Computer underground Digest Sun Oct 27, 1996 Volume 8 : Issue 76

Computer underground Digest Sun Oct 27, 1996 Volume 8 : Issue 76
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.76 (Sun, Oct 27, 1996)
File 1--Hacker posts nudes on court's Web pages (fwd)
File 2--Internet Anti-Piracy Campaign Launched
File 3--COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
File 4--Dropping of the SPA Suit against CCC
File 5--LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING
File 6-- International Release: Internet Piracy Case
File 7--The "Kiddie-Porn" Spam
File 8--AOL - Breaking Spam News
File 9--More on AOL "child porn" spam
File 10--Flaw in Solaris 2.4 Daylight Savings Time Calculation (fwd)
File 11--Cu Digest Header Info (unchanged since 7 Apr, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Fri, 25 Oct 1996 21:16:56 -0400 (EDT)
From: Noah <[email protected]>
Subject: File 1--Hacker posts nudes on court's Web pages (fwd)

From -Noah

---------- Forwarded message ----------
Date--Fri, 25 Oct 1996 16:47:39 -0500
C Y B E R - S P A C E P R O J E C T Email List / Instructions at the end
----------------------------------------------------------------

PHAETHON :::

10/25/96 -- 12:43 AM

Hacker posts nudes on court's Web pages
By ROB CHEPAK of The Tampa Tribune

TALLAHASSEE - The Internet home of the Florida Supreme Court isn't
the kind of place you'd expect to find nudity.

But that's what happened Wednesday morning when a judge in
Tallahassee found a pornographic photo while he was looking for
the latest legal news.

A computer hacker broke into the high court's cyberhome, placing
at least three pornographic photos and a stream of obscenities on
its Web pages.

.............

The Florida Court's Web site is used to post information about
court opinions, state law and legal aid. Thousands of people,
including children, use the court system's more than 500 Internet
pages each month, Waters said.

.............

Officials aren't sure how the culprit broke in, and FDLE had no
suspects Thursday afternoon. But court officials long have
suspected their Web site could be a target for hackers armed with
the computer equipment to impose photos on the Web. The Florida
Supreme Court became the first state Supreme Court in the nation
to create its own Internet pages two years ago.

.............

Without a clear motive or obvious physical evidence, FDLE
investigators, who also investigate child pornography on the
Internet, hope to retrace the culprit's steps in cyberspace.
However, Ponder said cases of Internet tampering are "very
difficult to solve."

Thursday, the state's top legal minds, who are used to handing out
justice, seemed unaccustomed to being cast as victims.

"No damage was done," Kogan said in a statement. "But this episode
did send a message that there was a flaw in our security that we
now are fixing."

* [email protected] aka ---* Frosty, ilKhan of the SotMESC
* To send a submission, use this address with 'CSP' in the Subject line
* Thanks to: Voyager, 2600, LOD, Knight Lightning, the Unabomber, etc
* Visit us at: http://www.datasync.com/sotmesc/gcms
* Or our convention at: http://www.datasync.com/sotmesc/ic-con

------------------------------

Date: Thu, 17 Oct 1996 22:44:41 -0500
From: [email protected](Jim Thomas)
Subject: File 2--Internet Anti-Piracy Campaign Launched

FOR IMMEDIATE RELEASE

Contact: David Phelps, (202) 452-1600, ext. 320, [email protected]

SPA Files Copyright Suits Against ISPs and End Users

Internet Anti-Piracy Campaign Launched

_________________________________________________________________

(Oct.10, 1996 --Washington, D.C.) -- The Software Publishers
Association (SPA) announced today that it has filed five civil
lawsuits for copyright infringement occurring on the Internet. Three
of the lawsuits were filed against Internet service providers (ISPs),
and the remaining two were filed against individual end users.
Additionally, SPA launched its Internet Anti-Piracy Campaign, which
includes education and enforcement components, in an effort to educate
and work cooperatively with ISPs regarding copyright infringement.

ISP lawsuits were filed on Oct. 7 and 8 against Community ConneXion of
Oakland, Calif.; GeoCities of Beverly Hills, Calif.; and Tripod Inc.
of Williamstown, Mass. The SPA members named as plaintiffs in all
three suits were Adobe Systems Inc., Claris Corp. and Traveling
Software Inc. In each case, SPA first contacted the ISP and requested
that the infringing material be removed, but the ISP failed to respond
and cooperate.

