**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.03 (April 8, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- In This Issue: File 1: News and Notes (moderators) File 2: The Future of Hacking (Christopher Seline) File 3: Hacking into Nasa (Ellis Dea) File 4: The FBI sets up Earth First!? (Anonymous contributor) File 5: An Alternative view of Piracy (Jim Thomas/Gordon Meyer) File 6: Hackers in the News: LoD, Australian Hackers -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.03 / File 1 of 6 *** *************************************************************** We still do not have an FTP site for archives, although we have several volunteers if we cannot ultimately set one up here. When we have one, we will permantely post it in the header. If you have not received back issues of CuD but have requested to be placed on the mailing list, re-send your request, and manually include your address in your signature. The biggest problems seem to be those addresses for which we must rely on the headers. BITNET is preferred. We are especially looking to build the archives with research papers, such as those presented at conferences, or published articles for which authors retain copyright. AGAIN WE CAUTION-- PLEASE BE SURE THERE ARE NO COPYRIGHT VIOLATIONS, or we cannot post the articles. Even if an author writes and contributes a piece, if it has been published in an academic journal, the journal normally retains the copyright. However, because most papers are first presented at a conference, and because the final product usually contains substantial revisions, conference papers, or book chapters on which the author retains copyright, are acceptable. Same goes for newspaper articles or transcripts of radio or tv broadcasts. So, send those articles, but if in doubt, err on the side of caution! We will not knowingly distribute anything that violates this or any other laws. We are starting to put together a bibliography listing books and research articles on the computer underground. If you come across any journals, books, or feature-length articles (not simply news blurbs), please pass along the *complete* reference and preferably a summary (or, better, a review/critique) we can publish. NOTE: WE WILL BE AT A CONFERENCE FROM WEDS, APRIL 11 THRU SUNDAY APRIL 15, AND WILL NOT BE ANSWERING ANY MAIL UNTIL MONDAY, APRIL 16. Issue #1.04 will be lengthy--about 2,100 lines. It will go out Monday, April 16, and will be broken down into four (4) individual files of about 500 lines each. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.03 / File 2 of 6 *** *************************************************************** From: "CHRISTOPHER J.D. SELINE - CJS@CWRU.CWRU.EDU" Subject: Hacking in the 90's-the move from active invasions to passive listening To: tk0jut2 I've been thinking about the future of hacking lately. Where is it going to go. What will it be like in a few years. Without taking a poll, I think hacking is going to move toward obtaining information through more passive eavesdropping rather than active invasion of systems. Of course, the active invasion could be preceded by a long passive invasion used to obtain passwords and operating procedures. Basicly, my argument is this: hackers who invade systems are being detected; once detected they are often tracked down through the electroinc network (phone, internet, whatever) and apprehended. Hackers will try to avoid detection by using "passive" systems to obtain information. These passive systems will be either simple line tapping and network eavesdropping, or the interception of compromising emanations (ELINT/CE). ELINT/CE circuit schematics are available through the underground and for less than $200 a hacker can produce a "box" that will "see" what someone is typing on their terminal from several hundred meters away. ELINT/CE doesn't require the physical invasion of an office to place a tap. It is completely undetectable and relatively unknown. Because it is unknown there are _no_ countermeasures in place (except for government activeities with national security information, many FBI terminals, and many DEA terminals). Since it is passive, undetectable, and there are no routinely used countermeasures ELINT/CE represents an extremely safe way to obtain lots of information. For the more adventurous there is always phone line tapping and serial line tapping. The only drawback here is that the connection to someone's phone line does requires (often) a bit of trespass, which makes it more likely the hacker will be caught. And, of course, there is network tapping. With an ethernet is this very very easy (just put your ethernet board in promiscuous mode). This often requires legitimate access to the network, but once a hacker has this physical access there is little information he can not capture. Since most networks don't monitor for "new" ethernet boards attached to the cable, an unauthorised connection can be made with an ethernet net tap. These are all "old" techniques. The intelligence agencies have been using them for a long long time. All of these techniques all the gathering of a great deal of information without the associated risk of directly invading someone's computer. I think that they will be "the hacking of the 90's" as more and more hackers are apprehended using the old methods. Christopher Seline cjs@cwru.cwru.edu =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.03 / File 3 of 6 *** *************************************************************** (Contributed by Ellis Dea) The March 19, 1990 issue of The Scientist contains an article titled "NASA Network Faulted for Security Gaps" (2, 12). An interesting heading