Computer underground Digest Sun Jan 12, 1997 Volume 9 : Issue 03

Computer underground Digest Sun Jan 12, 1997 Volume 9 : Issue 03
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.03 (Sun, Jan 12, 1997)

File 1--AOL hax0rs beware (fwd)
File 2--AOL: The Happy Hacker (fwd)
File 3--Morality of Undoing Blocking Software
File 4--Run for the hills! Virulent Shergold meme escapes cyberspace!
File 5--Crypt News forces correction in FBI newsletter
File 6--7th Computers, Freedom & Privacy Conf - Mar.11-14
File 7--Foreign spies snoop the Net, from The Netly News
File 8--Soliciting a Child via Computer now a Crime in Illinois
File 9--Re: Cu Digest, #8.93 (xchaotic Xmas e-bombings)
File 10--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Wed, 8 Jan 1997 19:18:36 -0500 (EST)
From: "[email protected]" <[email protected]>
Subject: File 1--AOL hax0rs beware (fwd)

From -Noah

---------- Forwarded message ----------
Date--Wed, 8 Jan 1997 18:16:18 -0600 (CST)
From--"Brett L. Hawn" <[email protected]>

[-] Brett L. Hawn (blh @ nol dot net) [-]
[-] Networks On-Line - Houston, Texas [-]
[-] 713-467-7100 [-]

---------- Forwarded message ----------

Hacker admits to AOL piracy
By Jeff Pelline
January 8, 1997, 1 p.m. PT

A college student today pleaded guilty to illegally creating a
program that allowed him to access America Online for free.

Known online as Happy Hardcore, 20-year-old Nicholas Ryan of Yale
University entered his plea in federal district court in
Alexandria, Virginia. The felony offense carries a fine of up to
$250,000 and five years in prison. Sentencing is set for March.

Ryan used his illegal software, dubbed "AOL4Free" between June
and December 1995. He also made it available to others. The
investigation was carried out by the Secret Service and Justice
Department's computer crime section.

AOL called the case a "legal milestone," representing the first
successful computer fraud prosecution involving an online
network.

"We hope this conviction sends a message to our members that AOL
is dedicated to stopping hackers and their activities on the
service and creating a safe online experience," said Tatiana Gau,
the newly named vice president for Integrity Assurance at AOL.

------------------------------

Date: Fri, 10 Jan 1997 22:03:29 -0700 (MST)
From: Gordon J Lyon <[email protected]>
Subject: File 2--AOL: The Happy Hacker (fwd)

---------- Forwarded message ----------
Date--Thu, 09 Jan 1997 01:32:39 -0800 (PST)
From--David Cassel <[email protected]>

T h e H a p p y H a c k e r

+~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~

In 1995 a hacker named Happy Hardcore wrote a program that granted
unlimited free access to AOL. Yesterday AOL issued a press release
applauding his conviction in a court in Virginia.
(http://www.prnewswire.com/pdata/19970108-DCW022.html)

According to press accounts, Nicholas Ryan -- who studies computer science
at Yale university -- was found guilty of a felony offense under the
Computer Fraud and Abuse Act: he illegally accessed AOL "and violated
AOL's terms of service".

But AOL's press release doesn't tell the whole story. The Washington Post
reported that in fact, AOL dropped over 370,000 subscribers between March
and June of 1996 "for credit card fraud, hacking, etc." [9/16/96] Up
until September of 1995, AOL didn't even verify the authenticity of credit
card information submitted for free-trial accounts. (And as of last year,
they'd distributed over 100 million of them.) Monday AOL shut local phone
access to the entire nation of Russia because it couldn't collect enough
accurate information to cover their expenses.

Ryan was targeted because he created a program used by other hackers--and
because he publicly taunted AOL in the program's documentation. He
included internal AOL e-mail (stolen by other hackers) discussing the
company's plans to thwart his program. Ryan wasn't charged with creating
the program, but for accessing the system illegally--a crime he shared
with nearly half a million others.

