Computer underground Digest Wed Feb 10, 1993 Volume 5 : Issue 12 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Copy Editor: Etaion Shrdlu, Seniur CONTENTS, #5.12 (Feb 10, 1993) File 1--CPSR Sues Secret Service for 2600 Docs File 2--Clever Tactics Against Piracy File 3--SPA has Banner Year File 4--Mitch Kapor's Forbes Column on S.893 File 5--Re: Pirate Software File 6--In Re "Legal Strategy on 2600 Nov. '92" (CuD #5.07) File 7--Common Carrier Review Request File 8--Some Comments on "Approach Zero" (review) File 9--For your mailing lists/newsgroups Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; and using anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. European readers can access the ftp site at: nic.funet.fi pub/doc/cud. Back issues also may be obtained from the mail server at mailserv@batpad.lgb.ca.us. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Thu, 4 Feb 1993 11:52:25 -0500 From: Dave Banisar Subject: File 1--CPSR Sues Secret Service for 2600 Docs CPSR SEEKS RECORDS ON ILLEGAL SEARCH: QUESTIONS SECRET SERVICE RAID Computer Professionals for Social Responsibility (CPSR) filed suit in federal court today seeking information on the role of the Secret Service in the disruption of a meeting of computer users last November. The incident, which occurred at the Pentagon City Mall in Arlington, Virginia, has been described as an example of overzealous law enforcement activities directed against so-called computer "hackers." On November 6, 1992, a group of people affiliated with the computer magazine "2600" were confronted by mall security personnel, local police officers and several unidentified individuals. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded by mall security personnel and some of their property was confiscated. However, no charges were ever brought against any of the individuals at the meeting. The Secret Service has not formally acknowledged its role in the November incident. However, a mall security official and the Arlington County Police have said that Secret Service agents were present and directed the activities of the mall security personnel. "If this was a Secret Service operation, it raises serious constitutional questions. It is unlawful for the government to disrupt a meeting of people who are peaceably assembled and to seize their personal property. We have filed this FOIA suit to determine the precise role of the Secret Service in this affair," said CPSR Washington Director Marc Rotenberg. CPSR submitted a Freedom of Information Act (FOIA) request to the Secret Service several days after the incident. To date, the agency has failed to respond. Under the law FOIA requesters may file suit in federal court when an agency has not complied with the legally imposed time limits. CPSR, a national membership organization that protects civil liberties for computer users, previously filed a FOIA suit against the Secret Service after the agency was criticized for several poorly conducted investigations of computer users. Documents disclosed to CPSR from the Operation Sun Devil case revealed that the agency monitored publicly accessible electronic "bulletin boards." CPSR has recommended the development of guidelines for computer crime investigations an called for a reassessment of the Secret Service's role in the computer crime field. For more information about the suit, contact David Sobel (202) 544 9240 Email: dsobel@washofc.cpsr.org For CPSR membership information, contact CPSR % PO Box 717 % Palo Alto, CA 94302-0717 (415) 322-3778 Email: cpsr@csli.standford.edu. Copies of CPSR documents are available via FTP and Gopher from cpsr.org, folder /cpsr. ------------------------------ Date: Wed, 3 Feb 1993 14:50:24 GMT From: kadie@EFF.ORG(Carl M. Kadie) Subject: File 2--Clever Tactics Against Piracy A repost from: : comp-academic-freedom-talk-request@EFF.ORG Date--Fri, 29 Jan 93 14:16:11 +0100 From--Jay Rolls Subject--Clever Tactics Against Piracy I thought the info-mac readers would find this article interesting..... Jay Rolls, Stuttgart, Germany ((sent to RISKS by gio@DARPA.MIL (Gio Wiederhold) via many others)) COMPUTER CHEATS TAKE CADSOFT'S BAIT Employees of IBM, Philips, the German federal interior ministry and the federal office for the protection of the constitution are among those who unwittingly 'turned themselves in' when a German computer software company resorted to an undercover strategy to find out who was using illegal copies of one of its programs. Hundreds of customers accepted Cadsoft's offer of a free demonstration program that, unknown to them, searched their computer hard disks for illegal copies. Where the search was successful, a message appeared on the monitor screen inviting the customer to print out and return a voucher for a free handbook of the latest version of the program. However, instead of a handbook the users received a letter from the Bavarian-based software company's lawyers. Since the demonstration program was distributed last June about 400 people have returned the voucher, which contained coded information about