Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Seniur
CONTENTS, #5.14 (Feb 17, 1993)
File 1--Re: CuD, #5.11 - SPA's Piracy Estimates
File 2--Cu News: Pirate Amnesty, Toll Fraud Decline, etc
File 3--Re: EFF in Time's Cyberpunk Article
File 4--Behar's Response to Godwin
File 5--Censorship in Cyberspace
File 6--Undercover Rambos?? (NYT Story on "Hakr Trakr")
File 7--Social Engineering (Re: CuD #.13)
File 8--Cybersmut is Good
File 9--Suggestions For a Hi-tech Crime-investigators' Seminar?
File 10--Re: Unemployed Programmers Turning Talents to Evil (#5.13)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from [email protected]. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS
at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352)
466893; and using anonymous FTP on the Internet from ftp.eff.org
(192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in
/cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and
ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail server at
[email protected].
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
((In CuD 5.11, [email protected] summarized the Software
Publishing Association's methodology, and wrote:))
> The third set of facts is the average number of applications that
> users are estimated to have on their personal computers. This body of
> data comes from member research that is sent back to the SPA. The >
members obtain this information from several sources, including >
surveys of their own customer base and from returned registration >
cards. The SPA estimates that the typical DOS (or Intel-based) PC user
> has three applications, and the typical MacIntosh user has five.
How does the SPA calculate the effect of system hardware upgrades by
replacing the whole system? Often a system is not worth repairing,
and when it breaks or gets too obsolete, it's replaced with another
new system, and the old one is thrown out or broken down for spare
parts. Now, not all replaced systems will be discarded - they may get
passed on to someone else - but eventually a system isn't worth
repairing, isn't repairable, or it's just too slow or obsolete, and
it's no longer used. This is the situation I'm talking about. Most
of the 8086-based systems sold went out of service somehow.
How does this affect the piracy estimate? Well, you get one
current-year system sale. It's quite possible that the system owner
transfers his old applications to the new system. This is allowed
under most licenses. The owner might upgrade applications as well,
but most of the speed improvement for going, say, from a 286 to a 486
is in the hardware, not getting a [34]86-specific application. You
get zero new applications purchased for the new system, implying,
incorrectly, piracy of 3 applications. What about the old system?
Nobody buys applications for a system no longer used as a system.
The estimate correctly handles the case of passing the old system on
to someone else, who uses it as a system. If the applications are
erased from the old system, the new owner will buy some. If the
applications are not erased AND transferred to the new system, this is
piracy and counts as such. If the applications stay with the old
system, the new system owner will buy new ones.
Will a new owner of an already-obsolete system buy as many
applications as a new owner of a new system? I suppose this depends
on how business-use applications count vs. games and personal-use
applications. But a survey of applications will look at the
applications on the NEW hardware, not the newly-acquired obsolete
hardware, making the applications-per-system number higher than it
should be.
I wonder also how the estimates count non-DOS applications. It's
practically impossible to buy a whole system without getting DOS
bundled into the price, whether you intend to run DOS or not (Yes, I
realize operating systems don't count as applications). Now, if I buy
a 486 system, UNIX, and 3 UNIX applications, do they count as
applications sold? Or do the UNIX applications count at all? How
about if one of the applications is in source form, so the vendor
doesn't know that it's for a 386 system?
Accuracy test: Take the formula for piracy, plug in a piracy amount
of zero (unrealistic, I know), and calculate applications-per-system.
Subtract the SPA estimate of applications-per-system, which, as I
understand it from this article, is 3.000000000000000 for IBM-PC-based
systems. How much of an error in applications-per-system do you need
to bring the piracy estimate to 0? Using the 1991 estimate of 22%,
this would come to an error of 0.66. I am very suspicious of 2
applications-per-system estimates that come out even integers, if
that's the actual number and it wasn't just rounded for reporting.
