Computer underground Digest Wed July 21 1993 Volume 5 : Issue 54 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cpyp Editor: Etaoin Shrdlu, Senior CONTENTS, #5.54 (July 21 1993) File 1--B. Sterling and W. Gibson Comments on Cyberspace & Educ. File 2--An open letter to Frank Tirado (from Paul Ferguson) File 3--Response to The AIS BBS Incident File 4--AIS BBS "debate" Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud aql.gatech.edu (128.61.10.53) in /pub/eff/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 20 July 1993 23:33:12 CDT From: CuD Moderators Subject: File 1--B. Sterling and W. Gibson Comments on Cyberspace & Educ. ((MODERATORS' NOTE: The following comments by Bruce Sterling and William Gibson came to us from several sources, some with over 60 lines of "forwards," which we deleted for parsimony. Thanks to those who sent it over, and special thanks to Mike Eisenberg, from whom the text apparently originated)). +++++ Date--Sun, 16 May 1993 13:39:38 -0400 From--Mike Eisenberg Subject--Sterling & Gibson on education and the 'net. The science fiction writers Bruce Sterling and William Gibson recently gave speeches about education and technology at a convocation at the National Academy of Sciences. They graciously agreed to make their texts freely available to the Internet. Please share these as you wish, but they are not to be used in any commercial way or publication. I hope this stimulates thoughts, reactions, and discussions throughout the 'net. This is a crucial time in the evolution of the Internet and the proposed networks-to-follow. Open and equal access is NOT guaranteed; in fact just the opposite may well happen. Is this important for education? for democracy? What do YOU say? -- Mike Eisenberg mike@ericir.syr.edu School of Information Studies Syracuse University Syracuse, NY 13244 ++++++++++ Forwarded message ++++++++++ Date--Tue, 11 May 1993 18:52:59 -0700 From--Bruce Sterling Subject--You Asked For It, You Got It Bruce Sterling bruces@well.sf.ca.us Literary Freeware -- Not for Commercial Use Speeches by William Gibson and Bruce Sterling National Academy of Sciences Convocation on Technology and Education Washington D. C., May 10, 1993 BRUCE STERLING: Hello ladies and gentlemen. Thank you for having the two of us here and giving us a license to dream in public. The future is unwritten. There are best-case scenarios. There are worst-case scenarios. Both of them are great fun to write about if you're a science fiction novelist, but neither of them ever happen in the real world. What happens in the real world is always a sideways-case scenario. World-changing marvels to us, are only wallpaper to our children. Cyberspace is the funhouse mirror of our own society. Cyberspace reflects our values and our faults, sometimes in terrifying exaggeration. Cyberspace is a mirror you can edit. It's a mirror you can fold into packets and send across continents at the speed of light. It's a mirror you can share with other people, a place where you can discover community. But it's also a mirror in the classic sense of smoke-and-mirrors, a place where you might be robbed or cheated or deceived, a place where you can be promised a rainbow but given a mouthful of ashes. I know something important about cyberspace. It doesn't matter who you are today -- if you don't show up in that mirror in the next century, you're just not going to matter very much. Our kids matter. They matter a lot. Our kids have to show up in the mirror. Today, we have certain primitive media for kids. Movies, television, videos. In terms of their sensory intensity, these are like roller-coaster rides. Kids love roller coasters, for natural reasons. But roller coasters only go around and around in circles. Kids need media that they can go places with. They need the virtual equivalent of a kid's bicycle. Training wheels for cyberspace. Simple, easy machines. Self-propelled. And free. Kids need places where they can talk to each other, talk back and forth naturally. They need media that they can fingerpaint with, where they can jump up and down and breathe hard, where they don't have to worry about Mr. Science showing up in his mandarin white labcoat to scold them for doing things not in the rule book. Kids need a medium of their own. A medium that does not involve a determined attempt by cynical adult merchandisers to wrench the last nickel and quarter from their small vulnerable hands. That would be a lovely scenario. I don't really expect that, though. On the contrary, in the future I expect the commercial sector to target little children with their full enormous range of on-line demographic databases and privacy-shattering customer-service profiles. These people will be armed and ready and lavishly financed and there every day, peering at our children through a cyberspace one-way mirror. Am I naive to expect better from the networks in our schools? I hope not. I trust not. Because schools are supposed to be educating our children, civilizing our children, not auctioning them off to the highest bidder. We need to make some conscious decisions to reinvent our information technology as if the future mattered. As if our children were human beings, human citizens, not raw blobs of potential revenue-generating machinery. We have an opportunity to create media that would match the splendid ambitions of Franklin with his public libraries and his mail system, and Jefferson and Madison with their determination to arm democracy with the power knowledge gives. We could offer children, yes even poor children in poor districts, a real opportunity to control the screen, for once. You don't have to worry much about the hardware. The