SPA also filed suit against Jeffrey Workman of Auburn, W. V., and
Patricia Kropff of Scottsdale, Pa, on behalf of Adobe Systems Inc.,
Claris Corp., Corel Corp., Datastorm Technologies Inc. and Novell,
Inc. In each of these instances, SPA received reports of alleged
copyright infringement on certain Web sites, and with the assistance
of the ISPs, tracked the individuals responsible for posting the
infringing material.

"These lawsuits send a clear signal to ISPs and end users that neither
direct nor contributory copyright infringement will be tolerated. The
Internet does not provide a safe haven for these types of activities,"
said Ken Wasch, SPA president.

SPA's Internet Anti-Piracy Campaign (IAPC), which is outlined at
http://www.spa.org/piracy/iapc.htm, contains information explaining
why ISPs may be liable for copyright infringement, the risks involved
and seven warning signs that infringing activity may be taking place
on the ISP's server. Additionally, ISPs may sign an ISP Code of
Conduct to show they have adopted the operating practices encouraged
under the copyright law.

Upon receiving a report of alleged copyright infringement on the
Internet, SPA confirms the unlawful activity and sends a letter to the
ISP servicing the infringing user. In most cases, the ISP cooperates
and remedies the situation. If the infringing user can be identified
-- as alleged in the Workman and Kropff cases -- SPA may then choose
to seek action against the end user. If the ISP is unwilling to stop
the unlawful activity, SPA may choose to file suit against the ISP.

"Our intentions are to work cooperatively with ISPs. A key element of
the IAPC is the ISP Education Program devoted to alerting ISPs to
their potential liability and providing them with the tools and
guidance to protect themselves," said Joshua Bauchner, SPA's
Litigation Coordinator.

"The IAPC maintains SPA's traditional balance between education and
enforcement. We first make contact in an effort to amicably resolve
the matter, and only when absolutely necessary do we turn to
litigation."

An integral part of the cooperative effort between SPA and ISPs is the
ISP Code of Conduct. This simple agreement asks that ISPs protect
themselves from liability by stopping pirate activity on their
systems. In return, SPA will attempt to contact the ISP if it receives
a piracy report concerning it -- before initiating other action.

Piracy has taken many forms on the Internet. These include making
unauthorized copies of software available for download, the posting of
serial numbers, cracker and hacker utilities and links to pirate FTP
sites. Although many believe piracy is limited to "warez" or illegal
copies of software, it extends beyond that narrow definition. Under
the law, anyone who knows -- or should have known -- of the
infringement and who assists, encourages or induces the infringement
is liable for indirect infringement. In each of the actions SPA filed,
at least two of the above infringements were present.

For additional information please visit the Internet Anti-Piracy
Campaign site at http://www.spa.org/piracy/iapc.htm. The ISP Education
Program information is available at
http://www.spa.org/piracy/ispinfo.htm. To report a case of piracy
please contact SPA's hotline at (800) 388-7478, [email protected] or
complete an on-line intake form at
http://www.spa.org/piracy/pirreprt.htm.

SPA is the leading trade association of the desktop software industry,
representing the leading publishers as well as many start-up firms in
the business, home office, consumer, education and entertainment
markets. Its 1,200 members account for 85 percent of the sales of the
U.S. packaged software industry. SPA press releases are available
through fax on demand at (800) 637-6823.

------------------------------

Date: Mon, 14 Oct 1996 11:24:01 -0700 (PDT)
From: [email protected]
Subject: File 3--COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT

Fwd from: [email protected]
COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT

For release: October 14, 1996
Contact: Sameer Parekh 510-986-8770

Oakland, CA - Community ConneXion, Inc, dba C2Net, condemns the
lawsuit served by Adobe Systems, Inc., Claris Corporation, and
Traveling Software, Inc. as a frivolous lawsuit. "As near as we can
tell," said C2Net President Sameer Parekh, "we are being sued for
being an Internet Service Provider."

C2Net is an ISP, providing shell accounts and web hosting
services. But the company is primarily a software vendor, selling
Stronghold, one of the most popular secure web servers on the
market. "We were looking into joining the Software Publisher's
Association, who filed the suit on behalf of the plaintiffs," said
Parekh, "but it's not very likely to happen at this point."

The lawsuit appears to charge C2Net with liability based upon
allegations that C2Net's customers provide links to pirated software
on other machines and "cracker tools" that allow users to beat
copy-protection mechanisms like software serial numbers.

"It's completely outrageous that the SPA has nothing better to do
than to file frivolous lawsuits against hard-working Internet Service
Providers," said Parekh. "We are not aware of any such links on our
pages or our customer's pages, and if our customers are breaking any
laws, we want to know about it so we can terminate their accounts."
(The lawsuit provides no specific examples.)