of the page twelve continuation of the article is "NASA Says Best Defense Against Hackers is Prosecution" (12). The Scientist, as usual, maintains its objectivity through the novel approach of supporting BOTH sides of the issue. Although I find it difficult to raise ambivalence and equivocation to the level of objectivity, the publication should at least be commended for at least mentioning the faulty security, especially as almost everybody reading this knows full well that the system password for NASA's computer system was for a long time 3210 (cleaver? who would ever think of trying that?). SPAN (Space Physics Analysis Network) is an unclassified network on which research scientists share information that is vital to their work. Much of the information could be of general interest, but much of it would be far over the head of the average "hacker." SPAN investigates every violation of security, it says, but one wonders why. None of the alleged incidents have resulted in any loss of data, thus proving that those who did gain access illegally had no malice in mind. If they had resulted in loss of data, however, I would strongly question why that information was not backed up. Better yet, why is the information restricted at all? Why not simply make this information available to the general public, perhaps on a duplicate machine? What is happening here is a conflict between the General Accounting Office (GAO) and the people who are trying to maintain the computer system. The GAO is pointing out, quite correctly, that they are doing their jobs. NASA is countering that it is much better to prosecute than to prevent (not quite in those words, but that is the point that emerges). The truth of the matter is that those who are supposed to preventing unauthorized access to the SPAN network are incompetent. The best way to cover up incompetence is to hide behind some sort of moral or legal shield. Actually, what the GAO says in its report makes perfect sense which may be one reason why NASA is resisting it and posturing instead: "Suppose a SPAN user at university X taps into the system and is connected with the Johnson Space Center. And suppose he figures out how to bypass the files he is pointed to and taps into another database. Could he cause significant damage to that system is he tried to change it? And what's the information worth? That's what we think NASA should be trying to find out." Suppose the system is such that he could NOT cause significant damage? Why worry about it then? Suppose the information is worthless? Why bother? Why not try to find out? Because this "hacker" could cause significant damage and NASA knows it. Furthermore, NASA is incapable, at the present time, of preventing it. If NASA had enough brains, it would hire some of these "hackers" as consultants and fix their systems rather than expecting our penal system to do it for them. At the present time, it seems that NASA is relying on the threat of prosecution to prevent unauthorized access to SPAN. One of NASA's arguments is that to increase security would make access more difficult. Since their database is designed primarily for scientists, especially astrophysicists, one can not expect them to make the system too complicated and thus above the heads of their users, but one can expect at least of modicum of expertise in these areas from them. Certainly, the threat of prosecution seems absurd. We can realize its absurdity by making a simple analogy to everyday life. Of course, it may be considered a bit unfair by NASA for us to expect them to take reality into consideration, but a bit of common sense can not always be out of place. The situation seems to me analogous to saying that we will no longer lock the doors to our homes or automobiles when we leave them --we will henceforth rely on law enforcement to protect our belongings. From now on, we will impose draconian penalties on anyone who steals anything from us without our permission. We will cut their fingers or hands off, castrate them, etc. Even under these conditions, even with a tremendous influx of money for enforcement of these penalties, I am sure that we would continue to lock our doors and I am somewhat certain that even those speaking for NASA in this case would continue to lock their doors. If I could humbly offer a bit of advice to NASA: lock your doors. Furthermore, if you find that a hacker has opened your door, why not seek his advice on how to lock it better? Why not even sponsor some sort of contest? See who does the best job of getting around your security (for they will anyway) and reward that person. Or perhaps punish him by putting HIM in charge of your computer security. He could certainly do a damn better job of it than you are doing now and you could go back to your research. *************************************************************** *** Computer Underground Digest Issue #1.03 / File 4 of 6 *** *************************************************************** Your reference to the FBI tactics in the arrest of Earth First participants as questionable, illegal, immoral, unethical, and generally wrong, led me to look up the original article. It appeared in THE CHICAGO TRIBUNE (and presumably other sources) on March 2, 1990, pp. 1, 12, titled "FBI tactics questioned in probe of activeists," by Terry Atlas, date-lined Phoenix. The article describes what appears to be entrapment, and suggests that the FBI set up the leaders intentionally: "PHOENIX--Mike Tait was a quiet, troubled cowboy, a Vietnam War veteran in his early 40s who wore an Arizona Feeds cap that covered his bald spot. As it turned out, he was hiding a lot more than that. To