home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
vol1
/
pirate_2.zip
/
PIRATE-2
Wrap
Text File
|
1993-03-31
|
206KB
|
4,337 lines
*******************************************************
** **
** PPPPP I RRRRR AAAAA TTTTT EEEEE **
** P PP I R RR A A T E **
** PPP I RRR AAAAA T EEEEE **
** P I R R A A T E **
** P I R R A A T EEEEE **
**keepin' the dream alive **
*******************************************************
-=> VOLUME 1, ISSUE 2, August, 1989 <=-
**** WELCOME ****
To the second issue of -=* PIRATE *=-!
Special thanks for getting this issue out go to:
Jedi
Hatchet Molly
Blade Runner
Chris Robin
Maxx Cougar
The California Zephyr
Taran King
Knight Lightening
Flint
Epios
Mikey Mouse
Jim Richards
Gene & Roger
Any comments, or if you want to contribute, most of us can
be reached at one of the following boards:
BOOTLEGGER'S >>> PIRATE HOME BOARD
RIPCO (Illinois)
SYCAMORE ELITE (815-895-5573)
THE UNDERGROUND (New Jersey)
GREAT ESCAPE (Chicago)
PACIFIC ALLIANCE (California)
BITNET ADDRESS (Chris Robin): TK0EEE1@NIU.BITNET
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Dedicated to sharing knowledge, gossip, information, and tips
for warez hobbyists.
** CONTENTS THIS ISSUE **
Phile 1. Introduction, editorial, and general comments
Phile 2. Whither the World of Pirates?
Phile 3. How to get things running
Phile 4. Sysops and the Law -- Sysops' Legal Liability
Phile 5. Hackers in the News
Phile 6. Illinois and Texas Computer Laws
Phile 7. Is Teleconnect Dangerous? They're after our rights!
Phile 8. Viruses
Phile 9. BBS NEWS: Review (ATLANTIS) and APPLE #s
>--------=====END=====--------<
*******************************************************
* PHILE 1: EDITORS' CORNER *
*******************************************************
Here we go again with the second issue of *PIRATE*. Lots of
feedback from the last issue, and some good suggestions.
The legal stuff seemed to be the most popular, so we'll try
to expand and upgrade it. Biggest criticism was the
emphasis on IBM, so we'll try to keep the contributions
relevant to all systems and to spread around the specific
topics about equally between them.
We've been asked about our assessment of the virus risk to
pirates. In our view, it's pretty slight. VIRUSES ARE REAL! But
there isn't cause yet for paranoia, and it seems that many of the
so-called "viruses" are user-related, not nasty bugs. But,
because we take viruses seriously, we've included a phile with
some virus information.
Seems to be the season for board crashes. Home board went down
for a bit, and so did a few of those where we hang out. A bunch
of regional and local boards also bit the dust. So, keep stuff
backed up, gang...assume that yours is next!
A few changes in this issue...the articles are in phile form so
they can be uploaded individually to other boards. We've also
tried to keep the issue a bit shorter, to about 2,000 lines. So,
zip it up and upload to your favorite boards, and leave a message
where you can. THE UNDERGROUND has been down for a while,
but is back up and upgraded. GREAT ESCAPE is back up, as is
PAC-ALLIANCE. All are looking better than ever.
---------------
MORE TIPS
---------------
Last issue we published a few basic tips for uploading. A few
of them bear repeating:
1. BE SURE ANY PROGRAM YOU UPLOAD IS COMPLETE!
Nothing is more lame than to upload a partial program.
Copy a program from the original disks, is possible, using
a *good* copy program. Then, zip it, and unzip it and install
it to be sure it works. If there is a trick to installation or
running, add a short zip phile. BE SURE THE PROGRAM WORKS!
Then, make sure you add a zip phile comment to each zip phile
describing the disk ("program disk, 1/5"; "drivers, 2/5").
2. DON'T GIVE OUT THE NUMBER OF YOUR FAVORITE PIRATE BOARD
WITHOUT THE SYSOP'S PERMISSION.
Some sysops like publicity. But, elite boards may not want a
bunch of new callers. Most boards ask for names of other boards
you're on, so if you leave the name, be sure you ask the sysop
if it's ok to also leave the number. We know some elite sysops
who will bump a user who gives out the number without permission.
3. DON'T ACT LIKE AN IDIOT.
One sure way to tell if users will be lamers is if they say
something like "Hey, dude, I'm a pirate, and want complete
access or I'll crash your board." Cool. Real cool, dude. Like,
I mean, wow, ya know? Right, like, ok, here's all the philes.
4. DON'T BE A LEECH!
Nothing is worse than seeing 25 calls a day and no new warez or
messages. When you log on, READ THE BULLETINS AND MESSAGES, and
contribute something, even if it's only a tip, some info, or a
swap list. If anything is going on in your area--hacker busts,
new boards, media stuff on law or related activities, post it (be
sure to give the date and pages of the newspaper so others can
check it out). Some boards (RIPCO, SYCAMORE ELITE, GROUND ZERO)
there are gphile sections for articles. So, take the time to type
out the story (or transcribe from tape if it's tv or radio) and
upload as .zip or gphile. (Be sure to do this in ascii format).
Or, send to CHRIS ROBIN on bitnet and s/he (are you male or
femme, Chris?) will do the rest.
5. KNOW THE BOARD YOU'RE CALLING!
As silly as it sounds, it's not uncommon, especially for new
pholks, to try upload an IBM program to an Apple board, or wonder
why a commodore game won't work on a non-commodore system.
Also, be sure that if a game or program you upload has
special requirements, such as a math co-processor or a VGA
screen or a joy-stick, to note this in the description and
put a zip comment in philes. Don't be afraid to add a
README.1ST note to explain glitches to others.
6. ERASE IDENTIFYING ID NUMBERS. If you upload a registered
program, try to get into it to erase any identification data or
serial numbers. Either use a "search" program capable of finding
text in a phile, or use a program like Magellan to search for the
identifying text.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thanks to contributors who have sent philes and other
suggestions. Much of the info has apparently come from screen
dumps from other boards. We will try to acknowledge these boards
when possible, so if you send info, be sure to include the name
of the board or the source, so we don't look like a bunch of
rip-off artists.
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Here's something that might help in communicating on BBSs. EPIOS
got it from the Public Brand Software catalog for IBM, which says
it was put together by Scott Fahlman with help from other
partici-pants on FIDONET.
:-) humorous; joking
:-( sad
:-') tongue in cheek
:-() shout
;-) say no more; nudge nudge
=:-() scares me, too
:-! foot in mouth
:-$ put your money where your mouth is
o:-) don't blame me, I'm innocent
%-/ don't blame me, I'm hung over
<:-) don't blame me, I'm a dunce
C:-) blame me, I'm an egghead
:-)8 sent by a gentleman
8:-) sent by a little girl
(8-) sent by an owl
:-)====== sent by a giraffe
(-:|:-) sent by siamese twins
d:-) I like to play baseball
q:-) I am a baseball catcher
:-| I can play the harmonica
:-8 I just ate a pickle
Turn them sideways.
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*******************************************************
* PHILE 2: THE CHANGING PIRATE WORLD *
*******************************************************
There've been some complaints this summer about the changes in
pirate boards. The following was snatched and sent to us from one
of the best boards in the country. We've been complaining about
lamerz for a long while, and it seems they are taking over.
We've shared this with some other sysops, and they pretty much
agree that kids, which is a state of mind, not an age, have
pretty much moved in to tie up lines. Seems there's not a lot of
ideas on what to do about upgrading the quality of losers, so we
thought we'd toss this out for some discussion.
* * *
S1: I'm almost ready to quit. Things have not been that
great with us and the competition is doing pretty good.
Lost a lot of good users. Now all I ever get are losers or
leeches. Getting kinda fed up I guess. . . . Well I and a
few of the other sysops I know have, it's all going to the
kiddies now, we have seen at least 30-35 new local pirate
boards and about 100 or so new pirate boards nationally
spring up within the last few months, and they are all
pretty much 15 and 16 year olds who run things pretty shabby
in our minds. They have hurt many boards including us for
competition of callers. You will start to see many old
timers like us go by the wayside for awhile while they clean
up, then maybe later on, we might all come back like we did
a few years ago when the smoke clears.
S2: Yeh, the number of "kiddie Klubs" grows as the ease of
getting modem/pc gets more popular, but those I've hit have
been so fuckin' lame!!! Mostly the games, which is fine, but
the way that other stuff, what little there is, is
uploaded--like, just collapsing a hugh file into a single
data set and uploading. God!
S1: Get used to it, thats what you will find on most of
them from now on, as we old guys start to fold our tents up.
Many of my friends have been saying that when mine and 1 or
2 other boards they call go, that might be the end of their
calling days for business stuff.
S2: Yeh, it gets depressing to call some board, struggle
for the access and find there's nothing there. Damn. From
the guys I've talked to, they also bitch about the time, the
new stuff coming out and how hard it is to keep on top of it
all....but these guys are the "neurotic collectors, " and
not much into using it.
S1: Thats right, and they usually don't support you after
they get what they are looking for. Thats what has hurt us.
We had some great guys for awhile that kept supporting us
until they got all the stuff they wanted, then they said
adios. Plus the pcp cap has hurt...
S2: Isn't there a law against lamerz, or has that been
protected by the constitution? I haven't pulled down
anything good since school let out in the spring and my
original disk sources moved home for the summer.
S1: Yep, most of these new pirate boards are guys back from
Illinois U that ran campus boards, so they all started up
for the summer and have been murdering the good boards with
their instant access and easy files deals. They have been
having giant leech parties and all. If I go down, it would
be for quite awhile I guess, maybe a year or so, depends on
how things are I guess. I really hate to, but things are so
slow, I just can't see wasting the electricity when it goes
unused all day.
S1: Well, maybe come the fall, it'll pick up, 'because it does
seem to be slow all over on nat'l boards....but you're right
about the kids going home and opening up boards---at least a
half-dozen from our school did, but these were guys who
leeched from boards here, and my guess is will try to leech
some more when they get home...take the money and run type
thing... interests me, they usally just tell me how great
they are and that whoever they mention can vouch for them
even though they mention they aren't into files or calling
BBS's that much. So you can see why I'm a bit hesitant in
granting them access, besides they never read what I put up
for new user access either, so they waste both of our time.
Now I just usually give access to users here I have talked
to about a guy who applies first before I go any farther.
Thats how I can tell that they are either kids or losers
since they don't know the ropes, it always glares out of
what they type when I read these things, comes from years of
experience sifting thru all this BS. When I find one that
looks like a winner, it's like a needle in a haystack,
happens only once in a long while or wait.
Yes and it pisses me off very much. As soon as I reopened
membership about 6 months ago after 2 great years of none of
that BS, all of a sudden I'm getting losers constantly tying
up my line each day recalling for access and it has been
irritating me a lot. Thats why the number has to be changed
at my expense.
Would go would it be, they'd just tie up the line from guys
who were willing to upload instead of download, everyone
who is willing to pay, is new and has nothing, or isn't on
any good boards.
No this is like CB's. You can get away with anything as
long as your parents don't know about it and you are
anonymous from the law. I'm afraid it's a plague that will
haunt BBS's for awhile unless enough of them start setting
up guidelines like I tried to do, and not give them access,
but as you can see, it doesn't work, when most of the boards
are kids anyways.
Yeh. Well, maybe they'll grow up, except there always seems
to be more where they came from (grin)....well, it's maybe
time to get all the sysops of good boards together in a
union or something.
We have tried many times. It's a lost because.
Bummer. Can't think of any cheery words of wisdom....just
hang in there and hope they all get run over by drunken
white sox fans, or something.
They are drunken white sox fans. Yeh well we will hang
around at least a couple more weeks, then who knows.
OK---but if you go down, you'll be missed. You just don't
know it.
S1: Well maybe and maybe not, I know there are better boards
around, but if they are getting half of what we aren't then
maybe they will fade also. I hope not.
Like the Joni Mitchell song..."ya don't know what ya have
til it's gone." Well , Tell it to the losers. right?
S2: God, how far we've come in tek in just a few years. That's
impressive. Well, one thing the kids don't have going for
them is high tech and perseverance.
* * *
Old timers have seen a lot of changes in the pirate
world in the last two years. Let us know your gripes
and opinion.
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*******************************************************
* PHILE 3: GETTING THINGS RUNNING *
*******************************************************
Assuming that whoever uploaded a program is reasonably
responsible, the next thing is to get the program running. A lot
of sysops have to deal with angry users who often claim a program
doesn't work if they can't get it running the first try. Too
often this failure is caused by impatience or inexperience. In
future issues, we will provide a few tips as they are forwarded
to us, so if you have a program that requires some tricky
maneuvers, pass along the info to us. We'll start out with some
of the simplest techniques, so some of this may seem basic to a
lot of you. But we've found a lot of folks who didn't know this
kind of stuff, so we'll start out simple.
1. LOOK FOR "README" FILES. Any real pirate will stick in a text
file that will provide tips on getting a program running. If a
game has been cracked, there is often a separate *.bat program
required to start it. If it's a complex utility, such as SPSSPC
or ALDUS, sometimes there are tricks to installation that have
been provided. So, simple as it sounds, look for some
instructions.
2. FOLLOW INSTRUCTIONS: Many programs have installation
instructions that should be followed. Many can't be run just by
dumping into one humungous directory and then run. So, you may
have to take each zip phile, copy it to a floppy, then run the
installation from Drive A. This may sound obvious, but you'd be
surprised how many novices don't bother to do this. THIS IS ALSO
WHY IT'S SO IMPORTANT TO UPLOAD FILES EXACTLY AS THEY COME OF THE
ORIGINAL DISK AND KEEP THE ZIP PHILES IN SEQUENCE. IF YOU ARE
GOING TO UPLOAD A PROGRAM, DON'T JUST DUMP INTO A DIRECTION AND
THEN ZIP IT FOR UPLOADING!! Other users may not be able to run
it.
3. USE THE ESCAPE KEY. Some programs may tell you to install a
disk that you may not have, then appear to lock up or refuse to
respond if you do not put the right disk in. Sometimes this can
be gotten around by hitting the escape key a few times, and
installation will proceed as it should. For example, on user
indicated that her version of SPSS-PC 3.1 kept saying "place
diskette in drive g," and she had no drive g. She just put it in
A and hit the escape key a few times and the installation
conintued successfully.
4. BE AWARE OF DATE TRAPS: Some programs will install without
any problem, but only run for 30 days. This is common when a
complete program is available for "trial use," and quits after a
certain amount of time. Sometimes lamerz will wait until the
time has run out, then upload the program they installed, which
won't be of use to anybody. Usually there will be a message like
"your free trial period has expired." One way around this is to
go into the program and change the date, using an convenient
editor (Magellan, xtpro, or anything else). We recommend a phile
manager type program, because you may have to search the files
individually to find the one with the date. But sometimes the
date phile is obvious (named something like date.dat). Another
way around this, if you don't mind having the date of your PC not
match the real date, is to keep the date fixed to a 30 day
period. Pick a date that's easy to remember (january 1) and every
few weeks re-set the date to january 1. Any time you have a
date-controlled program, reset the date to january 1 and install
it. You will have to change the date ever 30 days, and it's
primitive, but it does work for most programs. It's easier than
re-installing every 30 days.
5. MAKE SURE THE PROGRAM IS COMPATIBLE WITH YOUR PC. Again, this
seems obvious, but some programs require special stuff (screens,
286 chips), so it could be that you have just downloaded
something your PC can't handle.
6. BYPASS INSTALLATION. Sometimes you can't install a program,
but can actually run it. If you can't, or don't want to, install
a program, then try the directory dump and hit what you think
look like the right *.exe commands. There is often a "setup"
command that can be used in place of install, and a config.exe
phile that allows configuration to your machine requirements
(color, etc). Sometimes the program won't run as well as it
would when properly installed, but usually will run well enough
for most purposed.
7. BE ALERT FOR SPECIAL DIRECTORIES.
Some programs install philes in special directories, so if you
run a program from a dump without installing it, you could have
a problem running it. Usually you will get a message. For
example, if you dump a program called "gerbils" into a directory
called //ger//, and it requires a special directory for the help
philes, you might get an error message that says: "//ger//help
directory not found." So then you just go back in and creat the
proper directory, copy the philes you think belong in it to the
directory, and try again.
8. KEEP TRYING. Getting stuff running often takes a lot of
patience. It's often just a matter of luck, work, and some
intelligent guessing. So, keep trying. Not all machines work
alike, and what works on one may not work on others, so you may
have to just work at it by trial and error. Often, though, once
you get a few programs running and pick up some tricks and
shortcuts, other programs are a lot easier. Most pirates don't
use much of the stuff they snatch, and the challenge is to try to
get stuff running, not use it. So, ***HAVE PATIENCE AND KEEP
TRYING!!**
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Some sysops are uptight enough about copyright software to
warn users how to spot it, presumably so they won't use it
or upload it. Here's a snatch from one of the largest boards in
the country warning users how to spot it. We thought it might
be of interest.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
What Files are Legal for Distribution on a BBS?
-----------------------------------------------
Copyright (C) 1989 Exec-PC All Rights Reserved
From Exec-PC Multi-user BBS, 414-964-5160
Bob Mahoney, SYSOP
-----------------------------------------
Software that is a commercial product, sold in stores or via
mailorder, that does not contain a statement saying it is OK to
give copies to others is NOT legal for distribution on a BBS.
Example: Lotus 1-2-3 is a commercial product, it is copyrighted,
and the copyright notice states you MAY NOT copy it for others.
Example: PC-Write (the Shareware version) is also copyrighted,
but the copyright statement clearly states you MAY make unlimited
copies for your friends.
TRICKS TO MAKE AN EDUCATED GUESS: Sometimes it is difficult to
guess whether or not some software or diskette is legal for BBS
distribution. There are a few obvious guidelines I use on the
Exec-PC BBS:
There is no documentation: Probably an illegal copy. A
Shareware author will always provide documentation with his
product. If he does not, nobody will be willing to make a
monetary contribution to his efforts. If the documentation takes
the form of a very short (one or two screen long) and sketchy
README file, be suspicious. The software is probably a hack
(illegal pirated copy) of a commercial product, and someone wrote
up a small hint file to help other pirates run the software.
The software is too good to be true: It probably IS too good to
be true! A good game, a good database, a good utility of any
type, requires at least dozens of hours to write. The really
good stuff requires thousands of hours to write, sometimes dozens
of MAN YEARS to write. Nobody is going to give this away for
free! If you get a copy of a game and it seems to good to be
true, I bet it is an illegal copy.
The software does strange things to your disk drives: For
example, when it is run, the A: drive or B: drive spin for a
moment, even though there is no disk present. This sometimes
indicates the software is looking for a key disk, but someone has
modified the software so the key disk is not needed. This is
probably illegal software.
The software does not have an easy escape to DOS, no EXIT
command: This usually means the software is illegal, someone has
hacked it to make it run, but it was too difficult to add a
proper escape to DOS to the commercial product.
DON'T GET ME WRONG, I am making it sound as if ALL software is
illegal. This is not the case. It is usually very easy to
recognize a fine, legal package, since the author is proud of his
work and usually puts his name, his favorite BBS number, a
disclaimer, a Shareware notice, or some other hint into the
package. It may be as simple as an initial screen saying "This
is Shareware written by so-and-so, this is Shareware, if you like
it please send $XX to the following address", and other text of
that type.
If in doubt, ask the Sysop!
END OF INFO
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*******************************************************
* PHILE 4: SYSOPS' LIABILITY *
*******************************************************
** PIRATE reprints the following that arrived over the BITNET
lines. Following with our policy, it is printed exactly as
received. Only the date of the conference was removed. **
/*/ SYSLAW: THE SYSOPS LEGAL MANUAL CONFERENCE /*/
==================================================
Editors' Note: The following conference took place on GEnie.
The only changes we have made to any of this text is the format
and spelling errors. An additional note, I just finished
reading the book. It is interesting and I encourage all BBS
operators to purchase it. If you are interested contact: LLM
PRESS, 150 Broadway (Suite 607), New York, NY 10038. (212)
766-3785)
FORMAL CONFERENCE
<[Holly] HS> Welcome to our formal conference with Jonathon
Wallace,
<JON.WALLACE> Thanks very much for inviting me....
<[Holly] HS> Can you tell us a little about yourself and your
book before we start?
