Computer underground Digest Sun July 26, 1992 Volume 4 : Issue 33 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Copy Editor: Etaion Shrdlu, III Archivist: Brendan Kehoe Shadow-Archivist: Dan Carosone CONTENTS, #4.33 (July 26, 1992) File 1--Bellcore threatens lawsuit against 2600 Magazine File 2--The 2600 Article in Question File 3--2600 reply to Bellcore File 4--Bellcore Explains its Position against 2600 File 5--CuD Comment on Bellcore Letter to 2600 File 6--Are You a Hacker? File 7--Re: Cu Digest, #4.31 (MOD Indictment) File 8--The Ethics of Data Communications File 9--Documents Available: Open Platform Overview, Life in Virtual File 10--CPSR Recommends NREN Privacy File 11--Int'l BBSing & Elec. Comm Conference July PR Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet alt.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from American Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail at the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Thu, 23 Jul 92 00:40:43 -0700 From: Emmanuel Goldstein Subject: File 1--Bellcore threatens lawsuit against 2600 Magazine THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE. WE WELCOME ANY COMMENTS AND/OR INTERPRETATIONS. Leonard Charles Suchyta General Attorney Intellectual Property Matters Emanuel [sic] Golstein [sic], Editor 2600 Magazine P.O. Box 752 Middle Island, New York 11953-0752 Dear Mr. Golstein: It has come to our attention that you have somehow obtained and published in the 1991-1992 Winter edition of 2600 Magazine portions of certain Bellcore proprietary internal documents. This letter is to formally advise you that, if at any time in the future you (or your magazine) come into possession of, publish, or otherwise disclose any Bellcore information or documentation which either (i) you have any reason to believe is proprietary to Bellcore or has not been made publicly available by Bellcore or (ii) is marked "proprietary," "confidential," "restricted," or with any other legend denoting Bellcore's proprietary interest therein, Bellcore will vigorously pursue all legal remedies available to it including, but not limited to, injunctive relief and monetary damages, against you, your magazine, and its sources. We trust that you fully understand Bellcore's position on this matter. Sincerely, LCS/sms ------------------------------ Date: Thu, 23 Jul 92 00:42:23 -0700 From: Emmanuel Goldstein Subject: File 2--The 2600 Article in Question "U.S. Phone Companies Face Built-In Privacy Hole" (From 2600, Winter, 1991-92 (Vol 8, No. 4: pp 42-43). Phone companies across the nation are cracking down on hacker explorations in the world of Busy Line Verification (BLV). By exploiting a weakness, it's possible to remotely listen in on phone conversations at a selected telephone number. While the phone companies can do this any time they want, this recently discovered self-serve monitoring feature has created a telco crisis of sorts. According to an internal Bellcore memo from 1991 and Bell Operating Company documents, a "significant and sophisticated vulnerability" exists that could affect the security and privacy of BLV. In addition, networks using a DMS-TOPS architecture are affected. According to this and other documents circulating within the Bell Operating Companies, an intruder who gains access to an OA&M port in an office that has a BLV trunk group and who is able to bypass port security and get "access to the switch at a craft shell level" would be able to exploit this vulnerability. The intruder can listen in on phone calls by following these four steps: "1. Query the switch to determine the Routing Class Code assigned to the BLV trunk group. "2. Find a vacant telephone number served by that switch. "3. Via recent change, assign the Routing Class Code of the BLV trunks to the Chart Column value of the DN (directory number) of the vacant telephone number. "4. Add call forwarding to the vacant telephone number (Remote Call Forwarding would allow remote definition of the target telephone number while Call Forwarding Fixed would only allow the specification of one target per recent change message or vacant line)." By calling the vacant phone number, the intruder would get routed to the BLV trunk group and would then be connected on a "no-test vertical" to the target phone line in a bridged connection. According to one of the documents, there is no proof that the hacker community knows about the vulnerability. The authors did express great concern over the publication of an article entitled "Central Office Operations - The End Office Environment" which appeared in the electronic newsletter Legion of Doom/Hackers Technical Journal. In this article, reference is made to the "No Test Trunk." The article says, "All of these testing systems have one thing in common: they access the line through a No Test Trunk. This is a switch which can drop in on a specific path or line and connect it to the testing device. It