the type of computer and the version of the illegally copied Cadsoft program being used. Cadsoft is now seeking damages of at least DM6,000 (ECU3,06E2) each from the illegal users. Cadsoft's tactics are justified by manager Rudolf Hofer as a necessary defence against pirate copying. The company had experienced a 30% drop since 1991 in sales of its successful Eagle design program, which retails at DM2,998. In contrast, demand for a DM25 demo version, which Cadsoft offered with the handbook of the full version, had jumped, indicating that people were acquiring the program from other sources. Although Cadsoft devised its plan with the help of lawyers, doubts have been raised about the legal acceptability of this type of computer detective work. In the case of government offices there is concern about data protection and official secrets. The search program may also have had side-effects that caused other files to be damaged or lost. Cadsoft is therefore preparing itself for what could be a long legal battle with some customers. So far it has reached out-of-court agreement with only about a quarter of those who incriminated themselves. ------------------------------ Date: 13 Jan 93 18:24:26 EST From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 3--SPA has Banner Year The Software Publishers Association announced last week that 1992 marked the most active year for its anti-piracy activities to date. Working on behalf of its members, the SPA investigates cases of software copyright infringement involving corporations, educational and non-profit institutions, commercial dealers, and bulletin boards. Most investigations begin with a call to the SPA anti-piracy hotline (1-800-388-7478). Information gathered from telephone conversations are then reviewed by the SPA's in-house litigation staff. Depending on the strength of the information and the severity of the case, legal action can be taken using cease and desist letters, corporate audits, or Ex-Parte seizure orders. In 1992, up to 30 phone calls per day poured into the hotline. Based on these leads, the SPA took action against 747 organizations. This included 218 audits and lawsuits (resulting in the payment of $3.9 million in fines and penalties) and 529 cease and desist letters. Of the audits and lawsuits filed, 95 percent were corporate cases, while the remaining 5 percent of defendants comprised bulletin board services (BBS), training facilities, and schools. Also in 1992, the SPA received its largest settlement to date in an audit action. The company, whose identity must remain anonymous, paid nearly $500,000 in settlement of a case involving 66 SPA members. During 1992, the SPA supported legislation that elevates the willful copying of computer software from a misdemeanor to a felony. The new law, passed by Congress last October, targets professional software pirates who make many copies of software and resell them at low prices; illegal bulletin board operators who distribute pirated software; and PC dealers who offer "free" but illegal software to hardware purchasers. Nearly 25,000 copies of a 12-minute informational videotape entitled "It's Just Not Worth the Risk," and 20,000 copies of an 8-minute educational video, "Don't Copy That Floppy," targeting computer-using schoolchildren, were also distributed in 1992. Lastly, the association maintains an active anti-piracy speakers' bureau. Last year, SPA representatives delivered 112 anti-piracy presentations across North America. (reprinted from Z*Net #486 1/9/93 with permission) ------------------------------ Date: 6 Feb 93 08:25:00 GMT From: Mitchell Kapor Subject: File 4--Mitch Kapor's Forbes Column on S.893 Software Felonies Copyright 1993 Mitchell Kapor If you copy this, please include the complete article including header information. (First Published in the February 15, 1993 issue of Forbes) (Mitch Ratcliffe, Editor-at-Large of Mac Week, provided research assistance for this article.) It doesn't take much to persuade Congress to jack up the penalties for white-collar crime, and last fall's amendments to the Copyright Act were no exception. With a little prodding from the Software Publishers Association, legislators made a felony of possession of ten unauthorized copies of a program, collectively valued at as little as $2,500. The new law is a powerful bargaining chip for an industry that has learned to enforce its property rights through intimidation. A little too powerful, I'll wager. Under the new law, just about any computer department manager could be charged as a felon. There's no doubt that software companies need help enforcing their property rights against brazen counterfeiting schemes, as a recent action brought by Microsoft shows. Its civil suit against Taiwanese defendants alleges that hundreds of thousands of counterfeit copies of the MS-DOS operating system were sold to unsuspecting customers. Armed with seizure orders, attorneys for Microsoft staged elaborate raids on secret warehouses in southern California, carting off truckloads of contraband. Use of the new