<JON.WALLACE> I am a lawyer in private practice in New York City
specializing in computer related matters including BBS law. I
am the co-author with Rees Morrison, of SYSLAW: The Sysop's
Legal Manual, and editor of The Computer Law Letter, a bimonthly
newsletter.
<[Mel] NIGHTDIVER> Jon, would you talk a bit about where free
speech stops and libel begins. We obviously want to be able to
criticize a product freely but I guess we have to stop at
calling the developer names or spreading rumors that he is going
bankrupt. Where does libel start? and what is the sysops
liability for allowing such messages to stand?
<JON.WALLACE> Libel varies from state to state. In many places
its a knowingly false statement. In others it may even be a
negligently false statement. The responsibility of a sysop is,
in my opinion about equivalent to the liability of a newspaper
publisher for a comment someone else makes in his paper.
Constitutional law says that a public figure can only recover
against a newspaper for a libel done with "actual malice".
<[Mel] NIGHTDIVER> For our purposes who would you say is a
public figure a developer pushing his product? A publisher of
an online magazine? The sysop?
<JON.WALLACE> There is no precise definition. Any of those
might be held to be a public figure, as would your town
councilman, but not your next door neighbor.
<[Mel] NIGHTDIVER> I've heard the sysop's liability in libel
compared to a news stand's liability but that boggles my mind
because I never heard of a newsstand claiming a compilation
copyright. Would you comment on the sysop's position?
<JON.WALLACE> Ever since there have been BBS's, people have
debated whether a sysop is a publisher, a newsstand, a common
carrier, a bartender, etc. A sysop is NOT a common carrier
(obligated to carry all messages, can't control content) Nor is
a sysop a newsstand (too passive). I think a sysop is
essentially a sort of publisher. She has the right to edit and
control the contents of the BBS.
<DAVESMALL> I've got a few questions, but I'll try not to hog
things for others. Awhile ago, I ran into a particularly nasty
"anarchy" BBS in New York. It offered files on everything from
literally how to poison people to "kitchen improvised plastic
explosives". Is offering info like this legal? Is there any
legal precedent?
<JON.WALLACE> Dave, the law says that "information doesn't kill
people.. people kill people." However distasteful, describing
how to make poisons is constitutionally protected speech.
<[Ralph] ST.REPORT> Evening Counselor, nice to see that
information is information and not murderous non-sense. My
question is, what recourse, if any does an individual have when
they find that certain information has been labeled "overly
informative" and has been censored as a result?
<JON.WALLACE> Ralph, if you mean censored by the sysop the user
really has no recourse. As I said, a sysop has the right to
edit, modify and delete the BBS's contents.
<[Ralph] ST.REPORT> I see, well a sysop was not the cause in
this situation....in fact the sysop was quite fair about the
entire matter... much more so than the individual.....I mean as
individual to individual.
<JON.WALLACE> Who censored the message, then?
<[Ralph] ST.REPORT> The message was deleted as a result of the
ensuing hulabaloo <-? voluntarily by me.
<JON.WALLACE> Ralph---The sysop is the final arbiter in such
cases. It is only censorship when the government intervenes to
prevent speech.
<[Ralph] ST.REPORT> I agree, in effect I censored myself to
avoid more controversy, I was looking for your opinion and I
thank you for your time.
<BOB.PUFF> Yes I was wondering if you could comment on
self-maintaining BBSs that automatically validate uploaded
files. Is this illegal in itself, or could the sysop be in
trouble if a copyrighted file is up for a bit of time till he
realizes it?
<JON.WALLACE> Bob, there are no precise rules in this area yet.
My best guess is that the sysop has an obligation to exercise
due care. For that reason I would try and set things up so that
a pirated file would be discovered in under a couple of days.
Therefore, the idea of a self-validating BBS makes me nervous.
<BOB.PUFF> I see. right - but its that couple of days that the
file might be up. ok something to think about. thanks.
<WP.DAVE> Jon, do you consider your SYSLAW book to apply much to
information service sysops, or is it 95% for the private BBS
operator?
<JON.WALLACE> The book was written for the BBS sysop, but much
of what's in it applies equally to service sysops...e.g., the
discussion of copyright, libel, etc.
<DAVESMALL> Hi again. As I understand it, the libel law says
(basically) that to commit libel, you have to say something
false, know it's false, and do it with malice intended. First,
am I right? (*grin*) Second, does that apply different to public
figures vs. mere mortals?
<JON.WALLACE> Dave, the rules you stated are correct for a media
defendant (newspaper, etc.) libelling a public figure. If the
"libeller" is a private citizen, the states are free to hold you
to a mere negligence standard.
<DAVESMALL> Can you expand on "negligence"?
<JON.WALLACE> Yes a careless false statement, e.g. something you
didn't bother to verify.
<CRAIG.S.THOM> Along the lines of the self-validating
files...what if users upload copyrighted text into the message
bases? Song lyrics, documentation, that type of thing?
Messages are never held for validation.
<JON.WALLACE> I believe a sysop should arrange to read every new
message every 24 hours or so. If its a big message base, get
some assistant sysops to help. Of course, copyrighted text may
not be easy to recognize, but if you do recognize copyrighted
material it should be deleted unless its a fair use (e.g., brief
quote from a book or song, etc.)
<[John] JWEAVERJR> Can you comment on the differences between
the legal standards for libel and slander? And, in particular,
which category does this RTC (as a "printed record" of a live
conversation) fall?
<JON.WALLACE> Slander is spoken libel is written I am fairly
sure that all online speech will be classified as libel, not
slander. Frankly, I am more familiar with the libel standards,
which we have been discussing than with slander, where they
differ.
<DAVESMALL> I did come in a bit late, if this has already been
answered; where might I find your book, and what's it retail at?
<JON.WALLACE> The book is $19 plus $2 p&h from LLM Press 150
Broadway, Suite 610, NY NY 10038.
<DAVESMALL> Okay back to libel. Are editors of magazines in
general held responsible for the content of their magazine, or
is the writer of a given article deemed libellous that's held
responsible? Or both?
<JON.WALLACE> Potentially both.
<DAVESMALL> The standards would depend on if the libeller
(sounds like a referee! grin) was a public figure or private
person, also? e.g., negligence vs. malice?
<JON.WALLACE> The US Constitution imposes the standards we
discussed for media defendants, and leaves the states free to
make their own laws in all other cases.
<DAVESMALL> Since networks are interstate, which states' laws
applies?
<JON.WALLACE> Dave, thats something the courts will have to
settle. Magazines have been successfully sued in states where
they sold only a few copies.
<[Mel] NIGHTDIVER> I understand there have been some cases
regarding private messages in a BB as opposed to public
messages. Does that mean that if someone sends me Email here on
GEnie and I forward it to someone else, that I could be in
trouble?
<JON.WALLACE> Mel, we are getting into a whole new area here.
The Electronic Communications Privacy Act (ECPA) which protects
the privacy of email. In the case you described. There would
be no liability under ECPA, because the recipient of the message
has the right to make it public.
<[Holly] HS> I have a related question, Jonathon...are you
familiar with Thompson v. Predaina? (The case that never was...
*grin*)
<JON.WALLACE> Yes, I read the pleadings, and have talked to and
been flamed by, Linda Thompson <grin>.
<[Holly] HS> Can you summarize the case a bit for the rest of us
and give us your opinion? (I happen to personally know both
parties... Linda was a friend of mine. Bob is a friend of mine.
Key word: "was") Everyone's been flamed by Linda Thompson.
*grin* Linda sued Bob under the ECPA claiming that he had
disclosed private messages and files of hers to the public. He
was not the recipient of the files or messages and, if the facts
as stated in the complaint are true, it seems as if there was a
technical ECPA violation. The case never went any further
because (I am told). Predaina declared bankruptcy (since you
know him, you can clarify if this turns out not to be the case).
<[Holly] HS> Bob did declare bankruptcy, which was a wise move.
I didn't read the complaint, however, I also know that when
Linda (and Al) had a BBS, they were "guilty" of exactly what I
understood Bob did. (Allegedly)
<JON.WALLACE> I've often thought it was a too drastic move on
his part. Based on the information I had, I doubted the case
would have resulted in drastic damages, even if there was a
technical violation.
The moral of the story: Don't disclose private mail of which you
are not the sender or recipient.
<[Holly] HS> I think it was very precautionary on Bob's part.
And, if I understand what happened, the case was dropped because
Linda was suing partially on the grounds of character defamation
which allowed Bob to dredge up some of Linda's rather tawdry
past, allegedly. (I don't think I'm spelling that right. It
looks wrong. :-) Thanks, Jonathon... I have a few more for
later... :-)
<DEB> Hi Jon, this is deb! Christensen, I take care of the
Commodore and Amiga areas here on GEnie. My question is an
unresolved one about copyrights and music. Are there any 'fair
use' guidelines which affect musical arrangements to computer
transcriptions which people upload and distribute for their
electronic friends?
<JON.WALLACE> Deb....The upload of a copyrighted song or image
in electronic form is a copyright violation. I have never yet
heard of a case of a court finding such an upload to be a "fair
use" mainly because courts haven't really yet dealt with the
issue of uploads at all. However, I think the argument for a
fair use is slim, considering that the standards of fair use
include whether the use....is commercial, and how much of the
work is copied. An upload to a commercial service of an entire
song or image, for download by people paying connect charges,
seems like a pretty clear copyright infringement.
<DEB> So, a musician does not have a right to arrange music and
perform it for his friends? Is it the uploading that is a
violation or the computer arrangement for the performance?
<JON.WALLACE> A private performance is not a copyright violation
but there is nothing private about an upload to a commercial
service with more than 100,000 users.
<DEB> And to a public BBS?
<JON.WALLACE> Public BBS: I would say its the same thing, even
though not quite as commercial.
<DEB> Aha, so it isn't anything to do with cost involved. It is
the actual transcription which is the problem? I *know*
digitized music is a problem but had always presumed we had the
same right to make an arrangement on a computer as we did on
paper. :-(
<JON.WALLACE> Deb, I would say you do have the same right to
make an arrangement, just not to distribute it to other people.
<BOB.PUFF> What are the legalities of telephone companies
charging business rates for BBS telephone lines? I understand
they have either proposed it, or tried it in some places. Your
comments?
<JON.WALLACE> It has happened a lot, but I understand in several
places concerted efforts to communicate with the telco got them
to back down. Not aware if anyone ever mounted a legal
challenge, though.
<BOB.PUFF> I see. I don't see how a bbs constitutes the charge,
but I guess there is a large grey area there.
<JON.WALLACE> The telco's argument was that the BBS was
providing a quasi-commercial service. If you look at any BBS
list, you will see a proportion of company sponsored BBS's that
confuse the issue.
<DOUG.W> Jon, earlier you stated that the recipient of EMail was
free to distribute that mail. Is there any way to ensure
privacy in EMail? Would a Copyright notice on each message
prevent further distribution?
<JON.WALLACE> I assume you are asking if there is a way to keep
the recipient of a message from making it public.
<DOUG.W> Yes.
<JON.WALLACE> The answer is not really. Putting a copyright
notice on might give many people pause, but suppose someone
violated that copyright, what are the damages?
<DAVESMALL> Got two for you. First, with BBS's and networks
being so (relatively) new, are there a large number of libel
cases of stuff going over the nets, as opposed to say magazine
cases? E.g., is it a growing practice? *grin*
<JON.WALLACE> I am only aware of one case of online libel, the
one discussed in my book, the Dun & Bradstreet case (and I guess
Thompson v. Predaina also included that element).
<DAVESMALL> Second, do you find that judges and juries in such
cases (jury assuming a jury trial, of course) have a great deal
of "learning curve" to go through about networks? Most people I
know outside computers don't know a genie from a compuserve from
a hole in the wall. they can't imagine what the BBS world is
like. Does this make such a case tougher/easier on an attorney?
<JON.WALLACE> I frequently will try a computer case to the
judge, waiving the jury demand less education to do but I
wouldn't necessarily do that if I were the defendant in a libel
case. Depends what part of the country you're in; in Manhattan,
you could probably get a jury that knew what a modem was.
<DAVESMALL> And if not, it would probably be prudent to try to
educate one vs. six ? Fair enough.. okay I'm done
<JON.WALLACE> It really depends on the circumstances..deciding
when to go for a jury also has to do with how much you need, and
can exploit, a sympathy factor.
<[Holly] HS> I have one last question myself before we wrap
up.... (which is not intended as a pun with regard to my
question... *grin*) Shrink wrap licenses, are they enforceable?
Legal?
<JON.WALLACE> There has been some disagreement on this but my
personal opinion is that the average shrink wrap license would
not stand up. It was never negotiated, never really agreed to
and can't convert what is obviously a sale into something else
any more than calling a car a plane will change it into one.
<[Holly] HS> However, if it is visible before the buyer actually
buys then can a presumption be made that they have read and
agreed?
<JON.WALLACE> There are still other problems. The buyer hasn't
dealt with the publisher, but with a retailer. There is no
"privity" of contract.
<[Holly] HS> "privity" meaning... ?
<JON.WALLACE> No direct contractual relationship between
publisher and purchaser, despite the fiction that the license
purpotts to create.
<[Holly] HS> Then a company who insists that this disk and this
software still belongs to them, you don't feel it is
enforceable?
<JON.WALLACE> It would depend on the circumstances, but if you
buy an off the shelf product at Software to Go, in my opinion,
you have purchased the copy even if there is a shrink wrap
license that says you have only licensed it.
<[Holly] HS> Interesting... another point of licensing... have
you read the Apple licensing agreement?
<JON.WALLACE> I read it some time ago, when the case started.
<[Holly] HS> It states that Mac ROMs can only be used in an
Apple machine. Although there is contention that the ROMs are
the heart of the machine, so whether they goest, so goest the
machine.
<JON.WALLACE> Sorry, I thought you meant the Apple/Microsoft
license.
<[Holly] HS> For those of us who use an emulator, like Spectre
or Magic Sac, it could be an important point.
<JON.WALLACE> The question is a very tricky one. On the whole,
it would be....difficult to prevent a legitimate purchaser of a
ROM from doing anything he wanted with it, including sticking it
in another machine. But I haven't seen the license you refer
to.
========================================================================
(C) 1989 by Atari Corporation, GEnie, and the Atari Roundtables.
May be reprinted only with this notice intact. The Atari
Roundtables on GEnie are *official* information services of
Atari Corporation. To sign up for GEnie service, call (with
modem) 800-638-8369. Upon connection type HHH (RETURN after
that). Wait for the U#= prompt. Type XJM11877,GEnie and hit
RETURN. The system will prompt you for your information.
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*******************************************************
* PHILE 5: HACKERS IN THE NEWS *
*******************************************************
Here are some news stories that have come to us from various
sources. Some don't have the dates or papers, so if you send
anything in the future, be sure to but the actual source
including page numbers. A couple are a few years old, but we
judge them important enough to repeat. We suspect that some of
the providers of this stuff snatched them and didn't include the
names of people who did the work of transcribing, so thanks to
whoever originally uploaded them so others could share.
+++++++++++++++++++++++++++++++++++++++++++++
SOURCE: Chicago Tribune, July 27, 1989 (p. I-12)
(from -=*JEDI*=-)
++++++++++++++++++++++++++++++++++++++++++++++
****************************************************
* U.S. Indicts Cornel Graduate Student in Computer *
* Virus Case *
*****************************************************
WASHINGTON (AP)--A Cornell Univesity graduate student was
indicted Wednesday on a felony charge stemming from creation of a
computer "virus" that paralyzed as many as 6,000 computers last
fall.
Robert Tappan Morris, 24, who has been suspended from the
University for one year, was indicted by a federal grand jury in
Syracuse, N.Y., on a single count of accessing without
authorization at least four university and military computers.
The computer-crime indictment charged that the virus, which
spread acros a nationwide network of computers, prevented the
authorized use of those computers by universities and military
bases.
The Justice Department said in a statement released in
Washington that Morris was the first person to be charged under a
provision of the Computer Fraud and Abuse Act of 1986 that
outlaws unauthorized access to computers by hackers. The
provision also makes it illegal to gain entry to a computer to
damage or destroy files.
The indictment comes after months of deliberations within the
Justice Department over whether to charge Morris with a felony or
a misdemeanor.
Morris, of Arnold, Md., could face a five-year sentence and a
$240000 fine if convicted of the charge.
The law also provides for restitution of victims of a computer
crime, but prosecutors did not specify how much damage was caused
by the Nov. 2, 1988, incident that virtually shut down a
military-university computer network used to transmit
nonclassified data.
An industry group estimated that as much as $96 million worth
of damage was caused by the virus to 6,200 computers.
But a Cornell University commission, which criticized Morris'
actions as "reckless and impetuous," called this estimate
"grossly exaggerated" and "self-serving."
Officials said the virus did not erase any files of
electronically stored data.
The electronic program Morris allegedly used is called a virus
because it spreads from computer to computer like a disease,
blocking access to data contained in the machines.
Defense attorney Thomas A. Gu idoboni (sic), said Morris "accepts
this event as a step toward the final resolution of this matter."
Morris "looks forward to his eventual vindication and his return
to a normal life," Guidoboni said.
As many as 6,000 university and military computers on the
nationwise ARPANET network were infected by the virus that the
Cornell University commission concluded was created by Morris.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<Source unknown: A chicago paper in August>
A 17-year-old Michigan boy has been charged with posting
stolen long-distance phone codes on a bulletin board system
operated in his home. Brent G. Patrick, alias (handle) "Shadow
Stalker" online, was arraigned this week on one count of
stealing or retaining a financial transaction device without
consent. Patrick was released on $2,500 bond, pending an Aug.
11 hearing. The youth faces a maximum of four years in prison
and a $2,000 fine if convicted. His BBS "Wizard Circle" has
been closed.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
COMPUTERIST HELD WITHOUT BAIL
(Dec. 16)
A 25-year-old Californian who is described by a prosecutor as
"very, very dangerous" and someone who "needs to be kept away
from computers" has been ordered held without bail on charges he
illegally accessed systems at England's Leeds University and
Digital Equipment Corp.
Kevin David Mitnick of Panorama City, Calif., is a convicted
computer cracker who now is named in two new criminal fraud
complaints in federal court in Los Angeles.
US Magistrate Venetta Tassopulos granted the no-bail order late
yesterday after Assistant US Attorney Leon Weidman, acknowledging
it was unusual to seek detention in such cracking cases, said
that since 1982 Mitnick also had illegally accessed systems at
the L.A. police department, TRW Corp. and Pacific Telephone.
"He could call up and get access to the whole world," Weidman
said.
Catherine Gewertz of United Press International quoted Weidman
as saying Mitnick had served six months in juvenile hall for
stealing computer manuals from a Pacific Telephone office in the
San Fernando Valley and using a pay phone to destroy $200,000
worth of data in the files of a northern California company.
Later Mitnick also was convicted on charges he penetrated TRW's
system and altered credit information on several people,
including his probation officer.
Weidman said Mitnick also used a ruse to obtain the name of the
police detective investigating him for cracking when he was a
student at Pierce College. Weidman said Mitnick telephoned the
dean at 3 a.m., identified himself as a campus security guard,
reported a computer burglary in process and asked for the name of
the detective investigating past break-ins.
In other episodes, Mitnick allegedly accessed police computers
and impersonated police officers and judges to gain information.
The latest complaints against Mitnick charge he:
-:- Used a computer in suburban Calabasas, Calif., to access
the Leeds University system in England.
-:- Altered long-distance phone costs incurred by that activity
in order to cover his tracks.
-:- Stole proprietary Digital Equipment software valued at more
than $1 million and designed to protect its data. Mitnick
allegedly stored the stolen data in a University of
Southern California computer.
MITNICK MAY BE 1ST TRIED UNDER NEW FEDERAL COMPUTER CRIME LAW
(Dec. 17) That 25-year-old California computerist being held
without bail on fraud charges may be the first person in the
nation to be prosecuted under a federal law against accessing
an interstate computer network for criminal purposes.
As reported yesterday (GO OLT-28), a federal magistrate decided
on the unusual step of detaining Kevin David Mitnick of Panorama
City, Calif., without bail after Assistant US Attorney Leon
Weidman called Mitnick a "very, very dangerous" person who "needs
to be kept away from computers."
