Computer underground Digest Tue July 8, 1997 Volume 9 : Issue 54

Computer underground Digest Tue July 8, 1997 Volume 9 : Issue 54
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.54 (Tue, July 8, 1997)

File 1--CyberPromo/Wallace meet the Hormel Spammers (fwd)
File 2--(Fwd) Spam Lawsuit
File 3--Solid Oak's response to "G-17 error"
File 4-- Re: CYBERsitter problems
File 5--Islands in the Clickstream
File 6--HIGH CONCEPT VIRUS FILM IN PRODUCTION
File 7--book on hacker cult/underground.
File 8--Underground extract: System X
File 9--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sun, 6 Jul 1997 23:18:31 -0400 (EDT)
From: [email protected]
Subject: File 1--CyberPromo/Wallace meet the Hormel Spammers (fwd)

Source - TELECOM Digest, Sun, 6 Jul 97 - Volume 17 : Issue 173

((MODERATORS' NOTE: For those not familiar with Pat Townson's
TELECOM DIGEST, it's a an exceptional resource. From the header
of TcD:
"TELECOM Digest is an electronic journal devoted mostly but
not exclusively to telecommunications topics. It is
circulated anywhere there is email, in addition to various
telecom forums on a variety of public service systems and
networks including Compuserve and America On Line. It is also
gatewayed to Usenet where it appears as the moderated
newsgroup 'comp.dcom.telecom'. Subscriptions are available to
qualified organizations and individual readers. Write and tell
us how you qualify:
* [email protected] * ======" ))

Date--Sun, 06 Jul 1997 17:08:30 -0400
From--The Old Bear <[email protected]>
Subject--Hormel Takes Action Against Spammer

The ultimate irony ...

ON THE INTERNET, NO ONE KNOWS THAT SPAM COMES IN CANS

To Internet users, "spamming" means wholesale distribution of
junk e-mail, but to the Hormel Foods Corporation, Spam is a
scrumptious and nutritious pressed meat that they sell in a can.

So Hormel has demanded that junk e-mail distributor Cyber
Promotions Inc. stop using the name Spam and also stop using a
picture of a can of Span on its Internet site. "We want them
to recognize that Spam has been a widely known Hormel Foods
trademark for 60 years and they are not authorized to use that
trademark for their commercial use."

[as summarized from 'USA Today' (July 3, 1997) by Edupage]

------------------------------

Subject--Hormel Objects to Use of Name "Spam"
Date--Sun, 6 Jul 1997 00:00:37 PDT
[email protected] (Tad Cook)

Hormel Foods Warns Junk E-mailer to Drop Use of `Spam' Trademark

BY REID KANALEY, THE PHILADELPHIA INQUIRER
Knight-Ridder/Tribune Business News

PHILADELPHIA--Jul. 3--They kept a lid on their feelings for the last few
years, but the people who can Spam are finally opening up.

They hate ... "spam." At least, they hate to see their beloved product
associated with junk e-mail.

Hormel Foods Corp. has put the Internet's self-proclaimed Spam King,
Philadelphian Sanford "Spamford" Wallace, on notice: It considers his
adoption of the famous luncheon meat's name in connection with Cyber
Promotions Inc., his junk e-mail business, an unauthorized use of the Spam
trademark.

In the online world, the term "spam" is a common and disparaging
reference to unsolicited mass e-mailings that promote everything from
fad diets to get-rich-quick schemes and porn sites on the World Wide
Web.

Wallace said he decided to use "spam" in his name after his most
enraged critics began doing it to him. "I thought it would be catchy,"
he said yesterday. Three months ago, he registered the e-mail domain
names "spamford.net" and "spamford.com." He is often pictured with
cans of Spam.

"The irony here is that we're actually promoting the name Spam. Hormel
is probably getting a benefit from it," contended Wallace.

