Computer underground Digest Wed July 21 1993 Volume 5 : Issue 54

Computer underground Digest Wed July 21 1993 Volume 5 : Issue 54
ISSN 1004-042X

Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cpyp Editor: Etaoin Shrdlu, Senior

CONTENTS, #5.54 (July 21 1993)
File 1--B. Sterling and W. Gibson Comments on Cyberspace & Educ.
File 2--An open letter to Frank Tirado (from Paul Ferguson)
File 3--Response to The AIS BBS Incident
File 4--AIS BBS "debate"

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from [email protected]. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493

ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

----------------------------------------------------------------------

Date: Tue, 20 July 1993 23:33:12 CDT
From: CuD Moderators <[email protected]>
Subject: File 1--B. Sterling and W. Gibson Comments on Cyberspace & Educ.

((MODERATORS' NOTE: The following comments by Bruce Sterling and
William Gibson came to us from several sources, some with
over 60 lines of "forwards," which we deleted for parsimony.
Thanks to those who sent it over, and special thanks to Mike
Eisenberg, from whom the text apparently originated)).

+++++

Date--Sun, 16 May 1993 13:39:38 -0400
From--Mike Eisenberg <[email protected]>
Subject--Sterling & Gibson on education and the 'net.

The science fiction writers Bruce Sterling and William Gibson recently
gave speeches about education and technology at a convocation at the
National Academy of Sciences. They graciously agreed to make their
texts freely available to the Internet. Please share these as you
wish, but they are not to be used in any commercial way or
publication.

I hope this stimulates thoughts, reactions, and discussions throughout
the 'net. This is a crucial time in the evolution of the Internet and
the proposed networks-to-follow. Open and equal access is NOT
guaranteed; in fact just the opposite may well happen. Is this
important for education? for democracy? What do YOU say?

-- Mike Eisenberg
[email protected]
School of Information Studies
Syracuse University
Syracuse, NY 13244

++++++++++ Forwarded message ++++++++++
Date--Tue, 11 May 1993 18:52:59 -0700
From--Bruce Sterling <[email protected]>
Subject--You Asked For It, You Got It

Bruce Sterling
[email protected]

Literary Freeware -- Not for Commercial Use

Speeches by William Gibson and Bruce Sterling
National Academy of Sciences
Convocation on Technology and Education
Washington D. C., May 10, 1993

BRUCE STERLING:

Hello ladies and gentlemen. Thank you for having the two of
us here and giving us a license to dream in public.

The future is unwritten. There are best-case scenarios. There are
worst-case scenarios. Both of them are great fun to write about if
you're a science fiction novelist, but neither of them ever happen in
the real world. What happens in the real world is always a
sideways-case scenario.

World-changing marvels to us, are only wallpaper to our
children.

Cyberspace is the funhouse mirror of our own society.
Cyberspace reflects our values and our faults, sometimes in terrifying
exaggeration. Cyberspace is a mirror you can edit. It's a mirror you
can fold into packets and send across continents at the speed of
light. It's a mirror you can share with other people, a place where
you can discover community. But it's also a mirror in the classic
sense of smoke-and-mirrors, a place where you might be robbed or
cheated or deceived, a place where you can be promised a rainbow but
given a mouthful of ashes.

I know something important about cyberspace. It doesn't
matter who you are today -- if you don't show up in that mirror in the
next century, you're just not going to matter very much. Our kids
matter. They matter a lot. Our kids have to show up in the mirror.

Today, we have certain primitive media for kids. Movies,
television, videos. In terms of their sensory intensity, these are
like roller-coaster rides. Kids love roller coasters, for natural
reasons. But roller coasters only go around and around in circles.
Kids need media that they can go places with. They need the virtual
equivalent of a kid's bicycle. Training wheels for cyberspace.

Simple, easy machines. Self-propelled. And free. Kids need places
where they can talk to each other, talk back and forth naturally.
They need media that they can fingerpaint with, where they can jump up
and down and breathe hard, where they don't have to worry about Mr.
Science showing up in his mandarin white labcoat to scold them for
doing things not in the rule book. Kids need a medium of their own.
A medium that does not involve a determined attempt by cynical adult
merchandisers to wrench the last nickel and quarter from their small
vulnerable hands.

That would be a lovely scenario. I don't really expect that,
though. On the contrary, in the future I expect the commercial sector
to target little children with their full enormous range of on-line
demographic databases and privacy-shattering customer-service
profiles. These people will be armed and
ready and lavishly financed and there every day, peering at our children
through a cyberspace one-way mirror. Am I naive to expect better from the
networks in our schools? I hope not. I trust not. Because schools are
supposed to be educating our children, civilizing our children, not
auctioning them off to the highest bidder.

