**** ******** ******** ****** ******** ******** ** ** ** ** ******** ** ** ** ** ** ** ** ** ** ******** ** ** ** ******** c i n t m c i e . v s i , s t Hi, We're Back!! Issue 36 May 1, 1989 >> Special May Day Issue!! << / / / / Activist Times, Inc. ATI is a journalistic, causistic, / /cyberpolitical / /organization, / 4 more info? /trying to / send SASE /help y'all, and us / stamps??? change the world / to: radically, in less / ATI than two minutes / P.O. Box 2501 increments. / Bloomfield, NJ - - - - - - - - - 07003 Hello. Welcome to ATI36. Tonight's a night for insomnia and indigestion for me, so what better time to write ATI36? No time like the present! Ok, first things first. I promised the Doc Telecom/Raider article for this issue, which unfortunately I can't deliver. It's going to be a mammoth project, because I want it to be really excellent. I feel that a lot of people can benefit from reading their story. So, it WILL be done, and soon. But not this time around. Sorry, folkz! In this issue, we have lots of info for you all: Illegal tapping by telcos, Earth Day, Madonna, Phone terrorism, media antics, and more.. First off, we have Mad Pirate (201): * * * * * * * * * * * * * * * * * * Well, Here I am in my first real excursion into writing for a large group of people. Here it goes. I have a few really good Ideas on how to get revenge on people...By thrashing the insides of their motorized vehicle engines... Here they are: Car Engines To really screw somebody's day up, you first get your hands on some nice steel filings. (The bigger the chunks The faster it wreaks its damage) I find that steel works better. You then pour the filings (about a cup or so) into a container large enough so that you can add roughly a quart of oil. Then mix this up,so that the filings are equally suspended in the oil, and pour the entire concoction into the engine, as if you were adding oil to it. The Person that is driving the car will suddenly develop severe problems with their car! There are other ways to ruin a car... Pour Water into the gas Pour a water and sugar mixture into the gas. I'm sure there are many more ways,but due to limited space,I can't print them all. (II) Transmissions Using aforementioned steel filings, substitute transmission fluid for oil and pour it down respective tube leading into transmission. (III) Dirt Bike Engines (2-stroke) To Kill a person's Dirt bike, pour sand, steel filings, or even a few nuts and bolts into the crankcase, via the oil port. Another particularly vicious way to do in a dirt bike is to make a solution of sugar and water,and add this to the gasoline. When the engine is running, it will evaporate the water. The sugar will then solidify,and burn because the heat of the engine will cook it, causing an ugly mess of carbon and goo to form inside the cylander. Needless to say,the person will not be very happy about this as the engine will no longer continue to run. If you have time to spare,you can drain the gas which contains oil which lubri- cates the piston while the engine is running, and replace it with oil free gasoline. The next time the person attempts to ride,his engine will seize. Well,that's all I can think of for now. And remember...Revenge is a dish that is best served cold. ---------------- -The-Mad-Pirate- ---------------- (If you need to get in touch with me, to offer advice,suggestios on what to write next,or whatever, call Red Phone BBS and leave me E-Mail. The Number is 201-748-4005. Happi Hacking!) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---> Music Department <--- After I took over producing ATI, I noticed that we have been lacking in the musical commentary that used to be ever present in older ATI issues. So... I decided to say a few words about pop music, more specifically, Madonna's new song. And where Madonna is concerned, the term "music" is of course used very loosely (Pun intended!). "When you call my name It's like a little prayer I'm down on my knees I wanna take you there" NICE lyrics! Yeah, that's what we can expect from Madonna. But her new song and video, "Like A Prayer" tells us things about Madonna we didn't know. We know that carries herself like a prostitute. We know that she's the epitome of bad taste. And we know that she has no talent nor class whatsoever. But what we didn't know that she would show disrespect for the church as she did in her video. Now, I'm not a religious type, but I find the sight of Madonna rolling around atop an alter to be offensive. Not to mention the sight of her smooching with a religious statue that comes to life in the video. Even worse is the sight of holes opening up in her hands resembling the way Jesus' hands were torn by his being nailed to the cross. Is she trying to liken herself to Christ? I should hope not. At least not in THAT outfit! We also didn't know that someone as apolitical and as uninterested in social issues would make a vain attempt to use the issue of racism in her video to promote her song. In the video, a young Black man is accused of assault- ing a white woman after 3 white men had actually comitted the crime. Madonna then skips into jail flipping her hair, and has him released. And we wonder, as Madonna sings out of key standing in front of 5 burning crosses, why she's attempting to cash in on this sort of thing when her superficiality and insincerity obviously shine through. We don't know Madonna's motivation for presenting such offensive trash. But--what we do know is that Madonna and her "music" are of little worth or consequence. Indeed... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Some brief news items I decided to include: It seems that a previous issue of ATI gave some incorrect information. We stated that Joe Friday (918) was busted for toll fraud. This was incorrect because WE were lied to by a friend of his! It seems that Joe decided to let out a false rumor of him being busted deliberately. I asked Joe why he did this, and his response was "becase I was getting too many phone calls, and I figured a bust rumor would scare them into not calling". Gee Joe, the rest of the modern world CHANGES THEIR NUMBER when encountered with that situation! We here at ATI completely and utterly disapprove of the intentional spreading of false rumors, especially false bust rumors. Since there is more than ample confusion and panic in the phreaking community, we feel that false bust rumors add to the paranoia greatly. I myself have observed that about 1/3 of the busts I've heard about were completely fabricated, usually by the person who was supposedly "busted"! Apparently Joe Friday has run into a windfall of computer equipment and put up a "phreak" BBS. We will obtain the number, call it and give you a full report in a future ATI! In the meantime, Joe is invited to provide an eager audience with his side of the story. I'll give him the last word. And here's an unrelated item: It has been proposed that the NCIC's online records become expanded. The NCIC (National Crime Investigation Center) is a governmental mainframe that receives millions of inquiries each day by over 70,000 agencies. It provides info on people who have been convicted of felonies. But it's been proposed that the NCIC's records include info on people who are only SUSPECTED of committing felonies. If this is to come about, some severe intrusions on privacy of millions of Americans will come about. And if you're a political activist, phone ohreak, etc.. expect YOUR info to be in the NCIC soon. If it's not already there.. Also: A 28 year-old investment banker in NYC was attacked by as many as 12 youths in Central Park while she was jogging. She was beaten over the head with a pipe and other objects and raped by many assailants. Since then, she has been in a coma, and after two weeks is only starting to come out now. There has been a lot of furor over the attack. NYC mayor Ed Koch said, "We will see how the justice system will perform in this incident..", meaning that some kind of "example" must be set. Soon after he said that, eight Black teens were arrested for the attack, ranging in age from 14 to 17. They have been held without bail and arraigned, and it has been reported that they said the attack was "fun" and showed no remorse. Reverend Al Sharpton said that the teens should be "excused" from the crime due to their age and the fact that they grew up in a "bad" environ- ment. And recently, tycoon Donald Trump took out full-page ads in all four major NYC newspapers saying, "Bring back the death penalty...Bring back the police!", in huge bold print. The ad preaches absolute intolerance for the teens, and has made many people angry, including myself. What right does he have to demand the death penalty for criminals when he is one himself? And what right does he have to plaster his opinions everywhere just because he's rich? What makes his opinion more important that anyone's? Indeed, as Koch said, we WILL see how the justice system performs in this case. Should be an interesting show.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! And now, some more news items of interest written by Nightcrawler (516): ============================================================================= Nightcrawler's News from the Net ============================================================================= Today's Independent newspaper contains an advert by BMW which provides yet further evidence of the automative industry's flagrant disregard for the possible risks associated with new computer-based technology. The main text of the advert is reprinted below, in its entirety, followed by a brief note of some of what I regard as the more obvious risks. BEFORE A BMW WILL START IT WEIGHS UP WHO'S DRIVING First BMW brought you ABS, for safer braking in the wet. Then came ASC, to help counter wheelspin during acceleration. Today, they can unveil DWS: probably the most significant advance in anti-theft technology to occur in recent years. DWS stands for Driver's Weight Sensor. A unique system that compares the driver's weight with a pre-programmed value stored in the sensor's computer memory. If the two values do not match, the car simply refuses to start. Clearly, this represents a whole new level of anti-theft sophistication. But one that has only be made possible thanks to recent advances in space satellite PHAT technology. This remarkable new material - Poly Halide Anodal Tritium - exhibits a highly predictable change in electrical conductivity according to the pressure exerted upon it. By harnessing these properties, BMW's engineers have devised a wafer-thin pressure pad that, when incorporated into the driver's seat, can electronically assess the occupant's weight to within 10 grams accuracy. Such is the system's intelligence, it will take account of bodyweight variations that occur according to the time of day, or even the time of year. This it achieves by interlocking with the car's on-board 365-day digital clock. Accurate allowance can then be made for weight increases that may be expected immediately after meal times, and those that are caused by multi-layer clothing during the winter months. Despite its space age technology, the operation of DWS is simplicity itself. On entering the car, the driver inserts the ignition key, at which point the words ?Code Enter' flash up on the dashboard LED display. Up to five of these codes can be stored for five different drivers. The driver now enters his personal code on the key pad and his weight appears on the light-up display, expressed in either pounds or kilos. (Lady drivers who would prefer this visible display switched off should consult their BMW