his best friend, Margaret "Peg" Millett, a part-time counselor at a Planned Parenthood clinic in Prescott, Ariz., tait was a good-hearted redneck who liked to dance and was trying to get in touch with his feelings. Along with Millett and some of her friends, he took an interest in "monkey-wrenching"--disruptive, often illegal, acts in the name of Mother Nature--popularized by the radical environmental group Earth First!. One night last May, Tait drove Millett and two of her trusted friends into the Arizona desert outside Prescott on such a clandestine mission. Suddenly, flares exploded that lit up the desert sky and exposed Tait's secret. More than 40 FBI agencies--on foot, on horseback and in a helicopter--moved in on tait's unarmed friends as they allegedly used a blowtorch in an attempt to cut down a power-line tower. The ambush, and the arrest the next morning of Earth First! founder David Foreman 200 miles away in Tucson, climaxed an 18-month federal undercover investigation into what the government charges was a dangerous group of eco-terrorists whose nighttime raid was a practice run for more serious attacks on power lines at nuclear plants in Arizona, California and Colorado. The investigation was begun with high-level approval from Washington during the Reagan administration. It included putting FBI agent Michael Fain undercover as Mike Tait, backed up by wiretaps, hidden microphones and body wires used to secretly record more than 1,400 %page break, con't on page 12% hours of conversations among environmental activeists." The article goes on to question whether such resources were simply retaliation for Foreman's outspoken advocacy of an anti-nuclear position. The issue raised in the article is that the FBI was out to get Fain. The article continues (p. 12): "And new evidence--an apparently careless remark by agent Fain that was inadvertently recorded--lends some support to Foreman's charge that he was the big catch the government wanted. On one tape that the government recently provided to defense attorneys, what is apparently Fain's voice is heard telling two other FBI agents that Foreman wasn't an actual perpetrator. This is the guy we need to pop to send a message." "That's all we're really doing," he goes on, "and if we don't nail this guy and we get only Davis, we're not sending any message." They laughed that the supposedly fearsome band of environmental radicals was holding a yard sale in Tucson to raise enough money to keep going, and Fain remarks, "They're low budget, and I don't really look for them to be doing a lot of hurting of people." Then suddenly realizing that the tape recorder is on, Fain says, "We don't need that on the tape. Hoo boy," and he shuts it of. Gerry Spence is defending Earth First!, and, according to the article, the trial has been postponed from the original April date. I find the implications of this scary. I don't support bombings and destruction of property, but I like a police state even less. I don't know what counts as a set in law, but common sense tells me that something's not right here. It seems like the FBI is manipulating people and events to assure a particular kind of outcome. What did this entire operation cost? How much will tax payers have to pay for the prosecution of what could result in a fiasco? Who else are the feds manipulating and for what purpose? Who does the approving? Where does legitimate law enforcement strategy end and gestapo tactics begin? I don't have any answers. Does anybody else? =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.03 / File 5 of 6 *** *************************************************************** Gordon and I wrote the following for Northern Illinois University's THE COMPUTING NEWS. It was not published for two reasons. First, despite the fact that our comments are drawn from an on-going research project, it was considered "opinionated." We were in a catch-22 situation: We were required to work within severe space constraints, and could present neither data nor other research citations, yet, we were also advised not to make the article "too scholarly" for a general audience. Second, and apparently most important, we were told that if the article were published, it would appear to violate the NIU policy, so was inappropriate. Only through the most adept feat of intellectual aerobics could such an interpretation be made, because we were then, and our article is quite explicit that, in no way opposing the policy, but only the rhetoric in which it was presented. Our goal was to debate the rhetoric, not the policy. Such a rationale strikes us as the CHILLING EFFECT that has occured because of recent hysteria surrounding alleged computer abuses, and we find it quite ironic that a University, normally the cornerstone of debate, seems to be stifling debate on this issue. So, we present it here instead. We have seen an earlier version of this article floating around on bulletin boards, but this is the final, "official," version. Jim Thomas / Gordon Meyer ****************************************************************** SOFTWARE PIRACY: AN ALTERNATIVE VIEW Jim Thomas and Gordon Meyer (5 March, 1990) ------------------------------------------------------------------- Jim Thomas is an associate professor in Sociology. Gordon Meyer received his M.A. in Sociology in 1989. They are currently researching the computer underground from which the data for this note are drawn. ------------------------------------------------------------------- The university policy against computer software piracy has been widely publicized, including in a recent issue of Computing News (December, 1989). There is no