**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.13 (April 20, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto POETICA OBSCIVORUM REI: Brendan Kehoe +++++ +++++ +++++ +++++ +++++ CONTENTS THIS ISSUE: File 1: From the Mailbag File 2: Response to RISKS DIGEST (#11.43-- Len Rose Case) File 3: Response to recent comments concerning Len Rose File 4: CU News +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132); (2) cudarch@chsun1.uchicago.edu; (3) dagon.acc.stolaf.edu (130.71.192.18). E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: From the Mailbag Date: 20 April, 1991 ******************************************************************** *** CuD #3.13: File 1 of 4: From the Mailbag *** ******************************************************************** From: dogface!bei@CS.UTEXAS.EDU(Bob Izenberg) Subject: Inslaw & Uncle Sam Date: Mon, 15 Apr 91 19:06:44 CDT A friend who just got CUD 3.12 passed along this comment, posed in typically to-the-point fashion ;-) and I said I'd buck it to you. His email address is: cs.utexas.edu!dogface!Tristan!dice [ start of Steve Meade's email message ] Subject: Re: Inslaw vs US Attorney's Office Inslaw wrote a case tracking program and sold it to the US attorneys office. To the tune of $10 million (not exactly Yankee Doodle). They reneged on the deal but every Federal District still uses it. It gets better. Last Administration, US Attorney General gives it to a hacker and sets him up on an Indian Reservation to "improve on the product". Due to territorial law on the reservation he can do things he cant do in say, Chicago. [ heh heh heh --Bob ] This improvement finds its way into the hands of the Israeli Secret Service because in the mean time Inslaw has sold the product internationally and now the Jews are using the modified form to "look into" some of the foreign nationals files. You know how justifiably paranoid they are. Inslaw sues for the ten mil and the hacker spills for the plaintiff a week after he swears a deposition that the US Attorneys office has threatened him and his dad if he talks. He talks and talks anyway and... (Baddabing Badda boom!) HE gets busted for drug possession. (by a dozen agents one of whom reads him an abbreviated Miranda (the part about keeping his BIG Mouth SHUTTTT!!!!)) The only place I've been able to get any info is Computerworld. Maybe the last 3 or 4 issues (comes out weekly) I think that guy who plays booger in revenge of the nerds ought to get the part of the hacker, Meryl Streep could probably land the part of the Israeli SS and Klaus Von Bulow could do the US D.A. in charge of the obfuscation. Maybe we could get Saddam Husein to play Ed Meese. Check it out. and then better start learning all the verses to Amazing Grace. Stephen, WeeBee, RammaBabba, and Ms. Dos (Jeez! I thought I had Kuntzler's phone number here on the coffee table a minute ago...) "tadadadada Amerika! tadadadada Amerika" -from the remake of West Side Story [ end of the Meade-ogram ] For the uninitiated - and I may be among them, this is cryptic stuff - the four names at the end bear a 25% relationship to reality. He is, in fact, Stephen, but he's added one nickname a week for everyone in his house. WeeBee, my favorite name, is one of his sons. Short for WeeBee Jammin' was my guess, but the sonofabitch will neither confirm nor deny. Side, ass-covering note: He's an old friend, and former co-worker from the AT&T days. He has requested my assistance in resolving network problems on AT&T machines in Salt Lake City. I have not dialed into those machines, but I have set up uucp connections between his 3B2/400 at home and my DOS box, at his request. These machines that he has are exact duplicates of functioning AT&T Communications Outbound Call Management sites in Utah, and so were good guinea pigs for troubleshooting. Steve tried the official company paths for obtaining technical assistance, and was referred to idiot after idiot until he talked to me about it. We found the (hardware) problem in two days of not looking very hard... Salt Lake is happy, Steve's happy, and any Federal agents had damned well better be happy, because I was helping their people out at their behest. Nobody gave me any dinero to do this, he's a pal and I helped him out. Likewise, no non-disclosure agreements were even mentioned. I know that it'll be tough for a Fed or prosecutor to get their mind around, but I'm doing this for no money, just good will. This is the third time after I left AT&T that their employees or contractors have asked me to assist in resolving technical problems. Each one of them knew what happened here on February 20th, in agonizing detail. Bill Kennedy and I have talked about this, and he thinks that I'm being incautious by not telling Steve or whoever to get formal paperwork put through to cover my presence. Bill, however, has always been outside AT&T, and hasn't seen the way the company will leap up its own behind to avoid making progress. When a project I worked on closed down, the developers were dispersed to the four winds.. John Macchione, one of the first guys to start work on the project, had left for other contract work. In order to get our technical questions answered, Tom Wynne, the project manager from AT&T Federal Systems, snuck John in after 5 P.M. once or twice a week for technical Q&A sessions. He was paid out of discretionary funds on Tom Wynne's budget. Macchione already had a job, and they would have been somewhat unhappy to hear that he was going back to an old client to do work without paying his contracting company their cut. Wynne would have had to get a contract position approved, which wasn't what Macchione wanted, and would have taken at least a month. So they did it under the table, and got us the support we needed. Steve is doing the same thing here. So if some SS or related Nazi says that, now or back in 1989, I illegally accessed AT&T computers, you should damned well scream at the top of your electronic lungs that AT&T makes it so difficult for their own people to get technical help that they'll be forced to go outside the system for answers. And that, then as now, I won't turn down someone with a problem because they haven't given every mid-level paper pusher their crack at nixing the help that they need now, not two months from now. Doesn't make a damn bit of difference whether you're my best friend or, like this Navy contractor who's trying to set up his PC at home to run the same uucp clone that I do, someone that I just met. I'm not so stuck up on myself that I can't lend people a hand. If that means that some Brown Shirt sucking off the public tit doesn't understand why I might donate some of my time to solving problems, well, that's life. And if they ask, well, why not volunteer at a recycling center or some-such, well, I answer only that I'd rather recycle my knowledge than soda bottles and tin cans. Jeez, you can get really dizzy standing on these soapboxes, ya know? ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: hkhenson@CUP.PORTAL.COM Subject: reply to ATT letter responses Date: Tue, 16 Apr 91 19:52:24 PDT In CuD 3.12 peter@TARONGA.HACKERCORP.COM(Peter da Silva) notes: >Finally, I would like to note that unlike many of the posters >here I'm not going to try to excuse Rose's adding trapdoors to >login.c as either educational or providing support to AT&T >customers. His posession of this code was definitely illegal. >His use of it was, while perhaps protected under the first >amendment, hardly wise. I think all involved, especially Len Rose would agree with the last statement! I also agree with with Peter the posession of the source code was also illegal, but there is illegal and illegal. Copyright violation (which is a _civil_ matter) would have been the proper approach for ATT to take in the Len Rose case. However, ATT folks convinced agents of the US Government to make what should have been a civil case into a federal wire fraud case, with as much jail time as second degree murder. Now, if Len had profited in any significant way from his use of widely available source code, I could perhaps support making it into wire fraud. But next time you copy more than a page or two from a book in the library, look over your shoulder. If the publisher of the book can get the government to go after you . . . . In the same issue jrbd@CRAYCOS.COM(James Davies) complains >The press release published earlier in the same CuD issue makes >it clear that Rose's intent was to steal passwords and invade >systems. While the possession of AT&T source code was the charge >of which Rose was convicted, his actual crime (in a moral sense) >was the equivalent of manufacturing burglar's tools, or perhaps >of breaking and entering (although there isn't any evidence that >he actually did any of this, his intent was clearly to help >others do so). Nothing makes this more obvious than Rose's own >words, as quoted from the comments in his modified login.c by >the Secret Service press release: [quotes press release comments] And goes on: >I'm sorry, but these aren't the words of an innocent man. >Personally, I think that Rose is guilty of the exact same sort >of behaviour that gives hackers a bad name in the press, and I >think that you're crazy to be supporting him in this. Save your >indignation for true misjustices, ok? I'm sorry, but you are wrong. In *this* country, a person cannot be convicted on the basis of what they write, only on their actions. Otherwise, there could be no mystery stories. Len was never accused of breaking into any system. Why should he? He was *given* accounts on systems far and wide across the net, and *given* source code by ATT employees. The only reason Len came to the attention of ATT was through the SS/Bell South searching an electronic publisher's email (think about that.) For all the BS in the login.c comments, I consider Len to have been a positive element in the computer underground, influencing young explorers to respect and not damage data. (See the moderators papers on socializing forces in the Computer Underground.) Keith Henson PS You might want to consider the consequences of big companies geting in the habit of saving money on civil suits by using the Federal Government to harass and jail people they are unhappy with. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: scubed!pro-harvest.cts.com!wlup69%das@HARVUNXW.BITNET(Rob Heins) Subject: Response to article in CuD 3.12 Date: Tue, 16 Apr 91 19:05:45 CDT In CuD 3.12, Bernie Cosell (cosell@BBN.COM) writes: |Consider: it is the middle of summer and you happen to be climbing in |the mountains and see a pack of teenagers roaming around an |abandoned-until-snow ski resort. There is no question of physical |harm to a person, since there will be no people around for months. |They are methodically searching EVERY truck, building, outbuilding, |shed, etc,. Trying EVERY window, trying to pick EVERY lock. When they |find something they can open, they wander into it, and emerge a while |later. From your vantage point, you can see no actual evidence of any |theft or vandalism, but then you can't actually see what they're doing |while they're inside whatever-it-is. | |Should you call the cops? What should the charge be? Of course you should call the cops. Unless they are authorized to be on the property, (by the owner) they are trespassing, and in the case of picking locks, breaking and entering. However, you're trying to equate breaking into a ski resort with breaking into a computer system. The difference being:99 times out of 100, the people breaking into a computer system only want to learn, have forgotten a password, etc...99 times out of 100, the people breaking into the ski resort are out for free shit. That's why it's such a good idea to have a chat with an unknown account on your system, to determine if they're there to destroy the place, or if they only want to see how Unix ticks...A wise person once said, "If they can do it once, chances are, they can do it again. |Would the answer be different if it were YOUR stuff they were sifting |through? The answer, of course, is no. Reason being that I've got the brains not leave data lying around a system with a dial-up that I don't want anyone to see. (Check out my directory at Pro-Harvest...All I have are a couple of CuD backissues, my sig file, and an ad for a hard drive that I forgot to respond to...) |2) I'm just as happy having that kind of "finding out" done by the |police and the courts --- that's their job and I'd just as soon not |get involved in the messy business [even if I could spare the time]. |If you can't learn to act like a reasonable member of society for its |own sake, perhaps somewhat more painful measures will dissuade you |from "doing it again". Yeah...good philosophy. "Let's spend a couple hundred grand investigating something that the local sysop could take care of in two minutes of his 'Precious Time'". It seems to me that if you have the time to run a BBS, you have the time to perform ALL the duties a sysop with a couple of working brain cells should have...(Including the two minutes to write a 200 byte email note to somebody who's probably harmless. If they don't respond, then delete them. That's what, a three step procedure with about 5 minutes of cumulative "work" involved? (Even you can understand.) If you really want to keep someone out, set it up so that only root can create accounts.) If ol' Bernie wants to defend people's rights, maybe he should stick to his own, and leave mine and my non-crotchety-old-man friends' alone. ******************************************************************** >> END OF THIS FILE << ***************************************************************************