depends on the device connected to the trunk, but there is usually a noticeable click heard on the tested line when the No Test Trunk drops in. Also, the testing devices I have mentioned here will seize the line, busying it out. This will present problems when trying to monitor calls, as you would have to drop in during the call. The No Test Trunk is also the method in which operator consoles perform verifications and interrupts." In order to track down people who might be abusing this security hole, phone companies across the nation are being advised to perform the following four steps: "1. Refer to Chart Columns (or equivalent feature tables) and validate their integrity by checking against the corresponding office records. "2. Execute an appropriate command to extract the directory numbers to which features such as BLV and Call Forwarding have been assigned. "3. Extract the information on the directory number(s) from where the codes relating to BLV and Call Forwarding were assigned to vacant directory numbers. "4. Take appropriate action including on-line evidence gathering, if warranted." Since there are different vendors (OSPS from AT&T, TOPS from NTI, etc.) as well as different phone companies, each with their own architecture, the problem cannot go away overnight. And even if hackers are denied access to this "feature", BLV networks will still have the capability of being used to monitor phone lines. Who will be monitored and who will be listening are two forever unanswered questions. ------------------------------ Date: Thu, 23 Jul 92 00:42:54 -0700 From: Emmanuel Goldstein Subject: File 3--2600 reply to Bellcore Emmanuel Goldstein Editor, 2600 Magazine PO Box 752 Middle Island, NY 11953 July 20, 1992 Leonard Charles Suchyta LCC 2E-311 290 W. Mt. Pleasant Avenue Livingston, NJ 07039 Dear Mr. Suchyta: We are sorry that the information published in the Winter 1991-92 issue of 2600 disturbs you. Since you do not specify which article you take exception to, we must assume that you're referring to our revelation of built-in privacy holes in the telephone infrastructure which appeared on Page 42. In that piece, we quoted from an internal Bellcore memo as well as Bell Operating Company documents. This is not the first time we have done this. It will not be the last. We recognize that it must be troubling to you when a journal like ours publishes potentially embarrassing information of the sort described above. But as journalists, we have a certain obligation that cannot be cast aside every time a large and powerful entity gets annoyed. That obligation compels us to report the facts as we know them to our readers, who have a keen interest in this subject matter. If, as is often the case, documents, memoranda, and/or bits of information in other forms are leaked to us, we have every right to report on the contents therein. If you find fault with this logic, your argument lies not with us, but with the general concept of a free press. And, as a lawyer specializing in intellectual property law, you know that you cannot in good faith claim that merely stamping "proprietary" or "secret" on a document establishes that document as a trade secret or as proprietary information. In the absence of a specific explanation to the contrary, we must assume that information about the publicly supported telephone system and infrastructure is of public importance, and that Bellcore will have difficulty establishing in court that any information in our magazine can benefit Bellcore's competitors, if indeed Bellcore has any competitors. If in fact you choose to challenge our First Amendment rights to disseminate important information about the telephone infrastructure, we will be compelled to respond by seeking all legal remedies against you, which may include sanctions provided for in Federal and state statutes and rules of civil procedure. We will also be compelled to publicize your use of lawsuits and the threat of legal action to harass and intimidate. Sincerely, Emmanuel Goldstein ------------------------------ Date: Sat, 25 Jul, 1991 14:03:54 PDT From: Jim Thomas Subject: File 4--Bellcore Explains its Position against 2600 Bellcore's letter to 2600 Magazine (posted above) threatens legal action because 2600 published alleged restricted (and therefore "proprietary") information contained in a leaked Bellcore document(s). According to Bellcore's General Attorney for Intellectual Property Matters, Leonard C. Suchyta, the article reproduced protected information of value and of a sensitive technological nature. The intent of the letter, according to Suchyta, was to put 2600 "on notice" of Bellcore's position in protecting intellectual property and the willingness to pursue future monetary and injunctive relief if necessary. According to Suchyta, the article "U.S. Phone Companies Face Built-In Privacy Hole" from the Winter, 1991-92 issue of 2600, included paraphrased and direct