question that the university must protect itself against actions of the NIU community for which it could be held legally accountable. However, based on our current research of the "computer underground" and the active- ities of "phreaks, hackers, and pirates," we find no evidence to support the many value judgments offered in the rationale circu- lated by the university. These normative judgments contribute to law enforcement tendencies to expand the definitions of illegali- ty and, as one recent government publication has done, to place piracy in the same category of crimes as "computer theft" and "theft of trade secrets." Our intent here is neither to justify software piracy nor to challenge University policy. However, be- cause the area of copyright and "computer abuse" law is so new, and because these laws tend to rely in media and other depictions of "computer underground" activeity as criminally sanctionable, we challenge conceptions of underground activeity that seem unsub- stantiated by evidence. The university's normative justification of the University policy can be summarized in three broad principles: 1. Software piracy shows disrespect for the intellectual work and property of others and subverts the mission of higher education. 2. Software piracy deprives authors of a "fair return" for their work. 3. Software piracy is unethical. These assertions help justify criminalization and corresponding sanctions. However, The data from our research do not support these judgments for several reasons. First, software pirates make a clear distinction between "pirates," persons who collect and share software for as hobbyists akin to stamp collectors, and "bootleggers." Bootleggers are persons who distribute software for material gain. Pirates may copy and install programs, but generally their goal is to collect, and they derive satisfaction from running programs for which they have no need and that they will rarely, if ever, use. Second, software pirates--despite the claims of the SPA (Software Publishsers Association)--report spending considerably more money purchasing software than the average user. Many of these purchases are for trading, and there is a strong ethos in the pirate world that if one uses a program, one purchases it. Reasons for purchasing include documentation, acquiring informa- tion about and discounts on updates, and on-line technical sup- port. It is quite common for pirates to purchase identical pro- grams to those they have already obtained. Third, the "no return" policy of most software merchandisers makes it difficult for potential buyers to assess the ability of a program to meet their needs or work adequately on their system. Piracy creates an informed public by assuring that programs are available for pre-testing, by providing a pool of reasonably lit- erate users to publicly discuss the merits of competing products, and to even offer technical assistance to those who have pur- chased a program. In this sense, the "unauthorized" copying of software can be seen as contributing to the university mission of expanding knowledge, of preventing exploitation of consumers, and above all, to the expansion of computer literacy contributing to the free flow of information. Fourth, pirates spend a considerable sum on their hobby. Among the most active topics of discussion among pirates are those of the need to endlessly upgrade, the endless purchase of diskettes on which to store programs, and--with the popularity of 9600 baud modems--the advantages of investing between $600-900 for expanding telecommunications hardware. Because most pirates exchange software across telephone lines, piracy has benefitted telephone companies because of the growth of Bulletin Board Sys- tems (BBSs). Our data indicate that an average monthly phone bill of $200 or more is common, and active pirates easily double that cost. Fifth, there is simply no evidence to corroborate the claim that piracy deprives authors of revenue. Our data suggest that pirates annually purchase no less than three times the 1.5 pro- grams the SPA estimates for the "average" user, purchases direct- ly related to the hobby rather than a need. Further, few students or faculty could afford the price of Dbase 4 and other large pro- grams, and few people could afford to spend several thousand dol- lars a year on computer games. Traded programs would simply re- main unpurchased. Because piracy creates an interest in software, expands consumer literacy, and contributes to a "user culture" that benefits the industry as a whole, we suggest that without such a culture there would be less interest in software and, con- sequently, less revenue for authors. Sixth, the claim that piracy is unethical is usually a glib one made without a strong rationale. Although we make no metaphy- sical claims here, we do suggest that the appeal to ethic in at- tempts to criminalize piracy is far too serious to be so glibly asserted, and the underlying issues require far more research and debate. Even in the debates over VCR reproduction and photocopy- ing books or journal articles, the appeal to ethics was never ad- duced as stridently and self-righteously as in discussions of software piracy. The rapid growth of computer and telecommunications technol- ogy brings with it new ethical, legal, and practical questions of the nature of "private property," free and open access to infor- mation and resources, and definitions of "authorship." Few among us condone any form of predatory behavior. However, we find equally disturbing the tendency to assumptively assert claims and definitions that rightly should be brought into a public forum for debate