Mitnick, who was convicted of computer fraud as a teen-ager, now
faces charges of causing $4 million in damage to a Digital
Equipment Corp. computer, stealin university computers in Los
Angeles and England. If convicted, he could receive up to 20
years in prison and a $500,000 fine.
The Associated Press reports that the FBI, the district
attorney's office and the police just now are beginning to figure
out Mitnick and his alleged high-tech escapades. Says Detective
James K. Black, head of the L.A. police computer crime unit,
"He's several levels above what you would characterize as a
computer hacker. He started out with a real driving curiosity for
computers that went beyond personal computers. ... He grew with
the technology."
At 17 Mitnick served six months in a youth facility after being
convicted of cracking Pacific Bell's computer to alter telephone
bills, penetrate other computers and steal $200,000 worth of data
from a corporation.
****************************
****************************
TWO TEENS ACCUSED OF CRACKING PHONES -- WHILE IN THE JAILHOUSE
(Dec. 1) Two teen-agers in jail in San Jose, Calif., on
computer cracking charges hav lost their jailhouse phone
privileges. That's because authorities say the boys used a jail
phone to make illegal collect calls.
Police told United Press International they believe the two --
Jonathan Yaantis, 18, and Michael Torrell, 19, both believed to
be from Skagit County, Wash. -- made as many as three illegal
calls from the county jail.
UPI says the calls were made to a phone "bridge," or illegal
conference-call network used by phone "phreakers," and billed to
an unauthorized number in Virginia.
"The first of the calls was made just two days after they were
arrested," sa
Yaantis and Michael Torrell were arrested Nov. 2 by a San Jose
police office who spotted them at a phone booth near a
convenience store. He said they were operating a laptop computer
attached by wires with alligator clips to the phon wires. Police
said insulation had been stripped from the phone wires to allow
the connection.
Allegedly, one or both of the boys subsequently made calls from
the jail to the cracker network on Nov. 6 and 7, Flory said. He
added, "Their telephone privileges were cut off because we didn't
want to be accessories, since they a
The wire service says the pair is charged with several
felonies, including damaging the phone company's line, theft and
illegal use of phone card charge numbers and possession of a
device to avoid phone charges.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
THE MAXFIELD STING
Presented by The Sensei -- Syndicate Investivations
Authors among the Private Sector BBS
201-366-4431
Aug. 31 1986
============================================================================
Intro: The Syndicate Investigation is a Subformation of The Syndicate
Syndicate Investigation gathers certain world events rather than Bell only
information.
============================================================================
The File:
Here is a dump from THE BOARD, a sting BBS run by John Maxfield and sponsored
by WDIV-TV in Detriot. After reading a message posted by Bill from RNOC I got
worried about a BBS I was on in 313. This is what I got when I went on one las
time.................
Good afternoon, Sally Ride.
Welcome to MIKE WENDLAND'S I-TEAM sting board!
(computer services provided by BOARDSCAN)
66 Megabytes strong.
300/1200 baud - 24 hours.
Three (3) lines = no busy signals!
Rotary hunting on 313-534-0400.
Board: General Information & BBS's
Message: 41
Title: YOU'VE BEEN HAD!
To: ALL
From: HI TECH
Posted: 8/20/86 12.08 hours
Greetings:
You are now on THE BOARD, a sting"
"sting" BBS operated by MIKE WENDLAND of the
WDIV-TV I-Team. The purpose? To demonstrate and document the extent of
criminal and potentially illegal hacking and telephone fraud activity by
the so-called "hacking community."
Thanks for your cooperation. In the past month and a half, we've
received all sorts of information from you implicating many of you
to credit card fraud, telephone billing fraud, vandalism and possible
break-ins to government or public safety computers. And the beauty of
this is we have your posts, your E-Mail and--- most importantly--- your
REAL names and addresses.
What are we going to do with it? Stay tuned to News 4. I plan a special
series of reports about our experiences with THE BOARD, which saw users
check in from coast-to-coast and Canada, users ranging in age from 12 to 48.
For our regular users, I have been known as High Tech, among other ID's.
John Maxfield of Boardscan served as our consultant and provided the
<CR> = more, any key = quit. >
HP2000 that this "sting" ran on. Through call forwarding and other
conveniences made possible by telephone technology, the BBS operated
remotely.
here in the Detroit area.
When will our reports be ready? In a few weeks. We now will be contacting
many of you directly, talking with law enforcement and security agents from
credit card companies and the telephone services.
It should be a hell of a series. Thanks for your help.
And don't bother trying any harassment. Remember, we've got YOUR real
names....
Mike Wendland
The I-team
WDIV, Detroit, MI.
<CR> = more, any key = quit. >
Board: General Information & BBS's
Message: 42
Title: BOARDSCAN
To: ALL
From: T.R.
Posted: 8/20/86 12.54 hours
This is John Maxfield of Boardscan. Welcome! Please address all letter
bombs to Mike Wendland at WDIV-TV Detroit. This board was his idea.
The Reaper (a.k.a. Cable Pair)
<CR> = more, any key = quit. >
Board: General Information & BBS's
Message: 43
Title: BOARDSCAN
To: ALL
From: A.M.
Posted: 8/20/86 13.30 hours
Hey guys, he really had us for awhile, for any of you who posted illegal shit,
I just cant wait to see his little news article...cable pair, you have some so
If youve noticed, just *about* everything on the subboards is *legal*!!!so fuc
You wanna get nasty? Well go ahead, call my house! threaten me! haahaha so wha
bbs?
freedom of speech...you lose...
ax murderer
Well if that isn't enough to fry your cakes I don't know what is. A final word
of caution to everyone. DON'T GIVE OUT YOUR REAL VOICE NUMBER TO ANYONE, EVEN
IF IT'S TO GET ACCESS TO THE BEST BBS IN THE WORLD!!!!
-------------------
We all should have realized something was up when the instructions were
'HEL-5555.elite,3' as what hacker has enough access to an HP-3000 to run a BB
on it?!? I even tried to get on,but like somebody said,when I called,I got no
data,just a carrier.On all BBSs except this one,I use a pseudonym like
'Aloysius Smethley',or 'Waldo Snerd'!
No BBS has a good reason to have your REAL name & address.Your # maybe,but
they can always go to CN/A...
Actually,I can't wait until it hits the fan-I want to hear about the thousands
of amoral whiz kids with VIC-20s,running around,stealing millions,defrauding
the innocent,and probably even giving-secrets-to-the-Russians!!
/End of File//
============================================================================
Private Sector
Official 2600 Magazine Bulliten Board
201-366-4431
20 Megs / 24 Hrs a Day / 300-1200 Bps
Fed's win a around this time, but. . . .they could at least
get their terms straight.
COMPUTER HACKER, 18,
GETS PRISON FOR FRAUD
(From Chicago Tribune, Feb 15, p. II-1)
An 18-year old computer hacker from the (Chicago) North
Side, convicted in the first tiral arising from the federal
Computer Fraud and Abuse Act of 1986, was sentenced Tuesday to 9
months in a federal juvenile prison in South Dakota and fined
$10,000.
U.S. District Court Judge Paul Plunket also sentenced the
defendent, Herbert D. Zinn Jr., of 611 N. Artesian Ave., to
2 1/2 years of probation.
Zinn was convicted Jan. 23 of breaking into AT&T and U.S.
government computers in three states, illegally copying more than
$1.2 million worth of coputer software, and of illegally
publishing computer passwords on computer bulletin boards in
Chicago and Texas.
Computer bulletin boards are lists of public messes that any
computer operator can read or add to by dialing a phone numer and
plugging in his computer.
"It is the government's view that what the defendant did is
the result of contacts with people in these pirate bulletin
boards," said Asasistant U.S. Atty. William J. Cook at the
sentencing hearing.
Cook labeled hackers who break into computers and share
private information with computer bulletin boards as "nothing
more than high-tech street gangs."
Evidence was presented that federal agents executing search
warrants in September on Zinn's home recovered 52 copyrighted AT&T
computer programs that had been stolen from Bell Laboratory
computers in Naperville and in Warren, N.J., as well as from U.S.
government computers in Burlington, N.C.
AT&T said the program had an estimated value of $1 million,
according to the secret service.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
---------------------------------------------
SOURCE: Chicago Tribune, June 21, 1989 (p. II-4)
(from -=*JEDI*=-)
----------------------------------------------
****************************************************
* WOMAN INDICTED AS COMPUTER HACKER MASTERMIND *
* (by John Camper) *
*****************************************************
A federal grand jury indicated Chicago woman Tuesday for
allegedly masterminding a nationwide ring of computer hackers
that stole more than $1.6 million of telephone and computer
service from various companies.
The indictment charges that Leslie Lynne Doucette, 35, of
6748 N. Ashland Ave, and 152 associates shared hundreds of stolen
credit card numbers by breaking into corporate "voicemail"
systems and turning them into computer bulletin boards.
Voicemail is a computerized telephone answering machine.
After a caller dials the machine's number he punches more numbers
on his telephone to place messages in particular voicemail boxes
or retrieve messages already there.
The indictment charges that the hacker ring obtained more than
$9,531.65 of merchandise and $1,453 in Western Union money orders
by charging them to stolen bank credit card numbers.
It says the group used stolen computer passwords to obtain
$38,200 of voicemail servaice and stolen telephone credit card
numbers to run up more than $286,362 of telephone service.
But the biggest haul, more than $1,291,362, according to the
indictment, represented telephone service that was stolen through
the use of private branch exchange (BPX) "extender codes."
A PBX system provides internl telephone service within a
company. If a PBX system is equipped with an extender, a person
can call the PBX system, punch in a code, and dial long distance
at the expense of the company that owns the system.
The only corporate victims of the alleged fraud named in the
indictment are August Financial Corp. of Long Beach Calif., and
A-1 Beeper Service of Mobile, Ala.
Doucette has been held without bond in the Metropolitan
Correctional Center since May 24, when she was arested on a raid
on her apartment that netted 168 telephone credit card numbers
and 39 extender codes, federal authorities said. The indictment
does not name any members of the alleged ring, but authorities
said the investigation is continuing.
U.S. Atty. Anton R. Valukas said the indictment is the
nation's first involving abuse of voicemail.
"The proliferation of computer assisted telecommunications
and the increasing reliance on this equipment by American and
international business create a potential for serious harm," he
said.
Authorities said they discovered the scheme last December
after a Rolling Meadows real estate broker reported that hackers
had invaded his company' voicemail system and changed passwords.
Authorities said they traced the calls into the Rolling
Meadows voicemail system to telephones in private homes in
Chicago, Columbus, Ohio, and suburban Detroit, Atlanta and
Boston.
Checks on those phones led them to voicemail systems in
companies around the country, they said.
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<Source: NEWSWEEK -- date unknown>
As you are travelling the dark and misty swamp you come across
what appears to be a small cave. You light a torch and enter.
You have walked several hundred feet when you stumble into a
bright blue portal. . . With a sudden burst of light and a
loud explosion you are swept into . . . DRAGONFIRE . . .
Press Any Key if You Dare."
You have programmed your personal computer to dial into
Dragonfire, a computer bulletin board in Gainesville, Texas. But
before you get any information, Dragonfire demands your name,
home city and phone number. So, for tonight's tour of the
electronic wilderness you become Montana Wildhack of San
Francisco.
Dragonfire, Sherwood Forest (sic), Forbidden Zone, Blottoland,
Plovernet, The Vault, Shadowland, PHBI and scores of other
computer bulletin boards are hangouts of a new generation of
vandals. These precocious teenagers use their electronic skills
to play hide-and-seek with computer and telephone security
forces. Many computer bulletin boards are perfectly legitimate:
they resemble electronic versions of the familiar cork boards in
supermarkets and school corridors, listing services and providing
information someone out there is bound to find useful. But this
is a walk on the wild side, a trip into the world of underground
bulletin boards dedicated to encouraging -- and making --
mischief.
The phone number for these boards are as closely guarded as a
psychiatrist's home telephone number. Some numbers are posted on
underground boards; others are exchanged over the telephone. A
friendly hacker provided Dragonfire's number. Hook up and you
see a broad choice of topics offered. For Phone Phreaks -- who
delight in stealing service from AT&T and other phone networks .
Phreakenstein's Lair is a potpourri of phone numbers, access
codes and technical information. For computer hackers -- who
dial into other people's computers -- Ranger's Lodge is
chock-full of phone numbers and passwords for government,
university and corporate computers. Moving through Dragonfire's
offerings, you can only marvel at how conversant these teen-agers
are with the technical esoterica of today's electronic age.
Obviously they have spent a great deal of time studying
computers, though their grammar and spelling indicate they
haven't been diligent in other subjects. You are constantly
reminded of how young they are.
"Well it's that time of year again. School is back in session so
let's get those high school computer phone numbers rolling in.
Time to get straight A's, have perfect attendance (except when
you've been up all night hacking school passwords), and messing
up you worst teacher's paycheck."
Forbidden Zone, in Detroit, is offering ammunition for hacker
civil war --tips on crashing the most popular bulletin-board
software. There also are plans for building black, red and blue
boxes to mimic operator tones and get free phone service. And he
re are the details for "the safest and best way to make and use
nitroglycerine," compliments of Doctor Hex, who says he got it
"from my chemistry teacher."
Flip through the "pages." You have to wonder if this information
is accurate. Can this really be the phone number and password
for Taco Bell's computer? Do these kids really have the dial-up
numbers for dozens of university computers? The temptation is
too much. You sign off and have your computer dial the number
for the Yale computer. Bingo -- the words Yale University appear
on your screen. You enter the password. A menu appears. You
hang up in a sweat. You are now a hacker.
Punch in another number and your modem zips off the touch tones.
Here comes the tedious side of all of this. Bulletin boards are
popular. No vacancy in Bates Motel (named for Anthony Perkin's
creepy motel in the movie "Psycho"); the line is busy. So are
221 B. Baker Street, PHBI, Shadowland and The Vault, Caesar's
Palace rings and connects. This is different breed of board.
Caesar's Palace is a combination Phreak board and computer store
in Miami. This is the place to learn ways to mess up a
department store's anti-shoplifting system, or make free calls on
telephones with locks on the dial. Pure capitalism accompanies
such anarchy, Caesar's Palace is offering good deals on disc
drives, software, computers and all sorts of hardware. Orders
are placed through electronic mail messages.
'Tele-Trial': Bored by Caesar's Palace, you enter the number for
Blottoland, the board operated by one of the nation's most
notorious computer phreaks -- King Blotto. This one has been
busy all night, but it's now pretty late in Cleveland. The phone
rings and you connect. To get past the blank screen, type the
secondary password "S-L-I-M-E." King Blotto obliges, listing his
rules: he must have your real name, phone number, address,
occupation and interests. He will call and disclose the primary
password, "if you belong on this board." If admitted, do not
reveal the phone number or the secondary password, lest you face
"tele-trial," the King warns as he dismisses you by hanging up.
You expected heavy security, but this teenager's security is, as
they say, awesome. Computers at the Defense Department and
hundreds of businesses let you know when you've reached them.
Here you need a password just to find out what system answered
the phone. Then King Blotto asks questions -- and hangs up.
Professional computer-security experts could learn something from
this kid. He knows that ever since the 414 computer hackers were
arrested in August 1982, law-enforcement officers have been
searching for leads on computer bulletin boards.
"Do you have any ties to or connections with any law enforcement
agency or any agency which would inform such a law enforcement
agency of this bulletin board?"
Such is the welcoming message from Plovernet, a Florida board
known for its great hacker/phreak files. There amid a string of
valid VISA and MasterCard numbers are dozens of computer phone
numbers and passwords. Here you also learn what Blotto means by
tele-trial. "As some of you may or may not know, a session of
the conference court was held and the Wizard was found guilty of
some miscellaneous charges, and sentenced to four months without
bulletin boards." If Wizard calls, system operators like King
Blotto disconnect him. Paging through bulletin boards is a test
of your patience. Each board has different commands. Few are
easy to follow, leaving you to hunt and peck your way around. So
far you haven't had the nerve to type "C," which summons the
system operator for a live, computer-to-computer conversation.
The time, however, however has come for you to ask a few
questions of the "sysop." You dial a computer in Boston. It
answers and you begin working your way throughout the menus. You
scan a handful of dial- up numbers, including one for Arpanet,
the Defense Department's research computer. Bravely tap C and in
seconds the screen blanks and your cursor dances across the
screen.
Hello . . . What kind of computer do you have?
Contact. The sysop is here. You exchange amenities and get
"talking." How much hacking does he do? Not much, too busy. Is
he afraid of being busted, having his computer confiscated like
the Los Angeles man facing criminal changes because his computer
bulletin board contained a stolen telephone-credit-card number?
"Hmmmm . . . No," he replies. Finally, he asks the dreaded
question: "How old are you?" "How old are YOU," you reply,
stalling. "15," he types. Once you confess and he knows you're
old enough to be his father, the conversation gets very serious.
You fear each new question; he probably thinks you're a cop. But
all he wants to know is your choice for president. The chat
continues, until he asks, "What time is it there?" Just past
midnight, you reply. Expletive. "it's 3:08 here," Sysop types.
"I must be going to sleep. I've got school tomorrow." The cursor
dances "*********** Thank you for Calling." The screen goes
blank.
Epilog:
A few weeks after this reporter submitted this article to
Newsweek, he found that his credit had been altered, his drivers'
licence revoked, and EVEN HIS Social Security records changed!
Just in case you all might like to construe this as a
'Victimless' crime. The next time a computer fouls up your
billing on some matter, and COSTS YOU, think about it!
This the follow-up to the previous article concerning the
Newsweek reporter. It spells out SOME of the REAL dangers to ALL
of us, due to this type of activity!
The REVENGE of the Hackers
In the mischievous fraternity of computer hackers, few things are
prized more than the veil of secrecy. As NEWSWEEK San Francisco
correspondent Richard Sandza found out after writing a story on
the electronic unnerving. Also severe.... Sandza's report:
"Conference!" someone yelled as I put the phone to my ear. Then
came a mind-piercing "beep," and suddenly my kitchen seemed full
of hyperactive 15-year-olds. "You the guy who wrote the article
in NEWSWEEK?" someone shouted from the depths of static, and
giggles. "We're going disconnect your phone," one shrieked.
"We're going to blow up your house," called another. I hung up.
Some irate readers write letters to the editor. A few call their
lawyers. Hackers, however, use the computer and the telephone,
and for more than simple comment. Within days, computer
"bulletin boards" around the country were lit up with attacks on
NEWSWEEK's "Montana Wildhack" (a name I took from a Kurt Vonnegut
character), questioning everything from my manhood to my prose
style. "Until we get real good revenge," said one message from
Unknown Warrior, "I would like to suggest that everyone with an
auto-l modem call Montana Butthack then hang up when he answers."
Since then the hackers of America have called my home at least
2000 times. My harshest critics communicate on Dragonfire, a
Gainesville, Texas, bulletin board where I am on teletrial, a
video-lynching in which a computer user with grievance dials the
board and presses charges against the offending party. Other
hackers -- including the defendant --post concurrences or
rebuttals. Despite the mealtime interruptions, all this was at
most a minor nuisance; some was amusing, even fun.
FRAUD: The fun stopped with a call from a man who identified
himself only as Joe. "I'm calling to warn you," he said. When I
barked back, he said, "Wait, I'm on your side. Someone has
broken into TRW and obtained a list of all your credit-card
numbers, your home address, social-security number and wife's
name and is posting it on bulletin boards around the country." He
named the charge cards in my wallet.
Credit-card numbers are a very hot commodity among some hackers.
To get one from a computer system and post it is the hacker
equivalent of making the team. After hearing from Joe I visited
the local office of the TRW credit bureau and got a copy of my
credit record. Sure enough, it showed a Nov. 13 inquiry by the
Lenox (Mass.) Savings Bank, an institution with no reason
whatever to ask about me. Clearly some hacker had used Lenox's
password to the TRW computers to get to my files (the bank has
since changed the password).
It wasn't long before I found out what was being done with my
credit-card numbers, thanks to another friendly hacker who tipped
me to Pirate 80, a bulletin board in Charleston, W.Va., where I
found this: "I'm sure you guys have heard about Richard Stza or
Montana Wildhack. He's the guy who wrote the obscene story about
phreaking in NewsWeek Well, my friend did a credit card check on
TRW . . . try this number, it' a VISA . . . Please nail
this guy bad . . . Captain Quieg.