We need to make some conscious decisions to reinvent our
information technology as if the future mattered. As if our children
were human beings, human citizens, not raw blobs of potential
revenue-generating machinery. We have an opportunity to create media
that would match the splendid ambitions of Franklin with his public
libraries and his mail system, and Jefferson and Madison with their
determination to arm democracy with the power knowledge gives. We
could offer children, yes even poor children in poor districts, a real
opportunity to control the screen, for once.

You don't have to worry much about the hardware. The hardware
is ephemeral. The glass boxes should no longer impress you. We've
shipped our images inside glass boxes for fifty years, but thatsRa
historical accident, a relic. The glass boxes that we recognize as
computers won't last much longer. Already the boxes are becoming flat
screens. In the future, computers will mutate beyond recognition.
Computers won't be intimidating, wire-festooned, high-rise
bit-factories swallowing your entire desk. They will tuck under your
arm, into your valise, into your kid's backpack. After that, they'll
fit onto your face, plug into your ear. And after that --they'll
simply melt. They'll become fabric. What does a computer really
need? Not glass boxes -- it needs thread -- power wiring, glass
fiber-optic, cellular antennas, microcircuitry. These are woven
things. Fabric and air and electrons and light. Magic
handkerchiefs with instant global access. You'll wear them around
your neck. You'll make tents from them if you want. They will be
everywhere, throwaway. Like denim. Like paper. Like a child's kite.

This is coming a lot faster than anyone realizes. There's a
revolution in global telephony coming that will have such brutal,
industry-crushing speed and power that it will make even the computer
industry blanch. Analog is dying everywhere. Everyone with wire and
antenna is going into the business of moving bits.

You are the schools. You too need to move bits, but you need
to move them to your own purposes. You need to look deep into the
mirror of cyberspace, and you need to recognize your own face there.
Not the face you're told that you need. Your own face. Your
undistorted face. You can't out-tech the techies. You can't
out-glamorize Hollywood. That's not your life, that's not your values,
that's not your purpose. You're not supposed to pump colored images
against the eyeballs of our children, or download data into their
skulls. You are supposed to pass the torch of culture to the coming
generation. If you don't do that, who will? If you don't prevail
for the sake of our children, who will?

It can be done! It can be done if you keep your wits about
you and you're not hypnotized by smoke and mirrors. The computer
revolution, the media revolution, is not going to stop during the
lifetime of anyone in this room. There are innovations coming, and
coming *fast,* that will make the hottest tech exposition you see here
seem as quaint as gaslamps and Victorian magic-lanterns. Every
machine you see here will be trucked out and buried in a landfill, and
never spoken of again, within a dozen years. That so-called
cutting-edge hardware here will crumble just the way old fax-paper
crumbles. The values are what matters. The values are the only
things that last, the only things that *can* last. Hack the hardware,
not the Constitution. Hold on tight to what matters, and just hack the
rest.

I used to think that cyberspace was fifty years away. What I
thought was fifty years away, was only ten years away. And what I
thought was ten years away -- it was already here. I just wasn't
aware of it yet.

Let me give you a truly lovely, joyful example of the
sideways-case scenario.

The Internet. The Internet we make so much of today -- the
global Internet which has helped scholars so much, where free speech
is flourishing as never before in history -- the Internet was a Cold
War military project. It was designed for purposes of military
communication in a United States devastated by a Soviet nuclear
strike. Originally, the Internet was a post-apocalypse command grid.

And look at it now. No one really planned it this way. Its users
made the Internet that way, because they had the courage to use the
network to support their own values, to bend the technology to their
own purposes. To serve their own liberty. Their own convenience,
their own amusement, even their own idle pleasure. When I look at the
Internet--that paragon of cyberspace today --I see something
astounding and delightful. It's as if some grim fallout shelter had
burst open and a full-scale Mardi Gras parade had come out. Ladies
and gentlemen, I take such enormous pleasure in this that it's hard to
remain properly skeptical. I hope that in some small way I can help
you to share my deep joy and pleasure in the potential of networks, my
joy and pleasure in the fact that the future is unwritten.

WILLIAM GIBSON:

Mr. Sterling and I have been invited here to dream in public.
Dreaming in public is an important part of our job description, as
science writers, but there are bad dreams as well as good dreams.
We're dreamers, you see, but we're also realists, of a sort.

Realistically speaking, I look at the proposals being made here and
I marvel. A system that in some cases isn't able to teach basic
evolution, a system bedeviled by the religious agendas of textbook
censors, now proposes to throw itself open to a barrage of
ultrahighbandwidth information from a world of Serbian race-hatred,
Moslem fundamentalism, and Chinese Mao Zedong thought. A system that
has managed to remain largely unchanged since the 19th Century now
proposes to jack in, bravely bringing itself on-line in an attempt to
meet the challenges of the 21st. I applaud your courage in this. I
see green shoots attempting to break through the sterilized earth.