Hormel thinks otherwise. Wallace is blurring the distinctiveness of
the trademark, company lawyers told him in a stern letter last week:
"Nor does Hormel Foods wish to be affiliated with your company, your
bulk e-mail business, or the usage you have made of Hormel Foods'
trademark, which we view as tarnishing its image." The letter demands
that Wallace drop "spam."

The official response, a letter Wednesday from Wallace's attorney
Ralph Jacobs, was just as emphatic: "If all your client wants is for
Mr. Wallace to agree not to pose next to a can of Spam ... we can
probably work something out. If your client objects to the use of the
word `spam' to refer to my client's business, it's far too late to
change the vocabulary of 25 million Internet users."

------------------------------

From--Ed Ellers <[email protected]>
Subject--Spamford Blows Off Hormel
Date--6 Jul 1997 01:46:29 GMT
Organization: AT&T WorldNet Services

This is a press release that Cyber Promotions issued on Wednesday
after Hormel demanded that the term "spam" no longer be used to
describe unsolicited messages.

--------------------------------

SPAM I'm Not

Cyber Promotions says "NO" to Cease & Desist from Spam distributor, Hormel
Foods.

For Immediate Release:

Philadelphia 7-2-97 --- Cyber Promotions, Inc., the country's best
known Internet mass e-mail firm, announced today that it had rebuffed
threats by Hormel Foods Corporation over the use of the word SPAM in
connection with unsolicited Internet e-mail. Cyber Promotions
received a cease and desist letter from lawyers for Hormel,
distributors of the Spam meat product, complaining that Cyber had
disparaged Hormel's trademark.

Cyber Promotions rejection of Hormel came in a letter from Cyber's
counsel, Ralph A. Jacobs, Esq., of the law firm of Hoyle, Morris &
Kerr in Philadelphia. In the letter, Jacobs reminded Hormel that
there was no likely confusion because in cyberspace, spam refers to an
e-mail practice, not to a food product, and he quoted a recent {Wall
Street Journal} article in which Hormel's general counsel acknowledged
as much. Mr. Jacob's letter also reminded Hormel's lawyers that a
federal court in New York had rejected Hormel's trademark infringement
case against Jim Henson over a Muppet named Spa'am.

Sanford Wallace, a.k.a. SPAMford, president of Cyber Promotions,
commented: "We had no thought of Hormel when we registered
www.spamford.com. On the Net, when people say spam they think of us,
not a processed meat product. Try searching for spam on the Internet
and you'll find that's true. Our business is e-mail, not canned meat.
It's far too late to change the vocabulary of 25 million Internet
users."

[TELECOM Digest Editor's Note: None the less I hope Hormel sues him
vigorously and forces him to discontinue *his* use of the term to
describe his practices. Anyone who wishes to sue Spamford and cause
him to have obscene legal bills is my friend. Anyone who wants to
cause him as much grief as possible should be saluted, and that most
definitly includes the various hackers who are trying hard to put him
out of business. Perhaps Hormel should start a web page which has
various recipies involving their meat product and then proceed with
their suit against him. Does anyone know what his current 800 number
is? Netters who want to contact him by phone are asking. PAT]

------------------------------

Date: Sat, 31 May 1997 11:48:13 -0500
From: David Smith <[email protected]>
Subject: File 2--(Fwd) Spam Lawsuit

Here is our foray into the world of fighting spam. Our target :
forged return e-mail addresses to systems the spammers don't have
permission to use.

I can send a copy of the actual lawsuit, upon request.

------- Forwarded Message Follows -------

FOR IMMEDIATE RELEASE

TEXANS SUE TO RECOVER DAMAGES FOR INTERNET "SPAM" CLAIMING ELECTRONIC
TRESPASS AND NUISANCE

Austin, Texas, May 28, 1997: Several Internet leaders in Austin,
Texas filed a lawsuit yesterday afternoon against a company and an
individual believed to be responsible for the mass distribution of junk mail
over the Internet, also called "spam." The suit claims that C.N.
Enterprises and Craig Nowak of San Diego, California, sent thousands of
electronic messages selling information on "Free Cash Grants" for
$19.95. The ad's content was not only misleading, the lawsuit claims,
but the company's e-mail used a false return address, causing the
electronic mail boxes of several Austin residents to overflow with
returned copies of the junk mail.