criminal provisions of the copyright law makes sense in an extreme situation such as this. But should it be a felony to make ten unauthorized copies of a program? In public speeches on this topic, I routinely ask members of the audience how many of them will stand up to declare they have no unauthorized copies on their hard disks. Only a tiny minority will do so. This suggests to me that, under the new law, any manager with a handful or more of employees could be prosecuted and sent to jail. Software producers, of course, have to protect themselves against more than the counterfeiters. The software association estimates that its members lose between $1 billion and $2 billion a year in revenue from customers who buy fewer copies of business software than they should. At Lotus, we tried to solve this problem by adopting technical measures to restrict the copying of files. As I learned to my chagrin, this approach had the unacceptable consequence of also restricting legitimate uses by paying customers. Nowadays very few software producers use copy protection devices. They're too likely to be broken by serious hackers and too likely to alienate innocent users. As a simple technical matter, there is no barrier today to anyone walking off with a $500 product in a shirt pocket, or to a corporate software customer that wants to use more copies than it is willing to pay for. But the solution to this problem is not a rigid prohibition on copying. Even in the overwhelming majority of honest companies, including many with stringent internal policies, employees routinely make copies of their applications for use on portable and home computers, temporary copies for a co- workers, multiple back-up copies, and the like. Unauthorized copies proliferate. Careful lines must be drawn, dividing software duplication into three different grades of behavior: totally innocent copying, unfair use that might give rise to a lawsuit, and criminal piracy. The new anti-piracy law fails to make these distinctions. The software association claims it has no intention to use the criminal law to enforce essentially civil claims against customers who make and use multiple copies. ``I don't need to call the FBI to beat on corporations,'' says Ken REAL NAME Wasch, the association's executive director. ``There's absolutely no intention of criminalizing the inadvertent copier in a corporation. We have a very adequate civil remedy.'' By its own accounting, Wasch's group has done very well in civil court. Nonetheless, with these stiff new provisions in place, I can't imagine that sooner or later the felony criminal provisions won't be used, in practice or as threat, against less than obviously flagrant violators. Here's one scenario: The software association will knock politely and ask to review XYZ Corp.'s computers for illegal copies. If XYZ refuses to allow the audit, the enforcers can now do more than file a civil action. They can threaten to call in the Department of Justice for a criminal investigation. This law is simply prone to abuse. It won't stop piracy, nor will it contribute to a new ethic that respects the hard work and research dollars put into application software. Software vendors could take one step in the right direction by rewriting their license agreements to be more realistic. Most licenses don't permit a user to install the same copy of a product twice under any circumstances, except to make a backup. However, a few companies permit customers to make multiple installations of a single copy of software as long as only one copy is in use at any time. With more executives using a desktop computer in the office and a notebook computer on the road, broadening the terms of acceptable use just represents common sense. It would also go a long way to ease tensions with customers who find themselves uncomfortable at the prospect of being branded as felons. We live in a difficult era in which, as Stewart Brand puts it, information wants to be free, yet it also wants to be expensive. Until both vendors and users sincerely acknowledge this paradox, efforts to reduce piracy are likely ------------------------------ Date: Mon, 25 Jan 1993 15:46:08 EDT From: Paul Brown Subject: File 5--Re: Pirate Software At CyberArts International 91 (Pasadena November 1991) Chip Hawkins (who is CEO of Electronic Arts and previously at Apple) asked how many of his audience had totally legal software running on their systems. About 3 (out of 400) claimed they were. Hawkins commented that this was a typical response regardless of type of audience. Hawkins commented that new copyright laws are needed that would be similar to the "reasonable use" regulations that congress introduced when photocopying became widespread. He commented that congress would be unlikely to review copyright again so soon after these revisions. Most commentators seem to be suggesting that much looser controls are necessary for two reasons: a. they will encourage more creative, widespread use of software products and therefore lead to greater overall sales b. people using