------------------------------
Date: 04 Feb 93 18:28:52 EST
From: Gordon Meyer <[email protected]>
Subject: File 2--Cu News: Pirate Amnesty, Toll Fraud Decline, etc
Computer Associates, based in Islandia, NY, estimates there are
150,000 illegal copies of its CPA-BPI II accounting software in use.
In an attempt to legitimize these users they are offering a $209.
upgrade to a full, and legal, package. CA's director of financial
products, David Duplisea, is quoted as saying "You can't stop people
from doing something like this %pirating software% unless you provide
them with a reason not to do it. The responsible approach is to
provide a better alternative to piracy." %Moderators Note - If just
1200 people take them up on this offer, or less than 10 percent of the
estimated illegal users, it will result in a quarter million dollars
in revenue.% (Information Week. Jan 11, 1993 page 14)
+++++++++++++
Toll Fraud Declines
Every major long distance carrier is reporting a decrease in toll
fraud losses in 1992, as compared to 1991. Sprint says fraud against
business customers has fallen 96%. AT&T reports only 1/8 the number
of toll fraud incidents it had previously, and MCI echoes they too are
seeing fewer reported cases. (Information Week. Jan 25, 1993 page
16)
+++++++++++++
Hacking the Internet
By using a dormant account at the University of California Davis, over
100 hackers from all over the world were able to "raid" systems
belonging to NASA, CIA, and DoD contractors. John Crowell, manager of
workstation support at UC Davis, says no arrests have been made
pending a formal investigation. The hackers were detected in October
of 1992, and range in age from 12 to 22 years of age. %Moderators'
Note: The news blurb does not indicate how details about the suspects
are known without the benefit of a formal investigation.% (Information
Week Feb 1, 1993 pg. 16)
+++++++++++++
The New York Times (Jan 26, 1993 pg B1) features an article on
an undercover agent working with authorities in 28 states. See "Going
Undercover In The Computer Underworld" by Ralph Blumenthal for
details.
------------------------------
Date: Wed, 3 Feb 1993 23:22:02 GMT
From: [email protected] (Mike Godwin)
Subject: File 3--Re: EFF in Time's Cyberpunk Article
((MODERATORS' COMMENT: The following was written to TIME magazine in
response to their cover story on Cyberpunk (8 Feb., '93) that, in a
sidebar, identified the EFF as being a "group that defends exploratory
hacking)).
February 3, 1993
TIME Magazine Letters
Time & Life Building 7 Rockefeller Center
New York, NY 10020
Fax number: 212-522-0601
In his sidebar to your cover story on the cyberpunk phenomenon
["Surfing Off The Edge," Feb. 8], Richard Behar quotes me accurately,
but he grossly misrepresents my organization, the Electronic Frontier
Foundation, as "a group that defends exploratory hacking." In fact, we
have always condemned even nonmalicious computer intrusion as
ethically unacceptable, and we have always insisted that such
intrusion should be illegal.
What makes Behar's comment particularly odd is the fact that, just two
weeks before this story, TIME correctly identified EFF as "a
not-for-profit group devoted to protecting the civil liberties of
people using electronic networks." ["Who's Reading Your Screen?" Jan.
18.] Even the most minimal research on TIME's part would have shown
that we're no hacker defense fund; our efforts range from supporting
appropriate computer-crime legislation to promoting the growth of, and
public access to, our nation's emerging information
infrastructure--including what Vice President Al Gore has called
"high-speed data highways."
Occasionally our civil-liberties mission requires us to be involved in
computer-crime cases, much as the ACLU may involve itself in other
kinds of criminal cases. But it's inexcusable of TIME to
mischaracterize our organization's efforts to protect defendants'
rights as a defense of computer crime itself. Your magazine seems to
have forgotten that it is perfectly possible to oppose computer crime
at the same time one supports civil liberties--as one of our founders,
Mitchell Kapor, writes in the September 1991 issue of Scientific
American, "It is certainly proper to hold hackers accountable for
their offenses, but that accountability should never entail denying
defendants the safeguards of the Bill of Rights, including the rights
to free expression and association and to freedom from unreasonable
searches and seizures."