I believe that the national adventure you now propose is of
quite extraordinary importance. Historians of the future -- provided
good dreams prevail--will view this as having been far more crucial to
the survival of democracy in the United States than rural
electrification or the space program.

But many of America's bad dreams, our sorriest future
scenarios, stemf;om a single and terrible fact: there currently
exists in this nation a vast and disenfranchised underclass, drawn,
most shamefully, along racial lines, and whose plight we are
dangerously close to accepting as a simple fact of life, a permanent
feature of the American landscape.

What you propose here, ladies and gentlemen, may well represent
nothing less than this nation's last and best hope of providing
something like a level socio-economic playing field for a true
majority of its citizens.

In that light, let me make three modest proposals.

In my own best-case scenario, every elementary and high school
teacher in the United States of America will have unlimited and
absolutely cost-free professional access to long-distance telephone
service. The provision of this service could be made, by law, a basic
operation requirement for all telephone companies. Of course, this
would also apply to cable television.

By the same token, every teacher in every American public
school will be provided, by the manufacturer, on demand, and at no
cost, with copies of any piece of software whatever -- assuming that
said software's manufacturer would wish their product to be
commercially available in the United States.

What would this really cost us, as a society? Nothing. It
would only mean a so-called loss of potential revenue for some of the
planet's fattest and best- fed corporations. In bringing computer and
network literacy to the teachers of our children, it would pay for
itself in wonderful and wonderfully unimaginable ways. Where is the
R&D support for teaching? Where is the tech support for our
children's teachers? Why shouldn't we give out teachers a license to
obtain software, all software, any software, for nothing?

Does anyone demand a licensing fee, each time a child is
taught the alphabet?

Any corporation that genuinely wishes to invest in this
country's future should step forward now and offer services and
software. Having thrived under democracy, in a free market, the time
has come for these corporations to demonstrate an enlightened
self-interest, by acting to assure the survival of democracy and the
free market -- and incidentally, by assuring that virtually the entire
populace of the United States will become computer-literate potential
consumers within a single generation.

Stop devouring your children's future in order to meet your
next quarterly report.

My third and final proposal has to do more directly with the
levelling of that playing field. I propose that neither of my two
previous proposals should apply in any way to private education.

Thank you.

--
Michael J Kovacs -(o) (o)-
ACM-L List-Owner U
[email protected] %___/
librk420@kentvms (Bitnet) ***

------------------------------

Date: Thu, 15 Jul 1993 08:25:25 -0700
From: [email protected](Paul Ferguson)
Subject: File 2--An open letter to Frank Tirado (from Paul Ferguson)

An Open Letter to Mr. Frank Tirado

(The original copy of this message was sent to Mr. Tirado at
SYSADMIN%ERS.BITNET, the address listed in Computer Underground
Digest (CuD) issue 5.51. Another copy has been posted in FidoNet
VIRUS_INFO conference area in response to John Buchanan's forwarded
message.)

On 07-13-93 (12:07), Aristotle (aka John Buchanan) forwarded to me
your "open letter" in the FidoNet VIRUS_INFO Conference echo, which I
have the honor of moderating.

> AN OPEN LETTER TO PAUL FERGUSON.

In order to adequately address your concerns, accusations and
opinions, I have also included quotations from your last message,
preceded by angled brackets (">"), as is customary with most netspeak.

> Message from Paul Ferguson to Cory Tucker:

> "....I find your posts rather humorous, yet at the same time >
offensive. If Mr. Tirado wishes to confront the issue himself, > I'd
suggest he do so. His absence here in Fidonet or Usenet > somehow
diminishes his credibility. In the meantime, please > refrain from
posting such drivel....."

> I went through the back issues of Crypt, as well as anywhere > else
I might have been quoted, to see what I might have said > to so raise
your ire. I'm left with the impression that you > ascribe to me the
article written by Jim Lipschultz, an > article which I helped edit
and which I personally found quite > droll. Sorry, much as I would
like to take credit for his work, > the words are all his.

I was referring to the letter submitted in the FidoNet VIRUS_INFO
conference area by one Corey Tucker, who also forwarded the "advance
copy" of the CRYPT newsletter article from issue number 16. Actually,
without hopping about, I'm fairly sure that it was the same text that
appeared in CuD 5.15, but that's a matter of semantics.

I'd like to specifically address each of your points and present
contrary opinion.

> Lets take a look instead at what has been accomplished by
> shutting down the AIS board:
> o The information which was on that board is now on four
others. Obviously part of your carefully thought out
strategy to eliminate such information from "legitimate"
boards. If anything, these boards will provide the same
services the AIS board did, but to a greater extent.