For six months of access, he faces a maximum of five years in prison and
$250,000 in fines. Under AOL's new value plan, the stolen time would have
a cash value of $60.

AOL's public statements indicate they want to appear tough on hackers --
especially now that they're seeking revenue from on-line transactions. A
press release announcing the appointment of a vice president to AOL's
optimistically-named "Integrity Assurance" division stressed her previous
employment at the CIA--saying Tatiana Gau wants to "improve the world's
most secure online environment". (The phrase "most secure" appeared
three times.) Yesterday's announcement even asserted AOL had achieved "the
first successful computer fraud prosecution involving an Internet online
network." (One technology correspondent quipped, "Maybe it means that
Kevin Mitnick is just a figment of Tsutomu Shimomoura's imagination.")
AOL's announcement went so far as to claim that AOL is safer than the
internet because AOL uses a private network.

But safety still depends on how a network is administered. In 1995, a
beta of AOL's telnet client put users directly behind their firewalls--and
earlier that year, AOL's mail server was accessible via telnet, allowing
forged mail from any AOL address. Hackers even took the stage during a
1995 celebrity appearance on AOL--then taunted the scheduled guest and the
event sponsors. (http://www.aolsucks.org/security/recondite.html). "I am
sure Corporate Communications will be getting some questions about it,"
read an internal e-mail titled "Hacker Attack In the Rotunda Last Night".
Ironically, that message later ended up on the AOL Security Page--"What
AOL Does Not Tell You." http://www.netvirtual.com/blank/aol)

The next month AOL's CEO Steve Case wrote a letter to all users about
hacker problems, arguing that "it happens everywhere", and adding that
"when we discover hackers", AOL "aggressively take measures to head them
off". But within days of that announcement, hackers were posting internal
mail that they'd stolen to the internet. They continued undaunted, posting
internal memos, and even Case's home address. In probably the most
embarrassing development, in-house mail ABOUT the hackers was being
circulated BY The hackers (ftp://ftp.crl.com/users/de/destiny/aol/hacker1)
At the time, AOL spokeswoman Pam McGraw told me, "We've encountered these
problems in the past, and we make changes to the service as appropriate--
and as we can".

The hackers had reverse-engineered AOL's "Rainman" software, which had
been mistakenly stored in AOL file libraries accessible by their hundreds
of remote staffers. The company fumbled for an explanation--Pam McGraw
told the press AOL believed the heist was effected with the Visual Basic
macro program AOHell. (Some later attributed her remarks to a deliberate
disinformation campaign--especially when, to suppress the program's
distribution, AOL later told Boardwatch magazine AOHell contained built-in
child pornography. ftp://ftp.boardwatch.com/aohell.txt)

But AOL's attempts to cover-up security breaches left their members even
more vulnerable. "I went to a bunch of new member chat rooms, used AOHell
to fish for passwords, and got 25 of them," one Usenet poster gloated.
"Doesn't AOL tell its users to not do that?" There were worse abuses.
When AOL realized hackers could "sniff" passwords during TCP/IP
connections, staffers say they were warned--but not the customers. "I
hope that AOL alerts the General Membership to this problem in a timely
manner," one staffer complained, "and not, as in the previous situation,
wait until they are forced to by negative news coverage." Sources had
told the Wall Street Journal that the 1995 security breach included
hackers distributing customer credit card numbers in AOL hacker chat
rooms, and AOL had warned staffers about the breach--but didn't tell their
users (until the story broke in nationwide news reports.)

The staffers complained AOL's hush-hush policy was aimed more at
protecting their image than protecting their customers. In a memo warning
staffers not to speak to the press, Steve Case countered that "We need
everyone's support...to protect AOL's interest". That even applied AOL's
content providers. Shortly before hackers took the stage at his live
event, the producer of AOL's MacWorld area asked AOL about earlier
problems. He told me AOL had attributed them to "some security holes that
AOL promised were closed."

It was when hackers took the stage that he found they were not.

