home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
cud3
/
cud313a.txt
< prev
next >
Wrap
Text File
|
1992-09-11
|
16KB
|
318 lines
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 3, Issue #3.13 (April 20, 1991) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto
POETICA OBSCIVORUM REI: Brendan Kehoe
+++++ +++++ +++++ +++++ +++++
CONTENTS THIS ISSUE:
File 1: From the Mailbag
File 2: Response to RISKS DIGEST (#11.43-- Len Rose Case)
File 3: Response to recent comments concerning Len Rose
File 4: CU News
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
(2) cudarch@chsun1.uchicago.edu;
(3) dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission. It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground. Articles are preferred
to short responses. Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Contributors assume all
responsibility for assuring that articles submitted do not
violate copyright protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Various
Subject: From the Mailbag
Date: 20 April, 1991
********************************************************************
*** CuD #3.13: File 1 of 4: From the Mailbag ***
********************************************************************
From: dogface!bei@CS.UTEXAS.EDU(Bob Izenberg)
Subject: Inslaw & Uncle Sam
Date: Mon, 15 Apr 91 19:06:44 CDT
A friend who just got CUD 3.12 passed along this comment, posed in
typically to-the-point fashion ;-) and I said I'd buck it to you. His
email address is:
cs.utexas.edu!dogface!Tristan!dice
[ start of Steve Meade's email message ]
Subject: Re: Inslaw vs US Attorney's Office
Inslaw wrote a case tracking program and sold it to the US attorneys
office. To the tune of $10 million (not exactly Yankee Doodle). They
reneged on the deal but every Federal District still uses it.
It gets better.
Last Administration, US Attorney General gives it to a hacker and sets
him up on an Indian Reservation to "improve on the product". Due to
territorial law on the reservation he can do things he cant do in say,
Chicago. [ heh heh heh --Bob ]
This improvement finds its way into the hands of the Israeli Secret
Service because in the mean time Inslaw has sold the product
internationally and now the Jews are using the modified form to "look
into" some of the foreign nationals files. You know how justifiably
paranoid they are.
Inslaw sues for the ten mil and the hacker spills for the plaintiff a
week after he swears a deposition that the US Attorneys office has
threatened him and his dad if he talks. He talks and talks anyway
and...
(Baddabing Badda boom!)
HE gets busted for drug possession.
(by a dozen agents one of whom reads him an abbreviated Miranda
(the part about keeping his BIG Mouth SHUTTTT!!!!))
The only place I've been able to get any info is Computerworld.
Maybe the last 3 or 4 issues (comes out weekly)
I think that guy who plays booger in revenge of the nerds ought to get the part
of the hacker, Meryl Streep could probably land the
part of the Israeli SS and Klaus Von Bulow could do the US D.A. in charge of the
obfuscation.
Maybe we could get Saddam Husein to play Ed Meese.
Check it out. and then better start learning all the verses to Amazing Grace.
Stephen, WeeBee, RammaBabba, and Ms. Dos (Jeez! I thought I had Kuntzler's phone
number here on the coffee table a minute ago...)
"tadadadada Amerika! tadadadada Amerika"
-from the remake of West Side Story
[ end of the Meade-ogram ]
For the uninitiated - and I may be among them, this is cryptic stuff -
the four names at the end bear a 25% relationship to reality. He is,
in fact, Stephen, but he's added one nickname a week for everyone in
his house. WeeBee, my favorite name, is one of his sons. Short for
WeeBee Jammin' was my guess, but the sonofabitch will neither confirm
nor deny.