Indeed, I'd be foolish to believe that the "information" found on AIS
could not have been found elsewhere. Frankly, that is a well known
fact. In fact, it can be found on many others (at least 25 others in
the U.S. and Canada alone, by my tally), but none of these systems
are sponsored by U.S. Government, with taxpayer money. I assume that
you equate the term "legitimate" with systems not sponsored in this
manner.

> o Kim Clancy is now far more credible than before in the
> "underground", and she's an even more desirable commodity
> now among the above-ground interests.

I'm sure that this incident has bolstered Clancy's position in the
underground community. As for her credibility, it remains to be seen
to what extent this actually may be. Call me a cynic, but just
because Bruce Sterling calls her "the best" or "better than the CIA,"
does not leave me with the same warm and fuzzy feeling that it seems
to convey to most of my critics. I simply do not find credibility in
efforts which make viruses available freely available -- I consider
it irresponsible.

> o Closing down the AIS board eliminated a major avenue for
> the propagation of viruses........ Oops! My imagination
> ran wild for a moment. You and I both know that not the
> slightest dent has been made in the flow of information
> which you and your cohorts find so objectionable.

I apologize, Mr. Tirado -- I do not know that and frankly, nor
do you. This statement is purely conjecture and you could not
know possibly otherwise. Your sarcasm is evident. However, I
disagree implicitly. As I stated in my response (which I have
submitted to Jim Thomas for inclusion into Cud 5.12) to CuD,
if even one incident of modified virus propagation resulted
from the availability of viruses on AIS, then my action was
warranted, in my own opinion. However, it is obviously a
rhetorical point because once the files were obtained, no one
can gauge the possible damage which may have resulted in these
instances.

> o Now the virus boards cannot point at the AIS board and
> say: "If they're doing it, why can't we?" I'll grant
> you this one, but I really can't see virus boards using
> this defense very successfully, should it ever come to
> that.

Then you obviously have not been observing the activities of
underground vX (virus exchange) systems since their inception. I
have, and I have watched trends develop. For example, the major Vx
systems have been (and still are) run by members of virus creationist
groups such as Phalcon/Skism, Nuke and Trident. These groups are
directly responsible for escalating the sheer number of viruses by
creating new, undetectable variants of existing viruses and creating
virus creation tools. This is unacceptable, yet you seem to condone
this behavior...

> o Those individuals who could "legally" (there was nothing
> illegal about any information obtainable through the AIS
> ba) obtain useful and pertinent information from the
> underground will now probably gravitate towards hacker or
> virus boards. You think not? Let's wait and see.....

"Nothing illegal?" At least not yet, obviously. Unethical? That is
subjective opinion. (I consider it unethical, but as I stated above,
this is purely subjective.) We shall "wait and see," as you've
suggested, however, do not expect us to simply dawdle idly while
these activities are being conducted in real-time. Legislation will
be introduced in the coming congressional session which would outlaw
these activities. (Refer to Computerworld article, "Virus vagaries
foil feds," July 12, volume 27, issue 28 for further information.)

> Your statement that my "absence here in Fidonet or Usenet
> somehow diminishes (my) credibility" is ludicrous. In other
> words, I'm outside of your control so my opinions don't count.

On the contrary, Frank. Your opinions are equally as important
as anyone else. By my statement above (hopefully you can gauge
the sentiment), I simply do not indulge myself to be duped into
responding to 2nd party posts in FidoNet -- it is too easy to
forge. While Fido is near and dear to my heart, there are
certain aspects about Fido messaging which are rather dubious.
Your message, while intelligent and forthright, was presented by
a second party; in this instance, I had my doubts as to its
authenticity.

> Frankly, I reserve the right to disagree with you whenever our
> views differ. If that means that I refuse to be subject to your
> petty satrapy, then so be it. And, by the way, what would you
> say of the credibility of an individual who doesn't have the
> courage to sign his name to a message accusing someone else of
> excesses? At least Jim and I sign our names to our posts.

You obviously missed the point on this one, so I won't argue the
point any further. You certainly have the right to openly
disagree with anyone -- that is a guarantee which we all enjoy
under the Constitution. However, impugning my intentions won't
get you very far, especially when it regards my reputation
(which by all means, is intact, I'd gather).

> Put into the simplest terms, I see the AV community, with some
> few exceptions, evolving into a kind of priesthood whose Mysteries
> are composed of polymorphic viruses and source code, hidden behind
> a veil of mummery and slight of hand. Never mind that virus
> authors and several hundred thousand people of all ages have access
> to that self-same information; as a security officer I only need
> to know what you tell me. Of course, you only are doing this for
> my own good.....

This is perhaps the most offensive of your statements. I am told
that you are a systems security analyst with the Department of
Agriculture. I do not recall seeing you at any computer security
conferences, nor recall your participation in any antivirus
parlances. Do you have some hidden expertise in the antivirus
arena, or are you simply spouting opinionated idealisms?