Even AOL's latest statements are suspect. The press release claims that
AOL "immediately upgraded its security measures to prevent AOL4FREE or any
similar software from working". But Nicholas Ryan told a different story.
"AOL found a way to detect users of AOL4Free," began the program's
documentation. "However, with only a few lines of additional code
AOL4Free is again undetectable!"

Tatiana Gau's claims that AOL has a "zero tolerance" policy for hackers is
patently implausible. Macromedia's software piracy suit fingered 67
screen names in 1995. And over 70 came into play for the "Hacker Riot"
that November--a coordinated attack on the New Member Lounges
(http://www.getnet.com/~onion/work/planetmag/current/features/aolside.html)
lasting several hours and affecting hundreds of users. This August AOL's
Chief Financial Officer even pointed to the fake accounts as a possible
culprit for the high figures on their subscriber churn rate. And just six
weeks ago hackers doctored text at AOL keyword: legal.
(http://www.news.com/News/Item/0,4,5712,00.html). Even yesterday,
aolsucks.org received the comment, "AOL SUX!!!!! Thats why I make fake
accounts with them!!!"

Ironically, the documentation for AOL4Free ends with the classic hacker
manifesto "The Conscience of a Hacker." The 1986 document ends, "I am a
criminal. My crime is that of curiosity..."

And most technology pundits agree. AOL's MacWorld area was mailbombed for
a week and a half, with dozens of junk posts to its bulletin boards. "We
hate that," their producer told me. "Does that mean the FBI needs to be
brought in? Probably not." Chris Flores of Microsoft's Developer
Division agreed. "If a Visual Basic program can automate hitting this key
and hitting that key, the blame should be on AOL for allowing a certain
keystroke to be hit... They should think of AOHell as a blessing. Since
they know about it, they know that they have a fault in their system."
MacWorld's producer added, "You've got to admire the hacker ethic in a
certain way, because it's how things get done...how holes get patched."

Indeed, as a result of the hacker presence, AOL began accompanying all
e-mail and instant messages with a warning in red letters--that AOL staff
will never ask you for your password. One Florida resident with a degree
in criminology pointed out on Usenet that this alone wouldn't be
sufficient--because password-fishers were incorporating the warnings into
their scams! ("Enter your password to confirm that you understand the
warning below." "Enter your password now to turn on pass-block, which
offers protection beyond the simple password warning given below.")

Now AOL's 3.0 software requires users to download small software changes
before they can access the system. Unfortunately, there's no way to opt
out--which creates a major security hole waiting to backfire.

In any case, the hacker presence belies AOL's claims of the "highest level
of security". In fact, Wired News reported that "Gau is confident, but
she knows she has her work cut out for her. She's already spotted a link
on the Web announcing her arrival. It was titled 'Hackers are laughing.'".

It was my page.

THE LAST LAUGH

Within days of its creations, AOL threatened the AOL Security page with
charges of copyright infringement.

Unfortunately, the tactic inspired three other sites to mirror the
documents--which are still there to this day.

David Cassel
More Information - http://www.wco.com/~destiny/time.htm

~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~
Please forward with subscription information and headers in-tact.

To subscribe to this moderated list, send a message to [email protected]
containing the phrase SUBSCRIBE AOL-LIST in the message body. To unsubscribe
send a message saying UNSUBSCRIBE AOL-LIST to [email protected]
~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~

------------------------------

Date: Sat, 11 Jan 1997 11:05:09 -0500
From: "Glen L. Roberts" <[email protected]>
Subject: File 3--Morality of Undoing Blocking Software

((MODERATORS' NOTE: Glen Roberts of Full Disclosure has taken some
criticism for advocating and making available the means of
circumventing homepage blockers. Here, he responds to one of his
critics)).

Critic: I have just visited your (glr's) site for the first time even
though I have been a listener to your program for some time
now. Normally I agree with everthing you put forth on your
show but, I now have serious questions as to your moral
sense of right and wrong! Imagine my surprise when I
found your page describing how to circumvent blocks of web
pages such as those promoting explicit sexual content and
abhorent behavior. While I am in support of maintaining our
freedom to access information on the Internet, I can not
condone your publishing work arounds for parental net
censorship programs.

