home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud437b.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
10KB
|
174 lines
Date: Mon, 17 Aug 1992 19:27:13 PDT
From: Jim Thomas <jthomas@well.sf.ca.us>
Subject: File 2--Ripco the Victim of Misinformation?
The dangers of erroneous or fraudulent information can be demonstrated
in the abuses of Operation Sun Devil and the "Bill Cook cases."
Inaccurate interpretations, questionable "facts" and glib language of
posts were used to weave an imagery of a dangerous national conspiracy
of hackers intent in disrupting or destroying Life-As-We-Know-It. The
Secret Service claimed that a post describing Kermit as a 7-bit
protocol was evidence of a conspiracy; Bill Cook described publicly
available documents as a map of the E911 system, implying that those
who possessed it could endanger national safety and security; Henry
Kluepfel identitied to the Secret Service "hackers" who are presumably
the CuD moderators; BellSouth claimed that information available in a
document costing under $15 was worth several hundred thousand dollars.
These claims were used as the basis for raids, indictments,
prosecutions, and the disruption of lives and business enterprises who
fell victim to the abuse of misinformation.
Ripco BBS was a victim of the Sun Devil raids in May, 1990. Although
there was no evidence that the sysop, Dr. Ripco, ever engaged in the
crimes for which he and others were suspected, and no user of his
board was indicted for the suspected crimes, and no material on his
board was ever adduced in court in the prosecution of others, he lost
equipment, books, posters, and other items. Dr. Ripco was victim of
misinformation. Because of the manner in which law enforcement has
written search affidavits and indictments drawing from inaccurate
information, gross reporting of potentially damaging "facts" cannot go
without response. An article appearing in the July 30 issue of
Privacy Times (PT), written by Evan Hendricks the editor, is the kind
of article that requires a swift reaction.
The article is "Hacker 'Manual' Tells 'Wannabes' how to Penetrate TRW
Database." Although Ripco is mentioned in only one sentence, it is a
damaging choice of words.
The article itself describes a "hacker file" detailing how to obtain
access to a TRW account, login to the TRW system, find and download
information, and interpret the information once obtained. The
author(s) of the TRW file, dated April, 1992, write in the style of
the juvenile anarchists who fantasize mindless destruction of "The
System," and who self-define themselves as "great criminal minds." The
PT article itself is well-intended: The goal seems to be to
raise the visibility of the security weaknesses of the TRW data base
and simultaneously to dramatize the sociopathic tendencies of those
who, as Cliff Stoll might say, put razor blades in the sand. But
there is one dangerously inaccurate line in the PT story that cannot
go without response:
"Entitled 'TRW.Masterfile,' the manual was published on
the 'Ripco' bulletin board by two authors who identify
themselves as 'CitiZen-One" and "Evil Priest."
Dr. Ripco responds to this in the following file. But, as a long-time
user of Ripco BBS, I searched my own files and discovered the
following:
1) There is *NO* such TRW file listed in the file lists
2) There is one Evile Priest and one citizen-0ne listed, but
neither are regular users. As of August 15th, the former
has not signed on since January, 1992, and the latter hasn't
signed on since April, 1992. Neither was listed logs prior
to January, 1992 that I could find.
The TRW file in question can probably be found on a number of boards.
Assuming that the copy I have obtained is identical to the file
reported in PT, it would appear to contain no illegal information.
Although a "how to" manual, it falls within literature protected under
the First Amendment. Although it is poorly written (a Grammatik check
rates it as incomprehensible), poorly conceived and argued, childishly
simplistic, and quite silly, it reveals little about TRW and contains
no proprietary information. To its credit, PT does not sensationalize
the document, and the point of the TRW story is not to create hysteria
about the dangers of hackers, but appears instead to be simply
describing a variant of "anarckidz."
However, CuD *strongly* condemns the unsubstantiated allegation that
the file was "published" on Ripco. This is a distortion of how files
are created and disseminated and implicates a BBS and its sysop in
activities over which the sysop has no knowledge. This creates an
association between illegal behaviors and Ripco that is not only
erroneous, but dangerous. It puts the board and its users at risk for
continued law enforcement excesses on the basis of what appears to be
unsubstantiated claims of the kind that have been previous
justifications for searches and seizures.
