,
Random House, 1968. Sinkov worked for Friedman on the breaking of
Purple. First rate.
Gaines, Helen Fouche, CRYPTANALYSIS, Dover, 1956. A classic work. The
first step to breaking codes and ciphers.
Lysing, Henry, SECRET WRITING, Dover, 1974. Another reprint of
another classic.
Konheim, Alan G., CRYPTOGRAPHY: A PRIMER, John Wiley, 1981. Textbook
for mathematicians from IBM's Watson Center. Includes public keys,
digital signatures.
Meyer, Carl H., and Matyas Stephen M., CRYPTOGRAPHY, John Wiley, 1982.
From IBM Cryptography Competency Center. For computers, includes
public keys, digital signatures.
Weber, Ralph E., UNITED STATES DIPLOMATIC CODES AND CIPHERS 1775-1938,
Precedent, 1979. Not just a history! The appendix contains the
all the keys!!
Chadwick, THE DECIPHERMENT OF LINEAR B, Vintage, 1958. Worked with
Michael Ventris on unraveling Minoan script.
Yardley, Herbert O., THE AMERICAN BLACK CHAMBER, Ballantine 1981,
Random House, 1931. Yardley broke German ciphers in WWI and then
Japanese ciphers of 1920, and was fired in 1931 because "Gentlemen
don't read each other's mail."
(anonymous), THE DATA ENCRYPTION STANDARD, National Bureau of
Standards, January 1977, NTIS NBS-FIPS PUB 46.
(anonymous), DATA SECURITY AND THE DATA ENCRYPTION STANDARD,
National Bureau of Standards, 1978, Pub 500-27; CODEN: XNBSAV.
Rivest, Ronald L., Shamir, A., and Adleman, L., "A Method for
Obtaining Digital Signatures and Public-key Cryptosystems,"
COMMUNICATIONS OF THE ACM, February, 1979. The last word.
------------------------------
Date: 13 Dec 92 14:00:21 EST
From: Emmanuel Goldstein <[email protected]>
Subject: File 10--Comments on the Nov. 2600 Disruption in D.C.
((MODERATORS' NOTE: Following is a letter to the editor of the
Washington Post that they chose not to print as a "Viewpoint."
The author, Emmanuel Goldstein, is editor of the magazine 2600,
which can be contacted at 2600 Magazine - PO Box 752 -
Middle Island, NY 11953. A yearly subscription is only $21 (US)).
While managing to convey some of the facts concerning the Pentagon
City Mall hacker incident on November 6, "Hackers Allege Harassment at
Mall" (November 13, page A1) fails to focus on the startling
revelation of federal government involvement and the ominous
implications of such an action. The article also does little to lessen
the near hysteria that is pumped into the general public every time
the word "hacker" is mentioned. Let us take a good look at what has
been confirmed so far. A group of computer hackers gathered at a local
mall as they do once a month. Similar meetings have been going on in
other cities for years without incident. This gathering was not for
the purposes of causing trouble and nobody has accused the hackers of
doing anything wrong. Rather, the gathering was simply a place to meet
and socialize. This is what people seem to do in food courts and it
was the hackers' intention to do nothing more.
When mall security personnel surrounded the group and demanded that
they all submit to a search, it became very clear that something
bizarre was happening. Those who resisted were threatened with arrest.
Everyone's names were written down, everyone's bags gone through. One
person attempted to write down the badge numbers of the people doing
this. The list was snatched out of his hand and ripped to pieces.
Another hacker attempted to catch the episode on film. He was
apprehended and the film was ripped from his camera. School books,
notepads, and personal property were seized. Much of it has still not
been returned. The group was held for close to an hour and then told
to stay out of the mall or be arrested.
This kind of treatment is enough to shock most people, particularly
when coupled with the overwhelming evidence and eyewitness accounts
confirming no unusual or disruptive behavior on the part of the group.