GLR: If the programs 1) effectively blocked porn and 2) did not block
non-obnoxious sites, my interest in publishing that information
would be minimal.

Additionally, the programs are so simply, that any teenager who
has the intellect to make it in the real world in a few years
will be able to figure out how to turn off these programs without
my instructions (the original instructions on my page for turning
off Cybersitter came from a teenager). The answer to keeping our
kids from turning off the blocking programs is to keep our kids
stupid. The idea of computers and the internet is to expand our
intellect. I believe from my limited use of Cybersitter, that it
would pretty much interefere with downloading most shareware from
the internet.

Critic: You obviously do not or would not restrict your own
children from viewing all manner of objectionable material
because of their 'right' to access such information and
your desire of not "depriving them of the knowledge
contained therein".

My reference there is obviously to the thousands of web pages
blocked by the various blocking programs that are not immoral by
anyone's opinion... for example, my anti-junk email page, fishing
spots in chicago, the Girl Scouts home page, etc.

Critic: I find this idea reprehensible and beneath any reasonable
common sense when it comes to protecting ones own children.

I don't view that these programs actually protect anybody. They
may filter SOME immoral sites, however, with 50,000,000+ web
pages and more everyday how they can get them all?

Critic: You may certainly have a case in stating that this is
only the first step in preventing all manner of useful
information that the tyrannical government, for instance,
does not desire it's subject to view. However, this is not
an excuse to interfere with my right as a parent to prevent
unhealthy material from falling in the hands of potential
innocent children!

What am I interfering with? If you buy a blocking program that is
ineffective because your kids can use notepad to turn it off,
your problem should be with the company that offers that program.

Critic: You should realize that we do not live in a perfect society
and some of us will have to sacrifice their right to be
accessed (if you have do not have immoral material) on the
internet to protect the innocense of our children. It is
precisely your opinion that everyone should have access to
anything on the Internet that I find myself not even
allowing my children to use this extremely useful medium at
all.

You want a magic bullet to protect your children in cyberspace.
You won't find that anywhere. I have seen some schools ask about
software that will allow students to surf the internet
unsupervised. What other school activities exist wher kids do
something UNSUPERVISED? None. Your job as a parent is to
supervise your kids, set limits, encourage their intellectual
development and teach them to distringuish between right and
wrong.

You cannot go to the corner store and buy a $39.95 product that
will protect your kids from harms in the real world. You do not
keep your kids inside 24 hrs a day, because there are drugs, sex
and other evils in the real world. Why do you expect that in
cyberspace?

Critic: I have tried to use some of the programs you so arrogantly
bash and find that they do not and can not limit access to
sexually explicit sites due to the concept they use to
block them. There is no way for all offensive sites to
discovered and placed in a database for distribution to
users of these various programs. It is physically
impossible to keep up with new site additions and only
promotes the same mentality of our current 'throw away'
free-market enterprise system. I refuse to participate in
this 'sceme' to extract as much money as possible from the
users of these services.

Exactly. The programs do not protect you. They block many
non-offensive sites. They give you a false sense of security. No
program can be an alternative to your being a good parent. No
corporate executive can make the moral decisions for you (if the
programs were effective).

Critic: Again, I support your views, to an extent, on access to
information. But, I can not sacrifice the mental health of
my children by exposing them to many various profane
materials present on the Internet today. I sincerely hope
you do not hold the view that parents are not the best
judge of what is proper for their own children.

They are. Which is why, even if the programs worked effective,
they would still be a bad idea.

Critic: I must say that this appears to be your view based on your
support and open defiance of such programs. Maybe you have
a better way of protecting children from the dreggs of
society that have apparently migrated to the internet that
I am not aware of. Please let me know if so!

Work with your kids on the net. Help them explore the wonderful
world out there... help them learn to be excited about life and
the opporunities. "Just say no" doesn't work for drugs or
cyberspace. Help them develop a keen zest for life and the
ability to distinguish between right and wrong. Something a
"purifying" filter cannot do.