quotes from proprietary Bell documents. At issue, he said, were copyright and intellectual property rights rather than potential security breaches. Citing two U.S. Supreme Court Cases, Florida Star v. B.J.F. (1989) and Cohen v. Cowles Media (1991), Suchyta argued that 2600 had gone beyond acceptable journalistic practices in quoting Bell internal memos and documents in its story. The issue, he said, wasn't whether one line or an entire document were reproduced, because any reproduction was copyright infringement. The Constitutional theory of "fair use," which follows a sliding scale of copyright material allowed to be reproduced in other media without permission, was inapplicable in this case, according to Suchyta, because all material in the documents was restricted. He indicated that the restrictive and proprietary nature of the original documents was clearly marked, but he did not know the form in which 2600 received them or whether what 2600 received indicated the proprietary markings. When asked to compare 2600's action with commonly accepted investigatory journalism in which government or private restricted documents are the basis of a story, Suchyta explained that, in his view, the 2600 action was not comparable to release of, for example, the Pentagon Papers. With government documents, he said, the public arguably may have an overriding interest that permits disclosure. In the 2600 case, the information was private proprietary information. When asked about the practice of media stories based on leaked documents from whistle-blowers or other sources, he indicated that without the specifics of a given case he couldn't draw a judgment. Spokespersons at Bellcore said that although the letter was a warning, they were not in a position to say at this time whether litigation against 2600 was precluded. ------------------------------ Date: Sat, 25 Jul, 1991 14:15:31 PDT From: Jim Thomas Subject: File 5--CuD Comment on Bellcore Letter to 2600 Bellcore, the company-owned research arm of the various Bell systems, is well-staffed, possesses considerable resources, and extends throughout the country. 2600 magazine is a small publication run on a shoestring with few resources. The Bell system, as the pursuit of Craig Neidorf demonstrated, seems quite willing to attack the "little guy," even if the little guy has not demonstrably violated a law. Big guys who pick on little guys are generally called "bullies." Bellcore does not allege that 2600 received the information it published illegally or that any other criminal offense is involved. Bellcore's letter to 2600 cites the publication of the material, not the manner in which it was obtained, as objectionable. Although called a "hacker journal," 2600 has been active as a gadfly in exposing security flaws in computer and related technology. Just as other media have claimed "the public's right to know" in using confidential documents as the basis of revelations, 2600 also revealed, arguably for the public good, a point of vulnerability in the Bell system. This seems to be what galls Bellcore, and it is threatening the full force of its resources against a small publication that perhaps it presumes is unwilling to resist bullying tactics. As Emmanuel Goldstein, the editor of 2600, indicates in his response to Bellcore, they are mistaken. One can appreciate the legitimate concerns of both parties. It becomes more difficult to appreciate the style of Bellcore in addressing this issue. When Playboy felt that Event Horizons had exceeded appropriate limits in using Playboy material, it attempted to resolve the matter amicably. Bellcore, by contrast, chose to begin with threats backed up by the full force of its legal department. Because of its massive resources, Bellcore may feel no need to attempt conciliatory dialogue to attempt to resolve a problem. If you have a hammer, so their logic seems to run, why waste it? Does Bellcore have a strong case? If the facts alleged in their letter are correct, not a strong one according to some specialists in copyright law. Does Bellcore have a knack for public relations? It seems not. Just one more case of Goliath tromping on those ill-equipped to defend themselves. And, the chilling effect of their letter threatens to trample on a free press as well. ------------------------------ Date: Fri, 24 Jul 1992 11:19:47 PDT From: Bob Bickford Subject: File 6--Are You a Hacker? ARE YOU A HACKER? by Robert Bickford Are you a Hacker? How would you know? If all you know about the word is what you've seen on the evening news, or read in a magazine, you're probably feeling indignant at the very question! But do those magazine-selling headlines really describe what a Hacker is? Some time ago (MicroTimes, December 1986) I defined a Hacker as "Any person who derives joy from discovering ways to circumvent limitations." The definition has been widely quoted since that time, but unfortunately has yet to