The lawsuit was apparently filed after a single attempt to contact the
company with a form-letter e-mail. The copy of the alleged e-mail
included as an attachment to the suit shows the SPA's real
motive. "They want us to sign a 'Code of Conduct'," said
Parekh. "Among other things, we'd have to agree to routinely monitor
our customer's web pages, which we won't do. We deal with complaints
about our customers on a case by case basis, and we have a firm and
clear policy against illegal activity of any sort. We've shut down
accounts for less than what they're alleging in this lawsuit."

"This is clearly a frivolous lawsuit," said Terry Gross, counsel for
C2Net. "The plaintiffs know that an ISP can only be liable if it
participates in and has knowledge of the improper activity, and it is
clear that they have no such basis."

Although the lawsuit does not mention the "Code of Conduct", it
appears that most ISPs who received the e-mail ended up signing it,
largely to avoid legal action from the much-feared SPA. Those that
didn't kowtow got sued.

"The terms of the 'Code of Conduct' are completely unacceptable," said
Parekh. "It basically gives the SPA the right to go on an ongoing
fishing expedition through our customer's files, and requires us to do
the same as their agent on a regular basis. The Code would classify
us as 'publishers', and we would become responsible for everything our
customers do. We've built this business on a solid foundation of
respect for our customer's privacy. Monitoring their activities
without grounds for suspicion is completely inconsistent with
maintaining their privacy."

"This lawsuit is grossly unfair, and it's going to cost us a lot of
time and money, but we don't have any choice but to fight it," said
Parekh. "What we have here is three giant software companies and their
well-funded bag of lawyers trying to bully a smaller software company
into adopting costly policies that invade customers' privacy."

A coalition is currently being formed to fight this case and make sure
that this form of legal terrorism does not occur in the future against
internet providers. The coalition will probably include the three companies
that have been served in the suit and other organizations with a stake
in creating a rational legal enviroment for ISPs and their customers.

C2Net provides high-security encryption solutions for the Internet
worldwide. More information about C2Net's products are available at
https://stronghold.c2.net/. Information about the forming coalition
may be found at https://www.c2.net/ispdc/.

------------------------------

Date: Sat, 26 Oct 1996 00:32:11 -0500
From: [email protected](Jim Thomas)
Subject: File 4--Dropping of the SPA Suit against CCC
ORIGINAL
ROBERT L. MAINES, State Bar No. 39977 FILED
ANDREW L. FAGAN, State Bar No. 121445
BRYANT, CLOHAN, OTT, MAINES & BARUH Oct 22 '96
550 Hamilton Avenue, Suite 220
Palo Alto, California 94301 Richard W. Wieking
Telephone: (415) 324-1606 CLERK
Facsimile: (415) 324-4613 U.S. DISTRICT COURT
NO. DIST. OF CA. S.J.
GEOFFREY G. GILBERT
ANTONIA S. PRITCHARD
McBRIDE BAKER & COLES
500 West Madison St., 40th Floor
Chicago, IL 60661-2511
Telephone: (312) 715-5700

Attorneys for Plaintiffs ADOBE SYSTEMS,
INCORPORATED, CLARIS CORPORATION, and
TRAVELLING SOFTWARE, INC.

IN THE UNITED STATES DISTRICT COURT

FOR THE NORTHERN DISTRICT OF CALIFORNIA

SAN JOSE DIVISION

ADOBE SYSTEMS, INCORPORATED, ) NO. C-96 20833 (SW EAI)
CLARIS CORPORTATION, )
and TRAVELLING SOFTWARE, INC. ) NOTICE OF VOLUNTARY
) DISMISSAL
)
Plaintiffs, )
)
v. )
COMMUNITY CONNEXION, INC. and )
SAMEER PAREKH, )
)
Defendants. )
_________________________________)

NOTICE IS HEREBY GIVEN that pursuant to Rule 41(a)(1) of the Federal
Rules of Civil Procedure plaintiffs voluntariily dismiss this action without
prejudice.

Dated: October 22, 1996. BRYANT, CLOHAN, OTT, MAINES
& BARUH, LLP

McBRIDE BAKER & COLES

By:____[signature]_________
ROBERT L. MAINES

Attorneys for Plaintiffs
ADOBE SYSTEMS, INCORPORATED,
CLARIS CORPORATION, and
TRAVELLING SOFTWARE, INC.