TIME's misrepresentation of EFF in Behar's article is likely to damage
both our reputation and our effectiveness. TIME owes EFF an apology
and its readers a correction.
Mike Godwin Work: 617-864-0665
Legal Services Counsel
Electronic Frontier Foundation
Cambridge, Massachusetts
------------------------------
Date: Wed, 17 Feb 92 18:11:22 CST
From: Jim Thomas <[email protected]>
Subject: File 4--Behar's Response to Godwin
Mike Godwin's response to Richard Behar refers to a single, but
damaging, sentence in the TIME (8 Feb, '93) Cyberpunk article in which
Behar writes:
"Being arrogant and obnoxious is not a crime," argues
attorney Michael Godwin of the Electronic Frontier
Foundation, a group that defends exploratory hacking (p. 65).
Even those minimally familiar with EFF's position know that EFF has
never defended computer intrusion, and there is sufficient evidence
from EFF personnel and the texts of EFFector, among other sources,
that Behar's claim signifies another example incompetent journalism.
It is one thing to distort a position. It is another to create a
position contrary to what a subject holds. How does Behar respond when
alerted to his error?
Richard Behar responded to Mike Godwin's letter in the most curious
way. We reprint it below. Although we agree with those who argue
that public postings of private communications generally violate
courtesy norms, we make an exception in this case for several reasons.
First, because Behar made a demonstrably inaccurate and damaging claim
against EFF, his response is relevant to placing Behar's offensive
claims in context. Second, Behar's claim reflects insights into an
individual reporter's mindset, and as suggested by the commets below,
this mindset can reflect an abysmal disregard of facts. Third,
Behar's response suggests a self-serving rationale and an
unwillingness to assume responsibility for irresponsible reporting.
Finally, as an issue of fairness, reprinting Behar's letter avoids any
possibility of misrepresentation of a summarized condensation.
+++++
February 8, 1993
Mr. Michael Godwin
Electronic Frontier Foundation
155 Second Street
Cambridge, MA 02141
Dear Michael:
After our conversation last week, I went back and reviewed the notes
of our initial interview, as well as other materials in my file. I
also gave the subject of EFF a great deal of thought and came away
with the conclusion that you are trying to have it both ways.
For example, Mitch Kapor has stated that while it's proper to hold
hackers accountable for their offenses, we should view exploratory
hacking as something akin to "non-criminal trespass." To me, this is
not a sanction or a blessing, but it certainly barks and quacks and
smells like a defense.
Michael, you admitted that EFF has worked closely with hacker defense
lawyers, although "not publicly." Well, could the reason for the
secretiveness be that EFF is, as you put it, "an inch away" from
gaining credibility on Capitol Hill as a mainstream group?
You referred to the MODsters as "kids" whose alleged crimes are
"pretty innocuous" (with the exception of the TRW and Learning Link
incidents). You stated that one way America deals with its fears
about computer power is to "attack post-adolescent computer explorers
and paint them as thugs." If this doesn't amount to a defense of
hackers, I don't know what does.
In closing, if there is any murkiness about the work of EFF, let me
suggest that the organization itself -- and not the press --is the
source of the murk.
Sincerely yours,
Richard Behar
cc/Mitch Kapor
++++
As others have pointed out, Behar's defense of his inaccuracy draws
from a conversation with Mike Godwin *after* the article was printed.
Behar never alludes to any evidence in his possession prior to writing
the article, but skirts the issue by alluding to the conversation with
Godwin *after* publication. Behar appears to have written his
commentary without possession of facts.
Behar also accuses EFF of "wanting it both ways" because Mitch Kapor
is uncomfortable with criminalizing generally juvenile exploration.