Captain Quieg may himself be nailed. He has violated the Credit
Card Fraud Act of 1984 signed by President Reagan on Oct. 12.
The law provides a $10,000 fine and up to a 15-year prison term
for "trafficking" in illegally obtained credit-card account
numbers. He "friend" has committed a felony violation of the
California computer-crime law. TRW spokeswoman Delia Fernandex
said that TRW would "be more than happy to prosecute" both of
them.
TRW has good reason for concern. Its computers contain the
credit histories of 120 million people. Last year TRW sold 50
million credit reports on their customers. But these highly
confidential personal records are so poorly guarded that
computerized teenagers can ransack the files and depart
undetected. TRW passwords -- unlike many others -- often print
out when entered by TRW's customers. Hackers then look for
discarded printouts. A good source: the trash of banks and
automobile dealerships, which routinely do credit checks.
"Everybody hacks TRW," says Cleveland hacker King Blotto, whose
bulletin board has security system the Pentagon would envy.
"It's the easiest." For her her part, Fernandez insists that TRW
"does everything it can to keep the system secure
In my case, however, that was not enough. My credit limits would
hardly support big-time fraud, but victimization takes many
forms. Another hacker said it was likely that merchandise would
be ordered in my name and shipped to me -- just to harass me. I
used to use credit-card numbers against someone I didn't like,"
the hacker said. "I'd call Sears and have a dozen toilets
shipped to his house."
Meanwhile, back on Dragonfire, my teletrial was going strong.
The charges, as pressed my Unknown Warrior, include "endangering
all phreaks and hacks." The judge in this case is a hacker with
the apt name of Ax Murderer. Possible sentences range from exile
from the entire planet" to "kill the dude." King Blotto has taken
up my defense, using hacker power to make his first pleading: he
dialed up Dragonfire, broke into its operating system and
"crashed" the bulletin board, destroying all of its messages
naming me. The board is back up now, with a retrial in full
swing. But then, exile from the electronic underground looks
better all the time.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*******************************************************
* PHILE 6: ILLINOIS AND TEXAS COMPUTER STATUTES *
*******************************************************
We're trying to collect as many anti-computer abuse statutes
as we can from each state. We're also looking for anti-piracy
laws and articles pass any complete texts along to us as you
can. A good place to upload text files like this is
PC-EXEC (414-964-5160) to make them widely available. Pass
them along to us as well.
+++++++++++++++++++++++++++++++++++++++++++++++++
+ ILLINOIS COMPUTER STATUTE +
+++++++++++++++++++++++++++++++++++++++++++++++++
(GPHILE FROM RIPCO)
This file is a copy of the law which was passed last September
and covers the description and penalties for "HACKING". It is of
course, written in legal gibberish so some of you who got out of
grammer school should be able to follow it.
Full credit for this file goes to the SysOp of ORGASM! c1984.
The following is the text of HOUSE BILL 3204, The Computer
Tresspass Act of 1984, Illinois. HB3204 Enrolled (Illinois,
Effective 18 September, 1984)
AN ACT to protect the public from electronic tresspass and
computer fraud.
BE IT ENACTED BY THE PEOPLE OF THE STATE OF ILLINOIS, represented
in the GENERAL ASSEMBLY:
SECTION 1. Section 16-9 of the "Criminal Code of 1961",
approved July 28, 1961, as amended, is amended to read as
follows:
(Ch. 38, par. 16-9)
Sec. 16-9. UNLAWFUL USE OF A COMPUTER. (a) As used in this
Section
Part-8:
1. "COMPUTER" means an internally programmed, general
purpose digital device capable of automatically accepting data,
processing data and supplying the results of the operation.
2. "COMPUTER SYSTEM" means a set of related, connected or
unconnected devices, including a computer and other devices,
including but not limited to data input and output and storage
devices, data communications circuits, and operating system
computer programs and data, that make the system
capable of performing the special purpose data processing tasks
for which it is specified.
3. "COMPUTER PROGRAM" means a series of coded instructions
or statements in a form acceptable to a computer to process data
in order to achieve a certain result.
4. "TELECOMMUNICATION" means the transmission of information
in intrastate commerce by means of a wire, cable, glass,
microwave, satellite or electronic impulses, and any other
transmission of signs, signals, writing, images, sounds, or other
matter by electronic or other electromagnetic system.
5. "ELECTRONIC BULLETIN BOARD" means any created information
stored in a data base or computer or computer system designed to
hold and display passwords or enter keys made available for the
use of gaining authorized entry to a computer of computer system
or access to telephone lines of telecommunications facilities.
6. "IDENTIFICATION CODES/PASSWORD SYSTEMS" means
confidential information that allows private protected access to
computer and computer systems.
7. "ACCESS" means to approach, instruct, communicate with,
store data in, retrieve or intercept data from, or otherwise make
use of any resources or a computer, computer system, or computer
network.
8. "COMPUTER NETWORK" means a set of two or more computer
systems that transmit data over communications circuits
connection time.
9. "DATA" means a representation of information, knowledge,
facts, concepts, or instructions which are being prepared or have
been prepared in a fomalized manner, and is intended to be stored
or processed, or is being stored or processed, in a computer,
computer system , or network, which shall be classified as
property: and which may be in any form, including but not limited
to, computer printouts, magnetic storage media, punch cards, or
stored in memory, of the computer, computer system, or network.
10. "FINANCIAL INSTRUMENTS" means, but is not limited to, any
check, cashiers check, draft, warrant, money order, certificate
of deposit, negotiable instrument, letter of credit, bill of
exchange, credit card, debit card, or marketable security, or any
computer system representation thereof.
11. "PROPERTY" means, but is not limited to, electronic
impulses, electronically produced data, information, financial
instruments, software or programs, in either machine or human
readable form, any other tangible item relating to a computer,
computer system, computer network, any copies thereof.
12. "SERVICES" means, but is not limited to, computer time,
data manipulation, and storage functions.
(b) A person knowingly commits unlawful use of a computer
when he:
1. Knowingly gains access to or obtains the use of a
computer system, or any part thereof, without the consent of the
owner (as defined in Section 15-2); or
2. Knowingly alters or destroys computer programs of data
without the consent of the owner (as defined in Section 15-2); or
3. Knowingly obtains use of, alters, damages or destroys a
computer system, or any part thereof, as a part of a deception
for the purpose of obtaining money, property, or services from
the owner of a computer system (as defined in Section 15-2); or
4. Knowingly accesses or causes to be accessed any computer,
computer system, or computer network for the purpose of (1)
devising or executing any scheme or artifice to defraud or (2)
obtaining money, property, or services by means of fraudulent
pretenses, representations, or promises.
(c) SENTENCE:
1. A person convicted of a violation of subsections (b) (1)
or (2) of this Section where the value of the use, alteration, or
destruction is $1,000.00 or less shall be guilty of a petty
offense.
2. A person convicted of a violation of subsections (b) (1)
or (2) of ths section where the value of the use, alteration, or
destruction is more than 1,000.00 shall be guilty of a Class A
misdemeanor.
3. A person convicted of a violation of subsections (b) (3)
or (4) of this
Section where the value of the money, property, or services
obtained is $1,000.00 or less shall be guilty of a Class A
misdemeanor.
4. A person convicted of a violation of subsections (b) (3)
of (4) of this
Section where the value of the money, property, or services
obtained is more than $1,000.00 shall be guilty of a Class 4
felony.
(d) CIVIL REMEDIES. Any aggrieved person shall have a right
of action in
the Circut Court against any person violating any of the
provisions of this Section and may recover for each violation:
1. Liquidated damages of $5,000.00 or actual damages,
whichever is greater:
2. Reasonable attorney fees:
3 Such other relief, including an injunction, as the court
may deem appropriate.
Section 2. Section 79 of "AN ACT Concerning Public Utilities",
approved June 29, 1921, as amended, is amended to read as
follows:
(Ch. 111 2/3, par 83)
Sec. 79. It is hereby made the duty of the Commission to see that
the provisions of the Constitution and statutes of this State,
affecting public utilities, the enforcement of which is not
specifically vested in some other officer or tribunal, are
enforced and obeyed, and that violations thereof are promptly
prosecuted and penalties due the State therefor recovered and
collected, and to this end it may sue in the name of the people
of the State.
It shall be the duty of the Commission, at the direction and
discretion of the Chairman, to assemble and maintain an
Electronic Trespass Enforcement assistance Staff, consisting of
experts in computer systems, electronics, and other professional
disciplines to aid public utilities, businesses, individuals, and
law enforcement agencies in detecting and preventing electronic
trespass violations and enforcing the provisions of Section 16-9
of the "Criminal Code of 1961", approved July 28, 1961, as
amended or any other relevant statute.
No cause of action shall exist and no liability may be imposed,
either civil or criminal, against the State, the Chairman of the
Commission, or any of its members, or any employee of the
Commission, for any act or omission by them in performance of any
power or duty authorized by this Section, unless such act of
omission was performed in bad faith and with intent to injure a
particular person.
Section 3. This act takes effect upon becoming a law.
(signed) Michael J. Madigan, Speaker, House of Representatives.
(signed) Philip J. Rock, President of the Senate
APPROVED: This 18th day of September, 1984 A.D.
(signed) James R. Thompson, Governer
** end **
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++
+ TEXAS COMPUTER LAW +
+++++++++++++++++++++++++++++++++++++++++++++++++
>--------=====***=====--------<
TEXAS COMPUTER LAW .
>--------=====***=====--------<
Relating to the creation and prosecution of offenses involving
computers; providing penalties and an affirmative defense; adding
Chapter 33 to the Penal Code.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Title 7, Penal Code, is amended by adding Chapter 33
to be read as follows:
CHAPTER 33. COMPUTER CRIMES
Section 33.02. BREACH OF COMPUTER SECURITY.
(1) uses a computer without the effective consent of the owner of
the computer or a person authorized to license access to the
computer and the actor knows that there exists a computer
security system intended to prevent him from making that use of
the computer; or (2) gains access to data stored or maintained by
a computer without the effective consent of the owner or license
of the data and the actor knows that there exists a computer
security system intended to prevent him from gaining access to
that data.
(b) A person commits an offense if the person intentionally or
knowingly gives a password, identifying code, personal
identification number or other confidential information about a
computer security system to another person without the effective
consent of the person employing their computer security system to
restrict the use of a computer or to restrict access to data
stored or maintained by a computer.
(c) An offense under this section is a Class A misdemeanor.
Section 33.03. HARMFUL ACCESS.
(a) A person commits an offense if the person intentionally or
knowingly:
(1) causes a computer to malfunction or interrupts the operation
of a computer without the effective consent of the owner of the
computer or a person
authorized to license access to the computer; or (2) alters,
damages, or destroys data or a computer program stored,
maintained or produced by a computer without the effective
consent of the owner or licensee of the data or computer program.
(b) An offense under this section is:
(1) a Class B misdemeanor if the conduct did not cause any loss
or damage or i the value of the loss or damage caused by the
conduct is less than $200;
(2) a Class A misdemeanor if value of the loss or damage caused
by the conduct is $200 or more but less than $2,500; or (3) a
felony of the third degree if value of the loss or damage caused
by the conduct is $2,500 or more.
Section 33.04. DEFENSE. It is an affirmative defense to
prosecution under Section 33.02 and 33.03 of this code that the
actor was an officer, employee o agent of a communications common
carrier or an electric utility and committed the proscribed act
or acts in the course of employment while engaged in an activity
that is a necessary incident to the rendition of service or to
the protection of the rights or property of the communications
common carrier or electric utility.
Section 33.05. ASSISTANCE BY ATTORNEY GENERAL. The attorney
general, if requested to do so by a prosecuting attorney, may
assist the prosecuting attorney in the investigation or
prosecution of an offense under this chapter or of any other
offense involving the use of a computer.
SECTION 2. This act takes effect September 1, 1985
SECTION 3. The importance of this legislation and the crowded
condition of the calendars in both houses create an emergency and
an imperative public necessity that the constitutional rule
requiring bills to be read on three several days in each house be
suspended, and this rule is hereby suspended.
(SB 72 passed the Senate on March 11, 1985, by a voice vote. The
Senate then concurred in House amendment on May 25, 1985 by a
voice vote. The House passed the bill, with one amendment, on May
22, 1985: 138-0 with 6 abstentions.)
>--------=====***=====--------<
Section 33.01 DEFINITIONS. In this chapter: (1) Communications
common carrier' means a person who owns or operates a telephone
system, in this state that includes equipment or facilities for
the conveyance, transmission or reception of communications and
who receives compensation from persons who use that system. (2)
Computer' means an electronic device that performs logical,
arithmetic, or memory functions by the manipulations of
electronic or magnetic impulses and includes all input, output,
processing, storage or communication facilities that are
connected or related to the device. Computer' includes a network
of two or more computers that are interconnected to function or
communicate together. (3) Computer program' means an ordered set
of data representing coded instructions or statements that when
executed by a computer cause the computer to process data or
perform certain functions. (4) Computer security system' means
the design, procedures, or other measures that the person
responsible for the operation and use of a computer employs to
restrict the use of the computer to particular persons or uses
that the owner or licensee of data stored or maintained by a
computer in which the owner or licensee is entitled to store or
maintain the data employs to restrict access to the data. (5)
Data' means a representation of information, knowledge, facts
concepts, or instructions that is being prepared or has been
prepared in a formalized manner and is intended to be stored or
processed, is being stored o processed or has been stored or
processed in a computer. Data may be embodied in any form,
including but not limited to computer printouts, magnetic storage
media, and punchcards, or may be stored internally in the memory
of the computer. (6) Electric utility' has the meaning assigned
by Subsection (c), Section 3, Public Utility Regulatory Act
(Article 1446c, Vernon's Civil Statutes).
>--------=====END=====--------<
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*******************************************************
* PHILE 7: Teleconnect Wants Your Rights *
*******************************************************
The Lifeblood of the BBS world is the telephone line.
If teleco czars begin abusing their public trust by
deciding who we can or cannot call, it endangers not only
the BSS world, but fundamental freedoms of expression and
assembly. Sometimes individual bureaucrats screw up. They
make bad decisions, break agreements, or simply are
incompetent. No big deal. The danger comes when, by policy,
a national utility attempts to curtail or freedoms.
TELECONNECT, a long distance carrier out of Iowa, has done this.
The three contributions below illustrate how TELECONNECT
has attempted to bully some of its users. In the first,
TC attempted to block numbers to a bulletin board. In the
second, it monitored one its users and decided who that user
could and could not call. The third illustrates Teleconnects
arrogance.
BBS users tend to be a bit fragmented, and when we have a problem,
we deal with it individually. We should start banding together.
If you are having, or have had, a problem with your teleco
crowd, let us know. We will not print real names without
permission.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
BLOCKING OF LONG-DISTANCE CALLS
by Jim Schmickley
Hawkeye PC, Cedar Rapids, Iowa
SUMMARY. This article describes the "blocking" by one
long-distance telephone company of access through their system to
certain telephone numbers, particularly BBS numbers. The
blocking is applied in a very arbitrary manner, and the company
arrogantly asserts that BBS SYSOPS and anyone who uses a computer
modem are "hackers."
The company doesn't really want to discuss the situation,
but it appears the following scenario occurred. The proverbial
"person or persons unknown" identified one or more "valid"
long-distance account numbers, and subsequently used those
numbers on one or more occasions to fraudulently call a
legitimate computer bulletin board system (BBS). When the
long-distance company discovered the fraudulent charges, they
"blocked" the line without bothering to investigate or contacting
the BBS System Operator to obtain his assistance. In fact, the
company did not even determine the SYSOP's name.
The long-distance carrier would like to pretend that the
incident which triggered the actions described in this article
was an isolated situation, not related to anything else in the
world. However, there are major principles of free, uninhibited
communications and individual rights deeply interwoven into the
issue. And, there is still the lingering question, "If one
long-distance company is interfering with their customers'
communications on little more than a whim, are other long-distant
companies also interfering with the American public's right of
free 'electronic speech'?"
CALL TO ACTION. Your inputs and protests are needed now to
counter the long-distance company's claims that "no one was hurt
by their blocking actions because nobody complained." Obviously
nobody complained for a long time because the line blocking was
carried out in such a manner that no one realized, until April
1988, what was being done.
Please read through the rest of this article (yes, it's
long, but you should find it very interesting) and judge for
yourself. Then, please write to the organizations listed at the
end of the article; insist that your right to telephone whatever
number you choose should not be impaired by the arbitrary
decision of some telephone company bureaucrat who really doesn't
care about the rights of his customers. Protest in the strongest
terms. And, remember: the rights you save WILL BE YOUR OWN!
SETTING THE SCENE. Teleconnect is a long-distance carrier
and telephone direct marketing company headquartered in Cedar
Rapids, Iowa. The company is about eight years old, and has a
long-distance business base of approximately 200,000 customers.
Teleconnect has just completed its first public stock offering,
and is presently (August 1988) involved in a merger which will
make it the nation's fourth-largest long-distance carrier. It is
a very rapidly-growing company, having achieved its spectacular
growth by offering long-distance service at rates advertised as
being 15% to 30% below AT&T's rates.
When Teleconnect started out in the telephone
interconnection business, few, if any, exchanges were set up for
"equal access", so the company set up a network of local access
numbers (essentially just unlisted local PABXs - private
automatic branch exchanges) and assigned a six-digit account
number to each customer. Later, a seventh "security" digit was
added to all account numbers. (I know what you're thinking -
what could be easier for a war-games dialer than to seek out
"valid" seven-digit numbers?) Teleconnect now offers direct
"equal access" dialing on most exchanges. But, the older access
number/account code system is still in place for those exchanges
which do not offer "equal access." And, that system is still
very useful for customers who place calls from their offices or
other locations away from home.
"BLOCKING" DISCOVERED. In early April 1988, a friend
mentioned that Teleconnect was "blocking" certain telephone lines
where they detected computer tone. In particular, he had been
unable to call Curt Kyhl's Stock Exchange BBS in Waterloo, Iowa.
This sounded like something I should certainly look into, so I
tried to call Curt's BBS.
CONTACT WITH TELECONNECT. Teleconnect would not allow my
call to go through. Instead, I got a recorded voice message
stating that the call was a local call from my location. A
second attempt got the same recorded message. At least, they
were consistent.
I called my Teleconnect service representative and asked
just what the problem was. After I explained what happened, she
suggested that it must be a local call. I explained that I
really didn't think a 70 mile call from Cedar Rapids to Waterloo
was a local call. She checked on the situation and informed me
that the line was being "blocked." I asked why, and she
"supposed it was at the customer's request." After being advised
that statement made no sense, she admitted she really didn't know
why. So, on to her supervisor.
The first level supervisor verified the line was being
"blocked by Teleconnect security", but she couldn't or wouldn't
say why. Then, she challenged, "Why do you want to call that
number?" That was the wrong question to ask this unhappy
customer, and the lady quickly discovered that bit of information
was none of her business, And, on to her supervisor.
The second level supervisor refused to reveal any
information of value to a mere customer, but she did suggest that
any line Teleconnect was blocking could still be reached through
AT&T or Northwestern Bell by dialing 10288-1. When questioned
why Teleconnect, which for years had sold its long-distance
service on the basis of a cost-saving over AT&T rates, was now
suggesting that customers use AT&T, the lady had no answer.
I was then informed that, if I needed more information, I
should contact Dan Rogers, Teleconnect's Vice President for
Customer Service. That sounded good; "Please connect me." Then,
"I'm sorry, but Mr. Rogers is out of town, and won't be back
until next week." "Next week?" "But he does call in regularly.
Maybe he could call you back before that." Mr. Rogers did call
me back, later that day, from Washington, D.C. where he and some
Teleconnect "security people" were attending a conference on
telephone security.
TELECONNECT RESPONDS, A LITTLE. Dan Rogers prefaced his
conversation with, "I'm just the mouthpiece; I don't understand
all the technical details. But, our security people are blocking
that number because we've had some problems with it in the past."
I protested that the allegation of "problems" didn't make sense
because the number was for a computer bulletin board system
operated by a reputable businessman, Curt Kyhl.
Mr. Rogers said that I had just given Teleconnect new
information; they had not been able to determine whose number
they were blocking. "Our people are good, but they're not that
good. Northwestern Bell won't release subscriber information to
us." And, when he got back to his office the following Monday,
he would have the security people check to see if the block could
be removed.