------------------------------

Date: Thu, 24 Oct 1996 12:34:48 -0700 (PDT)
From: sameer <[email protected]>
Subject: File 5--LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING

For Release October 24, 1996
Contact: Sameer Parekh 510-986-8770

LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING

Oakland, CA - In an ongoing attempt to force Internet Service
Providers (ISPs) to monitor their customers' web pages, the Software
Publisher's Association (SPA), acting on behalf of three member
software companies, dropped a lawsuit against Community ConneXion,
Inc., dba C2Net, but reserved the right to bring the suit again if
C2Net failed to adopt a policy of monitoring their users' web pages
for copyright infringement.

The three plaintiffs, Adobe Systems, Inc., Claris Corporation, and
Traveling Software, Inc., seemed surprised to find that they had filed
the lawsuit, and sought to distance themselves from the action. For
instance, Adobe's PR department maintained that Adobe has definitely
not filed any such lawsuiT. (Contact Carol Sacks -- (408) 536-4033)

C2Net, a small, Oakland-based ISP and software company, has always
forbidden illegal activity on its servers. This includes copyright
infringement and contributory copyright infringement. "We're very
aware of the problems that software companies face from piracy; most
of our revenue comes from software and we have our own problems with
people pirating our software," said C2Net President Sameer Parekh. "I
just don't think that bullying hard-working ISPs into embracing a
highly questionable set of policies does anything constructive about
the problem of piracy."

The Software Publishers Association wants ISPs to sign a 'Code of
Conduct' which would force ISPs to actively monitor users. Under
current case law, this greatly increases the ISP's liability, in
addition to being extremely expensive, time-consuming, and distasteful
to users.

"The telephone company isn't required to monitor all their users to
make sure they're not saying illegal things," said Parekh. "How can we
be expected to do that for our customers' use of the Internet?"

Of the over twenty ISPs contacted by the SPA, many caved in and signed
the 'Code of Conduct', fearing a lawsuit from the SPA more than the
future expense and liability problems that result from ongoing
monitoring. A coalition of ISPs and other concerned parties, the ISP
Defense Coalition, has formed to oppose these bullying tactics by the
SPA.

"The SPA thought they could bully small ISPs, but they didn't
realize we had principles and couldn't be cowed," said Parekh.

Mike Godwin, Staff Counsel for the Electronic Frontier Foundation
said, "My personal view is that the Software Publishers Association
has forgotten that it is the legislature, not the courts, that is the
primary avenue for seeking changes in copyright policy. What we see
here is a perversion of the notion that the courts should be used to
seek justice -- SPA seems to have picked defendants in the hope that
they'd be too weak to resist. I find that decision morally
objectionable. Speaking as a lawyer, I have to say that this is the
kind of tactic that justifiably confirms in people's minds whatever
low opinions they may have of lawyers."

The suit alleged that C2Net users were providing tools to get around
copy protection in the plaintiffs' software, and were providing
pointers to other sites that actually contained pirated software. The
SPA provided no examples, and did not allege any direct copyright
infringement on C2Net machines.

"Despite our best efforts to get specific information," said Parekh,
"the SPA did not provide us with any specifics about our customers
engaging in infringing activity. We suspect that they had no evidence
of infringement, but acted merely on vague reports of questionable
conduct on the part of a few users."

C2Net provides high-security encryption solutions for the Internet
worldwide. More information about C2Net's products are available at
https://stronghold.c2.net/. Information about the forming coalition
may be found at https://www.c2.net/ispdc/.

------------------------------

From: "David Gersic" <[email protected]>
Date: Wed, 23 Oct 1996 13:34:40 CDT
Subject: File 6-- International Release: Internet Piracy Case

If you don't already have a copy of this, I thought you might found
it intestesting. Gee. Bomb-making recepies. How nice. And $60k worth
of Novell products is hardly anything at all...

These were from a private list server, so the header has been modified.

------- Forwarded Message Follows -------

Date sent-- Wed, 23 Oct 1996 11:30:47 -0600
Send reply to-- "xxxxxxxxxxxxxxxxx" <[email protected]>
From-- "xxxxxxxxxxxxxxxxx" <[email protected]>
Subject-- International Release--Internet Piracy Case
To-- Multiple recipients of list xxxxxx <[email protected]>

Note: Attached is a press release on an anti-piracy raid in Switzerland.
This release was distributed internationally.