hardware is ephemeral. The glass boxes should no longer impress you. We've shipped our images inside glass boxes for fifty years, but that's a historical accident, a relic. The glass boxes that we recognize as computers won't last much longer. Already the boxes are becoming flat screens. In the future, computers will mutate beyond recognition. Computers won't be intimidating, wire-festooned, high-rise bit-factories swallowing your entire desk. They will tuck under your arm, into your valise, into your kid's backpack. After that, they'll fit onto your face, plug into your ear. And after that --they'll simply melt. They'll become fabric. What does a computer really need? Not glass boxes -- it needs thread -- power wiring, glass fiber-optic, cellular antennas, microcircuitry. These are woven things. Fabric and air and electrons and light. Magic handkerchiefs with instant global access. You'll wear them around your neck. You'll make tents from them if you want. They will be everywhere, throwaway. Like denim. Like paper. Like a child's kite. This is coming a lot faster than anyone realizes. There's a revolution in global telephony coming that will have such brutal, industry-crushing speed and power that it will make even the computer industry blanch. Analog is dying everywhere. Everyone with wire and antenna is going into the business of moving bits. You are the schools. You too need to move bits, but you need to move them to your own purposes. You need to look deep into the mirror of cyberspace, and you need to recognize your own face there. Not the face you're told that you need. Your own face. Your undistorted face. You can't out-tech the techies. You can't out-glamorize Hollywood. That's not your life, that's not your values, that's not your purpose. You're not supposed to pump colored images against the eyeballs of our children, or download data into their skulls. You are supposed to pass the torch of culture to the coming generation. If you don't do that, who will? If you don't prevail for the sake of our children, who will? It can be done! It can be done if you keep your wits about you and you're not hypnotized by smoke and mirrors. The computer revolution, the media revolution, is not going to stop during the lifetime of anyone in this room. There are innovations coming, and coming *fast,* that will make the hottest tech exposition you see here seem as quaint as gaslamps and Victorian magic-lanterns. Every machine you see here will be trucked out and buried in a landfill, and never spoken of again, within a dozen years. That so-called cutting-edge hardware here will crumble just the way old fax-paper crumbles. The values are what matters. The values are the only things that last, the only things that *can* last. Hack the hardware, not the Constitution. Hold on tight to what matters, and just hack the rest. I used to think that cyberspace was fifty years away. What I thought was fifty years away, was only ten years away. And what I thought was ten years away -- it was already here. I just wasn't aware of it yet. Let me give you a truly lovely, joyful example of the sideways-case scenario. The Internet. The Internet we make so much of today -- the global Internet which has helped scholars so much, where free speech is flourishing as never before in history -- the Internet was a Cold War military project. It was designed for purposes of military communication in a United States devastated by a Soviet nuclear strike. Originally, the Internet was a post-apocalypse command grid. And look at it now. No one really planned it this way. Its users made the Internet that way, because they had the courage to use the network to support their own values, to bend the technology to their own purposes. To serve their own liberty. Their own convenience, their own amusement, even their own idle pleasure. When I look at the Internet--that paragon of cyberspace today --I see something astounding and delightful. It's as if some grim fallout shelter had burst open and a full-scale Mardi Gras parade had come out. Ladies and gentlemen, I take such enormous pleasure in this that it's hard to remain properly skeptical. I hope that in some small way I can help you to share my deep joy and pleasure in the potential of networks, my joy and pleasure in the fact that the future is unwritten. WILLIAM GIBSON: Mr. Sterling and I have been invited here to dream in public. Dreaming in public is an important part of our job description, as science writers, but there are bad dreams as well as good dreams. We're dreamers, you see, but we're also realists, of a sort. Realistically speaking, I look at the proposals being made here and I marvel. A system that in some cases isn't able to teach basic evolution, a system bedeviled by the religious agendas of textbook censors, now proposes to throw itself open to a barrage of ultrahighbandwidth information from a world of Serbian race-hatred, Moslem fundamentalism, and Chinese Mao Zedong thought. A system that has managed to remain largely unchanged since the 19th Century now proposes to jack in, bravely bringing itself on-line in an attempt to meet the challenges of the 21st. I applaud your courage in this. I see green shoots attempting to break through the sterilized earth. I believe that the national adventure you now propose is of quite extraordinary importance. Historians of the future -- provided good dreams prevail--will view this as having been far more crucial to the survival of democracy in the United States than rural electrification or the space program. But many of America's bad dreams, our sorriest future scenarios, stem from a single and terrible fact: there currently