According to the lawsuit, by using a false return address, those who
send junk mail over the Internet can avoid the anger that results
from this controversial practice. They can also avoid dealing with
the thousands of "bounce" messages that result from sending e-mail to
invalid or outdated addresses. "In effect," the lawsuit alleges,
"C.N. Enterprises deliberately dumped tons of its electronic garbage
and pollution" into the Austin residents' mailboxes. The lawsuit
claims that the use of false return addresses on junk e-mail, and the
resulting fallout on those who own the addresses used, is illegal
under the traditional common law causes of action of nuisance,
trespass and conversion.

The lead plaintiff is Tracy LaQuey Parker, a leading Internet
author, who owns the Internet domain name used by C.N. Enterprises
without her permission. Said Ms. Parker, "As a long-time Internet
advocate, I am saddened that the goodwill spirit of the Internet is being
spoiled by irresponsible individuals who forge their identity in order to
make a quick buck. There are plenty of examples of legitimate
commercial uses of the Internet. This isn't one of them."

Joining Ms. Parker in the lawsuit are her husband Patrick Parker
and Peter Rauch, both Ms. Parker's business partners. Also joining the
suit are Zilker Internet Park, Ms. Parker's Internet service provider, which
had to deal with the flood of messages stemming from the "spam," and
two active Texas Internet groups, the Texas Internet Service Providers
Association (TISPA), a group of commercial Internet service providers,
and EFF-Austin, a local Internet civil liberties organization.

(more)

Page Two -- Texans Sue to Recover Damages for Internet "Spam"

John Quarterman, an owner of Zilker Internet Park, stated, "'Spam'
is a large and rapidly growing problem which has cost Zilker Internet
Park and many other ISPs and Internet users much time and money. We
have put many technical blocks in place to limit it. With this lawsuit, we
are taking the next step to help stop this abuse of the Internet."

TISPA and EFF-Austin joined the lawsuit in an effort to broaden
the legal precedent beyond Ms. Parker's single Internet domain name,
according to Gene Crick, TISPA's president. "Increasingly, 'spammers'
are using false return addresses to avoid taking full responsibility for the
harm caused by their unsolicited commercial e-mail," Crick said. "These
forgeries dump huge volumes of unwanted junk mail onto Internet
companies and their customers. TISPA would like to see the court grant
a broad and clear injunction prohibiting this practice."

The lawsuit was filed on behalf of LaQuey and the others by Pete
Kennedy and Roger Williams of George, Donaldson & Ford, L.L.P. of
Austin. Among its other Internet related cases, the law firm has been
involved in lawsuits against the United States Secret Service and Simon
Leis, the Hamilton County (Ohio) Sheriff, over the seizure of private
e-mail.

# # #

For more information, contact:

Plaintiffs:
Tracy LaQuey Parker and Patrick Parker, 512-454-7748
John Quarterman, MIDS 512-451-7620
Gene Crick, Texas Internet Service Providers Association (TISPA),
512-303-1021
Jon Lebkowsky, EFF-Austin, 512-444-5175

Law Firm:
Peter Kennedy or Roger Williams
George, Donaldson & Ford, L.L.P., 512-495-1400

Media Contact:
Peggy Hubble or Sondra Williams, MEM/Hubble Communications,
512-480-8961

David Smith
[email protected]
512-304-6308

------------------------------

Date: Sun, 06 Jul 1997 19:01:26 -0500 (CDT)
From: Bennett Haselton <[email protected]>
Subject: File 3--Solid Oak's response to "G-17 error"

Source - [email protected]

This is the letter that Solid Oak Software sent out to one person who wrote
to them reporting a "G-17" error (the fake error that the installer gives if
it detects that you have visited the Peacefire web site).