Critic: I hope you can understand my position in the matter and
look forward to a response from you. Thank you in advance
for considering my position.

Sincerely,
Concerned Parent

The Stalker's Home Page -- What the hell? Are you listed? Privacy?
http://pages.ripco.com:8080/~glr/stalk.html
Tech Support Hell Hole: http://pages.ripco.com:8080/~glr/hellhole.html

------------------------------

Date: Mon, 6 Jan 1997 12:09:31 -0800 (PST)
From: Stanton McCandlish <[email protected]>
Subject: File 4--Run for the hills! Virulent Shergold meme escapes cyberspace!

((MODERATORS' NOTE: If readers would send in some of the more
egregious examples of cyber-urban legends, we'll try to run a few
of them within the next few months)).

Imagine my shock when today I entered our building's elevator, only to
find that a construction company had posted a flyer in it, saying that a
kid named Craig Sherman with brain cancer was collecting business cards
via a Make-a-Wish Foundation maildrop, to get into the Guiness Book of
World Records before he died. The earnest company urged everyone who read
it to participate by sending cards, and said they'd gotten word from another
participating contruction company.

Needless to say, I warned both companies and Make-a-Wish about this
latest iteration of the Craig Shergold hoax, and wrote a warning about
all this on the flyers themselves.

Still, the fact that company number one enlisted the aid of other
organizations in spreading this thing around suggests it may get another
few years of life out of this, offline, since by now the "news" has
probably been mailed, faxed, and posted a zillion more times, starting a
domino effect. <sigh>

------------------------------

Date: Thu, 9 Jan 1997 16:09:28 -0600 (CST)
From: Crypt Newsletter <[email protected]>
Subject: File 5--Crypt News forces correction in FBI newsletter

In follow-up to last CuD's article on the FBI Law Enforcement Bulletin
"joke virus" gaffe:
------------------------------

You may recall Crypt 40's short piece on the FBI's Law Enforcement
Bulletin and its humorous run-in with the Internet jokes known as
the Clinton, Clipper, SPA and Newt Gingrich viruses.

In an article on the emerging face of computer crime, authors David
L. Carter and Andra J. Katz, wrote that these jokes were real examples
of "insidious" computer viruses.

Of course, this was nonsense and Crypt News set out to ask the
editor of the FBI's bulletin how jokes from the Internet had contaminated
a supposedly serious article on computer crime.

Apparently embarrassed over the mistake, the editor of the Law and
Enforcement Bulletin did not return repeated phone calls from Crypt
Newsletter. Andra J. Katz, reached over Christmas, said only that her
co-author was responsible for the goofed-up material in question.

However, increasing interest after the Bulletin's mistake was first
published in Crypt Newsletter has resulted in a hasty edit in which the
references to the jokes-as-viruses were simply hacked out.

However, the rewrite is still imperfect. Reference to the "Clinton"
virus remains in the feature's section on "Virus introduction."

The FBI's curious article can be found off the FBI home page on
the Web:

http://www.fbi.gov/leb/dec961.txt .

The "joke virus" portion from the _original_ edition of LEB has
been posted at --

http://www.soci.niu.edu/~crypt/other/orig.htm

------------------------------

Date: Thu, 9 Jan 1997 14:31:36 -0800
From: Jim Warren <[email protected]
Subject: File 6--7th Computers, Freedom & Privacy Conf - Mar.11-14

Please repost and recirculate. [Also sent it to others via blind cc]

--jim
Jim Warren ([email protected])
GovAccess list-owner/editor, advocate & columnist (Govt.Technology, MicroTimes)
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax-for-the-quaint/<ask
-------------------------

Date--Wed, 8 Jan 1997 18:12:41 -0800 (PST)
From--Bruce R Koball <[email protected]

The Seventh Conference on Computers, Freedom, and Privacy
March 11-14, 1997
San Francisco Airport Hyatt Regency; Burlingame, California