exists in this nation a vast and disenfranchised underclass, drawn, most shamefully, along racial lines, and whose plight we are dangerously close to accepting as a simple fact of life, a permanent feature of the American landscape. What you propose here, ladies and gentlemen, may well represent nothing less than this nation's last and best hope of providing something like a level socio-economic playing field for a true majority of its citizens. In that light, let me make three modest proposals. In my own best-case scenario, every elementary and high school teacher in the United States of America will have unlimited and absolutely cost-free professional access to long-distance telephone service. The provision of this service could be made, by law, a basic operation requirement for all telephone companies. Of course, this would also apply to cable television. By the same token, every teacher in every American public school will be provided, by the manufacturer, on demand, and at no cost, with copies of any piece of software whatever -- assuming that said software's manufacturer would wish their product to be commercially available in the United States. What would this really cost us, as a society? Nothing. It would only mean a so-called loss of potential revenue for some of the planet's fattest and best- fed corporations. In bringing computer and network literacy to the teachers of our children, it would pay for itself in wonderful and wonderfully unimaginable ways. Where is the R&D support for teaching? Where is the tech support for our children's teachers? Why shouldn't we give out teachers a license to obtain software, all software, any software, for nothing? Does anyone demand a licensing fee, each time a child is taught the alphabet? Any corporation that genuinely wishes to invest in this country's future should step forward now and offer services and software. Having thrived under democracy, in a free market, the time has come for these corporations to demonstrate an enlightened self-interest, by acting to assure the survival of democracy and the free market -- and incidentally, by assuring that virtually the entire populace of the United States will become computer-literate potential consumers within a single generation. Stop devouring your children's future in order to meet your next quarterly report. My third and final proposal has to do more directly with the levelling of that playing field. I propose that neither of my two previous proposals should apply in any way to private education. Thank you. -- Michael J Kovacs -(o) (o)- ACM-L List-Owner U mkovacs@mcs.kent.edu \___/ librk420@kentvms (Bitnet) *** ------------------------------ Date: Thu, 15 Jul 1993 08:25:25 -0700 From: fergp@SYTEX.COM(Paul Ferguson) Subject: File 2--An open letter to Frank Tirado (from Paul Ferguson) An Open Letter to Mr. Frank Tirado (The original copy of this message was sent to Mr. Tirado at SYSADMIN%ERS.BITNET, the address listed in Computer Underground Digest (CuD) issue 5.51. Another copy has been posted in FidoNet VIRUS_INFO conference area in response to John Buchanan's forwarded message.) On 07-13-93 (12:07), Aristotle (aka John Buchanan) forwarded to me your "open letter" in the FidoNet VIRUS_INFO Conference echo, which I have the honor of moderating. > AN OPEN LETTER TO PAUL FERGUSON. In order to adequately address your concerns, accusations and opinions, I have also included quotations from your last message, preceded by angled brackets (">"), as is customary with most netspeak. > Message from Paul Ferguson to Cory Tucker: > "....I find your posts rather humorous, yet at the same time > offensive. If Mr. Tirado wishes to confront the issue himself, > I'd suggest he do so. His absence here in Fidonet or Usenet > somehow diminishes his credibility. In the meantime, please > refrain from posting such drivel....." > I went through the back issues of Crypt, as well as anywhere > else I might have been quoted, to see what I might have said > to so raise your ire. I'm left with the impression that you > ascribe to me the article written by Jim Lipschultz, an > article which I helped edit and which I personally found quite > droll. Sorry, much as I would like to take credit for his work, > the words are all his. I was referring to the letter submitted in the FidoNet VIRUS_INFO conference area by one Corey Tucker, who also forwarded the "advance copy" of the CRYPT newsletter article from issue number 16. Actually, without hopping about, I'm fairly sure that it was the same text that appeared in CuD 5.15, but that's a matter of semantics. I'd like to specifically address each of your points and present contrary opinion. > Lets take a look instead at what has been accomplished by > shutting down the AIS board: > o The information which was on that board is now on four others. Obviously part of your carefully thought out strategy to eliminate such information from "legitimate" boards. If anything, these boards will provide the same services the AIS board did, but to a greater extent. Indeed, I'd be foolish to believe that the "information" found on AIS could not have been found elsewhere. Frankly, that is a well known fact. In fact, it can be found on many others (at least 25 others in the U.S. and Canada alone, by my tally), but none of these systems are sponsored by U.S. Government, with taxpayer money. I assume that you equate the term "legitimate" with systems not sponsored in this manner. > o Kim Clancy is now far more credible than before in the > "underground", and she's an even more desirable commodity > now among the above-ground interests. I'm sure that this incident has bolstered Clancy's position in the underground community. As for her credibility, it remains to be seen to what extent this actually may be. Call me a cynic, but just because Bruce Sterling calls her "the best" or "better than the CIA," does not leave me with the same warm and fuzzy feeling that it seems to convey to most of my critics. I simply do not find credibility in efforts which make viruses available freely available -- I consider it irresponsible. > o Closing down the AIS board eliminated a major avenue for > the propagation of viruses........ Oops! My imagination > ran wild for a moment. You and I both know that not the > slightest dent has been made in the flow of information > which you and your cohorts find so objectionable. I apologize, Mr. Tirado -- I do not know that and frankly, nor do you. This statement is purely conjecture and you could not know possibly otherwise. Your sarcasm is evident. However, I disagree implicitly. As I stated in my response (which I have submitted to Jim Thomas for inclusion into Cud 5.12) to CuD, if even one incident of modified virus propagation resulted from the availability of viruses on AIS, then my action was warranted, in my own opinion. However, it is obviously a rhetorical point because once the files were obtained, no one can gauge the possible damage which may have resulted in these instances. > o Now the virus boards cannot point at the AIS board and > say: "If they're doing it, why can't we?" I'll grant > you this one, but I really can't see virus boards using > this defense very successfully, should it ever come to > that. Then you obviously have not been observing the activities of underground vX (virus exchange) systems since their inception. I have, and I have watched trends develop. For example, the major Vx systems have been (and still are) run by members of virus creationist groups such as Phalcon/Skism, Nuke and Trident. These groups are directly responsible for escalating the sheer number of viruses by creating new, undetectable variants of existing viruses and creating virus creation tools. This is unacceptable, yet you seem to condone this behavior... > o Those individuals who could "legally" (there was nothing > illegal about any information obtainable through the AIS > board) obtain useful and pertinent information from the > underground will now probably gravitate towards hacker or > virus boards. You think not? Let's wait and see..... "Nothing illegal?" At least not yet, obviously. Unethical? That is subjective opinion. (I consider it unethical, but as I stated above, this is purely subjective.) We shall "wait and see," as you've suggested, however, do not expect us to simply dawdle idly while these activities are being conducted in real-time. Legislation will be introduced in the coming congressional session which would outlaw these activities. (Refer to Computerworld article, "Virus vagaries foil feds," July 12, volume 27, issue 28 for further information.) > Your statement that my "absence here in Fidonet or Usenet > somehow diminishes (my) credibility" is ludicrous. In other > words, I'm outside of your control so my opinions don't count. On the contrary, Frank. Your opinions are equally as important as anyone else. By my statement above (hopefully you can gauge the sentiment), I simply do not indulge myself to be duped into responding to 2nd party posts in FidoNet -- it is too easy to forge. While Fido is near and dear to my heart, there are certain aspects about Fido messaging which are rather dubious. Your message, while intelligent and forthright, was presented by a second party; in this instance, I had my doubts as to its authenticity. > Frankly, I reserve the right to disagree with you whenever our > views differ. If that means that I refuse to be subject to your > petty satrapy, then so be it. And, by the way, what would you > say of the credibility of an individual who doesn't have the > courage to sign his name to a message accusing someone else of > excesses? At least Jim and I sign our names to our posts. You obviously missed the point on this one, so I won't argue the point any further. You certainly have the right to openly disagree with anyone -- that is a guarantee which we all enjoy under the Constitution. However, impugning my intentions won't get you very far, especially when it regards my reputation (which by all means, is intact, I'd gather). > Put into the simplest terms, I see the AV community, with some > few exceptions, evolving into a kind of priesthood whose Mysteries > are composed of polymorphic viruses and source code, hidden behind > a veil of mummery and slight of hand. Never mind that virus > authors and several hundred thousand people of all ages have access > to that self-same information; as a security officer I only need > to know what you tell me. Of course, you only are doing this for > my own good..... This is perhaps the most offensive of your statements. I am told that you are a systems security analyst with the Department of Agriculture. I do not recall seeing you at any computer security conferences, nor recall your participation in any antivirus parlances. Do you have some hidden expertise in the antivirus arena, or are you simply spouting opinionated idealisms? Mr. Tirado, what I may think has nothing to do with your opinions, nor anyone else's for that matter. I have watched as virus exchange systems have become the rave, and have absolutely contributed to the spread and distribution of viruses, both known and contrived. In the matter of AIS, I was outraged that a government sponsorship was participating in these same activities as other virus eXchange systems. > I don't think so. I find it next to impossible