Behar glibly asserts that "if it quacks like a duck...." it must be a
defense. Can Behar not recognize that one can oppose computer
trespass, as EFF's public statements have consistently done, and
oppose draconian criminal sanctions, as EFF's public statements have
consistently done, without advocacy? Does Behar not recognize that
there is a long, visible, and explicit public record of EFF statements
that explicitly disavow "exploratory hacking?" Does Behar not
recognize that to oppose criminalization of some behaviors hardly
means that one necessarily defends those behaviors?
Behar suggests that EFF is disingenuous in its view of hackers because
it is trying to establish credibility on "Capitol Hill" as a
"mainstream group." Behar's evidence for this, according to his
letter, is Godwin's claim that EFF has worked "not publicly" with
defense lawyers. Using this logic, would Behar also claim that any
attorney who gave advice to a defense team defending a murderer or an
arsonist is therefore defending murder or arson? Is objection to law
enforcement depiction of "hackers" as demons and threats to national
security, as has demonstrably occured in the PHRACK trial (and others)
tantamount to defending computer intrusion? If so, then paralogia
must be a virtue for TIME reporters.
Behar concludes with the claim that EFF, not he, is at fault for
distorting EFF's position on "hackers." Despite ample and easily
accessible evidence to the contrary, Behar just doesn't seem to
understand that maybe he didn't get it right. Behar simply didn't do
his homework. He was wrong. Flat out wrong. Worse, rather than
apologize, his letter suggests he is blaming is victim for his own
incompetency. Neither his article nor his letter produces any factual
justification, and his attempt to rationalize an egregious error by
adducing post-publication information (which is neither substantive
nor convincing) resembles the defense of someone caught red-handed
with their hand in the cookie jar.
Behar's reporting and his subsequent response severely damage the
credibility of TIME.
------------------------------
Date: Thu, 11 Feb 93 20:17 EST
From: "Michael E. Marotta" <[email protected]>
Subject: File 5--Censorship in Cyberspace
Excerpts from "Censorship in Cyberspace" (c) 1993 by Michael E.
Marotta the complete text (2000 words) appears in the ($5) 1993 Retail
Catalog of Loompanics, P. O. Box 1197, Port Townsend, WA 98368.
Founded in 1974, Loompanics, publishers of unusual books, features
about 300 titles on privacy, underground income, self-defense, etc.
+++++
As Ayn Rand noted, when people abandon money, their only alternative
when dealing with each other is to use guns. Yet, the
anti-capitalist mentality permeates cyberspace. Most public systems
and networks actually forbid commercial messages. So, computer sysops
and network moderators are reduced to cavalier enforcement of their
personal quirks.
When Tom Jennings created Fidonet, Omni magazine called him an "online
anarchist." Since then, Fidonet has developed a governing council and
lost Jennings. Over the last two years, I have been banished from
these Fidonet echoes:
* Stock Market for saying that Ivan Boesky is a political
prisoner
* Virus for saying that viruses could be useful
* Communications for saying that telephone service
should not be regulated by the government
* International Chat for asking "How are you" in Hebrew
and Japanese.
Kennita Watson, whom I met on Libernet, told me this story:
When I was at Pyramid, I came in one day and
"fortune" had been disabled. I complained to
Operations, and ended up in a personal meeting with
the manager. He showed me a letter from the NAACP
written to Pyramid threatening to sue if they
didn't stop selling racist material on their
machines. They cited a black woman who had found
the "...there were those whose skins were black...
and their portion was niggardly.... 'Let my people
go to the front of the bus'..." fortune, and
complained to the NAACP. I suspect that she (and
the NAACP) were clueless as to the meaning of the
term "niggardly". I (as a black woman) was
embarrassed and outraged. Because of the stupidity
of a bunch of paranoid people, I couldn't read my
fortune when I logged out any more. "
It is important to bear in mind that to the censor, censorship, like
all evils, is always an unpleasant but necessary means to achieve a
good result. Robert Warren is a sysop who replied to an article of
mine on Computer Underground Digest. He said: ... People have a right
to say what they want in public, but some don't care about the
responsibility that comes with it. So you zap 'em." Now, there is no
argument with his basic premise: Since he owns the equipment, he has
the final say in its use. This is his right. Likewise, the
administrators of publicly-funded university computers also engage in
censorship under a mandate to serve the people who pay taxes. "All
power tends to corrupt and absolute power corrupts absolutely," the
historian John E. E. Acton said. It is no surprise that this applies
in cyberspace.