The following Monday, another woman from Teleconnect called
to inform me that they had checked the line, and they were
removing the block from it. She added the comment that this was
the first time in four years that anyone had requested that a
line be unblocked. I suggested that it probably wouldn't be the
last time.
In a later telephone conversation, Dan Rogers verified that
the block had been removed from Curt Kyhl's line, but warned that
the line would be blocked again "if there were any more problems
with it." A brief, non-conclusive discussion of Teleconnect's
right to take such action then ensued. I added that the fact
that Teleconnect "security" had been unable to determine the
identity of the SYSOP of the blocked board just didn't make
sense; that it didn't sound as if the "security people" were very
competent. Mr. Rogers then admitted that every time the security
people tried to call the number, they got a busy signal (and,
although Mr. Rogers didn't admit it, they just "gave up", and
arbitrarily blocked the line.) Oh, yes, the lying voice message,
"This is a local call...", was not intended to deceive anyone
according to Dan Rogers. It was just that Teleconnect could only
put so many messages on their equipment, and that was the one
they selected for blocked lines.
BEGINNING THE PAPER TRAIL. Obviously, Teleconnect was not
going to pay much attention to telephone calls from mere
customers. On April 22, Ben Blackstock, practicing attorney and
veteran SYSOP, wrote to Mr. Rogers urging that Teleconnect permit
their customers to call whatever numbers they desired. Ben
questioned Teleconnect's authority to block calls, and suggested
that such action had serious overlays of "big brother." He also
noted that "you cannot punish the innocent to get at someone who
is apparently causing Teleconnect difficulty."
Casey D. Mahon, Senior Vice President and General Counsel of
Teleconnect, replied to Ben Blackstock's letter on April 28th.
This response was the start of Teleconnect's seemingly endless
stream of vague, general allegations regarding "hackers" and
"computer billboards." Teleconnect insisted they did have
authority to block access to telephone lines, and cited 18 USC
2511(2)(a)(i) as an example of the authority. The Teleconnect
position was summed up in the letter:
"Finally, please be advised the company is willing to
'unblock' the line in order to ascertain whether or not illegal
hacking has ceased. In the event, however, that theft of
Teleconnect long distance services through use of the bulletin
board resumes, we will certainly block access through the
Teleconnect network again and use our authority under federal law
to ascertain the identity of the hacker or hackers."
THE GAUNTLET IS PICKED UP. Mr. Blackstock checked the cited
section of the U.S. Code, and discovered that it related only to
"interception" of communications, but had nothing to do with
"blocking". He advised me of his opinion and also wrote back to
Casey Mahon challenging her interpretation of that section of
federal law.
In his letter, Ben noted that, "Either Teleconnect is
providing a communication service that is not discriminatory, or
it is not." He added that he would "become upset, to say the
least" if he discovered that Teleconnect was blocking access to
his BBS. Mr. Blackstock concluded by offering to cooperate with
Teleconnect in seeking a declaratory judgment regarding their
"right" to block a telephone number based upon the actions of
some third party. To date, Teleconnect has not responded to that
offer.
On May 13th, I sent my own reply to Casey Mahon, and
answered the issues of her letter point by point. I noted that
even I, not an attorney, knew the difference between
"interception" and "blocking", and if Teleconnect didn't, they
could check with any football fan. My letter concluded:
"Since Teleconnect's 'blocking' policies are ill-conceived,
thoughtlessly arbitrary, anti-consumer, and of questionable
legality, they need to be corrected immediately. Please advise
me how Teleconnect is revising these policies to ensure that I
and all other legitimate subscribers will have uninhibited access
to any and all long-distance numbers we choose to call."
Casey Mahon replied on June 3rd. Not unexpectedly, she
brushed aside all my arguments. She also presented the first of
the sweeping generalizations, with total avoidance of specifics,
which we have since come to recognize as a Teleconnect trademark.
One paragraph neatly sums Casey Mahon's letter:
"While I appreciate the time and thought that obviously went
into your letter, I do not agree with your conclusion that
Teleconnect's efforts to prevent theft of its services are in any
way inappropriate. The inter-exchange industry has been plagued,
throughout its history, by individuals who devote substantial
ingenuity to the theft of long distance services. It is not
unheard of for an interexchange company to lose as much as
$500,000 a month to theft. As you can imagine, such losses, over
a period of time, could drive a company out of business."
ESCALATION. By this time it was very obvious that
Teleconnect was going to remain recalcitrant until some third
party, preferably a regulatory agency, convinced them of the
error of their ways. Accordingly, I assembled the file and added
a letter of complaint addressed to the Iowa Utilities Board. The
complaint simply asked that Teleconnect be directed to institute
appropriate safeguards to ensure that "innocent third parties"
would no longer be adversely affected by Teleconnect's arbitrary
"blocking" policies.
My letter of complaint was dated July 7th, and the Iowa
Utilities Board replied on July 13th. The reply stated that
Teleconnect was required to respond to my complaint by August
2nd, and the Board would then propose a resolution. If the
proposed resolution was not satisfactory, I could request that
the file be reopened and the complaint be reconsidered. If the
results of that action were not satisfactory, a formal hearing
could be requested.
After filing the complaint, I also sent a copy of the file
to Congressman Tom Tauke. Mr. Tauke represents the Second
Congressional District of Iowa, which includes Cedar Rapids, and
is also a member of the House Telecommunica-tions Subcommittee.
I have subsequently had a personal conversation with Mr. Tauke as
well as additional correspondence on the subject. He seems to
have a deep and genuine interest in the issue, but at my request,
is simply an interested observer at this time. It is our hope
that the Iowa Utilities Board will propose an acceptable
resolution without additional help.
AN UNRESPONSIVE RESPONSE. Teleconnect's "response" to the
Iowa Utilities Board was filed July 29th. As anticipated, it was
a mass of vague generalities and unsubstantiated allegations.
However, it offered one item of new, and shocking, information;
Curt Kyhl's BBS had been blocked for ten months, from June 6,
1987 to mid-April 1988. (At this point it should be noted that
Teleconnect's customers had no idea that the company was blocking
some of our calls. We just assumed that calls weren't going
through because of Teleconnect's technical problems.)
Teleconnect avoided putting any specific, or even relevant,
information in their letter. However, they did offer to whisper
in the staff's ear; "Teleconnect would be willing to share
detailed information regarding this specific case, and hacking in
general, with the Board's staff, as it has in the past with
various federal and local law enforcement agencies, including the
United States Secret Service. Teleconnect respectfully requests,
however, that the board agree to keep such information
confidential, as to do otherwise would involve public disclosure
of ongoing investigations of criminal conduct and the methods by
which interexchange carriers, including Teleconnect, detect such
theft."
There is no indication of whether anyone felt that such a
"confidential" meeting would violate Iowa's Open Meetings Law.
And, nobody apparently questioned why, during a ten-months long
"ongoing investigation", Teleconnect seemed unable to determine
the name of the individual whose line they were blocking. Of
course, whatever they did was justified because (in their own
words), "Teleconnect had suffered substantial dollar losses as a
result of the theft of long distance services by means of
computer 'hacking' utilizing the computer billboard which is
available at that number."
Teleconnect's most vile allegation was, "Many times, the
hacker will enter the stolen authorization code on computer
billboards, allowing others to steal long distance services by
utilizing the code." But no harm was done by the blocking of the
BBS number because, "During the ten month period the number was
blocked, Teleconnect received no complaints from anyone claiming
to be the party to whom the number was assigned." The fact that
Curt Kyhl had no way of knowing his line was being blocked might
have had something to do with the fact that he didn't complain.
It was also pointed out that I really had no right to
complain since, "First, and foremost, Mr. Schmickley is not the
subscriber to the number." That's true; I'm just a long-time
Teleconnect customer who was refused service because of an
alleged act performed by an unknown third party.
Then Teleconnect dumped on the Utilities Board staff a copy
of a seven page article from Business Week Magazine, entitled "Is
Your Computer Secure?" This article was totally unrelated to the
theft of long-distance service, except for an excerpt from a
sidebar story about a West German hackers' club. The story
reported that, "In 1984, Chaos uncovered a security hole in the
videotex system that the German telephone authority, the Deutsche
Bundespost, was building. When the agency ignored club warnings
that messages in a customer's private electronic mailbox weren't
secure, Chaos members set out to prove the point. They logged on
to computers at Hamburger Sparkasse, a savings bank, and
programmed them to make thousands of videotex calls to Chaos
headquarters on one weekend. After only two days of this, the
bank owed the Bundespost $75,000 in telephone charges."
RESOLUTION WITH A RUBBER STAMP. The staff of the Iowa
Utilities Board replied to my complaint by letter on August 19th.
They apparently accepted the vague innuendo submitted by
Teleconnect without any verification; "Considering the illegal
actions reportedly to be taking place on number (319) 236-0834,
it appears the blocking was reasonable. However, we believe the
Board should be notified shortly after the blocking and
permission should be obtained to continue the blocking for any
period of time."
However, it was also noted that, "Iowa Code 476.20 (1)
(1987) states, 'A utility shall not, except in cases of
emergency, discontinue, reduce, or impair service to a community
or a part of a community, except for nonpayment of account or
violation of rules and regulations, unless and until permission
to do so is obtained from the Board." The letter further
clarified, "Although the Iowa Code is subject to interpretation,
it appears to staff that 'emergency' refers to a relatively short
time..."
CONSIDER THE EVIDENCE. Since it appeared obvious that the
Utilities Board staff had not questioned or investigated a single
one of Teleconnect's allegations, the staff's response was
absolutely astounding. Accordingly, I filed a request for
reconsideration on August 22nd.
Three points were raised in the request for reconsideration:
(1) The staff's evaluation should have been focused on the denial
of service to me and countless others of Teleconnect's 200,000
customers, and not just on the blocking of incoming calls to one
BBS. (2) The staff accepted all of Teleconnect's allegations as
fact, although not one bit of hard evidence was presented in
support of those allegations. (3) In the words of the staff's
own citation, it appeared that Teleconnect had violated Iowa Code
476.20 (1) (1987) continuously over a ten months' period, perhaps
as long as four years.
Since Teleconnect had dumped a seven page irrelevant
magazine article on the staff, it seemed only fair to now offer a
two page completely relevant story to them. This was "On Your
Computer - Bulletin Boards", from the June 1988 issue of
"Changing Times". This excellent article cited nine BBSs as
"good places to get started". Among the nine listed BBSs was
Curt Kyhl's "Stock Exchange, Waterloo, Iowa (319-236-0834)."
Even the geniuses at Teleconnect ought to be able to recognize
that this BBS, recommended by a national magazine, is the very
same one they blocked for ten months.
MEANWHILE, BACK AT THE RANCH. You are now up-to-date on the
entire story. Now, we are in the process of spreading the word
so that all interested people can contact the Iowa authorities so
they will get the message that this case is much bigger than the
blocking of one BBS. YOU can help in two ways:
First, upload this file to bulletin boards you call. Let's
get this message distributed to BBS and modem users across the
nation, because the threat is truly to communications across the
nation.
Second, read the notice appended to this article, and ACT.
The notice was distributed at the last meeting of Hawkeye PC
Users' Group. If you are a Teleconnect customer, it is very
important that you write the agencies listed on the notice. If
you are not a Teleconnect customer, but are interested in
preserving your rights to uninhibited communications, you can
help the cause by writing to those agencies, also.
Please, people, write now! Before it is too late!
T E L E C O N N E C T C U S T O M E R S = = =
= = = = = = = = = = = = = = = = = = = = =
If you are user of Teleconnect's long distance telephone
service, you need to be aware of their "blocking" policy:
Teleconnect has been "lashing out" against the callers
of bulletin boards and other "computer numbers" by blocking
access of legitimate subscribers to certain phone numbers to
which calls have been made with fraudulent Teleconnect charge
numbers. Curt Kyhl's Stock Exchange Bulletin Board in
Waterloo has been "blocked" in such a manner. Teleconnect
representatives have indicated that other "computer numbers"
have been the objects of similar action in the past, and that
they (Teleconnect) have a "right" to continue such action in
the future.
Aside from the trampling of individual rights guaranteed
by the Bill of Rights of the U.S. Constitution, this
arbitrary action serves only to "punish the innocent"
Teleconnect customers and bulletin board operators, while
doing absolutely nothing to identify, punish, or obtain
payment from the guilty. The capping irony is that
Teleconnect, which advertises as offering significant savings
over AT&T long-distance rates, now suggests to complaining
customers that the blocked number can still be dialed through
AT&T.
Please write to Teleconnect. Explain how long you have
been a customer, that your modem generates a significant
amount of the revenue they collect from you, and that you
strongly object to their abritrarily deciding what numbers
you may or may not call. Challenge their "right" to
institute a "blocking" policy and insist that the policy be
changed. Send your protests to:
Teleconnect Company Mr. Dan Rogers, Vice
President
for Customer Service 500 Second Avenue,
S.E. Cedar Rapids, Iowa 52401
A complaint filed with the Iowa Utilities Board has been
initially resolved in favor of Teleconnect. A request for
reconsideration has been filed, and the time is NOW for YOU
to write letters to the State of Iowa. Please write NOW to:
Mr. Gerald W. Winter, Supervisor, Consumer
Services
Iowa State Utilities Board Lucas State
Office Building Des Moines, Iowa 50319
And to:
Mr. James Maret Office of the Consumer
Advocate Lucas State Office Building Des
Moines, Iowa 50319
Write now. The rights you save WILL be your own.
August 28,1988
After filing a request for reconsideration of my complaint,
I received a reply from the Iowa State Utilities Board which
said, in part:
"Thank you for your letter dated August 22, 1988, with additional
comments concerning your complaint on the blocking of access to
certain telephone numbers by Teleconnect.
"To ensure that the issues are properly investigated, we are
forwarding your comments to the company and requesting a response
by September 15, 1988."
Again, this is a very large issue. Simply stated, it is:
Does ANY telephone company have the right to "block" (or refuse
to place) calls to ANY number on the basis of unsubstantiated,
uninvestigated charges of "telephone fraud", especially when the
alleged fraud was committed by a third party without the
knowledge of the called party? In the specific case, the
question becomes; Can a long distance carrier refuse to handle
calls to a BBS solely because some unknown crook has placed
fraudulently-charged calls to that BBS?
Read BLOCKERS.ARC, and then make YOUR voice be heard by
lodging protests with the agencies listed in that file.
Incidentally, when you write, please cite file number C-88-161.
If you have any additional information which might be
helpful in this battle, please let me know. I check the
following BBSs very regularly:
Hawkeye RBBS, Ben Blackstock, SYSOP 319-363-3314
($15/year) The Forum, John Oren, SYSOP
319-365-3163 (Register Free)
You can also send info to me via U.S. Mail to:
7441 Commune Court, N.E. Cedar Rapids, Iowa
52402
I hope that, by this time, you realize how significant this
battle is for all of us. If we lose, it opens the door for
telephone companies to dictate to us just who we can (or cannot)
call, especially with modems. We CAN'T let that happen! And,
thanks for your support.
Jim Schmickley
Hawkeye PC Users' Group
Cedar Rapids, Iowa
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
(Reprinted with permisson from author)
17 November, 1988
Customer Service
Teleconnect
P.O. Box 3013
Cedar Rapids, IA 52406-9101
Dear Persons:
I am writing in response to my October Teleconnect bill, due 13
November, for $120.76. As you can see, it has not yet been paid,
and I would hope to delay payment until we can come to some equi-
table resolution of what appears to be a dispute. The records
should show that I have paid previous bills responsibly. Hence,
this is neither an attempt to delay nor avoid payment.
My account number is: 01-xxxx-xxxxxx. My user phone is: 815-xxx-
xxxx. The phone of record (under which the account is regis-
tered) is: 815-xxx-xxxx.
If possible, you might "flag" my bill so I will not begin receiv-
ing dunning notices until we resolve the problem.
I have several complaints. One is the bill itself, the other is
the service. I feel my bill has been inflated because of the poor
quality of the service you provide to certain areas of the coun-
try. These lines are computer lines, and those over which the
dispute occurs are 2400 baud lines. Dropping down to 1200 baud
does not help much. As you can see from my bill, there are numer-
ous repeat calls made to the same location within a short period
of time. The primary problems occured to the following loca-
tions:
1. Highland, CA 714-864-4592
2. Montgomery, AL 205-279-6549
3. Fairbanks, AK 907-479-7215
4. Lubbock, TX 806-794-4362
5. Perrine, FL 305-235-1645
6. Jacksonville, FL 904-721-1166
7. San Marcos, TX 512-754-8182
8. Birmingham, AL 205-979-8409
9. N. Phoenix, AZ 602-789-9269
The problem is simply that, to these destinations, Teleconnect
can simply not hold a line. AT&T can. Although some of these des-
tinations were held for a few minutes, generally, I cannot depend
on TC service, and have more recently begun using AT&T instead.
Even though it may appear from the records that I maintained some
contact for several minutes, this time was useless, because I
cold not complete my business, and the time was wasted. An equi-
table resolution would be to strike these charges from my bill.
I would also hope that the calls I place through AT&T to these
destinations will be discounted, rather than pay the full cost.
I have enclosed my latest AT&T bill, which includes calls that I
made through them because of either blocking or lack of quality
service. If I read it correctly, no discount was taken off. Is
this correct?
As you can see from the above list of numbers, there is a pattern
in the poor quality service: The problem seems to lie in Western
states and in the deep south. I have no problem with the midwest
or with numbers in the east.
I have been told that I should call a service representative when
I have problems. This, however, is not an answer for several rea-
sons. First, I have no time to continue to call for service in
the middle of a project. The calls tend to be late at night, and
time is precious. Second, on those times I have called, I either
could not get through, or was put on hold for an indeterminable
time. Fourth, judging from comments I have received in several
calls to Teleconnect's service representatives, these seem to be
problems for which there is no immediate solution, thus making
repeated calls simply a waste of time. Finally, the number of
calls on which I would be required to seek assistance would be
excessive. The inability to hold a line does not seem to be an
occasional anomaly, but a systematic pattern that suggests that
the service to these areas is, indeed, inadequate.
A second problem concerns the Teleconnect policy of blocking cer-
tain numbers. Blocking is unacceptable. When calling a blocked
number, all one receives is a recorded message that "this is a
local call." Although I have complained about this once I learned
of the intentional blocking, the message remained the same. I
was told that one number (301-843-5052) would be unblocked, and
for several hours it was. Then the blocking resumed.
A public utility simply does not have the right to determine who
its customers may or may not call. This constitutes a form of
censorship. You should candidly tell your customers that you must
approve of their calls or you will not place them. You also have
the obligation to provide your customers with a list of those
numbers you will not service so that they will not waste their
time attempting to call. You might also change the message that
indicates a blocked call by saying something "we don't approve of
who you're calling, and won't let you call."
I appreciate the need to protect your customers. However, block-
ing numbers is not appropriate. It is not clear how blocking aids
your investigation, or how blocking will eliminate whatever prob-
lems impelled the action. I request the following:
1. Unblock the numbers currently blocked.
2. Provide me with a complete list of the numbers you are
blocking
3. End the policy of blocking.
I feel Teleconnect has been less than honest with its customers,
and is a bit precipitous in trampling on rights, even in a worthy
attempt to protect them from abuses of telephone cheats. How-
ever, the poor quality of line service, combined with the appar-
ent violation of Constitutional rights, cannot be tolerated.
Those with whom I have spoken about this matter are polite, but
the bottom line is that they do not respond to the problem. I
would prefer to pay my bill only after we resolve this.
Cheerfully,
(Name removed by request)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/*/ ST*ZMAG SPECIAL REPORT - by Jerry Cross /*/
(reprinted from Vol. #28, 7 July, 1989)
===============================================
TELECONNECT CALL BLOCKING UPDATE
Ctsy (Genesee Atari Group)
Background
==========
At the beginning of last year one of my bbs users uploaded a
file he found on another bbs that he thought I would be
interested in. It detailed the story of an Iowa bbs operator
who discovered that Teleconnect, a long distance carrier, was
blocking incoming calls to his bbs without his or the callers
knowledge.
As an employee of Michigan Bell I was very interested. I could
not understand how a company could interfere with the
transmissions of telephone calls, something that was completely
unheard of with either AT&T or Michigan Bell in the past. The
calls were being blocked, according to Teleconnect public
relations officials, because large amounts of fraudulent calls
were being placed through their system. Rather than attempting
to discover who was placing these calls, Teleconnect decided to
take the easy (and cheap) way out by simply block access to the
number they were calling. But the main point was that a long
distance company was intercepting phone calls. I was very
concerned.