Side, ass-covering note: He's an old friend, and former co-worker
from the AT&T days. He has requested my assistance in resolving
network problems on AT&T machines in Salt Lake City. I have not
dialed into those machines, but I have set up uucp connections between
his 3B2/400 at home and my DOS box, at his request. These machines
that he has are exact duplicates of functioning AT&T Communications
Outbound Call Management sites in Utah, and so were good guinea pigs
for troubleshooting. Steve tried the official company paths for
obtaining technical assistance, and was referred to idiot after idiot
until he talked to me about it. We found the (hardware) problem in
two days of not looking very hard... Salt Lake is happy, Steve's
happy, and any Federal agents had damned well better be happy, because
I was helping their people out at their behest. Nobody gave me any
dinero to do this, he's a pal and I helped him out. Likewise, no
non-disclosure agreements were even mentioned. I know that it'll be
tough for a Fed or prosecutor to get their mind around, but I'm doing
this for no money, just good will. This is the third time after I
left AT&T that their employees or contractors have asked me to assist
in resolving technical problems. Each one of them knew what happened
here on February 20th, in agonizing detail. Bill Kennedy and I have
talked about this, and he thinks that I'm being incautious by not
telling Steve or whoever to get formal paperwork put through to cover
my presence. Bill, however, has always been outside AT&T, and hasn't
seen the way the company will leap up its own behind to avoid making
progress. When a project I worked on closed down, the developers were
dispersed to the four winds.. John Macchione, one of the first guys to
start work on the project, had left for other contract work. In order
to get our technical questions answered, Tom Wynne, the project
manager from AT&T Federal Systems, snuck John in after 5 P.M. once or
twice a week for technical Q&A sessions. He was paid out of
discretionary funds on Tom Wynne's budget. Macchione already had a
job, and they would have been somewhat unhappy to hear that he was
going back to an old client to do work without paying his contracting
company their cut. Wynne would have had to get a contract position
approved, which wasn't what Macchione wanted, and would have taken at
least a month. So they did it under the table, and got us the support
we needed. Steve is doing the same thing here. So if some SS or
related Nazi says that, now or back in 1989, I illegally accessed AT&T
computers, you should damned well scream at the top of your electronic
lungs that AT&T makes it so difficult for their own people to get
technical help that they'll be forced to go outside the system for
answers. And that, then as now, I won't turn down someone with a
problem because they haven't given every mid-level paper pusher their
crack at nixing the help that they need now, not two months from now.
Doesn't make a damn bit of difference whether you're my best friend
or, like this Navy contractor who's trying to set up his PC at home to
run the same uucp clone that I do, someone that I just met. I'm not
so stuck up on myself that I can't lend people a hand. If that means
that some Brown Shirt sucking off the public tit doesn't understand
why I might donate some of my time to solving problems, well, that's
life. And if they ask, well, why not volunteer at a recycling center
or some-such, well, I answer only that I'd rather recycle my knowledge
than soda bottles and tin cans. Jeez, you can get really dizzy
standing on these soapboxes, ya know?
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: hkhenson@CUP.PORTAL.COM
Subject: reply to ATT letter responses
Date: Tue, 16 Apr 91 19:52:24 PDT
In CuD 3.12 peter@TARONGA.HACKERCORP.COM(Peter da Silva) notes:
>Finally, I would like to note that unlike many of the posters
>here I'm not going to try to excuse Rose's adding trapdoors to
>login.c as either educational or providing support to AT&T
>customers. His posession of this code was definitely illegal.
>His use of it was, while perhaps protected under the first
>amendment, hardly wise.
I think all involved, especially Len Rose would agree with the last
statement! I also agree with with Peter the posession of the source
code was also illegal, but there is illegal and illegal. Copyright
violation (which is a _civil_ matter) would have been the proper
approach for ATT to take in the Len Rose case. However, ATT folks
convinced agents of the US Government to make what should have been a
civil case into a federal wire fraud case, with as much jail time as
second degree murder. Now, if Len had profited in any significant way
from his use of widely available source code, I could perhaps support
making it into wire fraud. But next time you copy more than a page or
two from a book in the library, look over your shoulder. If the
publisher of the book can get the government to go after you . . . .
In the same issue jrbd@CRAYCOS.COM(James Davies) complains
>The press release published earlier in the same CuD issue makes
>it clear that Rose's intent was to steal passwords and invade
>systems. While the possession of AT&T source code was the charge
>of which Rose was convicted, his actual crime (in a moral sense)
>was the equivalent of manufacturing burglar's tools, or perhaps
>of breaking and entering (although there isn't any evidence that
>he actually did any of this, his intent was clearly to help
>others do so). Nothing makes this more obvious than Rose's own
>words, as quoted from the comments in his modified login.c by
>the Secret Service press release:
[quotes press release comments]
And goes on:
>I'm sorry, but these aren't the words of an innocent man.