Political and social freedom have little to do with constitutions
or elections. Congress could choose a new prime minister every day or
the people could elect the secretary of state to a three year term.
The details are unimportant. Some places are free and some places are
controlled because the people in those places need freedom or accept
oppression. It always comes back to the individual.
Dehnbase Emerald BBS is home to libertarian and objectivist
discussions and is a vital link in Libernet. The number is (303)
972-6575. Joseph Dehn is not interested in enforcing rules.
Albert Gore and George Bush agreed on the need for a "data
superhighway." The Electronic Frontier Foundation has recommended
that this national network be open to commercial enterprises. This is
good. An open market is the best protection against power and
corruption.
------------------------------
Date: Sat, 6 Feb 93 09:28:01 PST
From: [email protected]
Subject: File 6--Undercover Rambos?? (NYT Story on "Hakr Trakr")
From the New York Times, Tues. Jan 26 (A-20 of the Midwest Edition)
comes a piece by Ralph Blumenthal: "Officers Go Undercover to Battle
Computer Underworld."
The piece begins:
>NEW YORK, Jan. 25 -- He patrols the back alleys of cyberspace at
>the edge of the electronic frontier. Traveling on eams of
>electrons, he is invisible, formless--the ultimate undercover
>agent.
>
>He's "Phrakr Trakr" of the Hi-Tech Crime Network. But don't look
>for him in comic books or the video store. He's real.
The piece continues by explaining that his takes in "the thousands" of
BBSes that are generally law-abiding but "increasingly....have become
underground marketplaces for stolen telephone access codes and credit
card numbers, along with child pornography and other contraband." The
agent's network, says the piece, spans 28 states and he puts out a
newsletter called "FBI" (for "Find um, Bust um, Incarcerate um." In
June, he uploaded a taunt on BBSes from a Police song:
Every move you make,
Every brath you take,
We'll be watching you.
His goal, according to the article, was to sow "anarchy, chaos,
mistrust and fear" in the "phracker community."
The article indicates that the agent has spent around $4,000 of his
on money on computer equipment and telephone bills.
>Though his investigations have yet to yield arrests, he said
>he is studying nilne boards and building cases with officers
>in three other states.
The agent is reported as claiming that PERHAPS 10 PERCENT OF
THE NATION'S ESTIMATED 30,000 ELECTRONIC BULLETIN BOARDS
TRAFFIC IN STOLEN INFORMATION, CHILD PORNOGRAPHY, POISON RECIPES,
AND BOMB-MAKING INSTRUCTIONS.
>To get onto a bulletin board, a computer users needs only a
>communications program like Crosstalk and a modem that will send
>and receive signals over a phone line....
>But so-called underground boards offering illicit services
>require secret passwords, usually granted only to those who
>attend face-to-face meetings intended to weed out the police.....
The article reports that the officer used a software program on an
IBM clone and a modem to get on a board.
>He did this byusing false identification and access
>passwords he had acquired by satisfying a series of questions
>testing is authenticity.
>He was scanning the messages when the systems operator who
>policed the board broke in: "What's up need any help?"
>
>"Yo dude," he typed out, "looking fer AT&Ts got any?"
>
>The operator provided the handle, or nickname, of someone who
>might have credit-card calling numbers.
>
>Phrakr Trakr left a message for hilm and addressed the operator.
>"thanks for the codez," he typed, ading: "You only one getting
>any."