He was told that he had to pay for the full version. This puts a new spin
on what Milburn said in the PC World article
(http://www.pcworld.com/cgi-bin/database/body.pl?ID=970702181157) when he
admitted that the installer scans the user's hard drive: ""We reserve the
right to say who gets to install our software for free." But even people
who have visited Peacefire can install the software, as long as they pay?

He also said in the article: "If Bennett Haselton is alleging that we get
some kind of information sent to us, I mean that's ridiculous. If the
program fails to install, I don't see how any way shape or form that would
be an invasion of privacy." But judging by the response from Solid Oak tech
support, if you tell them that you got the error, they discern that you have
visited Peacefire and tell you something that isn't true (you can't use the
program) in order to get you to pay them money. Hence, the error results in
information being sent to them that you would probably rather keep private.

I deleted the address of the sender and the text of his original message to
avoid tipping off Solid Oak who the person actually was.

From: Technical Support <[email protected]>
To: [name and address deleted -Bennett]
Date: June 5, 1997 6:38 pm
Subject: File 4-- Re: CYBERsitter problems

I am sorry, but you will not be able to run the trial version of CYBERsitter.

The retail version _will_ install properly, but the trial version will not
install on your computer.

On 06/05/97 6:20pm you wrote...

[a message reporting the G-17 error, text deleted -Bennett]

[email protected] http://www.peacefire.org
(901) 366-1452 (home) after 6 PM central time and all day on weekends
(901) 922-6930 (work)

------------------------------

Date: Fri, 20 Jun 1997 22:34:10
From: Richard Thieme <[email protected]>
Subject: File 5--Islands in the Clickstream

Islands in the Clickstream:
The Power of Projection, the Power of Digital Presence

Welcome to the blank screen.
A computer monitor glowing in the dark. Pixels constellated
as an image of printed text. The belief that behind those images
is a human intelligence, whose energy and presence you sometimes
swear you can "feel." Once that belief becomes our shared or
consensus reality, you believe that "I" am talking to "you."
Believing is seeing. Believing is the precondition of a
possibility.
So ... here I am again.

Twenty years ago, I moved to Mutton Hollow, a rural area of
northern Utah. Since I had lived only in Chicago, London, and
Madrid previously, this took some getting used to. The pleasures
of a big city were far, far away.
We were high against the Wasatch Front, and the winter skies
were magnificent. I bought a telescope with a long barrel. Since
the seeing was best at the top of the sky where the air was
clearest, I often lay a tarp on the frozen snow so I could lie on
my back and look straight up.
I moved slowly through the star fields, pausing at a cluster
or the Great Nebula in Orion before losing myself in the three-
dimensional darkness among the blue, white, yellow, and blood-red
stars.
The stars and the vast spaces between them became my
companions. I still can't identify most constellations, however.
A constellation is an arbitrary pattern imposed on a random
scattering of stars. I guess I can see it's a bull, but it might
as well be a bear or a crawling baby.
The images our forebears used to connect the dots were
projected from within their own psyches. Once there was a
consensus reality about what they were, the projections became
"real." It really was a herdsman or a bear "out there."

