Computer underground Digest Wed Feb 19, 1997 Volume 9 : Issue 10 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.10 (Wed, Feb 19, 1997) File 1--Moldova Internet Scam File 2--Clipper is dead, as we knew all along... File 3--Re: Cu Digest, #9.09, Sun 16 Jan 97 File 4--Re: The Guardian Angels' The Face Project File 5--Cyberpatrol now blocks my site File 6--Internic DNS glitches File 7--TIIAP Announces Availability of 1997 Funds File 8--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. Date: Thu, 20 Feb 1997 10:15:29 -0500 (EST) From: Audrey Helou Subject: File 1--Moldova Internet Scam The Detroit Free Press ran an article that may be of interest to CuD subscibers. It appears in the February 20, 1997 edition of the Detroit News and is entitled "Feds expose Internet ring that cost thousands in phone bills." According to the article, the federal government busted an Internet scam offering "free" erotic photos that came with software that secretly took over users' computers and ran up huge international long-distance phone bills. It seems that some sites, such as www.beavisbutthead.com and www.sexygirls.com had advertizements for "all nude all free" pictures. However, getting the pictures required down a Windows 95 software program that once installed, took control of the modem, cut off the local Internet service provider, and dialed a number in the former Soviet republic of Moldova, in Eastern Europe. The user, unaware of a change, would continue to surf the web while racking up foreign line toll charges of $2 to $3 a minute. According to the article, the modem kept the connection, even after the user had logged off, until the computer was itself turned off. Profits were shared between the Moldovan phone company and the scam artists. The scheme was discovered by AT&T Corp. through its consumer watch bureau, which monitors clients' phone bills for irregularities. Consumers, whom the FTC says were defrauded of perhaps $1 million, may get some money back, since the FTC won a U.S. District Court order in New York seizing assets of the defendants: Audiotex Connect Inc., Promo Line Inc., Electronics Form Management and the people associated with them, Anna Grella, William Gannon and David Zeng. ------------------------------ Date: 19 Feb 97 11:09:19 EST From: "K. N. Cukier" <100736.3602@CompuServe.COM> Subject: File 2--Clipper is dead, as we knew all along... From -- Fight Censorship Here's an article that ran on the death of the Clipper Chip (as if anyone really thought the idea was still afloat...). I'm unsure of the significance of the news -- my first impression is that we sort of knew this. On the other hand, there are a few whacky things in the article, it seems to me. First, they say that Clipper will now be marketed to civilians -- yeah right; sellers and users are smarter than that, and have much better crypto options, obviously. Secondly, the article states that key recovery doesn't access users' keys without their knowledge -- I'm not sure what systems the writers have in mind, but it's not any system on this planet. Indeed, key recovery systems for the export of strong crypto (where key recovery *matters* to the government), as they have been approved by the US Department of Commerce, aims to do just that: allow for secretive lawful access of keys. -- KNC ------------ FEBRUARY 17, 1997 Federal Computer Week DOD sinks the Clipper BY COLLEEN O'HARA AND HEATHER HARRELD The Defense Department plans to remove the government key escrow software from its Fortezza cards used on the Defense Message System, a move that signals the death of the Clinton administration's controversial Clipper initiative and one that should encourage civilian use of the cryptographic cards. A DOD spokeswoman confirmed the decision to remove the key escrow but would not provide further details. The DOD decision, which will be formalized in a policy expected out shortly, is in response to the administration's decision last October to support key recovery technology instead of the controversial Clipper initiative. Each agency must decide how it will implement the government's policy internally. A technical advisory committee will develop standards for a federal key management infrastructure. The so-called Clipper initiative proposed a nationwide standard for encryption hardware that would have used a classified algorithm with built-in law enforcement access. It is this built-in access - which law enforcement agencies claimed was vital to their jobs - that will be removed from the cards. It most likely will be replaced by emerging commercial key recovery technology that does not have the same built-in access. DOD has for years pressured civilian agencies to use government escrow technology, but the agencies were wary of the law enforcement access. Stephen Walker, president and chief executive officer of Trusted Information Systems Inc. (TIS), said the policy will remove the last remnants of the Clipper and serve as an official endorsement of key recovery technology. "This is the end of Clipper,'' Walker said. "This is a very positive move because it puts the Defense Department in a posture of using commercial products instead of Defense Department products. If the Defense Department is moving away from key escrow, no one else is going to feel obligated to have key escrow either." Civilian Agency Appeal? Removing government key escrow from Fortezza cards, which are designed to provide authentication, integrity and confidentiality to DMS users, could prompt civilian agencies to deploy the cards to secure electronic mail or other communications, said Santish Chok-hani, CEO of Cygnacom Solutions, a security consulting