dealer, who will carry out the small necessary adjustment free of charge.) The sensor weight reading is then compared to the programmed weight in the memory, and providing this falls to within +-5%, the car will start normally. If, however, the figure exceeds these tolerances, then a discreet gong sounds, and the entire ignition system shuts down. Should persistent attempts be made to restart the car, an alarm system is triggered, and the headlights flash alternately until the unauthorised person vacates the seat and re-closes the door. At the same time a pre-recorded message is transmitted on the standard police radio frequency, notifying all walkie-talkie equipped police officers within 350 metres of the car's registration number. If you'd like to know whether the Driver's Weight Sensor anti-theft system can be fitted to your car, contact your local BMW dealer, or post off the coupon below [to Hugh Phelfrett, BMW Information Service, PO Box 46, Hounslow, Middlesex, TW4 6NF]. Some likely risks: Just when you have arrived back from a week-end backpacking, and are desperate to get to MacDonald's before they close, the car is likely to refuse to recognise you. (The opposite problem is perhaps not so bad - for example, it would be good for you to be occasionally forced to walk or jog to WeightWatcher's class.) Suppose the car does consent to take you to MacDonald's, the weight display, which I assume is dynamically updated, will be an additional and dangerous distraction while you drive home eating your Big Mac. (A head-up display would reduce this risk.) A person's weight variations over the year are strongly correlated to cultural, racial, and religious factors. Almost certainly, therefore, this system will provide another example of "computerized discrimination". There is even a security-related risk. By periodically dieting, a spy could use the occasional transmissions of the pre-recorded message as a covert signalling channel to a near-by embassy, say. ============================================================================ GALACTIC HACKER PARTY 2nd, 3rd, 4th of August 1989 PARADISO, AMSTERDAM, HOLLAND During the summer of 1989 the world as we know it will go into overload. An interstellar particle stream of hackers, phone phreaks, radioactivists and assorted technological subversives will be fusing their energies into a media melt-down as the global village plugs into Amsterdam for three electrifying days of information interchange and electronic capers. Aided by the advanced communications technology to which they are accustomed, the hacker forces will discuss strategies, play games, and generally have a good time. Free access to permanently open on-line facilities will enable them to keep in touch with home base -- wherever that is. Those who rightly fear the threat of information tyranny and want to learn what they can do about it are urgently invited to interface in Amsterdam in August. There will be much to learn from people who know. Celebrity guests with something to say will be present in body or electronic spirit. The Force must be nurtured. If you are refused transport because your laptop looks like a bomb, cut off behind enemy lines, or unable to attend for any other reason, then join us on the networks. Other hacker groups are requested to organize similar gatherings to coincide with ours. We can provide low-cost international communications links during the conference. For further information, take up contact as soon as possible with: HACK-TIC PARADISO P.O. box 22953 Weteringschans 6-8 1100 DL Amsterdam 1017 SG Amsterdam The Netherlands The Netherlands tel: +31 20 6001480 tel: +31 20 264521 / +31 20 237348 fax: +31 20 763706 fax: +31 20 222721 ============================================================================ PC WEEK (March 27, 1989) reports: "The recent rash of remote local area network software packages has thrust the PC industry into a national controversy over electronic monitoring and workers' rights to privacy. At question is whether or not products such as . . . Microcom Inc.'s Carbon Copy, which can be configured to allow undetected monitoring of PCs, violate workers' Fourth Amendment rights 'of people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.' In answer to complaints from Massachusetts unions that workers' rights are being violated, the Massachusetts Coalition of New Office Technology (CNOT) plans to set up some guidelines to regulate employers who opt for electronic monitoring. The group's first step is to file a bill with the Massachusetts Dept. of Labor that would force employers to notify job applicants of any electronic monitoring . . . and to inform workers when they are being monitored." Carbon Copy is usually perceived as software which allows one PC to be controlled from another remotely located one. But programs like Carbon Copy can be configured to observe network activity without a user's permission, detection, or override. Lisa Morel of Microcom reports that: "the ones who are asking about it [undetected monitoring] are the system managers." While monitoring software can provide important network trouble- shooting and tuning help, users may view its secret operation as "condoned tapping." Monitoring differs from event logging. More than recording what the user does, monitoring software clones the user's activity on the observer's terminal. Interest in using undetected monitoring programs may increase with growing concern about network security and management. These programs are not limited to PC platforms. Moreover, serious reservations reach beyond the nasty business of how managers gather employee performance data. o The observer may monitor user access to organizationally sensitive information. o Secret monitoring conflicts with the Information Resource Management (IRM) principle of