A cop copping an attitude like 12 year old kids usually winds up
chasing 12 year old kids. Here's one cop who sounds like he needs a
long vacation, a stint in Kevin Mitnick's Hacker's Anonymous spa, or a
strong does of reality pills. We have a Barney Fife with an identity
crisis and too much free time on his hands. We have another clueless
reporter who doesn't know what questions to ask or what's important to
report. We have another plot and superhero for a resurrected "phrakr
trakr chronicles." Mostly, we have another example of why the media
needs remedial education on cyberspace issues. It's up-hill all the
way, ain't it???
------------------------------
Date: Mon, 15 Feb 93 17:23:33 EST
From: Cal <[email protected]>
Subject: File 7--Social Engineering (Re: CuD #.13)
In reading again in CuD 5.13 of the exploits of Mitnick and DiCiccio
described as social engineering I was reminded of an earlier
generation of confidence men described in some books published perhaps
fifty years ago. The only one that comes immediately to mind
describes the exploits of Yellow Kid Weil in operating both what they
called the "Big Store" or short cons. The Pigeon Drop is the classic
short con that can be worked on a street corner by two knowledgeable
cons (not always men; women are good at the scam). We have a woman in
our neighborhood who comes around with a "tale" about being a neighbor
(often using a real neighbor's name) who needs $9.75 for asthma
medicine for her sick child. She promises to return the money when
her husband comes home.
People are being taken by this probable sounding tale; if you ask to
see the child there is one in a stroller on the sidewalk.
I was reminded further of a twelve year old of my acquaintance whose
voice had changed early who called a small town bank and told them
that he was laid up and would be sending his son down with a check
that he needed to cash. Unfortunately for the boy his handwriting
hadn't kept up with his voice and sophistication on the phone. If he
had been able to write just a bit less like a child the bank would
likely have cashed the check.
I don't know how much direct relevance any of this has to do with
computer security; just thought it might be useful to place the whole
matter in a larger context.
------------------------------
Date: Thu, 11 Feb 93 20:20 EST
From: "Michael E. Marotta" <[email protected]>
Subject: File 8--Cybersmut is Good
GRID News. February 10, 1993.
ISSN 1054-9315. vol 4 nu 1.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
(57 lines) "Cybersmut is Good" by Michael E. Marotta
The 1993 Retail Catalog of Loompanics Unlimited is available for $5
from Loompanics, P.O. Box 1197, Port Townsend, WA 98368. Loompanics,
sellers of unusual books since 1974, offers about 300 titles on
alternative ID, weaponry, warfare, healthcare, etc. The catalog also
features original essays and fiction, including my article on
"Censorship in Cyberspace" and Butler Schaffer's "The Anti-Sex League:
The New Ruling Class." Schaffer's thesis is that sex is a profoundly
personal pleasure and would-be rulers can't stand that. Schaffer's
argumentation is closely-reasoned and draws from broad sources.
Anyone who values their personal liberty will profit from reading this
essay.
Ayn Rand noted that when you compromise with someone who won't
compromise, they win and you lose. Here in cyberspace, we have
devoted gigabytes of storage to denouncing the Secret Service for
raiding Steve Jackson or for persecuting so-called "hackers" and so
on. Yet, time and again, we also allocate storage to the idea that
sexual material is evil. "Children should not access adult GIFs." If
you accept that premise, there is no way to reasonably draw the line.
On Michigan Echo, libertarians and conservatives are in the majority
and disrespect for "poli-crooks and congress-critters" is the norm.
Isn't this DISRESPECT FOR AUTHORITY also DAMAGING TO YOUNG MINDS?
Should children be allowed to access adult politics? Once you make
exceptions to freedom, the list grows to include everyone.
Now, you may say that you don't want YOUR CHILDREN accessing adult
GIFs. That is your choice, to be handled in your home, just as you
might insist that your children dry the dishes to earn their allowance
as means of building character. You can't reasonably insist that no
BBS carry information about other children who get their allowance
without working for it. Likewise, you can be embarrassed by sex.
That is your right. You have no right to demand that other people be
equally embarrassed.
If you allow in your mind that the police have the right to stop BBSes
from providing sexually explicit material, where do you draw the line?