FOR IMMEDIATE RELEASE ---- October 23, 1996

Novell Brings Largest Ever Internet Piracy Case

Swiss Police Swoop On Internet Pirate In Dawn Raid

Following months of undercover investigation by Novell's
Anti-Piracy Group, on 15th October 1996, Swiss Police executed an
early morning raid in Zurich on the home of a 27 year old computer
technician calling himself *The Pirate'.
*The Pirate' was offering $60,000 of unlicensed Novell products,
along with commercial software from other Business Software Alliance
(BSA) members, to anyone with a connection to the Internet. During the
enquiry, Novell Anti-Piracy investigators also found files containing bomb
making recipes and instructions for defrauding credit cards.
During the raid officers from the Swiss Police Commercial Crime
Unit seized an extensive collection of computer hardware and software.
*The Pirate' who was taken into custody, could face a maximum prison
sentence of 3 years and/or a fine of up to SFR 100,000 (USD80,000) if
convicted.
In a related action on the same day, the Swiss police raided the
M-E-M-O Bulletin Board System (BBS) run by a systems operator calling
himself *The Shadow'. The M-E-M-O BBS was believed to have close
connections with *The Pirate' and in addition to making available
unlicensed Novell software via the telephone network, also offered a CD
and DAT tape writing service.
Martin Smith Novell's Licensing Manager for Europe Middle East
and Africa says, *This is a landmark case for the software industry. For
the first time today, individuals and organisations distributing unlicensed
software on the Internet know that they can be caught and prosecuted.
This case is the first of a series of Internet related actions which will be
brought by Novell and the BSA in Europe in the coming months.*
Smith continued *Novell is committed to working with law
enforcement groups throughout Europe to halt the supply of illegal
products on the Internet. Electronic distribution of illegally duplicated
software poses a threat both to the industry and consumers. In many
cases the software available from such sites has been passed around
the world, each transfer exposing it to potential corruption and viruses.
For the end-user this inevitably leads to system down time or loss of
data.*
Novell's Anti-Piracy Group can be contacted directly on dedicated
hotlines, a list of which accompany this release.
Founded in 1983, Novell (NASDAQ:NOVL) is the world's leading
provider of network software. The company offers a wide range of
network solutions for distributed network, Internet, intranet and
small-business markets. Novell education and technical support
programs are the most comprehensive in the network computing
industry. Information about Novell's complete range of products and
services can be accessed on the World Wide Web at
http://www.novell.com.. Novell is a member of the Business Software
Alliance (BSA).

###

Press Contact:
Sarah Williams
+44-(0)1344-724042
Internet: [email protected]

------------------------------

Date: Thu, 24 Oct 1996 22:51:01 CDT
From: Jim Thomas <[email protected]>
Subject: File 7--The "Kiddie-Porn" Spam

((The following spam was received by thousands of people,
including me. It was received on an address that is rarely
used for external mail or Net posting, so it's unclear how or
why that account was selected. Following this post are
several responses to it - jt))

---------- Forwarded message ----------
Date--Mon, 21 Oct 1996 04:12:17 -0400
[email protected]
Subject--Child XXX

Hi! I sent you this letter because your email address was on a list that fit
this category. I am a fan of child pornography and for the past 4 years, I
have been able to gather quite a collection of it. I have pictures, VHS
tapes, posters, audio recordings, and games based on child pornography. I am
now selling my products (or trading for other child pornography). I have a
complete color catalog of all my products now available. You can purchase
pictures, both normal kodak, and computer GIF or JPG's. You can purchase
posters, the VHS tapes, and Audio recordings. If you send your picture, I
can morph your face into one of the action shots to make it appear that you
are the one having anal sex with a young boy. There are many preferences
you can choose from. Hair color, weight, age, height. Age of the young
boys range from 7 yrs to 17. Young girls, age 4 to 19. For $2.99 we can
send you a personalized audio cassette of a little boy moaning and groaning
your name. There are many other products and services.

If you were not supposed to receive this letter, please delete it
immediately. I send out these advertisements to this mailing list once a
week. If you you want to get off this mailing list, please send a letter to
my address below. Do not write to this email address because I will delete
it after I mail these letters. The only way to get off this mailing list is
to write to my address below.

Here are some prices:

Complete Color Catalog (160 pages)...........................$5.00
100 Pictures young boys age 7-12..............................$9.95
120 Pictures young boys age 13-17............................$11.95
VHS tape, young boys "Bath Time".............................$49.95
VHS tape, young boys "Happy B-day, Timmy".............$49.95
VHS tape, young boys "Bobby and His Friends"...........$49.95
VHS tape, young boys "Kid Loves Candy"....................$39.95
VHS tape, "Mister's Sin (Tale of an Alter Boy)".............$39.95
Personalized Audio tape.............................................$2.99
Personalized morphed action pic................................$14.95
(be sure to include your picture)

If you have any child pornography yourself, preferably young boys ages 7-9,
I will trade or buy them from you. If they are action shots, of an adult
with the young boy having sex, I am willing to trade big, or pay a lot.
Please write to me for more details. Thanks.