Mr. Tirado, what I may think has nothing to do with your
opinions, nor anyone else's for that matter. I have watched as
virus exchange systems have become the rave, and have absolutely
contributed to the spread and distribution of viruses, both
known and contrived. In the matter of AIS, I was outraged that a
government sponsorship was participating in these same
activities as other virus eXchange systems.

> I don't think so. I find it next to impossible to implicitly
> accept the word of a group whose bottom line is the almighty
> dollar. Besides, as a self-regulating group you guys can't even
> police themselves. I obtained my first 20 viruses from a vendor at
> the same conference where Peter Tippett first proposed not sharing
> viruses. The implications should be "crystal clear", considering
> the plethora live viruses and source code floating around with the
> imprimatur of the major AV software developers.

I admit that the antivirus crowd has its share of prima donas
and is shadowed by the profit modus operandi. I am in no way
part of the group, either explicitly or implied. You obviously
do not know me.

As a final note, I respect your opinions, if that is of any
consequence. I have been a member of the cyberspace community
since the late seventies and I have witnessed many, many
changes in the culture of the nets. The one thing that truly
upsets me, however, is the reckless abandon with which computer
viruses are made available to anyone with a modem.

I have spent countless hours and dollars cleaning up computer
viruses from countless workstations and LANs. The financial loss
on the part of these companies is mind-boggling. While you decry
the freedom of folks to freely exchange potentially damaging
"information," at least keep this in mind.

To quote you in CRYPT #16,

"Too my mind, the AIS BBS was one of the best applications
of my taxpayer dollars," said the USDA's Tirado angrily
during an interview for this story. "The spineless curs!"

My actions were neither spineless nor uncalculated. I have done
what I intended to do. Private virus distribution systems are
next on the agenda...

------------------------------

Date: Wed, 21 Jul 93 17:26:28 PDT
From: [email protected](Sarah Gordon)
Subject: File 3--Response to The AIS BBS Incident

the opinions expressed here are my own.

i've been following this AIS mess for some time now. by now, you
probably know that anonymous is Paul Ferguson, the moderator of the
fidonet Virus_Info conference. He's done a very good job in there,
helping keep the good informa flowing, keeping a handle on the
disrupters (the echos are not democratic :), and in general is a very
well informed computer security fellow. i've been watching him take,
and wield punches regarding this AIS mess from the start... and i'm
not exactly sure what to think. there are certainly a lot of issues
here and i don't think i could begin to address them all. they do need
to be addressed, however, so i would like to start with these few.

first, i won't get into all this 'not all viruses are meant to be
destructive, not everyone who calls a virus exchange bbs will use them
for bad things, some anti-virus product developers make untrue claims
to scare users' sort of 'discussions'. these things are well enough
known and the bringing up of them as 'arguments' over and over keeps
people from getting to the real issue here. there is a need to have
this kind of discussion, when people don't already know these things.
i think we here mostly know and agree on the above, at least.

computer viruses are just programs. no one disputes that. but they are
destructive (whether they are intentionally so or not), and unless you
have a lot of experience in the entire huge 'arena' involved, its
possible to just not realise what is really going on with the exchange
and offering of this type of information. me? i'm the one who did the
> year study on the virus exchange bbs. a lot has changed since i
concluded it. if you want specific information on what is going on via
some of these systems, parts of the paper are in print form. i wont go
into where here, because the last time i mentioned one of my articles
i was accused of prostituting myself (by someone whose idea of a good
time is to break in and steal someone's mail, and use their account.).
i don't want, or need, any 'hate mail' from people whose idea of a
good time lies along the above lines.

initially, the viruses themselves did not have a significant impact on
end users. that has changed. it used to be just the attitudes fostered
on some of these bbs were more of a threat than the viruses
themselves. that is also changing.

now, from what i understand, AIS did -not- foster the destructive
attitude. in fact, i understand kim had a good communication going
with the participants. so, it cant be said that the BBS fostered these
attitudes -directly.- however, when a government sponsored BBS, for
whatever reason, makes freely available destructive computer code
(and, no one can realistically say that the people who got this just
wanted to 'see it'...maybe in some cases, but in reality, people who
get viruses tend to use them. even if only one used it for this
purpose, its not good. i run a bbs. i cant tell you the number of
people who ask me for viruses to 'screw up' someone's computer...its
human nature for young impressionable people to go with the
hype...)...it tends to reinforce the ethic (or lack of) of this whole
area of computer viruses. we should be honest and stop playing games,
like its just 'freedom of speech'. you don't have a guaranteed right to
do whatever you want. this is not what freedom of speech is about.
and, in some cases, as we all know, just because something is legal
does not make it right.