The computer monitor at which we are both looking right now
is a powerful invitation to project a pattern onto what we are
seeing.
Haven't you read an email or an IRC communication when your
emotion was running high, and you could swear you felt the
presence of the sender in the room? As if they were right there
in the words you were reading? Hasn't it sometimes seemed beyond
coincidence when you went on-line with someone on your mind and
bingo! there they were!
Or there their words were. But were they in the words you
read? And did the words mean what you thought they meant?
It is a perpetual dilemma of the human condition that we can
not easily distinguish our projections from genuine perceptions.
Carl Jung said the soul or psyche projects its contents onto
archetypal symbols that invite them. You can tell there's
projection, he said, when there's secrecy, fascination, and high
energy.
A speech I have given for portfolio managers and others
interested in the psychology of investment is called "The Stock
Market, UFOs, and Religious Experience." What do those three
things have in common? All three domains invite powerful
projections, and we think we see "out there" in the economy or
the markets, in the night sky, or in the universe itself that
which we have projected onto it.
Something is out there, something elicited the projection,
but we can't see what it is until we withdraw our projections and
integrate them once again into our selves. Then we can see where
we end and someone else begins.
Confusion of boundaries bedevils online relationships as
well as those in the flesh.
All religious and spiritual traditions have tools designed
to help us integrate our projections into our selves. We call the
process "getting it together," the end result "integrity." We say
we "feel centered," when we take back the power we have projected
onto another or given away.

The pixels on your monitor invite projection.
Secrecy, fascination, and high energy.
How about it? Have they characterized any of your online
exchanges or adventures?
If there is a context for a personal or business
relationship before email is exchanged, the online exchange is
anchored. Face-time and telephone-time too ground the exchange.
When people connect online and do not mitigate their encounter
with a context that grounds it, the projections -- and the sparks
-- can fly.
The greater your intention to crate a context that grounds
your email, the greater the likelihood you will not be
misunderstood. That requires imagination, an ability to see
different interpretations for your words. You may think the words
you sent were crystal clear, but the person on the other end,
returning to their cubicle in a dour mood, may receive them like
a boxing-glove coming out of a closet.
The fewer words you provide, the greater the invitation to
project. The stars can be a bull or a bear or a crawling baby.
In business as well as personal online communication, we are
responsible for creating a context that enables our words to
vibrate with obvious meaning.
The digital image at which you are looking is a simulation
of printed text, which simulated written words, which simulated
spoken words. Reading silently to ourselves is a relatively late
practice. T. S. Eliot may have thought that his "words echo thus
in your mind," but only a few generations ago, schoolchildren
read aloud, all together, so the schoolmaster would know they
weren't shirking. The only real words were spoken words.
Some think spoken words are a specialized kind of gesture.
Gestures are feelings felt so strongly they make the whole body
vibrate like a violin.
When I intend to communicate to you in this medium, all I
have is my intention to focus energy and information so you "get
it." We human beings are nothing but organized systems of energy
and information. That's what computers are too. The words on your
screen are merely the echo of a gesture, feelings felt so
strongly they show up and glow through the words. It isn't words
alone, though, it's the energy or the shape of the energy seen
and felt through the words that you "get." A spirit making the
electrons coalesce by sheer force of will so you see, and
sometimes feel, my presence in the room, in your life, in your
head and heart.
Believing is seeing.
So ... as I said ... here I am again.

**********************************************************************

Islands in the Clickstream is a weekly column written by
Richard Thieme exploring social and cultural dimensions
of computer technology. Comments are welcome.

Feel free to pass along columns for personal use, retaining this
signature file. If interested in (1) publishing columns
online or in print, (2) giving a free subscription as a gift, or
(3) distributing Islands to employees or over a network,
email for details.

To subscribe to Islands in the Clickstream, send email to
[email protected] with the words "subscribe islands" in the
body of the message. To unsubscribe, email with "unsubscribe
islands" in the body of the message.

Richard Thieme is a professional speaker, consultant, and writer
focused on the impact of computer technology on individuals and
organizations.

Islands in the Clickstream (c) Richard Thieme, 1997. All rights reserved.