You can send a cash, check, or money order. Make it out to my company :
"Kwo UN"

Send your order to:

Child Fun
<name and address of presumably innocent target deleted>
Jackson Heights, NY 11372

You can also send your credit card numbers. I do not accept American Express
cards.

------------------------------

Date: Wed, 23 Oct 1996 15:49:54 -0700 (PDT)
From: David Cassel <[email protected]>
Subject: File 8--AOL - Breaking Spam News

CNN is reporting that today the FBI "hinted" they were close to making an
arrest in the child pornography spam.

Stories have appeared in Reuters, the Associated Press, CNN, and the
Washington Post. Reuters reported that AOL was "deluged" with complaints,
and said the FBI observed tips came to their offices "around the country".
More interesting, an AOL officer told Reuters the account holders were not
the ones who sent the mail.

Hackers have been boasting about the capability to access any AOL
account--without a password--since last spring. Some speculate hackers
had moles in AOL's customer service department--when the editor of
Internet Underground magazine contacted hackers for a story, they offered
to recite his credit card number as proof. In July the Florida Times-
Union reported AOL's Florida customer service building housed an employee
who helped "hijack" customer credit card numbers. When arrested and
convicted, he implicated two other employees [7/7/96]. AOL caught 38 of
their own staffers in a June raid on the Warez chat room. And to this
day, one hacker's web page contains screen shots of AOL's internal
software. (http://www.netvirtual.com/blank/aol/)

Even Reuters has picked up on AOL's low-security climate. Their story
noted that "Hackers have in the past established bogus America Online
accounts using stolen credit card numbers and the signup disks the service
widely distributes..." The Washington Post reported 370,000 fake accounts
were created between March and June [9/16/96]).

That lends an odd context to the child pornography spam. Earlier this
year AOL's postmaster collected the tens of thousands of messages
Cyberpromotions sent to invalid addresses--then bounced them back, all at
once. Cyberpromotions saw this as a vindictive prank, and took AOL to
court, but some netizens lauded AOL for their effective retaliation.

But today a University of Maryland graduate student told the San Francisco
Examiner he received ten pieces of spam advertising a program called
AKIMA--giving the same address in Jackson Heights. The student said he
believes the child pornography mail was retaliation for the earlier spams
advertising AKIMA--a program which, ironically, allows mass e-mailing to
AOL subscribers.

This raises the question: was the child pornography spam a variation of
the postmaster's prank, perpetrated by someone within AOL? Their customer
service department's ties to the hacker community beg the question. In
September, speaking about unwanted spam, Steve Case said "this is the
number one complaint we hear from our members."

Either way, the event is being used to push pre-existing agendas. In an
interview with the San Francisco Examiner, a federal law enforcement
official "said it is apparently not against the law to pull a hoax on the
Internet." And CNN took this opportunity to link to their "related"
story, "Pedophiles stalk internet for victims". In September they had
interviewed two customs agents, reporting that the two "said they become
suspicious when someone offers pictures of celebrities--often a code word
for child pornography."

Coincidentally, CNN cites them as the agents who arrested Robert Green and
Richard Russell--the school teachers running the child pornography ring on
America Online (mentioned in a previous update). The Customs agents told
CNN the teachers had "used computers to lure children to a certain
location, where they would be molested." The Phoenix Gazette reported the
men would then produce videotapes of the children they met on America
Online. One of the boys was 11, the other 15; they were paid $15 each.

Ironically, news of the account breach came from AOL's public affairs
officer William Burrington, who was last seen at the Philadelphia trial
for the Communications Decency Act, where Declan McCullagh's dispatch said
he characterized AOL "as a 'resort pool with lifeguards' next to the wild,
untamed ocean of the Internet". Current events don't bear that out. Part
of the problem is their resort pool offers an unlimited supply of fake
screen names--and apparently, the security on them isn't foolproof. (Even
with the "lifeguards"...)

In 1995 Burrington also testified before Congress about AOL's child
pornography problems. He attributed the trafficking to "a very small
percentage of its customers." An article in the Boston Phoenix, noting
Burrington's "wind-tunnel-resistant hair", suggested the obvious follow-up
question would be, "what percentage of members who traffic in child
pornography is acceptable to AOL?"

