|
CWD - Jacking in from the Keys to the Kingdom P
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer underground Digest Wed Jun 30, 1996 Volume 8 : Issue 50
ISSN 1004-042X
Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #8.50 (Wed, Jun 30, 1996)
File 1--CWD -- Jacking in from the "Keys to the Kingdom" Port
File 2--Sen. Crypto Hearing; SAFE Forum Cybercast; CDT on
File 3--Feds aim low
File 4--PROFS Case: State E-mail Regulations
File 5--Cu Digest Header Info (unchanged since 7 Apr, 1996)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Wed, 3 Jul 1996 01:19:09 -0700 (PDT)
From: Declan McCullagh <[email protected]>
Subject: File 1--CWD -- Jacking in from the "Keys to the Kingdom" Port
CyberWire Dispatch // Copyright © 1996 //
Jacking in from the "Keys to the Kingdom" Port:
Washington, DC -- This is a tale of broken codes, betrayal of a social
contract, morality run amuck, and a kind of twisted John Le Carre
meets the Crying Game encounter.
For a range of companies producing so-called "blocking software"
designed to keep kids from accessing undesirable material in
cyberspace, the road to such a moral high ground turns out to be a
slippery slope. These programs, spawned in the wake of the hysteria
over how much porn Junior might find on the Net, have chosen the role
of online guardians. The resulting array of applications, including
names like SurfWatch, CyberPatrol, NetNanny and CyberSitter, acts as a
kind of digital moral compass for parents, educators, paranoid
Congressmen, and puritanical PTAs.
Install the programs and Junior can't access porn. No fuss, no muss,
no bother. "Parental empowerment" is the buzzword. Indeed, it was
these programs that helped sway the three-judge panel in Philly to
knock down the Communications Decency Act as unconstitutional.
But there's a darker side. A close look at the actual range of sites
blocked by these apps shows they go far beyond just restricting
"pornography." Indeed, some programs ban access to newsgroups
discussing gay and lesbian issues or topics such as feminism. Entire
*domains* are restricted, such as HotWired. Even a web site dedicated
to the safe use of fireworks is blocked.
All this might be reasonable, in a twisted sort of way, if parents
were actually aware of what the programs banned. But here's the rub:
Each company holds its database of blocked sites in the highest
security. Companies fight for market share based on how well they
upgrade and maintain that blocking database. All encrypt that list to
protect it from prying eyes --- until now.
Dispatch received a copy of each of those lists. With the codes
cracked, we now held the keys to the kingdom: the results of hundreds,
no, thousands of manhours of smut-surfing dedicated to digging up the
most obscene and pornographic sites in the world. And it's in our
possession. But it didn't come easy...
I'd just spent the better part of a muggy Washington night knocking
back boilermakers in an all-night Georgetown bistro waiting for a
couple of NSA spooks that never showed.
I tried to stumble to the door and an arm reached out and gently
shoved me back to my table. At the end of that arm was a leggy
redhead; she had a fast figure and even faster smile. There was a
wildness about her eyes and I knew it was the crank. But something
else wasn't quite right.
As I fought with my booze-addled brain, struggling to focus my eyes, I
noticed her adam's apple.
"Who needs this distraction," I thought, again wondering what kind of
comic hellhole I fell into that put me in the middle of yet another
bizarre adventure.
"I have something for you," she/he deadpanned. Red had the voice of a
baritone and a body you could break bricks on.
No introductions, no chit-chat. This was strictly business and for a
moment I thought I was being set up by the missing spooks. The hair on
the back of my neck stood on end.
Out from Red's purse came a CD-ROM. She/he shoved the jewel box across
the table. It was labeled: "The keys to the kingdom." What the fuck
was this? I must be on Candid Camera.
Red anticipated my question: "I can't say; I won't say. Just take it,
use it. That's all I'm supposed to say." And she/he got up, stretched
those mile-high legs, and loped into the night.
The next morning I slipped the disc in my Mac and the secret innards
of the net-blocking programs flowed across my screen. CyberPatrol,
SurfWatch, NetNanny, CyberSitter. Their encrypted files -- thousands
and thousands of web pages and newsgroups with the best porn on the
Net. Not surprising, really -- the net-blocking software companies
collect smut-reports from customers and pay college kids to grope
around the Net for porn.
This shit was good. Even half-awake with a major league hangover, I
could tell the smut-censoring software folks would go ballistic over
Red's delivery. To Junior, these lists would be a one-stop-porn-shop.
Susan Getgood from CyberPatrol emphasized this to Dispatch. She said:
"The printout of the 'Cybernot' list never *ever* leaves this
building. It's under lock and key... Once it left this building we'd
see it posted on the Net tomorrow. It would be contributing to the
problem it was designed to solve -- [it would be] the best source of
indecent material anywhere."
She's right. A recent version of CyberPatrol's so-called "Cybernot"
list featured 4,800 web sites and 250 newsgroups. That's a lot of
balloon-breasted babes.