I did some investigating around the Michigan area to see what
the long distance carriers were doing, and if they, too, were
intercepting or blocking phone calls. I also discovered that
Teleconnect was just in the process of setting up shop to serve
Michigan. Remember, too, that many of the former AT&T customers
who did not specify which long distance carrier they wanted at
the time of the AT&T breakup were placed into a pool, and
divided up by the competing long distance companies. There are
a number of Michigan users who are using certain long distance
carriers not of their choice.
My investigation discovered that Michigan Bell and AT&T have a
solid, computer backed security system that makes it unnecessary
for them to block calls. MCI, Sprint, and a few other companies
would not comment or kept passing me around to other
departments, or refused to comment about security measures.
I also discussed this with Michigan Bell Security and was
informed that any long distance company that needed help
investigating call fraud would not only receive help, but MBT
would actually prepare the case and appear in court for
prosecution!
My calls to Teleconnect were simply ignored. Letters to the
public service commission, FCC, and other government departments
were also ignored. I did, however, get some cooperation from
our U.S. Representative Dale Kildee, who filed a complaint in my
name to the FCC and the Interstate Commerce Commission. What
follows is their summary of an FCC investigation to Mr. Kildee's
office.
----
Dear Congressman Kildee:
This is in further response to your October 18, 1988 memorandum
enclosing correspondence from Mr. Gerald R. Cross, President of
the Genesee Atari Group in Flint, Michigan concerning a reported
incidence of blocking calls from access to Curt Kyhl's Stock
Exchange Bulletin Board System in Waterloo, Iowa by Teleconnect,
a long distance carrier. Mr. Cross, who also operates a
bulletin board system (bbs), attaches information indicating
that Teleconnect blocked callers from access via its network to
Mr. Kyhl's BBS number in an effort to prevent unauthorized use
of its customers' long distance calling authorization codes by
computer "hackers". Mr. Cross is concerned that this type of
blocking may be occurring in Michigan and that such practice
could easily spread nationwide, thereby preventing access to
BBSs by legitimate computer users.
On November 7, 1988, the Informal Complaints Branch of the
Common Carrier Bureau directed Teleconnect to investigate Mr.
Cross' concerns and report the results of its investigation to
this Commission. Enclosed, for your information, is a copy of
Teleconnect's December 7, 1988 report and its response to a
similar complaint filed with this Commission by Mr. James
Schmickley. In accordance with the commission's rules, the
carrier should have forwarded a copy of its December 7, 1988
report to Mr. Cross at the same time this report was filed with
the Commission. I apologize for the delay in reporting the
results of our investigation to your office.
Teleconnect's report states that it is subject to fraudulent use
of its network by individuals who use BBSs in order to
unlawfully obtain personal authorization codes of consumers.
Teleconnect also states that computer "hackers" employ a series
of calling patterns to access a carrier's network in order to
steal long distance services. The report further states that
Teleconnect monitors calling patterns on a 24 hour basis in an
effort to control, and eliminate when possible, code abuse. As
a result of this monitoring, Teleconnect advises that its
internal security staff detected repeated attempts to access the
BBS numbers in question using multiple seven-digit access codes
of legitimate Teleconnect customers. These calling patterns,
according to Teleconnect, clearly indicated that theft of
telecommunications services was occurring.
The report states that Teleconnect makes a decision to block
calls when the estimated loss of revenue reaches at least $500.
Teleconnect notes that blocking is only initiated when signs of
"hacking" and other unauthorized usage are present, when local
calls are attempted over its long distance network or when a
customer or other carrier has requested blocking of a certain
number. Teleconnect maintains that blocking is in compliance
with the provisions of Section A.20.a.04 of Teleconnect's Tariff
F.C.C. No. #3 which provides that service may be refused or
disconnected without prior notice by Teleconnect for fraudulent
unauthorized use. The report also states that Teleconnect
customers whose authorizations codes have been fraudulently used
are immediately notified of such unauthorized use and are issued
new access codes. Teleconnect further states that while an
investigation is pending, customers are given instructions on
how to utilize an alternative carrier's network by using "10XXX"
carrier codes to access interstate or intrastate communications
until blocking can be safely lifted.
Teleconnect maintains that although its tariff does not require
prior notice to the number targeted to be blocked, it does, in
the case of a BBS, attempt to identify and contact the Systems
Operator (SysOp), since the SysOp will often be able to assist
in the apprehension of an unauthorized user. The report states
that with regard to Mr. Kyle's Iowa BBS, Teleconnect was unable
to identify Mr. Kyle as the owner of the targeted number because
the number was unlisted and Mr. Kyhl's local carrier was not
authorized to and did not release any information to Teleconnect
by which identification could be made. The report also states
that Teleconnect attempted to directly access the BBS to
determine the identity of the owner but was unable to do so
because its software was incompatible with the BBS.
Teleconnect states that its actions are not discriminatory to
BBSs and states that it currently provides access to literally
hundreds of BBSs around the country. The report also states
that Teleconnect's policy to block when unauthorized use is
detected is employed whether or not such use involves a BBS.
Teleconnect advises that when an investigation is concluded or
when a complaint is received concerning the blocking, the
blocking will be lifted, as in the case of the Iowa BBS.
However, Teleconnect notes that blocking will be reinstated if
illegal "hacking" recurs.
Teleconnect advises that it currently has no ongoing
investigations within the State of Michigan and therefore, is
not presently blocking any BBSs in Michigan. However,
Teleconnect states that it is honoring the request of other
carriers and customers to block access to certain numbers.
The Branch has reviewed the file on this case. In accordance
with the Commission's rules for informal complaints it appears
that the carrier's report is responsive to our Notice.
Therefore, the Branch, on its own motion, is not prepared to
recommend that the Commission take further action regarding this
matter. --------
This letter leaves me with a ton of questions. First, lets be
fair to Teleconnect. Long distance carriers are being robbed of
hundreds of thousands of dollars annually by "hackers" and must
do something to prevent it. However, call blocking is NOT going
to stop it. The "hacker" still has access to the carrier
network and will simply start calling other numbers until that
number, too, is blocked, then go on to the next. The answer is
to identify the "hacker" and put him out of business.
Teleconnect is taking a cheap, quick fix approach that does
nothing to solve the problem, and hurts the phone users as a
whole.
They claim that their customers are able to use other networks
to complete their calls if the number is being blocked. What if
other networks decide to use Teleconnect's approach? You would
be forced to not only keep an index of those numbers you call,
but also the long distance carrier that will let you call it!
Maybe everyone will block that number, then what will you do?
What if AT&T decided to block calls? Do they have this right
too?
And how do you find out if the number is being blocked? In the
case of Mr. Kyhl's BBS, callers were given a recording that
stated the number was not in service. It made NO mention that
the call was blocked, and the caller would assume the service
was disconnect. While trying to investigate why his calls were
not going through, Mr. James Schmickley placed several calls to
Teleconnect before they finally admitted the calls were being
blocked! Only after repeated calls to Teleconnect was the
blocking lifted. It should also be noted that Mr. Kyhl's bbs is
not a pirate bbs, and has been listed in a major computer
magazine as one of the best bbs's in the country.
As mentioned before, MBT will work with the long distance
carriers to find these "hackers". I assume that the other local
carriers would do the same. I do not understand why Teleconnect
could not get help in obtaining Mr. Kyhl's address. It is true
the phone company will not give out this information, but WILL
contact the customer to inform him that someone needs to contact
him about possible fraud involving his phone line. If this
policy is not being used, maybe the FCC should look into it.
Call blocking is not restricted to BBSs, according to
Teleconnect. They will block any number that reaches a $500
fraud loss. Lets say you ran a computer mail order business and
didn't want to invest in a WATTS line. Why should an honest
businessman be penalized because someone else is breaking the
law? It could cost him far more the $500 from loss of sales
because of Teleconnect's blocking policy.
Teleconnect also claims that "they are honoring the request of
other carriers and customers to block access to certain
numbers". Again, MBT also has these rules. But they pertain to
blocking numbers to "certain numbers" such as dial-a-porn
services, and many 900- numbers. What customer would ever
request that Teleconnect block incoming calls to his phone?
And it is an insult to my intelligence for Teleconnect to claim
they could not log on to Mr. Kyhl's BBS. Do they mean to say
that with hundreds of thousands of dollars in computer
equipment, well trained technicians, and easy access to phone
lines, that they can't log on to a simple IBM bbs? Meanwhile,
here I sit with a $50 Atari 800xl and $30 Atari modem and I have
no problem at all accessing Mr. Kyhl's bbs! What's worse, the
FCC (the agency in charge of regulating data transmission
equipment), bought this line too! Incredible!!!
And finally, I must admit I don't have the faintest idea what
Section A.20.a.04 of Teleconnect's Tariff F.C.C. No. 3 states,
Walk into your local library and ask for this information and
you get a blank look from the librarian. I know, I tried!
However, MBT also has similar rules in their tariffs.
Teleconnect claims that the F.C.C. tariff claims that "service
may be refused or disconnected without prior notice by
Teleconnect for fraudulent, unauthorized use". This rule, as
applied to MBT, pertains ONLY to the subscriber. If an MBT
customer were caught illegally using their phone system then MBT
has the right to disconnect their service. If a Teleconnect
user wishes to call a blocked number, and does so legally, how
can Teleconnect refuse use to give them service? This appears
to violate the very same tarriff they claim gives them the right
to block calls!
I have a few simple answers to these questions. I plan, once
again, to send out letters to the appropriate agencies and
government representatives, but I doubt they will go anywhere
without a mass letter writing campaign from all of you. First,
order that long distance companies may not block calls without
the consent of the customer being blocked. Every chance should
be given to him to assist in identifying the "hacker", and he
should not be penalized for other people's crimes. There should
also be an agency designated to handle appeals if call blocking
is set up on their line. Currently, there is no agency, public
service commission, or government office (except the FCC) that
you can complain to, and from my experience trying to get
information on call blocking I seriously doubt that they will
assist the customer.
Next, order the local phone carriers to fully assist and give
information to the long distance companies that will help
identify illegal users of their systems. Finally, order the
Secret Service to investigate illegal use of long distance
access codes in the same manner that they investigate credit
card theft. These two crimes go hand in hand. Stiff fines and
penalties should be made mandatory for those caught stealing
long distance services.
If you would like further information, or just want to discuss
this, I am available on Genie (G.Cross) and CompuServe
(75046,267). Also, you can reach me on my bbs (FACTS,
313-736-4544). Only with your help can we put a stop to call
blocking before it gets too far out of hand.
>--------=====END=====--------<
*******************************************************
* PHILE 8: VIRUSES *
*******************************************************
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
There has been a lot of concern about viruses, even though
they still seem to be relatively rare. Forewarned is forearmed,
as they say, and we've come across a pretty useful anti-virus
newsletter called VIRUS-L that gives info on all the latest
bugs, vaccines, and general gossip. It's called VIRUS-L, and
we've found it helpful, so we've extracted some of the best
of the stuff and passed it along. Thanks to FLINT (of the
UNDERGROUND) and CHRIS ROBIN for pulling some of the stuff
together.
* * *
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU. Information on
accessing anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- Ken van Wyk
---------------------------------------------------------------------------
Date: Wed, 06 Sep 89 11:54:00 -0400
From: Peter W. Day <OSPWD%EMUVM1.BITNET@IBM1.CC.Lehigh.Edu>
Subject: Re: Appleshare and viruses
>Date: 04 Sep 89 01:18:53 +0000
>From: gilbertd@silver.bacs.indiana.edu (Don Gilbert)
>Subject: Appleshare and viruses ?
>
>What are the conditions under which current Mac viruses can
>infect files on Appleshare volumes?
I have not attempted to infect any files with a virus, whether on an
AppleShare volume or otherwise, but based on what I know about
Macintosh, AppleShare and viruses, here is what I think is true.
A Mac virus can infect a file only if it can write to the file, no matter
where the file is located. A micro cannot access an AppleShare volume
directly: it must ask the server to access the AppleShare volume on its
behalf. As a result, the server can enforce access privileges.
Access privileges apply only to FOLDERS. For the benefit of other
readers, the privileges are See Files, See folders and Make Changes.
They apply individually to the owner, a group, and everyone.
I experimented writing directly to files and folders on an AppleShare
volume using Microsoft Word, typing the explicit file path in a
Save As... dialog box. For a file to be changeable, the volume and
folders in the file path must have See Folders privilege, and the final
folder must have See Files and Make Changes privilege. The virus would
probably need to search for files to infect, and would only find files
along paths with See Folders privs for the volume and folders in the
path, and See Files in the final folder.
Macintoshes used with shared files are subject to trojans, and the trojan
could be infected with a virus. Consider the following scenario: A user
has a private folder on a volume shared with others using (say)
AppleShare. The volume has a folder containing a shared application
named, say, Prog1, and the folder has everyone See Files and
See Folders but not Make Changes (i.e. it is read-only). The user makes
a private copy of Prog1, and later runs a virus-infected program locally
while the shared volume is mounted, and the copy of Prog1 becomes
infected. The user now makes his AppleShare folder sharable (See Files,
See Folders) to everyone (so that someone can copy a file he has,
say). Another user double-clicks on a document created by Prog1,
and the Mac Finder happens to find the infected copy of Prog1 before
finding the other copy. As a result, the second user's files become
infected.
Thus I recommend that private folders be readable only by the owner as a
matter of policy. Allowing everyone Make Changes creates drop folders
so that users can exchange files. Drop Folders are safe enough in that
AppleShare does not allow you to overwrite a file when you only have
Make Changes priv. However, users should be told to run a virus check
on any files that others drop in their folders.
------------------------------
---------------------------------------------------------------------------
Date: 04 Sep 89 16:41:39 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: New Amiga virus ?
This was recently posted to comp.sys.amiga...
In article <716@mathrt0.math.chalmers.se> d8forma@dtek.chalmers.se (Martin Fors
sen) writes:
|
| Last night a friend called me, since he suspected he had a virus.
| I gladly grabbed my copy of VirusX (3.20) and drove over, but VirusX
| reported no virus. However I saw the text from the virus myself, and
| a closer look at the diskette showed that the file c/addbuffers had grown,
| furthermore a file with a blank name had appeared in devs.
|
| The main symptom of this virus is that every fourth time you reboots the tex
|
| A Computer virus is a disease
|
| Terrorism is a transgession
|
| Software piracy is a crime
|
| this is the cure
|
| BGS9 Bundesgrensschutz sektion 9
| sonderkommando "EDV"
|
| On this disk the virus had replaced the file c/addbuffers, the size of this
| new file was 2608 bytes. The above text is encoded in the program, but the
| graphics.library :-) The orginal addbuffers command was stored in a "blank"
| file in the devs directory.
| The addbuffers command was the second in the startup sequence on this disk.
| I think the virus looks in the startup-sequence for somthing (probably
| files to infect), since I found the string sys:s/startup-sequence coded
| in the virus.
| I don't know if this virus does any damage, but the person first infected
| hasn't noticed anything.
|
| The questions I now ask me is:
|
| Is this a known virus?
|
| and if the answer is no,
|
| What is Steve Tibbets mail adress?
|
|
| MaF
|
| Chalmers |USENET:d8forma@dtek.chalmers.se | " Of course I'm not lost,
| University |SNAIL: Martin Forssen | I just haven't pinpointed
| of | Marielundsgatan 9 | exactly where we are at the
| Technology |SWEDEN 431 67 Molndal | moment " (David Eddings)
- --
Jim Wright
jwright@atanasoff.cs.iastate.edu
------------------------------
Date: Fri, 01 Sep 00 11:51:00 -0400
From: Bob Babcock <PEPRBV%CFAAMP.BITNET@IBM1.CC.Lehigh.Edu>
Subject: Re: Is this a virus? (PC)
>When I copy some
>files to a floppy but I misput a write protected diskette, I find the
>error massage "retry, ...". At this time, if I answer "r" to the
>massage and puting a non-protected diskette, then the FAT and
>DIRECTORY of the protected diskette is transfered to the second non
>protected diskette(and the files that I copied to). Is this a DOS's
>bug or a virus?
This is a known behavior of MS-DOS. The directory and FAT have
already been read before the write protect error is sensed, and
when you say retry, DOS doesn't know that you have changed disks,
so it doesn't reread the directory info.
------------------------------
Date: Fri, 01 Sep 89 16:55:59 -0500
From: Joe Simpson <JS05STAF@MIAMIU.BITNET>
Subject: Re: is this a virus? (PC)
In response to the question about the FAT from a locked disk being
written to another disk this is a feature of MS-DOS, not a virus.
Another chilling scenario conserns running an application such as a
word processor, opening a document, exchangeing data diskettes, and
saving a "backup" of the file. This often hoses the "backup" disk and
sometines affects the origional file.
------------------------------
Date: 01 Sep 89 15:41:00 -0400
From: "Damon Kelley; (RJE)" <damon@umbc2.umbc.edu>
Subject: Kim's question concerning FATs (PC)
In response to Kim:
I'm no expert at MS-DOS or software-stuff, but I've been poking
around in my computer's memory long enough to believe that what you
are describing may be normal with MS-DOS. Often I see that within
memory, data stays in its assigned spot until something moves or
writes over it. I notice this effect with a certain software
word-processing/graphing/spreadsheet package I have. Sometimes when I
am retreiving data with my package, I place a data disk first before
putting in the main program disk. The program needs to do something
with the disk with the main program first, so the package asks for the
main program disk. Whe the directory pops up for the main program
disk, it shows a conglomeration of the files on the curent disk PLUS
the files that were on the removed data disk and some random garbage.
Nothing grave has happened to my files with this package (It came with
my computer. It wasn't PD/Shareware, either.), so I feel that this
may be either a DOS bug (not writing over completely the FAT) or
something normal. Of course, I've never really had an opportunity to
look at the directory track on any disks, so I can't confirm that this
is absolutely true. I can find out. Has anyone out there found mixed
FATs affecting the performance of their disks?
------------------------------
Date: Wed, 30 Aug 89 14:41:53 -0000
From: LBA002%PRIME-A.TEES-POLY.AC.UK@IBM1.CC.Lehigh.Edu
Subject: nVIR A and nVIR B explained (Mac)
I spotted this in the August issue of Apple2000 (a UK Mac user
group magazine.) It first appeared on the Infomac network and the
author is John Norstad of Academic Computing & Network Services,
Northwestern University (hope it's OK with you to reproduce this
John?) It may be old-hast to all the virus experts but I found it
interesting & informative.
nVIR A & B
There has been some confusion over exactly what the nVIR A & nVIRB
viruses actually do. In fact, I don't believe the details have
ever been published. I just finished spending a few days
researching the two nVIR viruses. This report presents my
findings. As with all viruses, nVIR A & B replicate. When you
run an infected application on a clean system the infection
spreads from the application to the system file. After rebooting
the infection in turn spreads from the system to other
applications, as they are run. At first nVIR A & B only
replicate. When the system file is first infected a counter is
initialized to 1000. The counter is decremented by 1 each time
the system is booted, and it is decremented by 2 each time an
infected application is run. When the counter reaches 0 nVIR A
will sometimes either say "Don't Panic" (if MacinTalk is
installed in the system folder) or beep (if MacinTalk is not
installed in the system folder.) This will happen on a system
boot with a probability of 1/16. It will also happen when an
infected application is launched with a probability of 31/256. In
addition when an infected application is launched nVIR A may say
"Don't Panic" twice or beep twice with a probability of 1/256.
When the counter reaches 0 nVIR B will sometimes beep. nVIR B
does not call MacinTalk. The beep will happen on a system boot
with a probability of 1/8. A single beep will happen when an
infected application is launched with a probability of 15/64. A
double beep will happen when an application is launched with a
probability of 1/64. I've discovered that it is possible for
nVIRA and nVIRB to mate and sexually reproduce, resulting in new
viruses combining parts of their parents. For example if a
system is infected with nVIRA and if an application infected with
nVIRB is tun on that system, part of the nVIRB infection is
replaced by part of the nVIRA infection from the system. The
resulting offspring contains parts from each of its parents, and
behaves like nVIRA. Similarly if a system is infected with nVIRB
and if an application infected with nVIRA is run on that system,
part of the nVIRA infection in the application is replaced by
part of the nVIRB infection from the system. The resulting
offspring is very similar to its sibling described in the
previous paragraph except that it has the opposite "sex" - each
part is from the opposite parent. it behaves like nVIRB. These
offspring are new viruses. if they are taken to a clean system
they will infect that system, which will in turn infect other
applications. The descendents are identical to the original
offspring. I've also investigated some of the possibly incestual
matings of these two kinds of children with each other and with
their parents. Again the result is infections that contain
various combinations of parts from their parents.