user data ownership. o From a lay legal view: - In a Federal government environment (including contractors), secret monitoring of user access to personnel information could lead to violation of the Privacy Act of 1974 (Public Law 93-579). - Undetected monitoring of a third-party's remote session could violate the Electronic Communications Privacy Act of 1986 (Public Law 99-508). In efforts to preserve security and integrity, are system managers and their parent organizations prepared to handle the ramifications of secret monitoring? =========================================================================== Subject: Computer blunders blamed for massive student loan losses Bank of America and possibly other major international banks stand to lose as much as $650 million on bad student loans, due to computer problems at United Education and Software. The 'Wall Street Journal' for Friday, March 10, provides the first hints of details I've seen on the nature of the "computer blunders" which earlier stories hinted at. The article, by Charles F. McCoy and Richard B. Schmitt, is headlined UNITED EDUCATION'S COMPUTER BLUNDERS FORM VORTEX OF BIG STUDENT LOAN FIASCO. Excerpts: Computers at United Education and Software, Inc. ... ran wild for at least eight months. They rejected payments from overdue borrowers and addressed collection notices intended for New Yorkers to such places as "Radio City, N.Y.," among other gaffes. United Education and its colossal computer mistakes are at the heart of what is emerging as one of the most tangled loan fiascos in years... The U.S. Dept. of Education has refused to honor guarantees on certain federally backed student loans serviced by United Education. That raises the possibility that BankAmerica or other banks that backed the loans with letters of credit will have to shoulder huge defaults. BankAmerica served as trustee on the loans... [Other banks, including Citicorp and several Japanese banks, dispute how much of the liability might be theirs, saying BankAmerica is responsible.] United Education's beserk computer produced records that are so fouled up that nobody knows how much the losses eventually will be. United Education and Software, oringinally a trade-school operator, began servicing student loans in 1983, and grew rapidly, developing a portfolio of more than $1 billion in less than five years... The computer problems apparently stemmed from United Education's switch to a new system in October 1987. According to officials familiar with the problems, United Education's programmers introduced major software errors and failed to properly debug the new system. Among the results, according to a Dept. of Education audit report: United Education sent delinquency notices to students who were still in school and thus weren't scheduled even to begin payments on the loans. It placed students who were supposed to have been granted deferments into default. It didn't inform many laggard borrowers that they were delinquent, while informing some current borrowers that they were. The computers also apparently logged telephone calls that were never made and didn't log calls that were. United Education applied payments to interest when they were supposed to be applied to interest and principal... Aaron Cohen, president of United Education, called the depth of the problems identified by the audit a "shock." He said the company was aware of bugs in the new software that were causing accounting errors, but had no idea its loan servicing operation had run amok. He thought any problems were routine. "Software companies have problems all the time," he said... ------------------------------ Subject: Prisoner access to confidential drivers' records From a story by Leo Wolinsky in the 'Los Angeles Times' 5-March-89: If the [California Governor] Deukmejian Administration has its way, state prisoners soon will be put to work sorting through confidential motor vehicle records as part of the governor's plan to keep inmates working and save taxpayers money. But the program, which is set to begin July 1, is prompting con- cern among some lawmakers and other officials who worry that the records -- which include names, addresses and some financial information about California motorists -- might end up in the hands of career criminals. "The concept boggles the mind," said Assemblyman Richard Katz, chairman of the Transportation Committee. "They may be car thieves... They may have killed people or molested kids and now we're going to give them access to home addresses of people along with [information on] loans that they have on their vehicles and what cars they drive. It seems like an open invitation for trouble." .... No one is sure what illicit uses, if any, inmates might make of the information. But the Legislature's nonpartisan analyst charged in a report that procedures employed by the state "may not be adequate" to ensure the security of the documents. "From our position, there is a fair amount that could be done even with this much information," said [one of the report authors].... [In an earlier, now cancelled mail sorting job,] some corrections officers said they believe the inmates were searching for addresses of prison officials ..... PS. It is not clear from the newspaper article whether the records involved would be paper or on-line, so, strictly speaking, this may not involve any computer-based system RISK. ------------------------------ VIRUS HITS HOSPITAL COMPUTERS A "virus" infected computers at three Michigan hospitals last fall and disrupted patient diagnosis at two of the centers in what appears to be the first such invasion of a medical computer, it was reported last week. The infiltration did not harm any patients but delayed diagnoses by shutting down domputers, creating files of nonexistent patients and garbling names