make the evening news in the way that a teenager who robs a bank with his telephone does. Does that teenaged criminal fit my definition? Possibly. Does that fact make all, or even most, Hackers criminals? (Does that fact make all or most Hackers teenagers?) Of course not! So why is there such widespread misinformation about Hackers? Very simply, it's because the criminal hackers, or 'Crackers', have been making news, while the rest of us are virtually invisible. For every irresponsible fool writing a virus program, there are at least twenty software engineers earning a living "...discovering ways to circumvent limitations." When the much-publicized InterNet worm was released by an irresponsible hacker, hundreds of other Hackers applied their considerable talents to the control and eradication of the problem: the brilliance and creativity brought to this task are typical of the kind of people --- Hackers ---that my definition is meant to describe. Working on the yearly Hackers Conferences has been a mixed experience: on the one hand, helping to bring together 200 of the most brilliant people alive today, and then interacting with them for an entire weekend, is immensely rewarding. On the other hand, trying to explain to others that the Hackers Conference is not a Gathering of Nefarious Criminals out to Wreak Havoc upon Western Civilization does get a bit wearing at times. Also, trying to convince a caller that repeatedly crashing his school district's computer from a pay phone will not, emphatically not, qualify him for an invitation to the conference can be a bit annoying. None of this would be a problem if we hadn't let a small minority --- the Crackers --- steal the show, and become associated with the word 'Hacker' in the minds of the general public. The attendees at the Hackers Conferences --- many of whom hold PhDs, and/or are Presidents or other upper management of Fortune 500 companies --- are (quite understandably) very indignant at being confused with these Crackers. Taking myself as an example --- no, I don't have a PhD, my only degree is from the School of Hard Knocks, and no, I'm not working in management ---when this article was first published [1989] I was writing software for a company that builds medical image processing equipment. My code controls a product that can, and often does, either improve the quality of medical care, reduce the cost, or both. When I develop a piece of software that goes around some limit I feel very happy, and can often find myself with a silly grin plastered across my face. When some ignorant reporter writes a story that equates the work I do with expensive but childish pranks committed by someone calling himself a "Hacker", I see red. Are you a Hacker? If you want to break rules just for the sake of breaking rules, or if you just want to hurt or "take revenge" upon somebody or some company, then forget it. But if you delight in your work, almost to the point of being a workaholic, you just might be. If finding the solution to a problem can be not just satisfying but almost an ecstatic experience, you probably are. If you sometimes take on problems just for the sake of finding the solution (and that ecstatic experience that comes with it), then you almost certainly are. Congratulations! You're in good company, with virtually every inventor whose name appears in your high school history book, and with the many thousands of brilliant people who have created the "computer revolution." What can we do about all that bad press? Meet it head on! Tell the people you work with that you're a Hacker, and what that means. If you know somebody whose work habits, style, or personality make them pretty clearly a Hacker, tell them so and tell them what you mean by that. Show them this article! Meanwhile, have fun finding those solutions, circumventing those limitations, and making this a better world thereby. You are an Artist of Technology, a Rider of the Third Wave, and at least you can enjoy the ride! Bob Bickford is a software consultant who lives in Marin County, often Hacking late into the night, and (usually) enjoying it immensely. His wife, Greta, only tolerates this because she's an animation hacker and sometimes does the same thing. Bob can be reached through InterNet at rab@well.sf.ca.us (An edited version of this article appeared in Microtimes in early 1989. Copyright (c) Robert Bickford, 1989, 1992) +++ Robert Bickford "A Hacker is any person who derives joy from rab@well.sf.ca.us discovering ways to circumvent limitations." rab'86 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I recognize that a class of criminals and juvenile delinquents has taken to calling themselves 'hackers', but I consider them irrelevant to the true meaning of the word; just as the Mafia calls themselves 'businessmen' but nobody pays that fact any attention." rab'90 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------ Date: 18 Jul 92 