company. "If you take out the key escrow from Fortezza, that would mean a broader set of civilian agencies and commercial folks could use the technology without worrying that someone is copying their keys," he said. The main difference in government key escrow - now in place in Fortezza cards - and key recovery technologies is the ability of law enforcement agencies to secretly decrypt encrypted files after obtaining a warrant. There is a private key (needed to decrypt data) embedded in each Fortezza card chip. When the Fortezza chip is manufactured, the private key is split; one half goes to the National Institute of Standards and Technology and the other to the Treasury Department. If a law enforcement agent obtains permission from a court to decrypt information of a Fortezza card user, he can obtain both parts of the private key from the two federal agencies and decrypt the data without the knowledge of the user. Key recovery is a technology that allows for the recovery of a private encryption key if it is lost or damaged. This private key, however, is kept by the user or user's organization, not by government agencies. Law enforcement agencies still can obtain a warrant for a user's private key, but they could not secretly decrypt the information without the user's knowledge. Sources said DOD's move was targeted to increase the appeal of the Fortezza card to users outside DOD. Bruce McConnell, chief of information policy at the Office of Management and Budget, said the move would make Fortezza cards more attractive, but he cited different reasons. "It does encourage people to use it because it moves toward the commercial approach that's being taken," he said. ------------------------------ Subject: File 3--Re: Cu Digest, #9.09, Sun 16 Jan 97 From: shadow@KRYPTON.RAIN.COM(Leonard Erickson) Date: Tue, 18 Feb 1997 13:09:02 PST Re - File 1--Cyber Angels FACES Project > > ------- Excerpt Begins ------- > > what our FACE UNIT is all about. Our volunteers spend time each week > finding child pornography posts on the Usenet, and cropping the picture so > that just the child's face is left. These faces - the faces of innocent > children who are the victims of abuse crimes by adults - are then passed > with the full header reference to our FACE UNIT Leader. > > ---- Excerpt Ends ---- > > I feel such a database would be a case of "double victimization" -- > that someone who was the victim of child pornography would not want > pictures of their faces openly distributed. No one I've spoken to > thinks this is a good idea. Agreed! > In an exchange of e-mail, Gabriel Hatcher (gabriel@cyberangels.org) politely > disagreed, suggesting that their project would identify children > who are currently being abused and thus rescue/save them from > suffering. He's heard nothing but positive feedback, and is working > with various law enforcement officials to make sure the project is > done properly. They are also ignoring the fact that with any decent morphing program you can transform a picture of an adult into an apparent "child". And while some people are pushing laws that make this illegal, it is *not currently illegal, *and* there is no way to determine whether a picture is "real" or morphed. Since some states make failure to co-operate in prosecuting even "old" cases of child abuse a crime, the potential exists for some adult model to be prosecuted for failure to co-operate in tracking down the *non-existent* people who "abused" him or her. Face it, the same software that lets us "age" photos of missing children, and "un-age" bodies to match against old bodies *will* let you turn photos of adults into *apparent* "child pornography". And with a bit more effort, such photos can be produced without involving *any* children. Given this, I say that the emphasis needs to be changed from "child pornography" to "child abuse". Of course, the main reason for going after "kiddie porn" in the first place is that it is *easier* than actually catching abusers. And entrapment is common. So I hold out little hope for any *real* improvement. ------------------------------ Date: Tue, 18 Feb 1997 04:19:20 -0500 (EST) From: Charles Platt Subject: File 4--Re: The Guardian Angels' The Face Project On Tue, 18 Feb 1997, Cu Digest wrote: > To help on this unit you need to have cropping ability - in other words the > ability to take a jpg image and cut out the child's face and make a new jpg > out of it. > > NB For legal reasons the FACE UNIT accepts only volunteers 18 years old and > above. You may like to know that this work follows guidelines given to us > by Federal Authorities. Indeed. Please tell me more about these so-reassuring "guidelines." I am also interested in any legal protection that may be offered to the volunteers who assist in this supposedly worthy cause. If I go digging around for child porn online, with the pure intention of cropping out the sexy parts (after I spend a few minutes looking at them of course), how am I protected from triggering a typical sting operation? Bear in mind, federal agents are a leading source of child pornography as they go about their happy business of entrapmemt. Who calls off the FBI (or pays for my legal defense) when I become known as someone looking for illegal pictures? Possession of three pieces of child pornography is sufficient to earn substantial jail time. Will there be a list of "do-gooder" volunteers who are granted automatic immunity from prosecution? If so, how will genuine pedophiles be prevented from joining this fine crusade and getting their names added to the list so they can go trolling for kiddieporn without fear of retribution? And assuming a list of