there's an even worse side to this all. why exactly did they shut down
the BBS. exactly, -why-?

i was at the nyc conference urnst kouch mentioned. i heard alan
solomon mention the AIS bbs...but it was not a particular 'target'
that i knew of; then again, maybe urnst is more priviledged to dr.
solomon's agenda than i am. :). ive never heard for sure from anyone
that alan was in cahoots with anonymous to bring this entire matter to
the public attention; it wouldn't surprise me. its kind of sad that a
british citizen is more concerned with what's going on here than most
of the people who live here. maybe that's because cyberspace has no
formal boundaries, and what goes on here affects people all over the
world. in that case, i hope the laws which prosecute and incarcerate
people who are currently distributing computer viruses in such a
manner as to incite other to commit crime are caught, and locked up.
in fact, i hear this will be happening soon, and i personally am glad.
if i can play even a small part in helping to stop this madness, i
will be quite happy. in fact, i hope a fellow out in virginia who
wrote and distributed a lewd virus with 'sara's groove' on it to all
my colleagues may be among the first to participate in the wonderful
miracles of cyberspace as relate to the Real World i.e. extradition,
or at the very least, culmination of a lawsuit. Freedom of Speech you
say? i doubt you would say it if it was YOUR life and job affected by
this exercise of 'freedom'.

there seem to be now three groups of 'cyberguys'--the hackers from the
'old school'. this is a good thing. no destruction. learning.
information. some virus writers are included in this group. then there
seems to be a group that doesn't care one way or the other what goes
on, and there is the third group: the malicious group.

when you are protecting the third groups 'rights' at the expense of
damage and real harm to the second group, you are damaging the
potential of the first group. you have to stop being afraid to say
something is WRONG. it is WRONG to destroy or damage data, to steal
services, to hack systems. its NOT funny, and its NOT cool. its WRONG
to encourage people to do it. and, if you can't figure out what
encourages people, then you had better figure it out soon, because we
don't have much time left.

what is to be feared by the free exchange of -ideas-? does paul not
have the right to say what he thinks about the distribution of
computer virus code? why is it that the majority of people responding
here seem to see only that the virus writers/distributors 'freedoms'
have have been limited, or that people who want access to this
destructive code maybe have less 'access' to it now? i'm not for book
burning. i'm not a fascist. however, i have a lot of experience with
computer viruses and i sure as heck would not offer them to people
indiscriminately

i'd be a pretty poor role model if i did things to encourage
destruction of this new 'frontier', and i can't really understand why
everyone is so upset that paul spoke up for what -he- happened to
think. if its that he chose to do it anonymously, then why in the hell
aren't all you people shutting down the 'anonymous mailers' that give
you freedom to post under obscene aliases, send threatening mail to
people and hide your true identities. you don't do that? well, the
virus writers and distributors do it. no one's seeming to be too upset
that these guys can do the things they do, which are in many cases
illegal and in most cases unethical (well, if you consider stealing
telephone service, stealing computer time, breaking into systems,
hatching viruses to bulletin boards, sending threatening mail, etc. to
be unethical); yet i hear a lot of crying about how bad it was for
paul ferguson to say 'this bbs belongs to the u.s. government and it
should not be giving out destructive computer code'.

people are upset he chose to exercise -his- right to free speech. he
has just as much right to say what he wants to say as the next person.
was he wise to use an anonymous mailer? i'd say not. i've told him
'not'. he still had the right to say it. its only words, and
information...and since you all want information and ideas to be so
free, that should include everyone's words. or, is it only the words
of those who are for some reason unwilling or unable to say these guys
who are promoting the destruction of data (such as occurs on most vX
bbs, not on AIS) that are sacred?

there are more issues here than just 'is it helping' and 'is
information free'. there is the matter of the values we instill in the
students, the people in college who are still figuring out what's
what. my personal philosophy on virus source code and viruses is that
it is quite unethical to let a live virus out of your own hands after
you write it.

that's pretty simple to understand. you cant control what happens with
it once it leaves you own hands. so, write them if you want to. i've
written a few, specifically using MPC to generate samples to test the
efficacy of scanning technology; but, use some sense in passing them
around. they are not toys, despite some people would like to minimize
the threat they pose. sure, most of the junk we see written by 'virus
writers' now is not so serious...but take a look at the bigger
picture. what kinds of things are we teaching in the school? its ok to
just pass out malicious code without any instruction on why its NOT ok
to destroy other peoples 'stuff'. sure, there is now a move toward
ethics in education in computer sciences. and, some very GOOD
instruction, too. but, for people involved in it now, its a bit late.
what kind of examples are we setting when we distribute source code to
people whom we -know- (and don't kid yourselves, we know it...all of
us) are going to use it maliciously. "hey, if its ok for AIS to pass
it out, why can't i"...you know.... so, not everyone will do this,,but
you know some will. don't you think its a bit irresponsible to just
have the federal government passing out this stuff? maybe if they
would dole out some money so we could have good solid ethics based
computer curriculum, yes...but they don't, at least not -enough-. isnt
it time we focused our attention on what needs to be done to keep the
global computing environment accessible to all, without need to fear
attacks from people who have learned -from US- that it is acceptable
to 'play' at the expense of others? AIS had good communication with
hackers, and virus writers; this isnt even questioned, its a fact.
However, there is the underlying message when they passed out
destructive computer code. And, from my dialogues with virus writers
(which are extensive), they got the message clear and loud -- 'Its ok
to pass this stuff around, hell you can get it from the U.S.
government, so don't tell me there's nothing wrong with it'.