07:12:11 CDT (Sat) From: peter@TARONGA.COM(Peter da Silva) Subject: File 7--Re: Cu Digest, #4.31 (MOD Indictment) I'd like to make some comments on John McMullen's response to the MOD indictment. While I agree with some of the things he has to say, I have two serious problems with his commentary: first of all, the abuse of the term "hacker" by phreaks and the government *is* a problem, and attempting to trivialise people's concerns about it is counterproductive. Second, his characterization of Phiber Optik seems to directly contradict the facts as presented in the indictment: > (a) On or about November 28, 1989, members of MOD >caused virtually all of the information contained within the >Learning Link computer operated by the Educational Broadcasting >Corporation to be destroyed, and caused a message to be left on >the computer that said, in part: "Happy Thanksgiving you turkeys, >from all of us at MOD" and which was signed with the names "Acid >Phreak," "Phiber Optik" and "Scorpion" among others. This is not a prank, and shouldn't be shrugged off as one. Particularly disturbing is the type of system attacked: the Learning Link is not a typical phreak victim with a Big Bad Big Business image. ------------------------------ Date: Wed, 15 Jul 1992 12:34:08 -0500 From: anonymous Subject: File 8--The Ethics of Data Communications The Ethics of Data Communications By Norris Parker Smith A report issued jointly by the U.S. Education and Justice departments urges that instruction in computer ethics be made a part of school curricula. The aim is to convince young people that unauthorized copying of, say, a new game program is plain theft, like stealing a bicycle; turning loose a destructive worm on the Internet is criminal, a form of high-tech arson, like setting a fire at one end of a row of condos. This is a laudable goal, although in the real world it must be recognized that more and more responsibilities are being heaped upon the schools while less and less money is available to pay for basic quality teaching. A broader point is more important: Where does ethics in computation begin and end? For example, data communication today is being transformed by a worldwide trend. High-bandwidth digital networks based on optical fiber are supplanting low-capacity analog channels over metal wires. The benefits to computing and to the overall economy are obvious. On the face of it, attempts to impede this broad, positive trend would be comparable to tampering with the adoption of a beneficial new drug. At the same time -- in response to the same phenomena that upset the officials at Justice and Education -- users of data communication facilities are adopting new methods to provide simple, reliable security for their files and messages. This also would seem a good thing, well within the rights of people wishing to protect their property and their ideas. Open Lines of Communication On the international scene, the United States and other Western democracies have recognized that they have a real and immediate interest in encouraging democracy in the former Soviet states to emerge from its present fumbling, anxious childhood and mature into solid stability. The Russians and their former fellow victims of Communist paranoia and incompetence say that in order to attempt this difficult evolution, they urgently need to upgrade communications. This would be an improvement to their national infrastructures, one of the few areas in which outside help can readily make a difference. International consortia, including U.S. participants, stand ready to string up the fiber and install the switches. It would seem reasonable -- even ethical -- for the West to support improvements in Russia's internal communications, or, at the least, not stand in the way. What is the record on these two simple propositions? In Congress, the FBI presented testimony calling for modifications in new communications technology to make eavesdropping easier. This is based upon the supposition that massive streams of digitalized photons are more difficult to bug than slender flows of obedient analog electrons. The direct costs of this proposed degrading of the communications system is estimated in the high hundreds of millions of dollars. The indirect costs of less-than-optimum systems could be much higher. The National Security Agency also raised questions about improved measures for data security. Security is fine, it said, but it should not be too fine, because the wicked as well as the benign might make use of it. And when the wicked get into the act, the NSA will have to invest in more computer time to discern what's happening. If the Russians go modern, reasoned the NSA, it would be more difficult for NSA satellites and other means to listen in. And who knows what evil might lurk, even now, in the minds of the Russians? Thus, exports of advanced communications technology to the former Soviet Union were blocked within