bootleg copies will eventually want to upgrade or get documentation and will get legitimate copies. Software piracy is a *serious* offence and can lead to serious consequences. One anti-piracy organization in the UK ran a series of ads last year in kids comic books encouraging high-schoolers to "turn in" their teachers if they allowed school systems to be used for copying. Major financial rewards were on offer. My kids - who live in the UK sent me copies of the ads which I found very distasteful and reminded me of the Nazi pressure on youth to turn in Jewish friends and teachers. I hope nobody interprets this as a defence of piracy - as an artist and software writer I believe in due reward. I am interested in the whole idea of copyright (which is based on the imperfection of the copying process) needs redefining not we all can easily make perfect copies (of software or databases). ------------------------------ Date: 05 Feb 93 16:25:34 EST From: Steve Brown <70511.3424@COMPUSERVE.COM> Subject: File 6--In Re "Legal Strategy on 2600 Nov. '92" (CuD #5.07) Response to CUD 5.07, File-3 "Legal Strategy on 2600 Nov. '92 Mall Harassment" by Robert A. Carolina. <<>> Who are you talking about? Just because someone wears a badge and a uniform does not mean he or she will act a certain way. Security agents are private agents who protect property and assets for the owner. Security guards do the same with a state certificate (as long as you are breathing and have never had a felony conviction). Law enforcement officers are 24 -hour-a-day public servants who are sworn to uphold the laws of the state within the parameters of the Constitution. Private security guards and law enforcement officers have completely different missions. The former has minimal (if any) formal training. Why do you think they would act the same? >>When you combine nervous uniforms (like under-trained mall rent-a-cops) together with volatile personalities (like hackers sporting anti-social nick-names) the result is usually a rapidly escalating level of disharmony. (At the far extreme, disharmony like this can produce four cops beating the hell out of Rodney King because he "just wouldn't lie still on the ground". The point is not to criticize Mr. King, but to make sure that you don't end up in the hospital. Money awarded by a court is a poor substitute for missing teeth.)<< The point is that you are confusing the issues by comparing apples to oranges. You over generalize and create the impossible. By using the term "uniforms" you lump law enforcement officers and security guards together. "Uniforms" implies that since they look alike and use some of the same tools (gun, baton), then they must act alike and do the same. This is not likely if they follow different rules, laws, standards, and training. >> Fourth, mall cops are not government agents, and as such, their conduct is (mostly) not governed by the Constitution.<< This IS true. Unless, the mall SECURITY GUARDS are directed to do something in behalf of a government law enforcement agency (in this case the Secret Service). Then, technically, the SECURITY GUARDS become government agents and are subject to the same formal procedures. This may have been the case, and you do point this out. >>Third, recognize that a mall IS private property and the mall operators can throw you out for little or no reason. Fourth, mall cops are not government agents, and as such, their conduct is (mostly) not governed by the Constitution. So what does this all mean? Basically, Ghandi was right. The ticket to dealing with obstreperous uniformed mall cops is polite, passive resistance. The key here is POLITE. At all times, assure the mall cop that you will obey all lawful instructions. Do not give the uniforms any reason whatsoever to escalate the scene.<< >>If you are confronted by a group of threatening looking mall cops and they hassle you, ask if you are being ejected from the mall. If yes, then wish the officers a nice day and head for the nearest exit. If no, then wish the officers a nice day and head for the nearest exit. (Do you see a pattern emerging? Remember, you do not generally have a "right" to stay in a mall. Thus, your best defense from ignorant mall cops is to get the hell off of their turf.)<< Once again you are right. "The mall operators can throw you out for little or no reason." So if that's the case, why would you even want to stay and ask a bunch of unintelligent questions. As for your strategy, I think Ghandi would tell you to forget about being polite. I think he'd tell you to "get the hell out of Dodge." Why you would encourage anyone to confront "obstreperous uniformed mall cops with polite, passive resistance" is beyond me. You'd be better off leaving on your own accord. This would at least insure your chances of a safe return at a later time if need be. If it is evident that you are not wanted while on private property (mall or elsewhere) just leave and take your $$ with you. Through subtle uses of the English language sectors of society (law enforcement and the media) have