Watch for a story about this in tomorrow's Netly News
(http://www.netlynews.com)

------------------------------

Date: Wed, 18 Mar 1953 04:13:11 -0500
From: Declan McCullagh <[email protected]>
Subject: File 9--More on AOL "child porn" spam

*******

Date--Mon, 21 Oct 1996 06:58:08
[email protected] (David O'Donnell at America Online)

Please note that if you received unsolicited mail from "[email protected]" or
"[email protected]" yesterday (Sunday 20 October 1996), both accounts
were closed early this morning. Copies of the messages have been
forwarded to our legal department. Please do not send in more reports of
this abuse.

--
__ David B. O'Donnell ([email protected], [email protected])
\/ AOL Internet Development Outreach and Technology Manager
Tel.: 703/453-4000 x4255; FAX: 703/453-4102 "Spammum
WWW: http://www.idot.aol.com/atropos/ Delendum Est"

********

[Thanks to Dave Cassel for this. --Declan]

http://www.wco.com/~destiny/kidspam.htm

Earlier today an AOL user e-mailed hundreds of people, announcing "I
have pictures, VHS tapes, posters, audio recordings, and games
based on child pornography."

The notorious mail included a price-list and an address in Jackson
Heights, New York. Several hundred students at the University of
Oslo reportedly received copies, as did students at Yale. The
message was e-mailed to Oregon, Georgia, Illinois, and New York, as
well as England, Australia, Holland, Finland, Germany, and Canada
(according to Usenet posts). The Royal Canadian Mounted Police
received several calls, as did Interpol. One ISP reported 10 of
their 1,000 users received copies--close to 1%.

Even some net personalities received copies. Ron Newman, formerly
of the MIT Media Lab, received the e-mail at five different
accounts. Joe Shea, editor of the American Reporter, received a
copy; Philip Elmer-DeWitt, author of Time magazine's "Cyberporn"
cover story, received two. The authors of "The Stalker's Home
Page," and "Why AOL Sucks" also received the e-mail.

Responding to complaints, AOL stated "we have closed the accounts
involved, and our legal department is taking action." Postmaster
David O'Donnell posted to Usenet, "Please do not send in more
reports of this abuse". Over 50 people complained to the New York
police department, who investigated the location--a P.O. Box--with
the FBI. (On a mailing list Brock Meeks noted that AOL has a
"working relationship" with the FBI.)

A reporter for the New York-based Newsday says the newspaper will
probably carry a story about the event in Tuesday's edition.
(http://www.newsday.com) According to one Usenet post, the
address belongs to one of AOL's "disk dancers". The mailing address
of the (presumably-framed) New Yorker is for sales of a program
that lets AOL users spend time on the system without being charged.

This is not the first time AOL's hacker community has cross swords
with child pornography. The documentation for AOHell contains a
section called "Why I made AOHell." "I'm sick of all the God damn
pedophiles," the program's author states. "AOL constantly closed
the 'Hackers' Member room, but refuses to do anything about all the
pedophilia rooms...If AOL is going to do nothing about this type of
sick behavior then I will do everything I can to screw AOL up."

Instead, users signing onto AOL tonight received an advertisement
for hardware that can "grab color images right from your camcorder,
VCR, or TV." This December marks the five-year anniversary of the
first child pornography scandal on AOL. In 1991 Newsweek reported
that one subscriber posing as a child "received pictures of what
appear to be youngsters involved in sexual acts." AOL's members
didn't find out about the incident until the story turned up on
CNN. (Mainly because the outraged user went straight to the
network.)

In 1993, ten-year-old George Burdynski disappeared from Brentwood,
Virginia. He was never seen again--but his disappearance launched
the largest child pornography investigation in FBI history. In
September of 1995, the FBI raided the homes of 120 AOL users, and
in July the FBI raided 100 homes just in Cincinnati. Days before,
one agent told the Cincinnati Enquirer "there are new people being
identified daily." The FBI had information on more than 3,000
users--which at the time constituted one out of every 1,200 AOL
subscribers; "FBI and America Online records revealed that during
one 25-minute span when an illegal photograph was made available on
the computer service, about 400 people nationwide downloaded the
picture to their computers." Jean Villanueva stated that AOL
contacted the FBI "upon receiving the material, and verifying that
it was in all likelihood illegal". (At least one children's rights
activist questioned the legality of the delays "verification" added
to AOL's response.)