CFP'97 : Commerce & Community

CFP'97 will assemble experts, advocates, and interested people
from a broad spectrum of disciplines and backgrounds in a balanced
public forum to address the impact of new technologies on society.
This year's theme addresses two of the main drivers of social and
technological transformation. How is private enterprise changing
cyberspace? How are traditional and virtual communities reacting?
Topics in the wide-ranging main track program will include:

PERSPECTIVES ON CONTROVERSIAL SPEECH
THE COMMERCIAL DEVELOPMENT OF THE NET
GOVERNMENTAL & SOCIAL IMPLICATIONS OF DIGITAL MONEY
INTERNATIONAL PERSPECTIVES ON CRYPTOGRAPHY
CYPHERPUNKS & CYBERCOPS
REGULATION OF ISPs
SPAMMING
INFOWAR
INTELLECTUAL PROPERTY AND INFO-PROPERTY
THE 1996 ELECTIONS: CREATING A NEW DEMOCRACY
THE COMING COLLAPSE OF THE NET

INFORMATION:

A complete conference brochure and registration information are
available on our web site at: http://www.cfp.org

For an ASCII version of the conference brochure and registration
information, send email to: [email protected]

For additional information or questions, call: 415-548-2424

------------------------------

Date: Mon, 6 Jan 1997 20:14:17 -0800 (PST)
From: Declan McCullagh <[email protected]>
Subject: File 7--Foreign spies snoop the Net, from The Netly News

The Netly News
http://netlynews.com/

SPY VS. SPY
January 6, 1997
By Declan McCullagh ([email protected])

Move over, James Bond. Take your last bow, Maxwell Smart.
Modern spies are jacked into the Net, a recent report from the
multiagency National Counterintelligence Center says. It claims
the Internet is now the "fastest growing" means for foreign
governments and firms to gather information about U.S.
businesses.

The eight-page quarterly report says that malevolent "foreign
entities" are sorting through web sites, pounding on search
engines and firing off e-mail queries to U.S. defense contractors
in hopes of winnowing out sensitive data.

"Use of the Internet offers a variety of advantages to a
foreign collector. It is simple, low cost, non-threatening and
relatively 'risk free' for the foreign entity attempting to
collect classified, proprietary, or sensitive information... We
also know foreign intelligence and security services monitor the
Internet," says the report, which is distributed to government
agencies and contractors.

Search engines apparently serve spies well. Want a copy of
something you shouldn't be able to get? Perhaps it was left in an
unprotected directory; try Altavista. "Foreign intelligence
services are known to use computers to conduct rudimentary
on-line searches for information, including visits to governments
and defense contractors' on-line bulletin boards or web sites on
the Internet. Access to Internet advanced search software
programs could possibly assist them in meeting their collection
requirements," the NACIC briefing paper says.

Beware of spam from spies, it warns: "These foreign entities
can remain safe within their borders while sending hundreds of
pleas and requests for assistance to targeted US companies and
their employees." Of course! This is any e-mail spammer's modus
operandi: Flood an astronomical number of addresses at an
infinitesimal cost. Then hope that at least some recipients will
respond with the information you want.

This isn't the first time that the Clinton administration has
painted economic espionage as a dire threat. Last February, FBI
director Louis Freeh warned the Senate Select Committee on
Intelligence of the possible harm. He said foreign governments
are especially interested in "economic information, especially
pre-publication data" including "U.S. tax and monetary policies;
foreign aid programs and export credits; technology transfer and
munitions control regulations... and proposed legislation
affecting the profitability of foreign firms acting in the United
States."

Note to Freeh: That information already is online. For
proposed legislation, try Thomas -- or for munition regulations,
the White House web site is a good bet.

But forget Freeh's rhetoric. The White House isn't serious
about halting the overseas flow of American secrets over the Net.
If it were, President Clinton would lift the crypto export
embargo. Strong encryption is the most effective way for
companies to fend off foreign data-pirates, but current
regulations allow U.S. multinational firms to use only the
cipher-equivalent of a toy cap gun. Worse yet, last week the
Commerce Department moved further in the wrong direction by
releasing its new encryption export regulations that continue to
keep American businesses at a competitive disadvantage compared
to their foreign competitors, which generally are less hampered
by crypto export rules. "The new regulations are worse" than the
old, says Dave Banisar, a policy analyst at the Electronic
Privacy Information Center.