to implicitly > accept the word of a group whose bottom line is the almighty > dollar. Besides, as a self-regulating group you guys can't even > police themselves. I obtained my first 20 viruses from a vendor at > the same conference where Peter Tippett first proposed not sharing > viruses. The implications should be "crystal clear", considering > the plethora live viruses and source code floating around with the > imprimatur of the major AV software developers. I admit that the antivirus crowd has its share of prima donas and is shadowed by the profit modus operandi. I am in no way part of the group, either explicitly or implied. You obviously do not know me. As a final note, I respect your opinions, if that is of any consequence. I have been a member of the cyberspace community since the late seventies and I have witnessed many, many changes in the culture of the nets. The one thing that truly upsets me, however, is the reckless abandon with which computer viruses are made available to anyone with a modem. I have spent countless hours and dollars cleaning up computer viruses from countless workstations and LANs. The financial loss on the part of these companies is mind-boggling. While you decry the freedom of folks to freely exchange potentially damaging "information," at least keep this in mind. To quote you in CRYPT #16, "Too my mind, the AIS BBS was one of the best applications of my taxpayer dollars," said the USDA's Tirado angrily during an interview for this story. "The spineless curs!" My actions were neither spineless nor uncalculated. I have done what I intended to do. Private virus distribution systems are next on the agenda... ------------------------------ Date: Wed, 21 Jul 93 17:26:28 PDT From: vfr@NETCOM.COM(Sarah Gordon) Subject: File 3--Response to The AIS BBS Incident the opinions expressed here are my own. i've been following this AIS mess for some time now. by now, you probably know that anonymous is Paul Ferguson, the moderator of the fidonet Virus_Info conference. He's done a very good job in there, helping keep the good informa flowing, keeping a handle on the disrupters (the echos are not democratic :), and in general is a very well informed computer security fellow. i've been watching him take, and wield punches regarding this AIS mess from the start... and i'm not exactly sure what to think. there are certainly a lot of issues here and i don't think i could begin to address them all. they do need to be addressed, however, so i would like to start with these few. first, i won't get into all this 'not all viruses are meant to be destructive, not everyone who calls a virus exchange bbs will use them for bad things, some anti-virus product developers make untrue claims to scare users' sort of 'discussions'. these things are well enough known and the bringing up of them as 'arguments' over and over keeps people from getting to the real issue here. there is a need to have this kind of discussion, when people don't already know these things. i think we here mostly know and agree on the above, at least. computer viruses are just programs. no one disputes that. but they are destructive (whether they are intentionally so or not), and unless you have a lot of experience in the entire huge 'arena' involved, its possible to just not realise what is really going on with the exchange and offering of this type of information. me? i'm the one who did the > year study on the virus exchange bbs. a lot has changed since i concluded it. if you want specific information on what is going on via some of these systems, parts of the paper are in print form. i wont go into where here, because the last time i mentioned one of my articles i was accused of prostituting myself (by someone whose idea of a good time is to break in and steal someone's mail, and use their account.). i don't want, or need, any 'hate mail' from people whose idea of a good time lies along the above lines. initially, the viruses themselves did not have a significant impact on end users. that has changed. it used to be just the attitudes fostered on some of these bbs were more of a threat than the viruses themselves. that is also changing. now, from what i understand, AIS did -not- foster the destructive attitude. in fact, i understand kim had a good communication going with the participants. so, it cant be said that the BBS fostered these attitudes -directly.- however, when a government sponsored BBS, for whatever reason, makes freely available destructive computer code (and, no one can realistically say that the people who got this just wanted to 'see it'...maybe in some cases, but in reality, people who get viruses tend to use them. even if only one used it for this purpose, its not good. i run a bbs. i cant tell you the number of people who ask me for viruses to 'screw up' someone's computer...its human nature for young impressionable people to go with the hype...)