the federal establishment, largely by the NSA. Approval took place only when the Germans and other Europeans applied determined pressure. The government has legitimate concerns about national security in an era that looks increasingly unsanitary. Yet it is difficult to project that any of the nasty little wars that have flamed among the embers of communism would become genuine threats to basic U.S. interests. Other means toward nuclear safety in Eurasia offer better prospects than a Luddite policy on internal communication. Crime-fighting (which sounds much more acceptable than snooping) also has its place. It seems only fair, however, for the FBI, like everyone else, to adapt to new technology as it comes along -- rather than abusing its authority and prestige by lobbying for a favorable fix at the public expense. One of the most fundamental maxims of ethics reads this way: "At a minimum, avoid doing unnecessary harm and get out of the way of events that clearly bring good." The feds should grade their own schoolwork by this ethical criterion before they draw up computational dos and don'ts for schoolchildren. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ SUPERNET INTERNATIONAL wants to know what you think about issues raised in The Daily Word. For information on how to add your voice to the discussion, see Your Feedback on the News under this topic. Copyright 1992 by SUPERNET INTERNATIONAL. All rights reserved. ------------------------------ The following news summary, taking from the New York Times News Service, appeared in the Chicago Tribune business section on July 24 (p. 1). There was no author attributed, and the headline was "Computer hackers put new twist on 'West Side Story'." The article begins: >Late into the night, in working-class neighborhoods around New >York City, young men with code names like "acid Phreak" and >"Outlaw" sat hunched before their glowing computer screens, >exchanging electronic keys to complex data-processing systems. > >They called themselves the Masters of Deception. Their mission: to >prove their prowess in the shadowy computer underworld. > >Compulsive and competitive, they played out a cybernetic version >of "West Side Story," trading boasts, tapping into telephone >systems, even pulling up confidential credit reports to prove >their derring-do and taunt other hackers. > >Their frequent target was the Legion of Doom, a hacker group named >after a gang of comic-book villains. The rivalry seemed to take on >class and ethnic overtones, with the diverse New York group >defying the traditional image of the young suburban computer >whiz. +++Commentary: The New York Times has finally resorted to the sensationalism of other media that plays on public fears and stereotyped images of the terrifying hacker menace. The Times even goes a step further by laying out a Bloods-'n-Crips scenario, complete with gang revenge and drive-by hackings. The Times, whose writers should know better, also plays up the danger of obtaining credit ratings. TRW credit reports are among the easiest of so-called confidential data to get. The implication is that it's hackers, not the abusive practices of used car salespeople or other marketers, that are a danger to snatching this information. The story continues with a summary of the MOD bust as reported in the Times, CuD, and elsewhere. It adds some biographical information about the MOD people indicted: John Lee is 21, goes by the name Corrupt, and "has dreadlocks chopped back into stubby 'twists' and live with his mother in a dilapidated walkup in Bedford-Stuyvesant, Brooklyn." The story informs us that he "bounced around programs for gifted students before dropping out of school in the 11th grade." Lee works part-time as a standup comic and is studying film production at Brooklyn University. Paul Stira is 22 and lives in Queens and was valedictorian at Thomas A. Edison High School. It adds that his handle was Scorpion. He is three credits shy of a degree in computer science at Polytechnic University. Julio Ferndez is 18 and was known as Outlaw and studied computers in grade school. The story includes a picture of Phiber Optik and Scorpion. The story continues with a brief history of MOD and the disputes with Legion of Doom: >The Masters of Deception were born in a conflict with the Legion >of Doom, which had been formed by 1984 and ultimately included >among its ranks three Texans, one of whom, Kenyon Shulman, is the >son of a Houston socialite, Carolyn Farb. > >Abene had been voted into the Legion at one point. But when he >began to annoy others in the group with his New York braggadocio >and refusal to share information, he was banished, Legion members >said. > >Meanwhile, a hacker using a computer party line based in Texas >had insulted Lee, who is black, with a racial epithet. > >By 1989, both New Yorkers ((Abene and Lee)) had turned to a new >group, MOD, founded by Ladopoulos. They vowed to