ThiemeWorks P. O. Box 17737 Milwaukee WI 53217-0737 414.351.2321

------------------------------

Date: Thu, 26 Jun 1997 13:44:54 -0500 (CDT)
From: Crypt Newsletter <[email protected]>
Subject: File 6--HIGH CONCEPT VIRUS FILM IN PRODUCTION

Source - CRYPT NEWSLETTER 43
June -- July 1997

HIGH CONCEPT VIRUS FILM IN PRODUCTION

While visiting the East Coast in June, Crypt Newsletter ran
across the filming of a computer virus movie in Hampton Roads,
Virginia. Starring Jamie Lee Curtis and William Baldwin, the movie
is based on a old comic book series entitled "Virus." Alert readers
may remember Crypt News covering it -- tongue in cheek -- way
back in 1993.

For those who don't, here's the scoop.

Originally published by a company called Dark Horse, "Virus" was
the very essence of high concept: non-stop action, nonsensical
pseudo-science, absence of plot, and gruesome mutilations with a
somewhat pretty-looking woman heroine thrown in for punctuation.

Dark Horse made its name peddling an endless flood of such titles,
most devoted to squeezing the last drop of greenish ichor from movies
like "Alien" and "Predator." That philosophy ensured just about anything
it printed was a big hit, selling out immediately in the kinds of comic
stores run by tubercular-looking men with an intense dislike
for patrons who don't reserve at least ten new titles each month.

That said, the first issue of "Virus" was almost OK. But
almost only counts in quoits and horseshoes. "Virus
featured fair art, tiresome dialogue and a story that
revolved around an abandoned Chinese radar and telemetry ship that
comes under the power of some inter-cosmic computer virus that has
been beamed down from the aether through a radio antenna connected
to the ship's mainframe computer. The original crew of Chinamen is, of
course, dispensed with through a spasm of casual mechanized butchery,
necessitating the trapping of some ocean-wandering riff-raff who think
they're going to appropriate the vessel's equipment for lots of cash
money. Apparently, this is where Jamie Lee Curtis comes in.

Anyway, "Virus" -- the villain -- nixes this plan at once
by ripping the breast-bone out of one of the looter/scientists with
the aid of a computer-controlled winch. E-mail Risks Digest and report
this to Peter Neuman at once!

"Aaaiiieeee!" screech the trapped sailors. They want out, but not
before being attacked by something that looks like a cross between
a kite and a flying pipe-wrench made from sails and human integument.

While perhaps potentially interesting to infowar shamans at the National
Defense University, Crypt News suspects the movie adaptation will be as
numbingly contrived and psychotically bloody as the original. Look for
it next summer.

Postscript: Rumors that John Buchanan is serving as technical
advisor on the "Virus" set are scurrilous lies!

((CRYPT Newsletter is published once a month. For subscription
or other information, contact the editor:

Editor: Urnst Kouch (George Smith, Ph.D.)
Contributing Editors: Stephen Poole, Rob Rosenberger
INTERNET: [email protected]
[email protected]

Mail to:
Crypt Newsletter
1635 Wagner St.
Pasadena, CA 91106
ph: 818-568-1748

------------------------------

Date: Mon, 23 Jun 1997 06:02:58 -0700 (PDT)
From: Darren Reed <[email protected]>
Subject: File 7--book on hacker cult/underground.

Most of us are used to reading stories about hacking by the people
who did the catching of the hackers...this one is an ongoing story
of the local hacker scene...with not so local contacts and exploits.

Some of the important things to note are just how well they do work
together, as well as competing with each other and what they do when
they get pissed off with each other. Meanwhile most of the white hats
are too busy trying to hoard information from the other white hats...

Having been on the "victim" side in the past, it is quite frustrating
when someone you've worked to have arrested gets off with a fine. Most
of us would agree that they should be locked up somewhere, but
accoriding to what's in the book, most of them are suffering from either
problems at home or other mental disorders (including one claim in court
to being addicted to hacking). Anyone for a "Hackers Anonymous Association"
for help in drying out from this nefarious activity ? At least in one
case documented within the perpetrators get sentenced to time behind bars.