rather. The University has the obligation to protect the law, but it also has an equal obligation to do so responsibly without contributing to the current hysteria surrounding alleged "computer crime." =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.03 / File 6 of 6 *** *************************************************************** Date: Sat, 7 Apr 90 00:22:43 PDT From: brooney@sirius.UVic.CA(Benjamin Rooney) To: TK0JUT2 Subject: News Articles ----------------------------------------------------------------------- MISSOURI STUDENT PLEADS INNOCENT IN 911 SYSTEM INTRUSION CASE Craig Neidorf, a 19-year-old University of Missouri student, has pleaded not guilty to federal allegations that he invaded the 911 emergency phone network for 9 states. As reported earlier, he was indicted this month along with Robert J. Riggs, 20, of Decatur, Ga. Both are charged with interstate transportation of stolen property, wire fraud, and violations of the federal Computer Fraud and Abuse Act of 1986. Prosecutors contend the two used computers to enter the 911 system of Atlanta's Bell South, then copied the program that controls and maintains the system. The stolen material later allegedly was published on a computer bulletin board system operating in the Chicago suburb of Lockport. Authorities contend Neidorf edited the data for an electronic publication known as "Phrack." According to Associated Press writer Sarah Nordgren, in a recent hearing on the case Assistant U.S. Attorney William Cook was granted a motion to prevent the 911 program from becoming part of the public record during the trial. U.S. District Judge Nicholas Bua set April 16 for a trial. The 911 system in question controls emergency calls to police, fire, ambulance and emergency services in cities in Alabama, Mississippi, Georgia, Tennessee, Kentucky, Louisiana, North Carolina, South Carolina and Florida. Article from "A Networker's Journal" by Charles Bowen INFO-MAT MAGAZINE Vol.6 Num. 2 ----------------------------------------------------------------------------- The following is a press release from the Australian Federal Police concerning the Australian hacker "Dave" mentioned recently in the New York Times and two other hackers. Credit where it is due -- this information came to me from Paul Pavlinovich in Australia where it was originally posted on a Melbourne University newsgroup. Ben Rooney --------------------------------------------------------------------- "MEDIA RELEASE" Monday 2 April, 1990 COMPUTERS SEIZED - THREE ARRESTED Australian Federal Police detectives have executed four search warrants on three private residences and a business address following a six month investigation into computer hacking. Three men, an 18 year old student of North Caulfield, a 20 year old student of Greensborough and a 21 year old Computer Programmer of Frankston have been arrested and are being interviewed by Federal Police. Federal Police computer crime investigators say their inquiries have centred on three hackers who have used the code names 'Phoenix', 'Electron' and 'Nom'. The hackers are alleged to have been gaining illegal access, or breaking into computer systems in the United States and Australia. It is alleged that whilst the hackers were accessing restricted files and information, they also caused damage to those systems. Australian Federal Police allege the hackers used Telecom and Overseas Telecommunications Corporation (OTC) facilities for their illegal activeities, via modems at their home addresses. Through the telephone system they would then use their personal computers (PC) to communicate with the other computer systems in the northern hemisphere and across Australia. The activeities of one computer hacker was brought to the attention of the United States Secret Service in 1988 at which time investigations by the Service showed the Citibank system had been illegally entered by an Australian-based hacker known as Phoenix. Further reports of extensive illegal entry to US computers followed throughout 1989. Federal Police were able to launch their investigation following the introduction in July last year of new Legislation under Part 6A of the Commonwealth Crimes Act covering offences relating to the illegal use of computers. They allege one of the hackers under investigation was identified in recent media stories as 'David' or 'Dave'. He was quoted in the media as having claimed success in his attempts to 'hack' into computers in the United States and stated he was not concerned about being caught, because "he knew that in Australia the laws could punish him with no more than a small fine for trespass." Under the new legislation, Section 76E of the Crimes Act provides for a maximum penalty of 10 years imprisonment for; "Damaging data in Commonwealth and other computers by means of a Commonwealth facility." There is no provision for a fine. The AFP officer heading the investigation Detective Superintendent Ken Hunt said, it was not unusual for the Australian hackers to spend up to 16 hours a day on their PC's and other computers. He said, much of that time would be spent on international telephone lines, with the hackers, through their computer keyboards, directing the cost of their calls to be met by the companies whose computer systems they had illegally accessed. Federal Police were required to enter the premises of the suspects early this morning and quickly disable their computers to prevent the destruction of programme software. During the execution of the search warrants a considerable amount of computer software, print outs and other documentation was seized. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= !