volunteers IS maintained somehow, how can the feds guarantee that the list will be known and respected by all state authorities? They have their anti-child-porn laws, too. Lastly, if I should have a playful attitude, what's to stop me from sending to Uncle Colin several pictures of perfectly normal, unmolested, innocent children, which he will unwittingly add to his collection when I assure him that I just cropped out some unspeakable sex acts? How will Uncle Colin protect himself when the families of these innocent children discover their little cuties in the Gallery of Abused and sue him for very substantial damages? Like most Guardian Angels schemes, this seems fundamentally dim-witted and riddled with potential legal problems. ------------------------------ Date: Mon, 17 Feb 1997 20:24:57 -0800 From: Jonathan Wallace Subject: File 5--Cyberpatrol now blocks my site Source - fight-censorship@vorlon.mit.edu I was informed tonight by a friend that Cyberpatrol now blocks my web pages pertaining to the book, Sex, Laws and Cyberspace, which I co-authored with Mark Mangan (Henry Holt, 1996). I couldn't be more surprised. The pages contain serious discussion of Internet censorship issues and ought not to be blocked under any conceivable theory. While the duel with Solid Oak has been an enjoyable sideshow, Microsystems, publishers of Cyberpatrol, is supposed to be a more mainstream company. Their product is used by Compuserve and has just been purchased by the Boston library system. Here is the letter I just sent them at cyberinf@microsys.com. > > I was just really shocked to learn that Cyberpatrol blocks > my web pages pertaining to my book, Sex, Laws and Cyberspace, > http://www.spectacle.org/freespch/. > > Published by Henry Holt, the book is a history of > Internet censorship. It has received excellent reviews > in the New York Times, Washington Post, Chicago Tribune > and other publications. The Times called it "required reading" > for anyone interested in freedom of speech. > > I cannot imagine anything on my web pages which would > cause you to block them. Have we now reached the > point where we must censor speech about censorship? > The pages are a serious and > scholarly effort to cover the evolving law and ethics of > free speech on the Net--as is the book itself. > > I am writing in the hope that you will immediately respond > that this is a serious error on your part, and will > correct it. ------------------------------ Date: Tue, 18 Feb 1997 17:57:24 -0500 From: "W. K. (Bill) Gorman" Subject: File 6--Internic DNS glitches You may find this of interest if it isn't old news by now. >----- Begin Included Message ----- >Date--Mon Feb 17 23:41:27 1997 >Subject--listowners-d--ANNOUNCEMENTS--name service problems explained > >For the last week or so there have been many complaints from people >who have received an unusual amount or bounced mail. Mail that bounced >with "unknown host" errors, particularly. I responded to a number of >these messages explaining that it was not IC Group's fault. I said >that it was the fault of either the providers whose namer server >records appeared to be missing or the fault of the internic run root >name servers. > >It turns out that it is the fault of the internic-run root name >servers. > >When any machine on the Net wants to find any other machine on the Net >it checks first with its cache - its short term memory - to see if it >knows where the other machine is. If it can't find the information in >its memory it asks the root servers. The root servers then point it at >the servers for the particular top level domain (.com, .edu, etc). The >server for that TLD then sends the machine to the appropriate >authoritative name-server run by the provider. > >The root name-servers have been very unreliable recently. Last week, on >Thursday and Friday, several of the root name-server broke down >completely. They started giving out bad information. Several of them >lost the entire .com top level domain and returns "host unknown" >errors to any query ending in .com. > >The people at the internic are working to resolve the fundamental >problems in the way the root name servers work. The problems won't be >fixed soon. The problems last week were far worse than usual, but >there could be problems with those servers again. > >A number of people on the net are advocating 'TRUE' root server >strategies. Right now the root servers don't always send people off to >the TLD (top level domain) server but answer a number of requests >themselves. This contributes to their unreliability. > >One alternate strategy that some people like is eDNS >(http://www.edns.net). Many people report that eDNS works very well >and has far fewer problems than the internic run root servers. I've >switched majordomo.pobox.com to the eDNS strategy to see how well that >works for us. If you have problems please send mail to >pobox@pobox.com complaining and quoting your bounce messages. > >Hopefully this will help. I understand your frustrations when you see >bounce message for providers that seem to be up a few minutes >later. The eDNS solution is temporary. Being able to use InterNIC run >nameservers is preferable because the InterNIC can be held responsible >- to some extent - for problems while eDNS is a completely independent >project not recognized by the National Science Foundation. Hopefully >the InterNIC will gets its act together and their root servers will be >come more reliable sometime soon. ------------------------------ Date: Tue, 4 Feb 1997 09:10:55 -0600 From: Norman Stahl Subject: File 8--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.10 ************************************