It's somewhat comforting to read that people have actually broken into
the machines which belong to security experts such as Gene Spafford and
Matt Biship, although I'd have prefered to have not read how they
successfully broke into the NIC :-/ Don't know about you, but I don't
care what motives they have, I'd prefer for them to not be getting inside
machines which provide integral services for the Internet.

For all of you who like to hide behind firewalls, in one instance a hacker
comes in through X.25 and out onto the Internet. Nice and easy 'cause
we don't need to firewall our X.25 connection do we ? :-)

Oh, and just for all those VMS weenies who like to say "We're secure,
we run VMS not Unix" - the first chapter of the book is on a VMS worm
called "WANK" that came close to taking the NASA VMS network completely
off air. I wonder how long it will take for an NT equivalent to surface...

All in all, a pretty good read (one from which I'm sure hackers will learn
just as much from as the rest of us).

The book's details are:
Title: UNDERGROUND - Tales of Hacking, madness and obsession on the
Electronic Frontier
ISBN 1-86330-595-5
Author: Suelette Dreyfus
Publisher: Random House
Publisher's address: 20 Alfred St, Milsons Point, NSW 2061, Australia
Price: AUS$19.95

before I forget, the best URL for the book I've found is:
http://www.underground.org/book
or
http://www.underground.-book.com

(the publisher's one is rather lame)

------------------------------

Date: Tue, 24 Jun 1997 19:07:08 -0700 (PDT)
From: [email protected]
Subject: File 8--Underground extract: System X

Anyone read this book? Apparently the first in-depth investigation
into the international computer underground to come out of the
Southern-Hemisphere - or so I'm told ;) - J.A

Extracts from Underground - The true nature of System X

Extracted from Chapter 10 - "Anthrax - The Outsider"

Note: System X's name has been changed for legal reasons.

Sometimes the time just slipped away, hacking all night. When
the first hint of dawn snuck up on him, he was invariably in
the middle of some exciting journey. But duty was duty, and it
had to be done. So Anthrax pressed control S to freeze his
screen, unfurled the prayer mat with its built-in compass,
faced Mecca, knelt down and did two sets of prayers before
sunrise. Ten minutes later he rolled the prayer mat up, slid
back into his chair, typed control Q to release the pause on
his computer and picked up where he left off.

This company's computer system seemed to confirm what he had
begun to suspect. System X was the first stage of a project,
the rest of which was under development. He found a number of
tables and reports in System X's files. The reports carried
headers like 'Traffic Analysis', 'calls in' and 'calls out',
'failure rate'. It all began to make sense to Anthrax.

System X called up each of the military telephone exchanges in
that list. It logged in using the computer-generated name and
password. Once inside, a program in System X polled the
exchange for important statistics, such as the number of calls
coming in and out of the base. This information was then stored
on System X. Whenever someone wanted a report on something, for
example, the military sites with the most incoming calls over
the past 24 hours, he or she would simply ask System X to
compile the information. All of this was done automatically.

Anthrax had read some email suggesting that changes to an
exchange, such as adding new telephone lines on the base, had
been handled manually, but this job was soon to be done
automatically by System X. It made sense. The maintenance time
spent by humans would be cut dramatically.

A machine which gathers statistics and services phone exchanges
remotely doesn't sound very sexy on the face of it, until you
begin to consider what you could do with something like that.
You could sell it to a foreign power interested in the level of
activity at a certain base at a particular time. And that is
just the beginning.

You could tap any unencrypted line going in or out of any of
the 100 or so exchanges and listen in to sensitive military
discussions. Just a few commands makes you a fly on the wall of
a general's conversation to the head of a base in the
Philippines. Anti-government rebels in that country might pay a
pretty penny for getting intelligence on the US forces.

All of those options paled next to the most striking power
wielded by a hacker who had unlimited access to System X and
the 100 or so telephone exchanges. He could take down that US
military voice communications system almost overnight, and he
could do it automatically. The potential for havoc creation was
breathtaking. It would be a small matter for a skilled
programmer to alter the automated program used by System X.
Instead of using its dozen or more modems to dial all the
exchanges overnight and poll them for statistics, System X
could be instructed to call them overnight and reprogram the
exchanges.