i studied actual virus exchange bbs for a long time. i found that the
problem on them was not the viruses, not at all. the problem was the
attitudes being fostered. some people took my paper out of context,
said i was calling to shut them all down. to the contrary, i don't want
to see that at all. i don't want to have to enforce morality on anyone.
i want people to act responsibly on their own. i don't want to give
the government the open hand to just slap down people who are trying
to learn, and who need to learn...but, the attitudes that its ok to
pass out malicious software like candy, when we know what's being done
with it--that attitude will lead to eventually some big government
task force shutting down all the bbs....making it impossible to learn.
if we don't police ourselves, they will do it for us.

did AIS have a section on ethical behaviour? i don't' know...i never
called it. i kept meaning to call it, but i just never got around to
it. i don't have a lot of money for long distance calls, and i think
it was not on the internet. ive done a lot of writing for journals and
magazines who like to take what im saying and twist it...it sells copy
to read about the 'bad evil hackers and virus writers'...i almost feel
as if its pointless to talk about communications and working to make
sure we have a safe, trusting space....

Paul Ferguson has taken a pretty bad rap. I don't know why he chose to
post anonymously. I also don't know if Alan Solomon had anything to do
with it. however, the fact that some disassemblies with S&S or Certus
on them showed up on some bbs means nothing. i could post a message or
upload a virus from anyone...after all, isnt that one of the beauties
of cyberspace? anyway, even if a file that contained a virus from one
of these guys shows up on some bbs, it doesn't follow that they -wrote-
the virus, but instead that they wrote the -goat file- and were
perhaps unwise in who they chose to give viruses to. it happens.
however, there is a difference. anti-virus product developers, at
least reputable ones, are willing to say who they gave destructive
code to, so that if there was a problem, the path to it would be
clearer. the anti-virus community (and is it not a sad state that we
have had to have defined lines of people who are AGAINST destructive
computer programs being spread about like warm butter, and that we
have to defend ourselves against people who don't even have the guts to
come forward and -use- their real names, but instead choose to use
aliases like the above mentioned one, Screaming Radish, and Nowhere
Man?) does not promote/give away/recklessly endangering fellow
cyberspace citizens by aiding people in destroying data.

someone said:

>After reading half a dozen articles about the AIS BBS controversy, I
>can't help but think that the whole thing smacks of some sort of
>personal vendetta on the part of Paul Ferguson against Kim Clancy.

this is not the case. i know paul very well, professionally and
personally.

not only are people attacking pauls right to say what he wanted, but
now the personal attacks start. this reminds me of the ridiculous
Phrack article that came out accusing me of trying to shut down virus
exchange bulletin boards. suddenly, it turns to personal, and sexist
attacks.

>Perhaps he was only jealous of her growing professional reputation.
>Or maybe he made a pass at her only to be rebuffed for being the
>unethical fink that he is.

actually, while kim is well known in some circles, she is not well
known in the area of paul's expertise, i.e. most people involved with
viruses don't even know who kim clancy is, other than that she
operated a bbs where they could get viruses. actually. as for his
making a pass at her, i was with paul and kim the only time they met.
this did not occur. knowing paul's character, i can say without
question that this would not have occurred in any case.

>I agree, mostly, but the problem is the lack of communications between
>Cyberspace and the rest of the world. No amount of airing disputes
>and debating them here in Cyberspace is going to correct the
>wrong-headed criticism from the print media, congressional members and
>staff, pressure to change from congressional members and staff, or
>any sort of reprimand, criticism or loss of reputation Kim Clancy has
>suffered from her superiors at the Bureau of Public Debt.

if Kim was operating the BBS with the sanction of her superiors, she
suffers no loss of reputation. she is a government employee, and from
what i understand a very bright woman. there must have been some
reason her superiors chose to shut down the BBS. i doubt that the
words of paul ferguson alone could do it. maybe they realised they
were encouraging people by distributing this code. maybe they realised
if they pass it out, they can't very well speak out against others
doing it. however, or whyever it happened, im glad it did.