(Hot stuff!)
Rgds,
Iain Noble
------------------------------
Date: Tue, 29 Aug 89 16:05:44 +0300
From: Y. Radai <RADAI1@HBUNOS.BITNET>
Subject: PC virus list; Swap virus; Israeli virus; Disassemblies
For several reasons, one of which is very irregular receipt of
VIRUS-L, I've been out of touch with it for several weeks now. So
please forgive me if some of the postings referred to below are a few
weeks old.
PC Virus List
-------------
Lan Nguyen asks whether a list of PC viruses, incl. date first dis-
covered and source(s), exists. I will soon be submitting to VIRUS-L a
considerably updated version of the list I first posted on May 16.
Meanwhile, Lan, I'm sending you my list as it currently stands (29
viruses, 70 strains).
The Swap Virus
--------------
Yuval Tal writes:
>I don't think that it is so important how we call the virus. I've
>decided to call it the swap virus becuase the message "The Swapping-
>Virus...' appears in it! ....... I think that calling it "The
>Dropping Letter Virus" will be just fine.
Well, "The Dropping Letter Virus" would be a poor choice since (as I
mentioned in an earlier posting) this also describes the Cascade and
Traceback viruses.
Yuval has explained that he originally called it the Swap virus
because it writes the following string into bytes B7-E4 of track 39,
sector 7 (if sectors 6 and 7 are empty):
The Swapping-Virus. (C) June, 1989 by the CIA
However, he has not publicly explained how the words SWAP VIRUS FAT12
got into the boot sector of some of the diskettes infected by this
virus, so let me fill in the details. As David Chess and John McAfee
both pointed out quite correctly, these words are not part of the
virus. What happened was that Yuval wrote a volume label SWAP VIRUS
onto each infected diskette for identification. Had his system been
DOS 3 the label would have been written only into the root directory.
But since he was apparently using DOS 4, it was also written into
bytes 2Bh-35h of the boot sector. (That still leaves the string FAT12
in bytes 36h-3Ah to be explained. Under DOS4, the field 36h-3Dh is
supposed to be "reserved". Anyone got any comments on that?) So
although I didn't know at the time that the words SWAP VIRUS came from
Yuval, it seems that my (and his original) suggestion to call it the
Swap virus is still the best choice.
The Israeli/Friday-13/Jerusalem Virus
-------------------------------------
In response to a query from Andrew Berman, David Rehbein gave a
quite accurate description of the virus, except for one small point:
>(It will infect and replicate itself in ANY executible, no matter
>the extension..check especially .OVL and .SYS)
To the best of my knowledge, no strain of this virus (or, for that
matter, of any other virus that I know of) infects overlay or SYS
files.
Andrew Berman writes concerning this virus:
> She think's
>she's cleaned it out by copying only the source codes to new disks,
>zapping the hard drives, and recompiling everything on the clean hard
>disks.
It's a pity that so many people try to eradicate the virus by such
difficult means when (as has been mentioned on this list and else-
where) there is a file named UNVIR6.ARC on SIMTEL20 (in <MSDOS.TROJAN-
PRO>) containing a program called UNVIRUS which will easily eradicate
this virus and 5-6 others as well, plus a program IMMUNE to prevent
further infection.
Disassembling of Viruses
------------------------
In response to a posting by Alan Roberts, David Chess replied:
>I think it's probably a Good Thing if at least two or three people do
>independant disassemblies of each virus, just to make it less likely
>that something subtle will be missed. I know my disassemblies (except
>the ones I've spent lots of time on) always contain sections marked
>with vaguenesses like "Does something subtle with the EXE file header
>here". .... I probably tend to lean towards "the more the merrier"!
I can appreciate David's point. However, I would like to point out
that the quality of (commented) disassemblies differs greatly from one
person to another. As Joe Hirst of the British Computer Virus Re-
search Centre writes (V2 #174):
>Our aim will be to produce disassemblies which cannot be improved upon.
And this isn't merely an aim. In my opinion, his disassemblies are an
order of magnitude better than any others I've seen. He figures out
and comments on the purpose of *every* instruction, and vagueness or
doubt in his comments is extremely rare.
What I'm suggesting is this: If you have the desire, ability, time
and patience to disassemble a virus yourself, then have fun. But
unless you're sure it's a brand new virus, you may be wasting your
time from the point of view of practical value to the virus-busting
community. And even if you are sure that it's a new virus, take into
account that there are pros like Joe who can probably do the job much
better than you.
So what about David's point that any given disassembler may miss
something subtle? Well, I'm not saying that Joe Hirst should be the
*only* person to disassemble viruses. Even he is only human, so there
should be one or two other good disassemblers to do the job indepen-
dently. But no more than 1 or 2; I can't accept David's position of
"the more the merrier".
Btw, disassemblers don't always get the full picture. Take, for
example, the Merritt-Alameda-Yale virus, of which I have seen three
disassemblies. They all mentioned that the POP CS instruction is
invalid on 286 machines, yet none of them mentioned the important fact
that when such a machine hangs the virus has already installed itself
in high RAM and hooked the keyboard interrupt, so that the infection
can spread if a warm boot is then performed! That fact seems to have
been noticed only by ordinary humans.
Y. Radai
Hebrew Univ. of Jerusalem
Date: Thu, 24 Aug 89 08:36:01 -0700
From: portal!cup.portal.com!Alan_J_Roberts@Sun.COM
Subject: V-REMOVE (PC)
The HomeBase group is releasing a new disinfector program that is
able to remove all known viruses, repair all infected COM files, repair most
infected EXE files, replace infected partition tables and boot sectors, and
generally make life easier for people with infected IBM PCs. Our previous
practice of releasing one disinfector program per virus has given us a
terrific maintenance headache, and so V-REMOVE (which does them all) is our
next step on the path. What we need now are beta testers with Large virus
libraries. Interested parties please contact John McAfee or Colin Haynes at
408 727 4559.
Alan
------------------------------
Date: 25 Aug 89 22:42:33 +0000
From: trebor@biar.UUCP (Robert J Woodhead)
Subject: Re: Locking Macintosh disks
DANIEL%NCSUVM.BITNET@IBM1.CC.Lehigh.Edu (Daniel Carr) writes:
>i bet this question has been asked before, so please excuse me, but
>is it possible for a virus to infect a locked macintosh disk?
If the diskette is hardware locked (ie: the little slide is slid so
that you can see a hole) then the hardware won't write onto that
disk, so if you stick it into an infected machine it won't get
infected. If, on the other hand, files on an unlocked disk are
locked in _software_, they may be fair game to a persnickety virus.
Date: Fri, 25 Aug 89 07:45:00 -0400
From: WHMurray@DOCKMASTER.ARPA
Subject: (Hardware) Destructive Virus (Story)
>Does anyone on the list have some information about an alleged virus
>that caused monitors on either older PCs, Ataris, or Amigas (I forgot which
>platform....
The story is apocryphal. Roots are as follows:
1. Anything a computer can be programmed to do, a virus can do. Thus,
if a computer can be programmed for behavior that will damage the
hardware, then it can be destroyed by a virus.
2. Early IBM PC Monochrome Adapter had a flaw under which a certain set
of instructions could interfere with the normal sweep circuit operation,
causing camage to the monitor.
3. Based upon this combination of facts, there has been speculation
about the possibility of a virus exploiting this, or similar, flaws.
Much of it has been in this list.
To my knowledge, no such virus has ever been detected. The number of
such PCs is vanishingly small but larger than the ones that such a virus
might find. Those that exist are so old that a monitor failure would be
attributed to old age. A virus would likely go unnoticed.
Of course, it is a little silly to build a computer such that it can be
programmed to perform hardware damaging behavior. Such damage is likely
to occur by error. That is how the flaw in the IBM's was discovered.
William Hugh Murray, Fellow, Information System Security, Ernst & Young
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: Fri, 25 Aug 89 08:19:02 -0400
From: dmg@lid.mitre.org (David Gursky)
Subject: Infecting applications on locked Mac disks...
No. If the write-protect mechanism is working properly, any software operation
will be unable to change the contents of the disk. If the write-protect
mechanism is somehow faulty, all bets are off. Note: The write-protect
mechanism on Mac disks is done in hardware.
David Gursky
Member of the Technical Staff, W-143
Special Projects Department
The MITRE Corporation
------------------------------
Date: Thu, 24 Aug 89 17:05:47 -0700
From: Steve Clancy <SLCLANCY@UCI.BITNET>
Subject: vaccine source (PC)
I would like to offer our bulletin board system once again to the
readers of Virus-L as a source of VIRUSCAN and other
"vaccine/scanner" programs that are occasionally mentioned here.
I attempt to keep up with the most recent versions I can locate
of the various programs, and usually also have the current
version of the Dirty Dozen trojan horse/list.
The Wellspring RBBS is located in the Biomedical Library of the
University of California, Irvine (U.S.A). Numbers and settings
are as follows:
Line # 1 - (714) 856-7996 300-9600 (HST) N81 - 24 hours
Line # 2 - (714) 856-5087 300-1200 baud N81 - Evenings & Weekends
Callers from Virus-L should use the following passwords to allow
immediate access to downloading of files:
First name Last name Password
---------- --------- --------
VL1 BITNET BIT1
VL2 BITNET BIT2
All files are located in the VIR files directory. The system
uses standard RBBS commands.
I attempt to get my files from the original source whenever possible.
% Steve Clancy, Biomedical Library % WELLSPRING RBBS %
% University of California, Irvine % 714-856-7996 300-9600 24hrs%
% P.O. Box 19556 % 714-856-5087 300-1200 %
% Irvine, CA 92713 U.S.A. % %
% SLCLANCY@UCI % "Are we having fun yet?" %
------------------------------
Date: Mon, 28 Aug 89 13:45:10 -0700
From: fu@unix.sri.com (Christina Fu)
Subject: Antidotes for the DATACRIME family (PC)
Recently, I have had a chance to investigate the 1280, 1168 and
DATACRIME II viruses, and found some interesting differences between
the first two versions and DATACRIME II. As a result, I have
developed an antidote for both 1280 and 1168, and an antidote for the
DATACRIME II. Among the differences between these viruses, the most
significant one for developing antidotes is that the DATACRIME II
virus generates a mutually exclusive signature set than the other two.
Because of the said difference, the antidote for the 1280 and 1168
becomes a de-antidote for the DATACRIME II, and vice versa. Which
means, if a file is infected with either 1280 or 1168, it is still
vulnerable of contracting DATACRIME II, and vice versa (this situation
does not exist between 1280 and 1168, however). If we view these
viruses as two different strains, then these antidotes make more
sense, otherwise, they can be useless.
Another interesting thing is that the DATACRIME II purposely
avoids infecting files with a "b" as the second character in the name
(such as IBMBIO.COM and IBMDOS.COM), while the other two avoids to
infect files with a "d" as the seventh character in the name (such as
COMMAND.COM), and aside from that, the DATACRIME II virus can also
infect EXE files, unlike the other two.
I am looking into providing them to the public free of charge (I
do not claim responsibility or ask for donation). Any interested
archive sites please let me know.
By the way, I need a sample disclaimer for programs distributed in
this manner.
------------------------------
Date: Mon, 21 Aug 89 13:36:00 -0400
From: WHMurray@DOCKMASTER.ARPA
Subject: Hygeine Questions
>1) Is the possibility of virus infection limited to executable
> programs (.com or .exe extensions)? Or can an operating system be
> infected from reading a document file or graphic image?
While a virus must succeed in getting itself executed, there are a
number of solutions to this problem besides infecting .exe and .com.
While it will always be sufficient for a virus to dupe the user, the
most successful ones are relying upon bootstrap programs and loaders
to get control.
>2) Are there generic "symptoms" to watch for which would indicate a
virus?
Any unusual behavior may signal the presence of a virus. Of course
most such unusual behavior is simply an indication of user error.
Since there is not much satisfaction to writing a virus if no one
notices, most are not very subtle. However, the mandatory behavior
for a successful virus is to write to shared media, e.g., floppy,
diskette, network, or server. (While it may be useful to the virus or
disruptive to the victim to write to a dedicated hard disk, this is
not sufficient for the success of the virus.)
>3) Any suggestions on guidelines for handling system archiving
> procedures so that an infected system can be "cleaned up"?
WRITE PROTECT all media. Preserve vendor media indefinitely. Never
use the backup taken on one system on any other. Be patient when
recovering; be careful not to reinfect. (Computer viruses are
persistent on media.)
Quarantine systems manifesting strange behavior. Never try to
reproduce symptoms on a second machine. Never share media
gratuitously. (Note that most PC viruses are traveling on shared
MEDIA rather than on shared PROGRAMS.)
____________________________________________________________________
William Hugh Murray 216-861-5000
Fellow, 203-966-4769
Information System Security 203-964-7348 (CELLULAR)
ARPA: WHMurray@DOCKMASTER
Ernst & Young MCI-Mail: 315-8580
2000 National City Center TELEX: 6503158580
Cleveland, Ohio 44114 FAX: 203-966-8612
Compu-Serve: 75126,1722
INET: WH.MURRAY/EWINET.USA
21 Locust Avenue, Suite 2D DASnet: [DCM1WM]WMURRAY
New Canaan, Connecticut 06840 PRODIGY: DXBM57A
- --------------------------------------------------------------------
------------------------------
Date: Fri, 18 Aug 89 19:07:11 -0500
From: Christoph Fischer <RY15%DKAUNI11.BITNET@IBM1.CC.Lehigh.Edu>
Subject: NEW VIRUS DICOVERED AND DISASSEMBLED
We just finished to disassemble a new virus, it was sent to us by the
university of Cologne. We haven't found any clue that this virus showed
up before.
Here are the facts we found:
0. It works on PC/MS-DOS ver. 2.0 or higher
1. It infects COM files increasing them by 1206 to 1221 bytes
(placing the viruscode on a pragraph start)
2. It infects EXE files in two passes: After the first pass the EXE
file is 132 bytes longer; after the second pass its size increased
by an aditional 1206 to 1221 bytes (see 1.)
3. The virus installs a TSR in memory wich will infect executable
files upon loading them (INT 21 subfunction 4B00) using 8208 bytes
of memory
4. The only "function" we found, was an audible alarm(BELL character)
whenever another file was successfully infected.
5. It infects COM files that are bigger than 04B6h bytes and smaller
than F593h bytes and start with a JMP (E9h)
6. It infects EXE files if they are smaller than FDB3 bytes (no
lower limit)
7. It opens a file named "VACSINA. " without checking the return
value. At the end it closes this file without ever touching it.
The facts 4 and 7 make us belive it is a "Beta-Test" virus that might
have escaped prematurely by accident.
The word VACSINA is really odd beause of its spelling. All languages I
checked (12) spell it VACC... only Norwegians write VAKSINE. Has anybod
an idea?
We produced an desinfectant and a guardian.
The PC room at Cologne (28 PCs) was also infected by DOS62 (Vienna)|
We call the virus VACSINA because of the unique filename it uses|
Chris & Tobi & Rainer
*****************************************************************
* TORSTEN BOERSTLER AND CHRISTOPH FISCHER AND RAINER STOBER *
* Micro-BIT Virus Team / University of Karlsruhe / West-Germany *
* D-7500 Karlsruhe 1, Zirkel 2, Tel.: (0)721-608-4041 or 2067 *
* E-Mail: RY15 at DKAUNI11.BITNET or RY12 at DKAUNI11.BITNET *
*****************************************************************
------------------------------
Date: Wed, 16 Aug 89 11:46:06 -0400
From: "Computer Emergency Response Team" <cert@SEI.CMU.EDU>
Subject: CERT Internet Security Advisory
Many computers connected to the Internet have recently experienced
unauthorized system activity. Investigation shows that the activity
has occurred for several months and is spreading. Several UNIX
computers have had their "telnet" programs illicitly replaced with
versions of "telnet" which log outgoing login sessions (including
usernames and passwords to remote systems). It appears that access
has been gained to many of the machines which have appeared in some of
these session logs. (As a first step, frequent telnet users should
change their passwords immediately.) While there is no cause for
panic, there are a number of things that system administrators can do
to detect whether the security on their machines has been compromised
using this approach and to tighten security on their systems where
necessary. At a minimum, all UNIX site administrators should do the
following:
o Test telnet for unauthorized changes by using the UNIX "strings"
command to search for path/filenames of possible log files. Affected
sites have noticed that their telnet programs were logging information
in user accounts under directory names such as "..." and ".mail".
In general, we suggest that site administrators be attentive to
configuration management issues. These include the following:
o Test authenticity of critical programs - Any program with access to
the network (e.g., the TCP/IP suite) or with access to usernames and
passwords should be periodically tested for unauthorized changes.
Such a test can be done by comparing checksums of on-line copies of
these programs to checksums of original copies. (Checksums can be
calculated with the UNIX "sum" command.) Alternatively, these
programs can be periodically reloaded from original tapes.
o Privileged programs - Programs that grant privileges to users (e.g.,
setuid root programs/shells in UNIX) can be exploited to gain
unrestricted access to systems. System administrators should watch
for such programs being placed in places such as /tmp and /usr/tmp (on
UNIX systems). A common malicious practice is to place a setuid shell
(sh or csh) in the /tmp directory, thus creating a "back door" whereby
any user can gain privileged system access.
o Monitor system logs - System access logs should be periodically
scanned (e.g., via UNIX "last" command) for suspicious or unlikely
system activity.
o Terminal servers - Terminal servers with unrestricted network access
(that is, terminal servers which allow users to connect to and from
any system on the Internet) are frequently used to camouflage network
connections, making it difficult to track unauthorized activity.
Most popular terminal servers can be configured to restrict network
access to and from local hosts.
o Passwords - Guest accounts and accounts with trivial passwords
(e.g., username=password, password=none) are common targets. System
administrators should make sure that all accounts are password
protected and encourage users to use acceptable passwords as well as
to change their passwords periodically, as a general practice. For
more information on passwords, see Federal Information Processing
Standard Publication (FIPS PUB) 112, available from the National
Technical Information Service, U.S. Department of Commerce,
Springfield, VA 22161.
o Anonymous file transfer - Unrestricted file transfer access to a
system can be exploited to obtain sensitive files such as the UNIX
/etc/passwd file. If used, TFTP (Trivial File Transfer Protocol -
which requires no username/password authentication) should always be
configured to run as a non-privileged user and "chroot" to a file
structure where the remote user cannot transfer the system /etc/passwd
file. Anonymous FTP, too, should not allow the remote user to access
this file, or any other critical system file. Configuring these
facilities to "chroot" limits file access to a localized directory
structure.
o Apply fixes - Many of the old "holes" in UNIX have been closed.
Check with your vendor and install all of the latest fixes.
If system administrators do discover any unauthorized system activity,
they are urged to contact the Computer Emergency Response Team (CERT).
Date: Tue, 15 Aug 89 20:36:50 +0300
From: "Yuval Tal (972)-8-474592" <NYYUVAL@WEIZMANN.BITNET>
Subject: Swapping Virus (PC)
+------------------------------------------------------+
| The "Swapping" virus |
+------------------------------------------------------+
| |
| Disassembled on: August, 1989 |
| |
| Disassembled by: Yuval Tal |
| |
| Disassembled using: ASMGEN and DEBUG |
| |
+------------------------------------------------------+
Important note: If you find *ANYTHING* that you think I wrote
incorrectly or is-understood something, please let me know ASAP.
You can reach me:
Bitnet: NYYUVAL@WEIZMANN
InterNet: NYYUVAL%WEIZMANN.BITNET@CUNYVM.CUNY.EDU
This text is divided into theree parts:
1) A report about the Swap Virus.
2) A disassembly of the Swap Virus.
3) How to install this virus?
- ------------------------------------------------------------------------------
-
R E P O R T
- ------------------------------------------------------------------------------
-
Virus Name..............: The Swap Virus
Attacks.................: Floppy-disks only
Virus Detection when....: June, 1989
at......: Israel
Length of virus.........: 1. The virus itself is 740 bytes.