on patient records, which could have caused more serious problems. "It definitely did affect care in delaying things, and it could have affected care in terms of losing this information completely," said Dr. Jack Juni, a staff physician at the William Beaumont Hospitals in Troy and Royal Oak, Mich., two of the hospitals involved. "It was pretty disturbing." If patient information had been lost, the virus could have forced doctors to repeat tests that involve exposing patients to radiation, Juni said. The phony and garbled files could have caused a mix-up in patient diagnosis, he said. "This was information we were using to base diagnoses on," said Juni, who reported the case in a letter in the New England Journal of Medicine. "We were lucky and caught it in time." ========================================================================= Date: Tue, 28 Mar 89 08:06:39 PST Subject: Prank Virus Warning Message An individual placed a time bomb message on a government service system in the San Francisco Bay Area saying, "WARNING! A computer virus has infected the system!" The individual is learning that such a prank is considered almost as funny as saying that you have a bomb in your carry-on luggage as you board a plane. Bruce Baker, Information Security Program, SRI International =========================================================================== Date: Mon, 27 Mar 89 13:27:32 BST Subject: Subversive bulletin boards This week's (26 March.) Sunday Times (UK) has an article relating to a Bulletin Board being run by a 14-year-old boy in Wilmslow, Cheshire, England, which contains information relating to such things as making plastic explosives. Anti-terrorist detectives are said to be investigating for possible breaches of the Obscene Publications Act. Apparently reporters were able to easily gain access to this bulletin board and peruse articles on such subjects as credit card fraud, making various types of explosive, street fighting techniques and dodging police radar traps. One article was obviously aimed at children and described how to make a bomb suitable for use on "the car of a teacher you do not like at school," which would destroy the tyre of a car when it was started. The boys parents did not seem to think that their son was doing anything wrong, preferring him to be working with his computer rather than roaming the streets. A London computer consultant, Noel Bradford, is quoted as having seen the bulletin board and found messages discussing "how to crack British Telecom, how to get money out of people and how to defraud credit card companies. Credit card numbers are given, along with PIN numbers, names, addresses and other details." ==================================================================== From: "David.J.Ferbrache" Subject: UK Computer Threat Research Association For those of you interested an umbrella organisation has been established in the UK to co-ordinate information on, and research into all aspects of computer security. In the first instance one of the organisations primary concerns will be combatting the threat posed by computer viruses by acting as a clearing house for virus information and control software. Below is a copy of an initial letter mailed to prospective members: The Computer Threat Research Association The computer threat research association, CoTra is a non-profit making organisation that exists to research, analyse, publicise and find solutions for threats to the integrity and reliability of computer systems. The issue that caused the formation of CoTra was the rise of the computer virus. This problem has since become surrounded by fear, uncertainty and doubt. To the average user the computer virus and its implications are a worry of an unknown scale. To a few unfortunates whose systems have become a critical issue. The key advantage of CoTra membership will be access to advice and information. Advice will be provided through publications, an electronic conference (a closed conference for CoTra's members has been created on the Compulink CIX system) as well as other channels such as general postings direct to members when a new virus is discovered. CoTra membership will be available on a student, full or corporate member basis. All software that is held by CoTra that enhances system reliability, such as virus detection and removal software, will be available to all members. It is intended to establish discounts with suppliers of reliability tools and services. A library of virus sources and executables and other dangerous research material will be made available to members who have a demonstrable need. A register of consultants who have specific skills in the systems reliability field will be published by CoTra and reviews of reliability enhancing software will be produced. Your support of CoTra will ensure that you have the earliest and most accurate information about potential threats to your computer systems. CoTra, The computer threat research association, c/o 144 Sheerstock, Haddenham, Bucks. HP17 8EX Part of the organisation's aim is to establish reciprocal links with other similar organisations worldwide to facilitate the sharing of experience and rapid flow of information on new threats. To this end if you are involved in, or have contacts with, a similar organisation in your country, please write to CoTra (or by email to me, and I will forward your correspondence) outlining your organisation and its aims. Yours sincerely, Dave Ferbrache, Dept of computer science, Heriot-Watt University, 79 GrassmarketEdinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553 UUCP ..!mcvax!hwcs!davidf ============================================================================== Guess what? We've run out of space! So we will spill everything else we have for you into ATI37. Go download OK it now.... OK?