Date: Mon, 22 Jul 91 14:44:12 MET From: afp!gna!comsat!coop@TFD.COM (Agent Cooper) Subject: File 10--Late reply to Dutch Crackers article (CUD3.19) First I want to make clear that I'm not one of the 'hackers' who broke into american military computers. I'm a friend of them and was asked to reply on the article in the last CUD. There doesn't exist an organized group in Holland that is 'hacking' american military computers, about 8 'hackers' not organized as a group which are in some case friends of eachother but in most cases don't know eachother were targeting military computers in 1990. Some of them are still doing this others switched to other systems and areas of 'hacking' in search of new challenges. The 'hackers' are high-school-students, programmers, university students and software developers, all with a considerable knowledge of various computer systems. They didn't use 'hacker cook-books' but used mostly new /forgotten software bugs which they found themselves. Many CERT advisories conceirning system security in 1990 were a direct cause of this. Their main goal wasn't only finding new bugs, curiosity or boredom it was a mixture of those. Because they sometimes 'hacked' over 400 computers per day (per hacker) their activities looked pre-fabricated. Not only military computers on the internet were searched but also systems on X.25 and dialups. The information was in some cases confidential. Files which I have seen contained very sensitive (marked confidential etc.) information (from accidents to spy reports & such) that made the information found by the hackers from 'the cuckoo's egg' and the 'LOD E911' people look like child-play. The information was not falsified as far as I could see, things I checked were all true. Most of the 'hackers' are conceirned about what they found and some even contacted U.S. government agencies. What was shown on dutch television didn't have to do much with this. The person on TV. was no 'hacker'. It was a friend of a 'hacker' in need of money who got a harmless account on a U.S. military computer. The Utrecht university gateway shown was seldomly used by the real 'hackers' and was expendable for the TV show. At the end of 1990 some of the hackers noticed certain gateways & system were being monitored, which didn't really bother them cause they switched paths & routines regularly. In the last issue of the dutch hacker magazine 'Hacktic' (C. Stoll seems to read it looking at his remarks) there was an article in which they published traces, logfiles and personal mail of system operators and security people. >From these files you can see that the problem in Holland isn't that there is no real law against hacking but that the problem is that they can't find the 'hackers'. There have been cases in Holland in which 'hackers' were convicted. ------------------------------ ************************************ End of Computer Underground Digest #3.27