Earlier that year U.S. Customs Officials cracked a child
pornography ring operating on America Online. In February of 1995
two teachers in Florida were charged, and a third suspect arrested
in Salt Lake City. A Customs official said photographs were being
downloaded directly from AOL's shareware section, which apparently
wasn't monitored round-the-clock. The first guilty verdict from
that investigation was handed down in February of 1996--for
photographs a user transmitted in July of 1994. In August an AOL
user in San Francisco was indicted for his involvement in a
13-year-old Kentucky girl's 2-week disappearance; in November of
1995, a New Jersey man was sentenced for actions with a young boy
in July of 1994.

The San Francisco Chronicle suggested problems were exacerbated by
AOL's fully-anonymous screen names. In fact, up until September of
1995, AOL wasn't even verifying the full authenticity of the credit
card information users input. That created an entrenched subculture
of disk dancers that persists to this day. The Washington Post
reported that between March and June, over 370,000 fake accounts
were created with bogus credit card information.

Ironically, the ten-year-old boy who disappeared lived just miles
from AOL's headquarters in Vienna, Virginia. One children's rights
advocate is considering setting up a fund in the boy's name.

------------------------------

Date: Fri, 25 Oct 96 07:35:25 CDT
From: Eric Behr <[email protected]>
Subject: File 10--Flaw in Solaris 2.4 Daylight Savings Time Calculation (fwd)

FYI, in case you missed this:

>Date--Thu, 24 Oct 1996 23:47:01 -0700
>[email protected] (Mark Graff)
>Subject--URGENT--Flaw in Solaris 2.4 Daylight Savings Time Calculation
>
>I have been asked to announce here an anomaly in timezone calculation
>which will affect some Solaris 2.4 customers this weekend. The bug:
>log entries will not accurately reflect the upcoming transition from
>Daylight Time back to Standard Time. You'll find details below.
>
>The only customers who will be affected are those who:
>
> * Run Solaris 2.4 systems, with kernel patch 101945-37 or later
> (for x86 systems, that's kernel patch 101946-35 or later); and
>
> * Are in locales which are reverting to Standard Time this
> weekend, such as most of the U.S., Canada, Mexico, and parts of
> Europe (but not Japan and many parts of Asia, Australasia, and
> Africa); and
>
> * Use (as most do) non-POSIX /usr/share/lib/zoneinfo
> representation to designate system timezones; and
>
> * Require accurate timestamps for system log entries and events
> this weekend.
>
>Since the problem will occur over a weekend evening, only lasts for a
>matter of hours, and doesn't affect the system clock, we expect that
>relatively few customers will even notice the effects of this bug.
>
>Note that this is *not* a security bulletin. We are sending this
>advisory out along the channels we usually reserve for security bugs
>because we wanted to get the information into our customers' hands as
>quickly as possible. We actually discovered the complication only this
>morning, while analyzing a related problem reported by a European
>customer a few weeks ago.
>
>The bug involves the C library calls which translate system time into a
>human-readable format, such as "Thu Oct 24 21:33:21 PDT 1996". The
>exact effect of the bug is that localtime(3)-format strings will revert
>to "Standard Time" at a moment indicated by GMT, not local time. This
>means, for example, that starting at 0200 hours GMT, Sunday, 27
>October, system logs and other timestamps recorded in local time will
>be off by one hour. The system will continue to record bad timestamps
>until 0200 hours local time, when the real world and the computer's
>calculations will once again agree.
>
>In the Pacific time zone, then, the problem will start at 1800 hours
>PDT and last for eight hours. In the Eastern time zone, the problem
>will start at the same moment (which is 2100 EDT) but only last for
>five hours--0200 comes earlier there! Affected systems in the European
>MET zone will experience the problem only for one hour--and the
>erroneous time will be one hour later than the real time, not earlier,
>as in the U.S.
>
>Note that it is in fact possible to avoid the problem behavior, by
>re-specifying the system's time locale in POSIX representation. The
>adjustment, however, is fairly complex; it involves re-booting the
>system; and describing the workaround completely would require telling
>you what to do for all 459 or so time locales around the world. We're
>not prepared to do that tonight.
>
>Of course we will fix the bug in subsequent kernel patches. But the
>patches won't be ready for some time, and certainly not before this
>weekend. So please, if you believe your system is one of those
>affected and would like help, now or later, contact your local Sun
>Solution Center.
>
>-mg-
>
>Mark Graff
>SunSoft

------------------------------

Date: Thu, 21 Mar 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 11--Cu Digest Header Info (unchanged since 7 Apr, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #8.76
************************************