portrayed the would-be criminals behind a keyboard "as "hackers." There has been a great amount of ignorance and myth regarding the use of the computer as a criminal tool. The ignorance has led to the name calling of the people who use these powerful machines to conduct crimes. They are called "hackers" when they should simply be called criminals. I can surely understand how the derogatory use of the term "hacker" could anger the legitimate computer world. By choosing to use the term "hacker" rather than criminal, more attention is placed upon the computer, itself, rather than the person who has done the crime. The derogatory use of hacker is dehumanizing. By definition criminals have rights; Hackers and witches do not. Steve Jackson might be a witch (or would it be a warlock?) in a modern day Salem Witch Hunt. My biggest concern is your attempt to dehumanize the police in a similar way. Whether you know it or not (maybe you don't really care), you have employed the same dehumanizing method in your effort to portray law enforcement. The computer world should not alienate its "enemy" through the use of name calling. Your effort seems to have been to inform people of their legal recourses during an incident similar to the "2600 Harassment" incident. The strength of the legal advise given, however, was weakened by the strategy you chose to use. You have probably confused a good many people in your attempt to explain sound legal ideas. A GUARD is a guard. A LAW ENFORCEMENT OFFICER (police, cop) is a law enforcement officer. A uniform unfortunately is what many ignorant people see. It is a way to dehumanize a person who gives you a ticket when you speed, prevents you from driving home after a fun night of partying, rushes your child to the hospital while he or she bleeds to death in a patrol car, and risks his life to protect yours during a robbery. Occasionally, he or she has to arrest an individual whether it be for a crime committed with a computer or not. Often when a police officer is killed in the line of duty, the news passes like a cold wind. It's much easier to put a bullet through a uniform than someone with a wife or husband and children. Ignorance is a disease of the mind which must be fought, not only with facts, but with a sound strategy. ------------------------------ Date: Mon, 8 Feb 93 07:17:51 EST From: Rich=Gautier%SETA%DRC@S1.DRC.COM Subject: File 7--Common Carrier Review Request REQUEST FOR REVIEW - COMMON CARRIER STATUS BILL Electronic mediums have increased over the years. People have drifted to communications using E-mail, the Internet, Online services, Bulletin Board Services, and other services that network computers together. A problem that exists, however, involves the legal status of these information services. AT&T has long ago been proclaimed to be a "common carrier". Under this status, communications that occur over their communication lines (the medium), are not held as the responsibility of that company. People who use that medium are held responsible for what they say and do, and the carrier is not held responsible for any crimes (i.e. conspiracy, planning to kill the president, etc.). What is needed, is a bill that updates the legal status of bulletin board services to "common carrier" status. This would free carriers to have concern about how their service was operating, and free them to stop monitoring conversations, etc. on their services. It would allow for a greater freedom of speech, free up restrictions (real or implied) on the businesses, and hold individuals to a greater degree of responsibility for their actions. In a ruling for Compuserve in a recent court case, Compuserve was found to be NOT responsible for child pornography that was being passed through their online service. They assisted in the catching of the responsible individuals. The individuals were easily tracked through usage logs and other electronic means. The users of the medium were held responsible for their own actions. Compuserve is not the ONLY online service out there. Internet sites that offer electronic mail, and bulletin board services that offer messaging and file transfer services to its users should also be able to claim "common carrier" status. A bill is needed to make this clear to the operators, and users of these services. In order to provide the necessary responsibility levels, system usage should also have restrictions on anonymity of messages/files. The system should not be allowed to carry messages or files that originate from an unknown source. Restrictions on "common carrier" services should mandate that the service in question be able to identify from which source it obtained any specific message or file. This will restrict "common carriers" from carrying, let us say, child pornography, without knowing where it was obtained and without being able to trace its source. Restrictions should also be made to specify a requirement to notify authorities upon any illegal traffic that may be carried over their carrier service. The Bulletin Board, for an example, should