If you stop pictures, can you also stop text? Anyone who fears
sexually-explicit reading material had better avoid the writings of
Solomon.
Without sex, there is no life at the human scale. In fact, without
sex, life might not have evolved past the single cell. Those who hate
and fear sex, actually hate and fear life. The atrocities we witness
on the news are not committed by self-indulgent hedonists.
Cybersmut, adult GIFs, sexually explicit material, is good. You may
not agree. You have no right to stop those who do.
(GRID News is FREQable from 1:159/450, the Beam Rider BBS)
------------------------------
Date: Thu, 4 Feb 93 14:05:08 PST
From: [email protected](Jim Warren)
Subject: File 9--Suggestions For a Hi-tech Crime-investigators' Seminar?
I have been invited to give (or organize) a 4-hour seminar
presenting civil liberties perspectives and concerns to a group of
40-60 high-tech criminal investigators on the first day of the HTCIA
Northern California 3-day workshop in April (High Tech Criminal
Investigators Association). They are expecting attendees from Nor Cal
and from beyond. My understanding is that most of the members are
sworn peace officers who are specializing in investigating high-tech
crime; a minority are corporate and agency computer security officers.
Most will attend the seminar (only one seminar per time-period).
I see it as an *outstanding* opportunity to
(a) open [more] communication channels between in-the-trenches law
enforcement officials and civlibbies,
(b) learn more of their concerns and problems,
(c) enhance the chances of additional similar and expanded exchanges
at future law-enforcement meetings through *nonconfrontational*,
well-informed, candid discourse, and
(d) better inform law enforcement folks of the complexities, styles
and trade-offs in "cyberspace," and their ramifications for law
enforcement's legitimate and significant concerns.
[And -- heh! -- it will give "them" a chance to harangue "us" civlib
types; equitable role-reversal for those cops who have entered the
lion's den by attending any of the Computers, Freedom & Privacy
conferences of the last several years.]
I have invited an attorney who is specializing in these issues to
join me in organizing and presenting this seminar, and am in hopes
that her organization will support her participation. She has been
closely monitoring related legislation in Washington, DC, and has also
been directly involved in a major computer-search case currently being
litigated in Texas.
Query/request:
I have a number of ideas for topics and perspectives to
present/cover, and have several documents I plan to provide as
handouts. But, I am very-much interested in receiving suggestions
and/or papers/handouts that might be appropriate for
presentation/distribution at a regional meeting of high tech criminal
investigators [long on meat; short on emotion and opinion, please].
Please forward comments, suggestions and copies (ideally e-copies
for reformatting and printing in a combined handout, including a note
permitting reproduction for this purpose). [Confidentiality of
sources and suggesters will be protected, upon request.]
--jim [forward or post elsewhere, as desired]
Jim Warren, 345 Swett Rd., Woodside CA 94062; 415-851-7075
[email protected] -or- [email protected]
[for identification purposes only: founder and Chair, 1991 First
Conference on Computers, Freedom & Privacy; a recipient, 1992
Electronic Frontier Foundation Pioneer Awards; "futures" columnist,
MicroTimes; member, Autodesk Bd.of Dirs.]
Anyone who has been following the comp.virus (VIRUS-L) network news
group over the past two years will recognize that Mungo and Clough's
article on East-European computer virus writers, in the February
issue of Discover, is shamefully out of date. I was quite surprised
to see it's most obvious errors summarized in comp.society.cu-digest,
as if they were both true and news.
> Computer hackers in former communist countries are creating
> mischievous and sometimes costly viruses that threaten computers
> around the world.
> ....
> Investigators say Bulgaria is the source of more than 200 viruses
> that threaten Western computers
> ....
> The Bulgarian virus industry developed, Pierce says, because
> programmers there have a lot of knowledge and skill but no market
> for their services in the economically depressed country.
These ideas were published by Vesselin Bontchev about two years ago,
His paper on "The Bulgarian Virus Factory" is available from many
ftp servers, and has been for some time. Bulgaria has not been a
significant source of viruses in over half a year, as far as I know.