2. 2048 bytes in RAM.
Operating system(s).....: PC/MS DOS version 2.0 or later
Identifications.........: A) Boot-sector:
1) Bytes from $16A in the boot sector are:
31 C0 CD 13 B8 02 02 B9 06 27 BA 00 01 CD 13
9A 00 01 00 20 E9 XX XX
2) The first three bytes in the boot sector are:
JMP 0196 (This is, if the boot sector was
loaded to CS:0).
B) FAT: Track 39 sectors 6-7 are marked as bad.
C) The message:
"The Swapping-Virus. (C) June, by the CIA"
is located in bytes 02B5-02E4 on track 39,
sector 7.
Type of infection.......: Stays in RAM, hooks int $8 and int $13.
A diskette is infected when it is inserted into the
drive and ANY command that reads or writes from/to
the diskette is executed. Hard disks are NOT infected
!
Infection trigger.......: The virus starts to work after 10 minutes.
Interrupt hooked........: $8 (Timer-Tick - Responsible for the letter dropping)
$13 (Disk Drive - Infects!)
Damage..................: Track 39 sectors 6-7 will be marked as bad in the
FAT.
Damage trigger..........: The damage is done whenever a diskette is infected.
Particularities.........: A diskette will be infected only if track 39 sectors
6-7 are empty.
+-----------------------------------------------------------------------+
| BitNet: NYYUVL@WEIZMANN CSNet: NYYUVAL@WEIZMANN.BITNET |
| InterNet: NYYUVAL%WEIZMANN.BITNET@CUNYVM.CUNY.EDU |
| |
| Yuval Tal |
| The Weizmann Institute Of Science "To be of not to be" -- Hamlet |
| Rehovot, Israel "Oo-bee-oo-bee-oo" -- Sinatra |
+-----------------------------------------------------------------------+
------------------------------
Date: Mon, 14 Aug 89 10:18:16 +0100
From: J.Holley@MASSEY.AC.NZ
Subject: Marijuana Virus wreaks havoc in Australian Defence Department (PC)
[Ed. This is from RISKS...]
Quoted from The Dominion, Monday August 14 :
A computer virus call marijuana has wreaked havoc in the Australian
Defence Department and New Zealand is getting the blame.
Data in a sensitive security area in Canberra was destroyed and when
officers tried to use their terminals a message appeared : "Your PC is
stoned - Legalise marijuana".
Viruses are [guff on viruses] The New Zealand spawned marijunana has
managed to spread itself widely throughout the region.
Its presence in Australia has been known for the past two months. The
problem was highlighted two weeks ago when a Mellbourne man was
charged with computer trespass and attempted criminal damage for
allegedly loading it into a computer at the Swinbourne Institute of
Technology.
The virus invaded the Defence Department earlier this month - hitting
a security division repsonsible for the prevention of computer viruses.
A director in the information systems division, Geoff Walker said an
investigation was under way and the infection was possibly an
embarrassing accident arising from virus prevention activities.
New personal computers installed in the section gobbled data from
their hard disk, then disabled them.
Initially it was believed the virus was intoduced by a subcontractor
installing the new computer system but that possibility has been ruled out.
One more outlandish theory suggested New Zealnd, piqued at its
exclusion from Kangaroo 89 military exercises under way in northern
Australia, was showing its ability to infiltrate the Canberra citadel.
New Zealand was not invited to take part in Kangaroo because of United
States' policy of not taking part in exercises with New Zealand forces
since Labour's antinuclear legislation. However, New Zealand observers
were invited.
New Zealand Defence Department spokesmand Lieutenant Colonel Peter Fry
categorically denied the claim. "It would be totally irresponsible to
do this kind of thing."
In fact, New Zealand's Defence Department already had problems with
the virus, he said.
------------------------------
Date: Mon, 14 Aug 89 18:12:37 -0700
From: portal!cup.portal.com!Alan_J_Roberts@Sun.COM
Subject: Posting VIRUSCAN (PC)
In yesterday's Virus-L, Jim Wright stated:
>(Posting VIRUSCAN to comp.binaries)... is not a good idea. Since it is
>frequently updated it would be long out of date by the time it got through
>c.b.i.p.
I'd like to point out that, while ViruScan is indeed updated as
soon as a new virus is discovered, even the first version of ViruScan
is still statistically current. We need to differentiate between the
NUMBER of viruse out there and the statistical PROBABILITY of
infection from any given virus. Viruses are not created on one day
and the next become major infection problems. It take many months,
and in some cases - years, before a given virus becomes a
statistically valid threat to the average computer user. A case in
point is the Jerusalem virus. It's nearly 2 years old and was first
reported in the States (other than by a researcher) in February of
1988. In August of '88 the reported infection rate was 3 infections
per week. In July of '89, the rate was over 30 reports per day.
Today the Jerusalem virus is a valid threat. Another more current
case is the Icelandic virus. It's over 2 months old and we've had no
reported infections in the U.S.
Given even the limited information we have about virus
epidemiology, any product that can identify 99% of the infection
ocurrences today, will be able to identify close to the same
percentage 5 to 6 months from now, irrespective of the number of new
viruses created in the interim. For those that insist on the 100%
figure, I suggest you bite the bullet and download the current version
of ViruScan from HomeBase every month.
P.S. Some people have suggested that the CVIA statistics are
inaccurate or incomplete. The numbers come from a reporting network
composed of member companies. These companies include such
multinationals as Fujitsu, Phillips N.A., Amdahl, Arthur Anderson and
Co., the Japan Trade Center, Weyerhauser, Amex Assurance and others
whose combined PC base, either internal or through client
responsibility, totals over 2 million computers. It is highly
unlikely that a major virus problem could exist and not be reported by
one or another of these agencies.
------------------------------
Date: Sun, 13 Aug 89 09:48:20 -0700
From: portal!cup.portal.com!Charles_M_Preston@Sun.COM
Subject: Viruscan test (PC)
For the past couple weeks I have been testing the latest
versions of John McAfee's virus scanning program, Viruscan,
downloaded as SCANV29.ARC, SCANV33.ARC, etc., and very briefly
the resident version archived as SCANRES4.ARC.
While I have not completed the testing protocol with each
virus, perhaps an interim report will be of interest.
The testing protocol is:
1. Scan a disk containing a copy of a virus in some form;
2. Have the virus infect at least one other program (for
.COM and .EXE infectors) or disk (for boot infectors)
so Viruscan must locate the virus signature as it would
normally be found in an infected machine;
3. Modify the virus in the most common ways people change
them (cosmetic changes to ASCII text messages or small
modifications to the code and try Viruscan again.
Step 2 arises from testing another PC anti-virus product
which was supposed to scan for viruses. When I found that it
would not detect a particular boot virus on an infected floppy,
I asked the software vendor about it. I was told that it would
detect a .COM program which would produce an infected disk - not
useful to most people with infected disks, the common way this
virus is seen Even though the viruses tested are not technically
self-mutating, my intent is to test Viruscan against later
generation infections, as they would be found in a normal
computing environment.
Naturally, there is a problem knowing which virus is actually
being found, since they go under different names and are
frequently modified. The viruses are currently identified by
their length, method of infection, symptoms of activity or
trigger, and any imbedded text strings, based on virus
descriptions from a variety of sources. These include Computers &
Security journal, and articles which have been on Virus-L, such
as Jim Goodwin's descriptions modified by Dave Ferbrache, and
reports by Joe Hirst from the British Computer Virus Research
Centre.
There is a proposal for checksumming of viruses in the June
Computers & Security, which would allow confirmation that a found
virus is the identical one already disassembled and described by
someone. In the meantime, identification has been made as
mentioned.
So far, Viruscan has detected the following viruses:
Boot infectors - Brain, Alameda/Yale, Ping-Pong, Den Zuk,
Stoned, Israeli virus that causes characters to fall down
the screen;
.COM or .EXE infectors - Jerusalem -several versions
including sURIV variants, 1701-1704-several versions,
Lehigh, 1168, 1280, DOS62-Vienna, Saratoga, Icelandic,
Icelandic 2, April First, and Fu Manchu.
SCANV33 has a byte string to check for the 405.com virus, but
does not detect it. SCANV34 has been modified to allow proper
detection.
SCANRES 0.7V34, the resident version of Viruscan, correctly
detects the 405 virus when an infected program is run.
I have not had any false positives on other commercial or
shareware programs that have been scanned. Viruscan appears to
check for viruses only in reasonable locations for those
particular strains. If there is a virus that infects only .COM
files, and an infected file has a .VOM or other extension, it
will not be reported. Of course, it is not immediately
executable, either.
On the other side of the coin, if a disk has been infected by
a boot infector, and still has a modified boot record, it will be
reported by Viruscan. This is true even if the rest of the virus
code normally hidden in other sectors has been destroyed, thus
making the disk non-bootable and non infectious. This is a
desirable warning, however, since the boot record is not
original, and since other disks may be still infected.
Disclaimer: I am a computer security consultant and have been
working with PC and Macintosh microcomputer viruses and anti-
virus products for about 18 months. I have no obligation to John
McAfee except to report the outcome of the tests. I am a member
of the Computer Virus Industry Association, which is operated by
John McAfee.
Charles M. Preston 907-344-5164
Information Integrity MCI Mail 214-1369
Box 240027 BIX cpreston
Anchorage, AK 99524 cpreston@cup.portal.com
------------------------------
Date: 01 Aug 89 21:18:49 +0000
From: kelly@uts.amdahl.com (Kelly Goen)
Subject: Re: "Computer Condom" (from Risks digest)...
hahahahahahahahah!!!!!!! right chief just like swamp land in them thar
everglades... seriously though things will not improve until vendors
start going for protected mode and other tricks...I am talking about
386's and 68030's here... maybe something could be done in this area
with charge cars on a 286 but I doubt it... your need that virtual
8086 partition on the 386 to have any real safety and have to be
operating protected mode to take advantage of it(DESQVIEW 386,
THD386.sys etc) after that then there are still so many ways to get
in!!
cheers
kelly
------------------------------
Date: Thu, 03 Aug 89 12:15:52 -0500
From: kichler@ksuvax1.cis.ksu.edu (Charles Kichler)
Subject: New FTP source for anti-virals (PC) - Internet access required
The following files dealing with computer viruses are now available by
anonymous ftp (file transfer protocol) from 'hotel.cis.ksu.edu' [Ed.
IP number is 129.130.10.12] located in Computer Science Dept. at
Kansas State University, Manhattan, KS. The files have been and will
be collected in the future from reliable sources, although no warranty
is implied or stated. I will attempt to update the files as often as
possible. If anyone becomes aware of new updates or new anti-viral
programs, let me know. All files are in the /ftp/pub/Virus-L
sub-directory.
/ DETECT2.ARC.1 GREENBRG.ARC.1 VACCINE.ARC.1
./ DIRTYDZ9.ARC.1 IBMPAPER.ARC.1 VACCINEA.ARC.1
00-Index.doc DPROT102.ARC.1 IBMPROT.DOC.1 VACI13.ARC.1
ALERT13U.ARC.1 DPROTECT.ARC.1 INOCULAT.ARC.1 VCHECK11.ARC.1
BOMBCHEK.ARC.1 DPROTECT.CRC.1 MD40.ARC.1 VDETECT.ARC.1
BOMBSQAD.ARC.1 DVIR1701.EXE.1 NOVIRUS.ARC.1 VIRUS.ARC.1
CAWARE.ARC.1 EARLY.ARC.1 PROVECRC.ARC.1 VIRUSCK.ARC.1
CHECK-OS.ARC.1 EPW.ARC.1 READ.ME.FIRST VIRUSGRD.ARC.1
CHK4BOMB.ARC.1 F-PROT.ARC.1 SCANV30.ARC.1 pk36.exe
CHKLHARC.ARC.1 FILE-CRC.ARC.2 SENTRY02.ARC.1 pk361.exe
CHKSUM.ARC.1 FILECRC.ARC.2 SYSCHK1.ARC.1 uu213.arc
CHKUP36.ARC.1 FILETEST.ARC.1 TRAPDISK.ARC.1
CONDOM.ARC.1 FIND1701.ARC.1 TROJ2.ARC.1
DELOUSE1.ARC.1 FSP_16.ARC.1 UNVIR6.ARC.1
The current list only includes programs for MS/PC-DOS computers. I will
continue to expand the collection to include some worthwhile textual
documents and possible programs for other machines and operating systems.
The procedure is to first ftp to the hotel.cis.ksu.edu. [Ed. type:
ftp hotel.cis.ksu.edu (or ftp 129.130.10.12). Enter "anonymous"
(without the quotes) as a username and "your id" as a password.] Then
use 'cd pub/Virus-L'. Next get the files you would like. You will
need the 'pk361.exe' to expand the ARChived programs. Be sure to
place ftp in a binary or tenex mode [Ed. type "bin" at ftp> prompt].
Please note that the highly recommended VirusScan program
(SCANV30.ARC.1) is available.
If there are any questions, send mail to me and I will make every effort
to help you as soon as time allows.
------------------------------
Date: Tue, 01 Aug 89 12:33:15 -0400
From: Barry D. Hassler <hassler@nap1.arpa>
Subject: Re: "Computer Condom" (from Risks digest)...
In article <0003.8907311200.AA25265@ge.sei.cmu.edu> dmg@lid.mitre.org (David Gu
rsky) writes:
>[From the Seattle Weekly, 5/3/89]
>
>PUT A CONDOM ON YOUR COMPUTER
>
>...
>Cummings, the company's president, says the system "stops all viruses" by
>monitoring the user network, the keyboard, and the program in use. He notes
>that the system is programmable to alter the parameters of its control on
>any given machine, but he guarantees that, "when programmed to your
>requirements, it will not allow viruses to enter."
Pardon me for my opinions (and lack of expertise in viral control), but I
think these types of products are dangerous to the purchaser, while most
likely being especially profitable for the seller. I just saw a copy of
this floating around to some senior management-types after being forwarded
several times, and dug up this copy to bounce my two cents off.
First of all, I don't see any method which can be guaranteed to protect
against all viruses (of course the "when programmed to your requirements"
pretty well covers all bases, doesn't it?). Naturally, specific viruses or
methods of attach can be covered with various types of watchdog
software/hardware, but I don't think it is possible to cover all the
avenues in any way.
- -----
Barry D. Hassler hassler@asd.wpafb.af.mil
System Software Analyst (513) 427-6369
Control Data Corporation
------------------------------
Date: Tue, 01 Aug 89 16:37:00 -0400
From: IA96000 <IA96@PACE.BITNET>
Subject: axe by sea (PC)
we have been testing various ways to help prevent a file from
becoming infected and have stunbled on an interesting fact.
system enhancement associates (the people who wrote arc) have also
released axe, a program compression utility. basically axe reads
a .exe or .com file, compresses it as much as possible, tacks a
dos loader on the front of the file and then saves the new file.
in many instances, the resulting file is from 15% to 50% smaller
than the original file and loads and runs just like a regular dos
file.
what is interesting is when a virus attacks an axe'd file. the virus
writes itself into the file as many viruses do. however, when you
next attempt to load and run the file, it will not load and locks
up the system. this is not because the viruys has taken control!
this happens because when an axed file is loaded, it is decompressed and
the checksum is compared to the original one generated when the file
was axed.
I know axe was never designed to be anti-viral, but it sure works well
in this regard. since the file is actually in encrypted form on the
disk, it screws up the virus!
------------------------------
Date: 01 Aug 89 00:00:00 +0000
From: David M. Chess <CHESS@YKTVMV.BITNET>
Subject: Fixed-disk infectors (PC)
Does anyone know of, or has anyone even heard credible rumors of,
any boot-sector virus that will infect the boot sector (master or
partition) of IBM-PC-type hard disks, besides the Bouncing Ball and
the Stoned? Those are the only two I seem to see that do that; am
I missing any? DC
------------------------------
Date: 01 Aug 89 21:23:30 +0000
From: kelly@uts.amdahl.com (Kelly Goen)
Subject: Re: message virus (was: Computer Virus Research)
we call those ansi 3.64 control sequences.... vt100 and other
terminals have similar if not exactly the same features... ansi.sys
implements a subset of ansi 3.64 without any protection the problem
has been known at various unix sites for years only now its starting
to show up on pc's because of the usage of ansi.sys and other programs
that recognize these sequences....
cheers
kelly
------------------------------
Date: 30 Jul 89 17:17:17 +0000
From: hutto@attctc.Dallas.TX.US (Jon Hutto)
Subject: message virus (was: Computer Virus Research)
redevined keys so as to when the sysop is in dos and hits a key, it starts
deleting files and directories. The worst thing about this is that people
have been able to do this for a long time. they are explained in the DOS
Technical Reference manual.
There are also rumors of a ZMODEM virus that spreads visa ZMODEM transfers,
a rumor.
------------------------------
Date: Sat, 29 Jul 89 15:59:43 -0700
From: portal!cup.portal.com!Alan_J_Roberts@Sun.COM
Subject: Jerusalem Disinfector
Mark Zinzow asked if there were a public domain program that would restore
programs infected with the Jerusalem virus to their original, uninfected
condition. John McAfee's M-series programs have just been made shareware
(M-1 removes the Jerusalem from COM and EXE files and restores them), and the
programs are available on HomeBase - 408 988 4004.
Alan
------------------------------
Date: Fri, 28 Jul 89 23:18:17 -0400
From: dmg@lid.mitre.org (David Gursky)
Subject: "Computer Condom" (from Risks digest)...
[From the Seattle Weekly, 5/3/89]
PUT A CONDOM ON YOUR COMPUTER
Every worry that your computer might be hanging out in a network where it
will pick up some disgusting virus? Empirical Research Systems of Tacoma
suggests you supply it with one of their "computer condoms". This high-tech
prophylactic is a combination of hardware and software embodied in a
controller card that simply replaces the one already in the machine. Rick
Cummings, the company's president, says the system "stops all viruses" by
monitoring the user network, the keyboard, and the program in use. He notes
that the system is programmable to alter the parameters of its control on
any given machine, but he guarantees that, "when programmed to your
requirements, it will not allow viruses to enter."
The technology was developed through successful efforts to protect a group of
European banks from the massive virus that penetrated European computer
networks last autumn. "Naturally these became our first orders," Cummings
says. He has since picked up an additional 2500 firm orders in Europe, with
5000 more contingent on inspection of the product. In the United States, the
product has been reviewed by Boeing Computer Services and computer technicians
at the UW. It will be on the domestic market "early next autumn at a cost of
under $1000," Cummings says.
DG -- Pardon me while I laugh uncontrollably.
------------------------------
In our computerviruslab we have been working on the problem of mutants
of several viruses. Initially we intended to make antiviruspackages more
secure. Since a single byte added or removed from the virus code will
cause most antiviruspackages to do erroneous repair attempts which might
result in even bigger harm than the virus itself will do. Furthermore
watertight identification leads to a better 'Epidemiology' of the
different virusstrains.
Thanks to the kind help of fellow virus researchers all over the world
we were able to obtain and tryout quite a few viruses and their mutants.
PROPOSAL
VIRUS IDENTIFICATION ALGORITHM
PURPOSE: Positive and secure identification of *known* viruses to
prevent repair attempts on files infected by unknown
mutants of a virus.
REPLACES: Identification by a unique string of code. (Which might
still be unaltered at the same offset in the code of a
new variant of the virus)
METHOD: 1. Identification of the *known* virusstrain by a unique
string or other feature (sUMsDos, (C)Brain, or the 1Fh
in the seconds of the filetime)
2. Relocation to segmentoffset 0 and possible decryption
of the viruscode. (This might be necessary for mutiple
parts of the virus)
3. Writing zero over sections that contain variant parts
like garbage from the last infection attempt or a time-
bomb counter.
4. Finally a CRC-sum is generated (maybe using more than
one polynominal)
If this signature matches the one calculated on the virus
code for which the removalalgorithm was designed it is
safe to apply this antivirusprogram.
IMPLEMENTATION: We have done a testimplementation in C and for 2
virusstrains (6 viruses yet). Our goal is to prepare a
toolset for quick addition of new variants to the set
identifyable viruses.
ADVANTAGE: Antivirus tools can identify exactly a specific virus
without encorporating full or partial viruscode in the
antivirusprogram. (This would be a security risk if done
in comercial or PD software)
Any com
an