replace their >Legion rivals as the "new elite." > >According to a history the new group kept on the computer >network, they enjoyed "mischievous pranks," often aimed at their >Texas rivals, and the two groups began sparring. But in June 1990 >the three Texas-based Legion members, including Shulman, Chris >Goggans and Scott Chasin, formed Comsec Cata Security, a business >intended to help companies prevent break-ins by other hackers. > >Worried that the Texans were acting as police informers, the MOD >members accused their rivals of defaming them on the network >bulletin boards. MOD's activities, according to the indictment >and other hackers, began to change and proliferate. > >Unlike most of the "old generation" of hackers who liked to >joyride through the systems, the New Yorkers began using the file >information to harass and intimidate others, according >to prosecutors. The article concludes by suggesting that MOD was jealous of Comsec's media attention and mention Abene's and Ladopoulos's claims in the media that they had a right to penetrate computer systems. It adds, drawing from John Perry Barlow's paper, his experience with Abene in 1989. Abene allegedly downloaded Barlow's credit rating and posted it. This was detailed in the 1990 Harper's magazine article on computer privacy and abuse. The article was based on posts from a conference discussion topic on a California computer system. The article concludes by alleging that despite the indictment, MOD may still be bugging people: >But the battles are apparently not over. A couple of days after >the charges were handed up, one Legion member said, he received a >message on his computer from Abene. It was sarcastic as usual, he >said, and it closed, "Kissy, kissy." The Times story does challenge the myth of a stereotypical white male locked away alone in a suburban bedroom all night. But linking it to rival gang activity and West Side Story images seems bizarre. The public, the fuzz, and the media pick up on these scripts. If it's in the New Times, it must be true, right? In this case, the Times has taken a few steps backwards in its normally competent (especially when John Markoff writes) stories. To the Times: "Kissy, kissy!" ------------------------------ Date: Mon, 20 Jul 1992 13:15:21 -0400 From: Christopher Davis Subject: File 9--Documents Available: Open Platform Overview, Life in Virtual +======+==================================================+===============+ | FYI | Newsnote from the Electronic Frontier Foundation | July 20, 1992 | +======+==================================================+===============+ ELECTRONIC FRONTIER FOUNDATION'S OPEN PLATFORM PROPOSAL AVAILABLE VIA FTP The full text of the EFF's Open Platform Proposal is available in its current draft via anonymous ftp from ftp.eff.org as pub/EFF/papers/open-platform-proposal. To retrieve this document via email (if you can't use ftp), send mail to archive-server@eff.org, containing (in the body of the message) the command 'send eff papers/open-platform-proposal'. This is the proposal in its 4th draft and is up-to-date as of July 2. HOWARD RHINEGOLD'S "VIRTUAL COMMUNITIES, 1992" AVAILABLE VIA FTP This is the full text of Howard Rhinegold's illuminating essay "A Slice of Life In My Virtual Community" that was serialized in EFFector Online. You can retrieve this document via anonymous ftp from ftp.eff.org as pub/EFF/papers/cyber/life-in-virtual-community. To retrieve it via email (if you can't use ftp), send mail to archive-server@eff.org, containing (in the body of the message) the command 'send eff papers/cyber/life-in-virtual-community'. +=====+=====================================================+=============+ | EFF | 155 Second Street, Cambridge MA 02141 (617)864-0665 | eff@eff.org | +=====+=====================================================+=============+ ------------------------------ Date: Fri, 24 Jul 1992 17:25:57 EDT From: Dave Banisar Subject: File 10--CPSR Recommends NREN Privacy CPSR Recommends NREN Privacy Principles (PRESS RELEASE) WASHINGTON, DC -- Computer Professionals for Social Responsibility (CPSR), a national public interest organization, has recommended privacy guidelines for the nation's computer network. At a hearing this week before the National Commission on Library and Information Science, CPSR recommended a privacy policy for the National Research and Education Network or "NREN." Marc Rotenberg, Washington Director of CPSR, said "We hope this proposal will get the ball rolling. The failure to develop a good policy for the computer network could be very costly in the long term." The National Commission is currently reviewing comments for a report to the Office of Science and Technology Policy on the future of the NREN. Mr. Rotenberg said there are several reasons that the Commission should address the privacy issue. "First, the move toward commercialization of the network is certain to exacerbate privacy