...it tends to reinforce the ethic (or lack of) of this whole area of computer viruses. we should be honest and stop playing games, like its just 'freedom of speech'. you don't have a guaranteed right to do whatever you want. this is not what freedom of speech is about. and, in some cases, as we all know, just because something is legal does not make it right. there's an even worse side to this all. why exactly did they shut down the BBS. exactly, -why-? i was at the nyc conference urnst kouch mentioned. i heard alan solomon mention the AIS bbs...but it was not a particular 'target' that i knew of; then again, maybe urnst is more priviledged to dr. solomon's agenda than i am. :). ive never heard for sure from anyone that alan was in cahoots with anonymous to bring this entire matter to the public attention; it wouldn't surprise me. its kind of sad that a british citizen is more concerned with what's going on here than most of the people who live here. maybe that's because cyberspace has no formal boundaries, and what goes on here affects people all over the world. in that case, i hope the laws which prosecute and incarcerate people who are currently distributing computer viruses in such a manner as to incite other to commit crime are caught, and locked up. in fact, i hear this will be happening soon, and i personally am glad. if i can play even a small part in helping to stop this madness, i will be quite happy. in fact, i hope a fellow out in virginia who wrote and distributed a lewd virus with 'sara's groove' on it to all my colleagues may be among the first to participate in the wonderful miracles of cyberspace as relate to the Real World i.e. extradition, or at the very least, culmination of a lawsuit. Freedom of Speech you say? i doubt you would say it if it was YOUR life and job affected by this exercise of 'freedom'. there seem to be now three groups of 'cyberguys'--the hackers from the 'old school'. this is a good thing. no destruction. learning. information. some virus writers are included in this group. then there seems to be a group that doesn't care one way or the other what goes on, and there is the third group: the malicious group. when you are protecting the third groups 'rights' at the expense of damage and real harm to the second group, you are damaging the potential of the first group. you have to stop being afraid to say something is WRONG. it is WRONG to destroy or damage data, to steal services, to hack systems. its NOT funny, and its NOT cool. its WRONG to encourage people to do it. and, if you can't figure out what encourages people, then you had better figure it out soon, because we don't have much time left. what is to be feared by the free exchange of -ideas-? does paul not have the right to say what he thinks about the distribution of computer virus code? why is it that the majority of people responding here seem to see only that the virus writers/distributors 'freedoms' have have been limited, or that people who want access to this destructive code maybe have less 'access' to it now? i'm not for book burning. i'm not a fascist. however, i have a lot of experience with computer viruses and i sure as heck would not offer them to people indiscriminately i'd be a pretty poor role model if i did things to encourage destruction of this new 'frontier', and i can't really understand why everyone is so upset that paul spoke up for what -he- happened to think. if its that he chose to do it anonymously, then why in the hell aren't all you people shutting down the 'anonymous mailers' that give you freedom to post under obscene aliases, send threatening mail to people and hide your true identities. you don't do that? well, the virus writers and distributors do it. no one's seeming to be too upset that these guys can do the things they do, which are in many cases illegal and in most cases unethical (well, if you consider stealing telephone service, stealing computer time, breaking into systems, hatching viruses to bulletin boards, sending threatening mail, etc. to be unethical); yet i hear a lot of crying about how bad it was for paul ferguson to say 'this bbs belongs to the u.s. government and it should not be giving out destructive computer code'. people are upset he chose to exercise -his- right to free speech. he has just as much right to say what he wants to say as the next person. was he wise to use an anonymous mailer? i'd say not. i've told him 'not'. he still had the right to say it. its only words, and information...and since you all want information and ideas to be so free, that should include everyone's words. or, is it only the words of those who are for some reason unwilling or unable to say these guys who are promoting the destruction of data (such as occurs on most vX bbs, not on AIS) that are sacred? there are more issues here than just 'is it helping' and 'is information free'. there is the matter of the values we instill in the students, the people in college who are still figuring out what's what. my personal philosophy on virus source code and viruses is that it is quite unethical to let a live virus out of your own hands after you write it. that's pretty simple to understand. you cant control what happens with it once it leaves you own hands. so, write them if you want to. i've written a few, specifically using MPC to generate samples to test the efficacy of scanning technology; but, use some sense in passing them around. they are not toys, despite some people would like to minimize the threat they pose. sure, most of the junk we see written by 'virus writers' now is not so serious...but take a look at the bigger picture. what kinds of things are we teaching in the school? its ok to just pass out malicious code without any instruction on why its NOT ok to destroy other peoples 'stuff'. sure, there is now a move toward ethics in education in computer sciences. and, some very GOOD instruction, too. but, for people involved in it now, its a bit late. what kind of examples are we setting when we distribute source code to people whom we -know- (and don't kid yourselves, we know it...all of us) are going to use it maliciously. "hey, if its ok for AIS to pass it out, why can't i"...you know.... so, not everyone will do this,,but you know some will. don't you think its a bit irresponsible to just have the federal government passing out this stuff? maybe if they would dole out some money so we could have good solid ethics