---

No-one would be able to reach one another. An important part of
the US military machine would be in utter disarray. Now, what
if all this happened in the first few days of a war? People
trying to contact each other with vital information wouldn't be
able to use the telephone exchanges reprogrammed by System X.

THAT was power.

It wasn't like Anthrax screaming at his father until his voice
turned to a whisper, all for nothing. He could make people sit
up and take notice with this sort of power.

Hacking a system gave him a sense of control. Getting root on a
system always gave him an adrenalin rush for just that reason.
It meant the system was his, he could do whatever he wanted, he
could run whatever processes or programs he desired, he could
remove other users he didn't want using his system. He thought,
I own the system. The word 'own' anchored the phrase which
circled through his thoughts again and again when he
successfully hacked a system.

The sense of ownership was almost passionate, rippled with
streaks of obsession and jealousy. At any given moment, Anthrax
had a list of systems he owned and that had captured his
interest for that moment. Anthrax hated seeing a system
administrator logging onto one of those systems. It was an
invasion. It was as though Anthrax had just got this woman he
had been after for some time alone in a room with the door
closed. Then, just as he was getting to know her, this other
guy had barged in, sat down on the couch and started talking to
her.

It was never enough to look at a system from a distance and
know he could hack it if he wanted to. Anthrax had to actually
hack the system. He had to own it. He needed to see what was
inside the system, to know exactly what it was he owned.

The worst thing admins could do was to fiddle with system
security. That made Anthrax burn with anger. If Anthrax was
on-line, silently observing the adminsU activities, he would
feel a sudden urge to log them off. He wanted to punish them.
Wanted them to know he was into their system. And yet, at the
same time, he didnUt want them to know. Logging them off would
draw attention to himself, but the two desires pulled at him
from opposite directions. What Anthrax really wanted was for
the admins to know he controlled their system, but for them not
to be able to do anything about it. He wanted them to be
helpless.

Anthrax decided to keep undercover. But he contemplated the
power of having System X's list of telephone exchange dial-ups
and their username - password combinations. Normally, it would
take days for a single hacker with his lone modem to have much
impact on the US military's communications network. Sure, he
could take down a few exchanges before the military wised up
and started protecting themselves. It was like hacking a
military computer. You could take out a machine here, a system
there. But the essence of the power of System X was being able
to use its own resources to orchestrate widespread pandemonium
quickly and quietly.

Anthrax defines power as the potential for real world impact.
At that moment of discovery and realisation, the real world
impact of hacking System X looked good. The telecommunications
company computer seemed like a good place to hang up a sniffer,
so he plugged one into the machine and decided to return in a
little while. Then he logged out and went to bed.

When he revisited the sniffer a day or so later, Anthrax
received a rude shock. Scrolling through the sniffer file, he
did a double take on one of the entries. Someone had logged
into the company's system using his special login patch
password.

He tried to stay calm. He thought hard. When was the last time
he had logged into the system using that special password?
Could his sniffer have logged himself on an earlier hacking
session? It did happen occasionally. Hackers sometimes gave
themselves quite a fright. In the seamless days and nights of
hacking dozens of systems, it was easy to forget the last time
you logged into a particular system using the special password.
The more he thought, the more he was absolutely sure. He hadn't
logged into the system again.

Which left the obvious question. Who had?
___________________________________________________
[This extract may be reposted non-commercially and without charge only]

Underground; Tales of Hacking, Madness and Obsession on the Electronic
Frontier, by Suelette Dreyfus; published by Mandarin (Random House
Australia); (P) 475 pages with bib. http://www.underground-book.com/ or
http://underground.org/book

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 9--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540

UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #9.54
************************************