concerns. Second, current law does not do a very good job of protecting computer messages. Third, technology won't solve all the problems." The CPSR principles are (1) protect confidentiality, (2) identify privacy implications in new services, (3) limit collection of personal data, (4) restrict transfer of personal information,(5) do not charge for routine privacy protection, (6) incorporate technical safeguards, (7) develop appropriate security policies, and (8) create an enforcement mechanism. Professor David Flaherty, an expert in telecommunications privacy law, said "The CPSR principles fit squarely in the middle of similar efforts in other countries to promote network services. This looks like a good approach." Evan Hendricks, the chair of the United States Privacy Council and editor of Privacy Times, said that the United States is "behind the curve" on privacy and needs to catch up with other countries who are already developing privacy guidelines. "The Europeans are racing forward, and we've been left with dust on our face." The CPSR privacy guidelines are similar to a set of principles developed almost 20 years ago called The Code of Fair Information practices. The Code was developed by a government task force that included policy makers, privacy experts, and computer scientists. The Code later became the basis of the United States Privacy Act. Dr. Ronni Rosenberg, who has studied the role of computer scientists in public policy, said that "Computer professionals have an important role to play in privacy policy. The CPSR privacy guidelines are another example of how scientists can contribute to public policy." CPSR is a membership organization of 2500 professionals in the technology field. For more information about the Privacy Policies and how to join CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302. 415/322-3778 (tel) and 415/322-3798 (fax). Email at cpsr@csli.stanford.edu. ------------------------------ Date: Thu, 23 Jul 92 04:55:25 MDT From: mbarry@NYX.CS.DU.EDU(Marshall Barry) Subject: File 11--Int'l BBSing & Elec. Comm Conference July PR FOR IMMEDIATE RELEASE Contact: Terry Travis or Michelle Weisblat Telephone: (303) 426-1847 -- Fax: (303) 429-0449 Do you want to know how to get thousands of computer programs free - LEGALLY? Does being able to send messages around the world, and receive replies, for the price of a local phone call interest you? Are you confused by the terms "Hacker", "Phreak", "BBS", or "Baud"? Do you want to know how to help keep the homebound or handicapped from feeling cut off from society? The answers to these questions, and much more, can be had by attending the Second Annual International BBSing and Electronic Communications Conference, IBECC'92, August 13-16 at the Sheraton Denver West in Lakewood, CO. IBECC'92 is an intensive three-day conference and workshop covering topics ranging from "Staying Alive" (Handicapped Computing and Accessing the World) to "Safe Computing" (Controlling the Spread of Computer 'Infection'), and from "Why Kelly CAN Read" (Education and the Computer) to "What IS a MODEM anyway?" (An Introduction to the World of TeleCommunication). At IBECC'92 you will be able to: * Join Author and Lecturer Dr. Jerry E. Pournelle, Ph.D. for his unique and critical views on life in the electronic future. * Sit and discuss the electronic classroom and NREN - the National Public SuperComputer Highway - with Telecommunications and Education Pioneer David Hughes, Sr. * Interact with Thom Foulks and his Award-Winning Radio Program, "Computing Success", Live. * Be a part of Denver's Only Live Computer Call-In Show, "Komputer Knus" with Marshall Barry and Michelle Weisblat. * Learn the tricks of the trade with Internationally Famous Software Designer Andrew Milner, * and much, much more. You will have the chance to visit with vendors like U.S. Robotics (modems), OnLine Communications (Remote Access and FrontDoor), MICRO (The Users' Group for Users' and Groups), CDB Systems (Computers and BBSes), Clark Development (PCBoard), Star Enterprises (Systems Sales and Service), Artisoft (LANs), Second Sight (Blind and Handicapped Systems and Software), the Electronic Frontier Foundation (Electronic Rights) and, of course, hundreds of SySops, Users, Educators and Enthusiasts. IBECC'92 will truly be the Educational and Social Event of the Year! It is designed for the beginner, the curious, the handicapped, and educators interested in learning about tomorrow's technologies, today. There will even be special sessions and seminars for those who are already deeply involved in the "mysteries" of computer communications. For full details, schedules, conference rates and information, please contact the sponsor, IBECC (a non-profit educational, scientific, and literary society) at (303) 426-1847 (voice), or (303) 429-0449 (fax). ------------------------------ End of Computer Underground Digest #4.33 ************************************