based computer curriculum, yes...but they don't, at least not -enough-. isnt it time we focused our attention on what needs to be done to keep the global computing environment accessible to all, without need to fear attacks from people who have learned -from US- that it is acceptable to 'play' at the expense of others? AIS had good communication with hackers, and virus writers; this isnt even questioned, its a fact. However, there is the underlying message when they passed out destructive computer code. And, from my dialogues with virus writers (which are extensive), they got the message clear and loud -- 'Its ok to pass this stuff around, hell you can get it from the U.S. government, so don't tell me there's nothing wrong with it'. i studied actual virus exchange bbs for a long time. i found that the problem on them was not the viruses, not at all. the problem was the attitudes being fostered. some people took my paper out of context, said i was calling to shut them all down. to the contrary, i don't want to see that at all. i don't want to have to enforce morality on anyone. i want people to act responsibly on their own. i don't want to give the government the open hand to just slap down people who are trying to learn, and who need to learn...but, the attitudes that its ok to pass out malicious software like candy, when we know what's being done with it--that attitude will lead to eventually some big government task force shutting down all the bbs....making it impossible to learn. if we don't police ourselves, they will do it for us. did AIS have a section on ethical behaviour? i don't' know...i never called it. i kept meaning to call it, but i just never got around to it. i don't have a lot of money for long distance calls, and i think it was not on the internet. ive done a lot of writing for journals and magazines who like to take what im saying and twist it...it sells copy to read about the 'bad evil hackers and virus writers'...i almost feel as if its pointless to talk about communications and working to make sure we have a safe, trusting space.... Paul Ferguson has taken a pretty bad rap. I don't know why he chose to post anonymously. I also don't know if Alan Solomon had anything to do with it. however, the fact that some disassemblies with S&S or Certus on them showed up on some bbs means nothing. i could post a message or upload a virus from anyone...after all, isnt that one of the beauties of cyberspace? anyway, even if a file that contained a virus from one of these guys shows up on some bbs, it doesn't follow that they -wrote- the virus, but instead that they wrote the -goat file- and were perhaps unwise in who they chose to give viruses to. it happens. however, there is a difference. anti-virus product developers, at least reputable ones, are willing to say who they gave destructive code to, so that if there was a problem, the path to it would be clearer. the anti-virus community (and is it not a sad state that we have had to have defined lines of people who are AGAINST destructive computer programs being spread about like warm butter, and that we have to defend ourselves against people who don't even have the guts to come forward and -use- their real names, but instead choose to use aliases like the above mentioned one, Screaming Radish, and Nowhere Man?) does not promote/give away/recklessly endangering fellow cyberspace citizens by aiding people in destroying data. someone said: >After reading half a dozen articles about the AIS BBS controversy, I >can't help but think that the whole thing smacks of some sort of >personal vendetta on the part of Paul Ferguson against Kim Clancy. this is not the case. i know paul very well, professionally and personally. not only are people attacking pauls right to say what he wanted, but now the personal attacks start. this reminds me of the ridiculous Phrack article that came out accusing me of trying to shut down virus exchange bulletin boards. suddenly, it turns to personal, and sexist attacks. >Perhaps he was only jealous of her growing professional reputation. >Or maybe he made a pass at her only to be rebuffed for being the >unethical fink that he is. actually, while kim is well known in some circles, she is not well known in the area of paul's expertise, i.e. most people involved with viruses don't even know who kim clancy is, other than that she operated a bbs where they could get viruses. actually. as for his making a pass at her, i was with paul and kim the only time they met. this did not occur. knowing paul's character, i can say without question that this would not have occurred in any case. >I agree, mostly, but the problem is the lack of communications between >Cyberspace and the rest of the world. No amount of airing disputes >and debating them here in Cyberspace is going to correct the >wrong-headed criticism from the print media, congressional members and >staff, pressure to change from congressional members and staff, or >any sort of reprimand, criticism or loss of reputation Kim Clancy has >suffered from her superiors at the Bureau of Public Debt. if Kim was operating the BBS with the sanction of her superiors, she suffers no loss of reputation. she is a government employee, and from what i understand a very bright woman. there must have been some reason her superiors chose to shut down the BBS. i doubt that the words of paul ferguson alone could do it. maybe they realised they were encouraging people by distributing this code. maybe they realised if they pass it out, they can't very well speak out against others doing it. however, or whyever it happened, im glad it did. however, kim doesn't serve to lose any reputation