notify police personnel about any illegal traffic on their board. However, these BBS systems should NOT be mandated to oversee all the traffic that occurs on their systems. Much like the telephone companies, where traffic is only made known on occasion, BBS operators often do not read ALL message traffic on their BBS. I am looking for any comments that others out there may have on this subject, and I would like to open it for discussion. (i.e. I may be completely off-base, and if so, I want to know about it.) Please read this document, and reply to me personally, or through this publication. (RG%SETA%DRC@S1.DRC.COM) Rich Gautier ------------------------------ Date: 05 Feb 93 11:51:29 EST From: The Crypt Newsletter <70743.1711@COMPUSERVE.COM> Subject: File 8--Some Comments on "Approach Zero" (review) Dear CuD: I'm sure a number of your readers have, by now, browsed through the February issue of Discover magazine and seen the excerpt from another book on "hackers" called "Approaching Zero," to be published by Random House. The digested portion is from a chapter dealing with what authors' Bryan Clough and Paul Mungo call "the Bulgarian virus connection." While I found it interesting - outwardly a brightly written article - to someone a little more familiar with the subject matter than the average Discover reader, it was another flawed attempt at getting the story right for a glossy magazine-type readership. First, I was surprised that reporters Mungo and Clough fell short of an interview with virus author, the Dark Avenger. Since they spent so much time referring to him and publishing a few snippets of his mail, it was warranted, even if he is a very tough contact. In addition, they continually exaggerate points for the sake of sensationalism. As for their claim that the Dark Avenger's "Mutating Engine" maybe being the "most dangerous virus ever produced," there's no evidence to support it. And they continue the hallowed media tradition of calling the Mutation Engine a virus. It's not. The Mutation Engine is a device which can be included in virus code to grant the virus a sophisticated, variable encryption. That's all. It does not automatically make a virus horribly destructive, that's a feature virus-writers put into viruses separate from the Engine. And although the first Mutation Engine viruses introduced into the U.S. could not be detected by scanners included in commercial anti-virus software, most of these packages included tools to monitor data passively on any machine. These tools COULD detect Mutation Engine viruses, a fact that can still be demonstrated with copies of the software. It's also a fact that almost everyone covering the Mutation Engine angle glosses over, if they bother to mention it at all. In any case, Mutation Engine code is well understood and viruses equipped with it are now no more hidden than viruses which don't include it. Of greater interest, and an issue Mungo and Clough don't get to, is the inspiration the Dark Avenger Mutation Engine supplied to virus programmers. By the summer of 1992, disassembled versions of the Mutation Engine were widely available on underground BBS's in this country and abroad. It seemed only a matter of time before similar code kernels with more sophisticated properties popped up and this has been the case. Coffeeshop, a virus mentioned in the original Discover piece, is just such an animal, although the authors don't get into it. Coffeeshop utilizes a slightly more sophisticated variable encryptor - called the Trident Polymorphic Engine - which adds a few features not present in the Dark Avenger model. It, too, has been distributed in this country as a device which can be utilized by virus authors interested in shot gunning it into their own creations. It is of Dutch origin, produced by a group of programmers operating under the name "TridenT." They freely acknowledge the inspiration of the Mutation Engine. Curiously, Coffeeshop is Dutch slang for a place to pick up some marijuana. Interesting, is it not? However, the Trident Polymorphic Engine is no more inherently dangerous than the Mutation Engine. Viruses utilizing it can be detected by the same tools used to detect Mutation Engine viruses before those could be scanned. The reporters also claim that disassembling a virus to find out what it does is a "difficult and time-consuming process" capable of being carried out "only by specialists." This is another myth which feeds the perception that viruses are incredibly complicated and that one can only be protected from them by the right combination of super-savvy experts. It has NO basis in reality. Almost all computer viruses can be disassembled within 5-10 minutes by individuals with only a modest understanding of computer programming and access to one or two common diagnostic programs. The programs are so user-friendly they can even print out a summary of a virus's key instructions! It's a complete myth that anyone needs to be some kind of high-powered programming expert to understand and analyze computer viruses. And that's what's