Misinformation also creates the possibility that the line will be
picked up by other media and repeated as true. This occured with the
Privacy Times article. James Daley, of Computerword, received a fax of
the PT piece, and repeated the allegation in his own column in the
August 17 issue of Computerworld without checking the accuracy, without
calling Evan Hendricks at Privacy Times, and without calling Ripco.
Daley writes:
"Two unidentified persons have used the "Ripco" bulletin board
to electronically publish a detailed manual, complete with
dial-up numbers, geographical codes and methods for conning
bureau subscribers into divulging their passwords, for
penetrating TRW's credit bureau data base." (p. 47)
Seemingly trivial one-liners, like viruses, have a way of spreading
their destructiveness. And, just parenthetically, if, in a term
paper, a student reproduced material without acknowledging the
original source, as the Computerworld article did in reproducing the
Privacy Times piece without acknowledging the original author, I would
raise the question of plagiarism.
If I am correct in my belief that the files were never available on
Ripco, I wonder why PT (and Computerworld) made the claim that they
were? From what source *did* the writer of the PT article obtain the
files? If the article's allusion to Ripco was based on a line in the
file itself indicating that the authors of the file could be contacted
on Ripco, then why wasn't mention made of other boards (in Florida)
also mentioned? Why did the writer of the PT article make no attempt
to contact Dr. Ripco? He is accessible, articulate, and quite open.
Ripco's number was included in the file, making contact readily
possible if the author tried.
I contacted the author of the PT article, editor Evan Hendricks.
Evan shared my concern that if the facts were as I presented them,
then the choice of words was unfortunate. He explained that,
especially in technical matters relating to computer technology, he
relies on informants. In this case, his informants indicated that the
files were "published" (and available) on Ripco. He indicated that he
would have to check with his informants to clarify the apparent
discrepancy between their account and ours. I agree (and fully
sympathize) with Evan on one point: Sometimes secondary facts that are
not immediately relevant to the primary focus of a story appears too
minor to check. I am convinced of Evan's good faith, and readers of
Privacy Times informed CuD that Evan has taken an aggressive and
principled stand against excesses of the Secret Service in Steve
Jackson games. I also agree that the offending sentence is of the
kind that is normally innocuous and the result of a seemingly minor
informant error translated into a vague phrase. In this case, however,
the phrase could possibly re-appear in an indictment. Evan must, of
course, check the accuracy of my account in challenging the
availability of the TRW file on Ripco. However, he assured me that if
my account is accurate, he will correct the mistake.
The intent here is not simply to criticize Privacy Times or its
editor. Evan impressed me as concerned, sincere, and highly
interested in many of the same issues as CuD, EFF, and others. Of
broader relevance is the way that the media often represent the
computer culture and the ways in which the participants in that
culture respond. In my own experience, most reporters and editors
appreciate being informed of alternative interpretations and accurate
facts. Sometimes "corrections" are over minor and inconsequential
details of no import. At other times, they can be vitally important
to rectifying potentially damaging depictions. Either way, gentle but
explicit dialogue with the media is crucial to reducing the
misunderstandings offered to the public. In this case, I am confident
that Privacy Digest and Computerworld will "do the right thing" by
checking the accuracy of their allegations. If they find they were in
error, I am equally confident that they will retract it.
((Despite my criticism of this particular article, Privacy Times is
considered a reputable and helpful source of information on law,
government policy, and other issues related to intrusions into and
protections of Constitutional rights. It is subscriber-sustained and
contains no advertising. Examination copies are available, and
subscriptions run $225 a year. For more information, contact Evan
Hendricks, Editor; Privacy Times; PO Box 21501; Washington, D.C.,
((ADDENDUM: Media persons wishing to contact Ripco BBS may do so at
(312) 528-5020. If the lines are busy, which they often are because of
its nearly 1,300 users, messages sent to Dr. Ripco at
tk0jut2@mvs.cso.niu.edu will be immediately forwarded))
------------------------------
Downloaded From P-80 International Information Systems 304-744-2253