from her superiors. get it? if there are superiors, it means you have done what they have told you to do. they can hardly fault her, and if they do, someone like paul would be the first to speak out against it. and, i can't agree that no amount of debate here is going to correct what goes on in the other Real World. when the problem of what is right and wrong regarding our own environment here, in cyberspace, is sorted out here, only then can we hope to impact the other Real World. we are shaping this world, now. ideals, ethics, what is good, what is bad, what is acceptable, what is not...we are deciding. the frightening thing here is that if we do NOT decide to police ourselves and stop trying to act like 'everything we do here is ok', (including sanctioning the distribution of destructive code and making it worse by not even saying its WRONG to spread viruses to innocent people, but saying instead its 'freedom'....), the government -will- step in and do it for us. by focusing on the 'freedom' of this information, we are neglecting to address the real problems. should AIS have had to stop passing out viruses? i think no one should distribute destructive code that they cannot control. and, if people insist they have the right to keep on doing it, pretty soon they wont have the right to do it. i don't think this is what anyone wants. >I'm not as willing as Jim Thomas to believe Paul Ferguson was sincere >in his concerns. In fact, I don't believe he was at all, but rather >his entire intent was to cause trouble for someone, probably Kim. not at all. paul has the same goals as a lot of us. i use the word 'us' because i believe we are all sincerely of the same goal, at least i hope so. we go about achieving it in different ways. if the goal is to stop cyberspace from becoming too much of a mess for the average user (none of us wants it to be only available to those who can hack their way in, right? we want people to have access to information without fear, right?), then it only makes sense to attempt to instill some sense of what is right and wrong in the people who are shaping it, and being shaped by it. SO, what are the facts here? Someone brought to light that a Federally run BBS was giving out virus source code. it was then changed, no more source code. i hear mindvox is picking up that, and will be passing it out. i don't know if its true or not. if it is, i hope they make an environment where they wont encourage people to think its cool to destroy computers by neglecting to mention this. and mention it consistently. over and over. why? because the people who are looked up to...people like kim (who is a charming and very nice person, i've met her and she's quite nice), people like the guys at mindvox...people like you, jim, ...those people are responsible for helping shape the future. for the bad to win, it only is necessary for the good to do nothing, you know. -- SGordon@Dockmaster.ncsc.mil / vfr@netcom.com bbs: 219-273-2431 fidonet 1:227/190 / virnet 9:10/0 p.o. box 11417 south bend, in 46624 ------------------------------ Date: Tue, 20 Jul 1993 09:03:29 -0600 (MDT) From: bryce wilcox Subject: File 4--AIS BBS "debate" Everything I know about the AIS BBS events I have learned from CuD, and therefore I would like to issue a plea for a little more objectivity and composure from CuD's contributors. Paul Ferguson's letter in his own defense seemed to me, while not conclusive, at least a sincere attempt to address the issues at hand, which are immensely important to our developing cyberworld and very complex. By contrast, some of your other contributors have posted letters with no apparent purpose other than to disparage Mr. Ferguson's personality and character, which I personally find distasteful, damaging to the kind of community we are trying to build, and a waste of my time. The issue at hand is indeed a tricky one. We would all (well, *almost* all) agree that gas stations should be allowed to sell gasoline despite the occurrence of arson, and we would all (almost) agree that corner stores should not be allowed to market small nuclear bombs. A rational policy probably lies between these two extremes, and it also must consider other factors: 1. How dangerous is the thing? How much damage can it do? To whom? Is it easy to protect oneself against? Is the damage fixable or permanent? 2. What positive or non-damaging uses can the thing be put to? 3. Is it more likely to be used for harm or for good? By different groups of people? 4. Is it possible, or practical, to outlaw the thing? Would that reduce its use, eliminate it, not affect its use at all, cause it to spread, or eliminate it from the law-abiding sector, leaving it solely in the hands of criminals? There are more, of course, but hopefully this will get people thinking. There is a more fundamental question that is very important to those who deal in information, the commodity that is hardest to suppress: 5. To what degree can law enforcement be proactive rather than reactive? Is it Constitutional or moral to punish an individual because he/she seems likely to commit a crime in the future? The First Amendment protects against prior restraint of speech and press. Should this be expanded to include digital data, which can be a commercial product or a military device as easily as an expression of an individual's thoughts? These are very serious and complex questions that need to be resolved by a long and careful public debate. CuD can be one of the forums in which these issues are analyzed, but only if your reader/contributors set an example of mature and principled conduct. ------------------------------ End of Computer Underground Digest #5.54