Sure, France and Britain spy on us for economic purposes.
But we're just as guilty. We snooped on the French -- and got
several U.S. "diplomats" kicked out of France two years ago. We
peeked at Japanese secrets during automobile trade negotiations
-- and got caught then, too. Especially under President Clinton,
economic intelligence has become part of the mission of our spy
agencies. Yet if we complain about other countries while doing it
ourselves, we become hypocrites.

Stanley Kober, a research fellow at the Cato Institute,
argues in a recent paper that it's "folly" for the U.S. to
continue such spying and risk alienating political allies: "The
world is still a dangerous place, and it would be folly for the
democracies to engage in nasty intramural squabbles. Yet that is
the danger that economic espionage against other free societies
poses."

"Washington ought to consider that it may need the
cooperation of Paris (or other Western capitals) to help deal
with a mutual security threat" from terrorism, Kober writes.

I asked Kober what he thought of the NACIC report. "It
strikes me as a normal security reminder," he says. "The
specifics are fairly slim. It's not the sort of thing that's sent
to everyone. It's sent to their clients, the people who have
government contracts. Since the Internet is new, they're telling
people to be careful."

Indeed, netizens must be careful. It's common sense, really,
and defensive driving for the Net. Encrypt that e-mail. Use the
anonymizer at least once a day. Let paranoia be your watchword.
That e-mail from your mother may come from the KGB. When you're
not watching it, your monitor may be watching you.

Be afraid, Maxwell Smart. Your shoe phone may be listening back.

------------------------------

Date: Mon, 16 Dec 96 16:37 CST
From: Cu Digest ([email protected])
Subject: File 8--Soliciting a Child via Computer now a Crime in Illinois

SOLICITING A CHILD VIA COMPUTER NOW A CRIME

A state law effective Sunday makes it a crime (in Illinois)
for anyone to use cyberspace to lure children into sex. Violators
face up to 5 years in prison if convicted.

The law goes a step beyond existing laws that make it a crime
to take indecent liberties with a minor. Earlier this year, FBI
agents arrested more than a dozen people accused of using America
Online to meet children for sex.

------------------------------

Date: Fri, 3 Jan 1997 01:16:39 GMT
From: [email protected](Hud Nordin)
Subject: File 9--Re: Cu Digest, #8.93 (xchaotic Xmas e-bombings)

>today's act of "cyber-terrorism" is brought to you by the
>letters 'A', 'D', and the number '1'. and the person who
>brought it to you? you know who you are. <p>

Run! Johnny's got his gun but he doesn't know how to shoot straight!

Johnny, in the December Unamailer/xchaotic manifesto alleged to you,
you seem to wish people would be more accurate in their dealings with
the Net.

In your victims list, I find this fascinating excerpt:

> [email protected] Co$ Supporter or Member

> the cult of scientology needs to be shut down. it is a
> criminal organization and should be treated as such.

Your research is shoddy. I am neither a member nor a supporter of the
Church of Scientolgy. In fact, I am a critic. (My Usenet posting
history should prove it. If you can't be bothered to check, maybe this
sentiment will do: Fuck the lying sonofabitch L. Ron Hubbard and the
bait-and-switch scam "church" he rode in on. OK? I can provide
references.) I am highly insulted to find myself labeled a proponent of
scientology.

I expect you to apologize to me. After that, issuing a retraction would
be the right thing to do.

You may be relieved to know that you didn't wind up inconveniencing me
-- someone who shares many of your beliefs; I easily installed
procmail shields to divert your errant flood.

Please be more careful in your next act of sabotage. Actually, you
might want to reconsider this whole bombing thing. You are hurting
people. I think you are hurting your cause.

Hud Nordin
[email protected]

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 10--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #9.03
************************************