It is against everything that our society stands for to subject people
to random searches and official intimidation, simply because of their
interests, lifestyles, or the way they look. This occurrence alone
would warrant condemnation of a blatant abuse of power. But the story
doesn't end there.
The harassment of the hackers by the mall police was only the most
obvious element. Where the most attention should be focused at this
point is on the United States Secret Service which, according to Al
Johnson, head of mall security, "ramrodded" the whole thing. Other
media sources, such as the industry newsletter Communications Daily,
were told by Johnson that the Secret Service was all over the mall
that day and that they had, in effect, ordered the harassment.
Arlington police confirm that the Secret Service was at the mall that
day.
It is understood that the Secret Service, as a branch of the Treasury
Department, investigates credit card fraud. Credit card fraud, in
turn, can be accomplished through computer crime. Some computer
hackers could conceivably use their talents to accomplish computer
crime. Thus we arrive at the current Secret Service policy, which
appears to treat everybody in the hacker world as if they were a
proven counterfeiter. This feeling is grounded in misperceptions and
an apprehension that borders on panic. Not helping the situation any
is the everpresent generation gap - most hackers are young and most
government officials are not.
Apart from being disturbed by the gross generalizations that comprise
their policy, it seems a tremendous waste of resources to use our
Secret Service to spy on public gatherings in shopping malls. It seems
certain to be a violation of our rights to allow them to disrupt these
meetings and intimidate the participants, albeit indirectly. Like any
other governmental agency, it is expected that the Secret Service
follow the rules and not violate the constitutional rights of
citizens.
If such actions are not publicly condemned, we will in effect be
granting a license for their continuance and expansion. The incident
above sounds like something from the darkest days of the Soviet Union
when human rights activists were intimidated by government agents and
their subordinates. True, these are technology enthusiasts, not
activists. But who they are is not the issue. We cannot permit
governmental abuse of any person or group simply because they may be
controversial.
Why do hackers evoke such controversy? Their mere presence is an
inconvenience to those who want so desperately to believe the emperor
is wearing clothes. Hackers have a tendency of pointing out the
obvious inadequacies of the computer systems we entrust with such a
large and growing part of our lives. Many people don't want to be told
how flimsily these various systems are held together and how so much
personal data is readily available to so many. Because hackers manage
to demonstrate how simple it is to get and manipulate this
information, they are held fully responsible for the security holes
themselves. But, contrary to most media perceptions, hackers have very
little interest in looking at other people's personal files.
Ironically, they tend to value privacy more than the rest of us
because they know firsthand how vulnerable it is. Over the years,
hackers have gone to the media to expose weaknesses in our credit
reporting agencies, the grading system for New York City public
schools, military computer systems, voice mail systems, and even
commonly used pushbutton locks that give a false sense of security.
Not one of these examples resulted in significant media attention and,
consequently, adequate security was either delayed or not implemented
at all. Conversely, whenever the government chooses to prosecute a
hacker, most media attention focuses on what the hacker "could have
done" had he been malicious. This reinforces the inaccurate depiction
of hackers as the major threat to our privacy and completely ignores
the failure of the system itself.
By coming out publicly and meeting with other hackers and non-hackers
in an open atmosphere, we have dispelled many of the myths and helped
foster an environment conducive to learning. But the message we
received at the Pentagon City Mall tells us to hide, be secretive, and
not trust anybody. Perhaps that's how the Secret Service wants hackers
to behave. But we are not criminals and we refuse to act as such
simply because we are perceived that way by uninformed bureaucrats.
Regardless of our individual outlooks on the hacker issue, we should
be outraged and extremely frightened to see the Secret Service act as
they did. Whether or not we believe that hackers are decent people, we
must agree that they are entitled to the same constitutional freedoms
the rest of us take for granted. Any less is tantamount to a very
dangerous and ill-advised precedent.
------------------------------
End of Computer Underground Digest #4.65
************************************