I'm sure Vesselin will correct me if I am wrong.
> Paul Mungo and Bryan Clough, in the February issue of Discover
> magazine, say an unidentified East Coast company lost $1 million
> because of a virus created by a Bulgarian known as the Dark Avenger.
>
> The article, excerpted from an upcoming book, describes the
> electronic exploits of the Avenger, whose work is known to Western
> police agencies.
>
> The authors call 1 of his latest creations, Mutating Engine, "the
> most dangerous virus ever" because it can disguise itself 4 billion
> ways and has no constant characteristic that would let anti-virus
> scanners detect it.
The Mutating Engine (MtE) is a year old now, has been thoroughly
analyzed by virus experts, and discussed almost ad-nauseam on the
comp.virus newsgroup. The MtE is not a virus at all, but a subroutine
that can be linked to a virus to make the virus polymorphic. While
it cannot be detected by scan strings, algorithmic methods can detect
all viruses that use the MtE. Most anti-virus software packages
worth consideration have been able to detect MtE-based viruses
for some months. Few virus writers are using it. In part this
might be because it takes a skilled programmer to use, and partially
because it is so readily detected by modern scanners.
Four concerns have superceded the MtE, in DOS anti-virus circles.
One is the emergence of MtE clones, such as the TridenT Polymorphic
Engine (TPE), by one who calls himself Masud Khafir. Here the concern is
that it takes several months to develop effective algorithmic analysis
techniques to identify each new polymorphic engine.
Second is the emergence of "User-friendly" virus development environments.
The Virus Creation Laboratory, by Nowhere Man, of [NuKE] WaReZ, is
a menu-driven virus-writing environment that requires no virus writing
ability on the part of the user. Fortunately it doesn't work. But
the more recent PS-MPC, from the Phalcon/Skism virus writing club,
is only slightly less user-friendly, but much more effective.
Third, several months ago the Dark Avenger released the bomber virus, which
demonstrates that a single virus might be distributed randomly throughout
an infected program, rather than prepended or appended to it. This means
that scanners must scan the entire program, to look for the characteristic
virus code.
The fourth major problem is the overwhelming number of new viruses
discovered, dozens per week, written by dark-avenger-wannabes. Almost
all of these are trivial modifications of already existant viruses,
but for each one, authors of virus scanning software must disassemble
the code to find an effective scan string.
These problems have led most researchers to the conclusion that, for
DOS computers at least, a scanner-based defense is rapidly becoming
unmanageable. Unfortunately it is still the most popular form of
defense.
> Little is known of the Avenger, the authors say, except that he
> probably graduated from Sofia University in math or science, needs
> money and is infatuated with Diana, princess of Wales, whose name
> pops up in some of his viruses.
Interviews with the Dark Avenger, by Sara Gordon, are currently
being published in Virus News International, and have been the
topic of much discussion over the past month, in the newsgroup
alt.security. A lot is known about the man, including the fact
that the Diana P. he is (or was once) somewhat taken by is not
the Princess of Wales.
> Mungo and Clough chronicle the Dark Avenger's appearances on
> international computer bulletin boards. One Bulgarian-based
> board, they say, has been set up just to exchange viruses.
The Bulgarian-based Virus-Exchange BBS has been out of operation for
over a year. Today the most active virus exchange Bulletin Boards are
in The United States, Canada, and throughout the Western World. They
are interconnected through what Sara Gordon has called the vXnet, a
FidoNet-like virus exchange system.
> Pierce says most viruses written in Bulgaria and Russia are not
> actually "out in the wild," where they can get into foreign
> computers.
Most of them are on the above mentioned electronic bulletin boards.
This means these viruses can show up in the wild anywhere in the
world, at any time.
It is understandable that a book might be one to two years out of
date, by the time it is published, but I would have thought Discover
Magazine could do better. I know comp.society.cu-digest can.
------------------------------
End of Computer Underground Digest #5.14
************************************