however, kim doesn't serve to lose any reputation from her superiors.
get it? if there are superiors, it means you have done what they have
told you to do. they can hardly fault her, and if they do, someone
like paul would be the first to speak out against it.

and, i can't agree that no amount of debate here is going to correct
what goes on in the other Real World. when the problem of what is
right and wrong regarding our own environment here, in cyberspace, is
sorted out here, only then can we hope to impact the other Real World.

we are shaping this world, now. ideals, ethics, what is good, what is
bad, what is acceptable, what is not...we are deciding.

the frightening thing here is that if we do NOT decide to police
ourselves and stop trying to act like 'everything we do here is ok',
(including sanctioning the distribution of destructive code and making
it worse by not even saying its WRONG to spread viruses to innocent
people, but saying instead its 'freedom'....), the government -will-
step in and do it for us.

by focusing on the 'freedom' of this information, we are neglecting to
address the real problems.

should AIS have had to stop passing out viruses? i think no one should
distribute destructive code that they cannot control. and, if people
insist they have the right to keep on doing it, pretty soon they wont
have the right to do it. i don't think this is what anyone wants.

>I'm not as willing as Jim Thomas to believe Paul Ferguson was sincere
>in his concerns. In fact, I don't believe he was at all, but rather
>his entire intent was to cause trouble for someone, probably Kim.

not at all. paul has the same goals as a lot of us. i use the word
'us' because i believe we are all sincerely of the same goal, at least
i hope so. we go about achieving it in different ways. if the goal is
to stop cyberspace from becoming too much of a mess for the average
user (none of us wants it to be only available to those who can hack
their way in, right? we want people to have access to information
without fear, right?), then it only makes sense to attempt to instill
some sense of what is right and wrong in the people who are shaping
it, and being shaped by it.

SO, what are the facts here? Someone brought to light that a Federally
run BBS was giving out virus source code. it was then changed, no more
source code. i hear mindvox is picking up that, and will be passing it
out. i don't know if its true or not. if it is, i hope they make an
environment where they wont encourage people to think its cool to
destroy computers by neglecting to mention this. and mention it
consistently. over and over. why? because the people who are looked up
to...people like kim (who is a charming and very nice person, i've met
her and she's quite nice), people like the guys at mindvox...people
like you, jim, ...those people are responsible for helping shape the
future.

for the bad to win, it only is necessary for the good to do nothing,
you know.

--

[email protected] / [email protected] bbs: 219-273-2431
fidonet 1:227/190 / virnet 9:10/0 p.o. box 11417 south bend, in 46624

------------------------------

Date: Tue, 20 Jul 1993 09:03:29 -0600 (MDT)
From: bryce wilcox <[email protected]>
Subject: File 4--AIS BBS "debate"

Everything I know about the AIS BBS events I have learned from CuD,
and therefore I would like to issue a plea for a little more
objectivity and composure from CuD's contributors. Paul Ferguson's
letter in his own defense seemed to me, while not conclusive, at least
a sincere attempt to address the issues at hand, which are immensely
important to our developing cyberworld and very complex. By contrast,
some of your other contributors have posted letters with no apparent
purpose other than to disparage Mr. Ferguson's personality and
character, which I personally find distasteful, damaging to the kind
of community we are trying to build, and a waste of my time.

The issue at hand is indeed a tricky one. We would all (well,
*almost* all) agree that gas stations should be allowed to sell
gasoline despite the occurrence of arson, and we would all (almost)
agree that corner stores should not be allowed to market small nuclear
bombs. A rational policy probably lies between these two extremes,
and it also must consider other factors:

1. How dangerous is the thing? How much damage can it do? To
whom? Is it easy to protect oneself against? Is the damage fixable
or permanent?

2. What positive or non-damaging uses can the thing be put to?

3. Is it more likely to be used for harm or for good? By different
groups of people?

4. Is it possible, or practical, to outlaw the thing? Would that
reduce its use, eliminate it, not affect its use at all, cause it to
spread, or eliminate it from the law-abiding sector, leaving it solely
in the hands of criminals?

There are more, of course, but hopefully this will get people thinking.

There is a more fundamental question that is very important to those who
deal in information, the commodity that is hardest to suppress:

5. To what degree can law enforcement be proactive rather than
reactive? Is it Constitutional or moral to punish an individual
because he/she seems likely to commit a crime in the future? The
First Amendment protects against prior restraint of speech and
press. Should this be expanded to include digital data, which can
be a commercial product or a military device as easily as an
expression of an individual's thoughts?

These are very serious and complex questions that need to be resolved by a
long and careful public debate. CuD can be one of the forums in which these
issues are analyzed, but only if your reader/contributors set an example of
mature and principled conduct.

------------------------------

End of Computer Underground Digest #5.54
************************************