>Personally, I think that Rose is guilty of the exact same sort
>of behaviour that gives hackers a bad name in the press, and I
>think that you're crazy to be supporting him in this. Save your
>indignation for true misjustices, ok?
I'm sorry, but you are wrong. In *this* country, a person cannot be
convicted on the basis of what they write, only on their actions.
Otherwise, there could be no mystery stories. Len was never accused
of breaking into any system. Why should he? He was *given* accounts
on systems far and wide across the net, and *given* source code by ATT
employees. The only reason Len came to the attention of ATT was
through the SS/Bell South searching an electronic publisher's email
(think about that.) For all the BS in the login.c comments, I consider
Len to have been a positive element in the computer underground,
influencing young explorers to respect and not damage data. (See the
moderators papers on socializing forces in the Computer Underground.)
Keith Henson
PS You might want to consider the consequences of big companies
geting in the habit of saving money on civil suits by using the
Federal Government to harass and jail people they are unhappy with.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: scubed!pro-harvest.cts.com!wlup69%das@HARVUNXW.BITNET(Rob Heins)
Subject: Response to article in CuD 3.12
Date: Tue, 16 Apr 91 19:05:45 CDT
In CuD 3.12, Bernie Cosell (cosell@BBN.COM) writes:
|Consider: it is the middle of summer and you happen to be climbing in
|the mountains and see a pack of teenagers roaming around an
|abandoned-until-snow ski resort. There is no question of physical
|harm to a person, since there will be no people around for months.
|They are methodically searching EVERY truck, building, outbuilding,
|shed, etc,. Trying EVERY window, trying to pick EVERY lock. When they
|find something they can open, they wander into it, and emerge a while
|later. From your vantage point, you can see no actual evidence of any
|theft or vandalism, but then you can't actually see what they're doing
|while they're inside whatever-it-is.
|
|Should you call the cops? What should the charge be?
Of course you should call the cops. Unless they are authorized to be
on the property, (by the owner) they are trespassing, and in the case
of picking locks, breaking and entering.
However, you're trying to equate breaking into a ski resort with
breaking into a computer system. The difference being:99 times out of
100, the people breaking into a computer system only want to learn,
have forgotten a password, etc...99 times out of 100, the people
breaking into the ski resort are out for free shit.
That's why it's such a good idea to have a chat with an unknown
account on your system, to determine if they're there to destroy the
place, or if they only want to see how Unix ticks...A wise person once
said, "If they can do it once, chances are, they can do it again.
|Would the answer be different if it were YOUR stuff they were sifting
|through?
The answer, of course, is no. Reason being that I've got the brains
not leave data lying around a system with a dial-up that I don't want
anyone to see. (Check out my directory at Pro-Harvest...All I have
are a couple of CuD backissues, my sig file, and an ad for a hard
drive that I forgot to respond to...)
|2) I'm just as happy having that kind of "finding out" done by the
|police and the courts --- that's their job and I'd just as soon not
|get involved in the messy business [even if I could spare the time].
|If you can't learn to act like a reasonable member of society for its
|own sake, perhaps somewhat more painful measures will dissuade you
|from "doing it again".
Yeah...good philosophy. "Let's spend a couple hundred grand
investigating something that the local sysop could take care of in two
minutes of his 'Precious Time'". It seems to me that if you have the
time to run a BBS, you have the time to perform ALL the duties a sysop
with a couple of working brain cells should have...(Including the two
minutes to write a 200 byte email note to somebody who's probably
harmless. If they don't respond, then delete them. That's what, a
three step procedure with about 5 minutes of cumulative "work"
involved? (Even you can understand.) If you really want to keep
someone out, set it up so that only root can create accounts.)
If ol' Bernie wants to defend people's rights, maybe he should stick
to his own, and leave mine and my non-crotchety-old-man friends'
alone.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************