the most irritating about Mungo and Clough's research. In search of the cool story, they further the dated idea that virus-programming is some kind of arcane art, practiced by "manic computer freaks" living in a few foreign countries where politics and the economy are oppressive . While it's true that a few viruses are clever, sophisticated examples of programming, the reality is that almost anyone (from 15-year olds to middle-aged men) with a minimal understanding of assembly language can write them from scratch or cobble new ones together from pieces of found code. Since everyone's computers DON'T seem to be crashing from viral infection right and left (remember Michelangelo?), Mungo and Clough, in my opinion, really stretch the danger of the "Bulgarian virus factory." This is such an old story it has almost become shtick, a routine which researcher Vesselin Bontchev (apparently Clough and Mungo's primary source) has parlayed into an intriguing career. A great number of the 200 or so Bulgarian viruses the reporters mention in fear-laden terms ARE already here, too - stocked on a score of BBS's run by programmers and computer enthusiasts. Mungo and Clough years." That's an easy, leading call to make because no one will remember or hold them to it in 2000. I suggest "We don't know." Now that would have been more honest. But I doubt if it would have sold as well. ------------------------------ Date: Tue, 02 Feb 93 12:21:31 -0500 From: Gene Spafford Subject: File 9--For your mailing lists/newsgroups C A L L F O R P A P E R S ACMBUL's FIRST INTERNATIONAL COMPUTER VIRUS PROBLEMS AND ALTERNATIVES CONFERENCE 5-8 April, 1993 - Varna, Bulgaria The purpose of the 1993 International Computer Virus Conference is to provide a forum for anti-virus product developers, researchers and academicians to exchange information among themselves, students and the public. ICVC'93 will consist of open forums, distinguished keynote speakers, and the presentation of high-quality accepted papers. A high degree of interaction and discussion among Conference participants is expected, as a workshop-like setting is promoted. Because ICVC'93 is a not-for-profit activity funded primarily by registration fees, all participants are expected to have their organizations bear the costs of their expenses and registration. Accommodations will be available at reduced rates for conference participants. WHO SHOULD ATTEND The conference is intended for computer security researchers, managers, advisors, EDP auditors, network administrators, and help desk personnel from government and industry, as well as other information technology professionals interested in computer security. CONFERENCE THEME This Conference, devoted to advances in virus prevention, will encompass developments in both theory and practice. Papers are invited in the areas shown and may be theoretical, conceptual, tutorial or descriptive in nature. Submitted papers will be refereed, and those presented at the Conference will be included in the proceedings. Possible topics of submissions include, but are not restricted to: o Virus Detection o Virus Trends and Forecast o Virus Removal o Virus Prevention Policies o Recovering from Viruses o Incident Reporting o Viruses on various platforms o Emergency Response (Windows, Unix, LANs, WANs, etc.) o Viruses and the Law o Virus Genealogy o Education & Training THE REFEREEING PROCESS All papers and panel proposals received by the submission deadline and which meet submission requirements will be considered for presentation at the Conference. All papers presented at ICVC'93 will be included in the Conference proceedings, copies of which will be provided to Conference attendees. All papers presented, will also be included in proceedings to be published by the ACMBUL. INSTRUCTIONS TO AUTHORS [1] Two (2) copies of the full paper, consisting of up-to 20 double-spaced, typewritten pages, including diagrams, must be received no later than 28 February 1993. [2] The language of the Conference is English. [3] The first page of the manuscript should include the title of the paper, full name of all authors, their complete addresses including affiliation(s), telephone number(s) and e-mail address(es), as well as an abstract of the paper. IMPORTANT DATES o Full papers to be received in camera-ready form by the Organizing Committee by 28 February 1993. o Notification of accepted papers will be mailed to the author on or before 10 March 1993. o Conference: 5-11 April 1993, St. Konstantine Resort, Varna, Bulgaria WHOM TO CONTACT Questions or matters relating to the Conference Program should be directed to the ACMBUL: ICVC'93 Attn: Mr. Nickolay Lyutov ACMBUL Office Varna University of Economics 77 Boris I Blvd, 9002 P.O.Box 3 Varna Bulgaria Phone/Fax: (+35952) 236-213 E-mail: ICVC93@acmbul.bg icvc93@acmbul.bg (Organizing Committee) ACMBUL -- Bulgarian Chapter of ACM icvc93@acmbul.bg (Organizing Committee) ACMBUL -- Bulgarian Chapter of ACM ------------------------------ End of Computer Underground Digest #5.12 ************************************