CyberPatrol is easily the largest and most extensive smut-blocker. It
assigns each undesirable web site to at least one and often multiple
categories that range from "violence/profanity" to "sexual acts,"
"drugs and drug culture," and "gross depictions."
The last category, which includes pix of syphilis-infected monkeys and
greyhounds tossed in a garbage dump, has some animal-rights groups in
a tizzy. They told Dispatch that having portions of their sites
labeled as "gross depictions" is defamatory -- and they intend to sue
the bastards.
"We're somewhat incensed," said Christina Springer, managing director
of Envirolink, a Pittsburgh-based company that provides web space to
environmental and animal-rights groups. "Pending whether [our
attorney] thinks we have a case or not, we will actually pursue legal
actions against CyberPatrol."
Said Springer: "Animal rights is usually the first step that children
take in being involved in the environment. Ignoring companies like
Mary Kay that do these things to animals and allowing them to promote
themselves like good corporate citizens is a 'gross depiction.'"
CyberPatrol's Getgood responded: "We sent a note back to [the
Envirolink director] and haven't heard back from him. Apparently he's
happy with our decision. I still think the monkey with its eye gouged
out is a gross depiction."
Rick O'Donnell from the Progress and Freedom Foundation is amazed that
Envirolink would threaten legal action. "It's new technology. It's
trial-and-error... There will be glitches."
"Filtering software firms have the right to choose whatever site they
want to block since it's voluntary... Government-imposed [blocking] is
censorship. Privately-chosen is editing, discernment, freedom of
choice," he said.
The Gay and Lesbian Alliance Against Defamation (GLAAD) is as unhappy
as Envirolink. When Dispatch spoke with GLAAD's Alan Klein and rattled
off a list of online gay and lesbian resources that the overeager
blocking software censored, he was horrified.
"We take this very seriously," said Klein. "Lesbian and gay users
shouldn't be treated as second-class users on the Net. These companies
need to understand that they can't discriminate against lesbian and
gay users... We will take an active stance on this."
CyberPatrol blocks a mirror of the Queer Resources Directory (QRD) at
http://qrd.tcp.com/ and USENET newsgroups including clari.news.gays
(home to AP and Reuters articles) alt.journalism.gay-press, and
soc.support.youth.gay-lesbian-bi, Red's list revealed. CyberSitter
also bans alt.politics.homosexual and the QRD at qrd.org. NetNanny
blocks IRC chatrooms such as #gaysf and #ozgay, presumably discussions
by San Francisco and Australian gays.
GLAAD told Dispatch they were especially surprised that CyberPatrol
blocked gay political and journalism groups since the anti-defamation
organization has a representative on the "Cybernot" oversight
committee, which meets every few weeks to set policies. However,
Dispatch learned the oversight group never actually sees the
previously top-secret "Cybernot" list. They don't know what's *really*
banned.
Why should alt.journalism.gay-press, for instance, be blocked? There's
no excuse for it, said GLAAD's Klein. "A journalism newsgroup
shouldn't be blocked. It's completely unacceptable... This is such an
important resource for gay youth around the country. If it weren't for
the Net, maybe thousands of gay teens around the country would not
have come out and known there were resources for them."
He's right. Even a single directory at the QRD, such as the
Health/AIDS area, has vital information from the Centers for Disease
Control and Prevention, the AIDS Book Review Journal, and AIDS
Treatment News.
In response to Dispatch's questions about these sites being blocked,
CyberPatrol's Getgood said: "It doesn't block materials based on
sexual preference. If a site would be blocked if there are two
heterosexuals kissing, we'd block it if there are two homosexuals
kissing."
Fine, but we're not talking about gay porn here. What about some of
the political groups? "We'll look into it," said Getgood.
NetNanny is just as bad, argues GLAAD's Loren Javier, who called the
software's logging features "dangerous." (The program lets parents
review what their kids have been doing online.) "If you have someone
who has homophobic parents, it gives them a way of keeping tabs on
their kid and possibly making it worse for their children," said
Javier.
Worse yet, CyberPatrol doesn't store the complete URL for blocking --
it abbreviates the last three characters. So when it blocks the
"CyberOS" gay video site by banning http://www.webcom.com/~cyb,
children are barred from attending the first "Cyber High School" at
~cyberhi, along with 16 other accounts that start with "cyb." In
attacking Shawn Knight's occult resources at
http://loiosh.andrew.cmu.edu/~sha, the program cuts off 23 "sha"
accounts at Carnegie Mellon University, including Derrick "Shadow"
Brashear's web page on Pittsburgh radio stations.
The geeks at CMU's School of Computer Science had fun with this. In
March they cobbled together a "Banned by CyberPatrol" logo that they
merrily added to their blocked homepages:
http://nut.compose.cs.cmu.edu/images/ban3.gif
NetNanny also has a fetish for computer scientists. For instance, it
blocks all mailing lists run out of cs.colorado.edu -- including such
salacious ones as parallel-compilers, systems+software, and
computer-architecture. Guess those computer geeks talk blue when
they're not pumping out C code.
Dispatch asked Getgood why CyberPatrol blocks access to other
seemingly unobjectionable web sites including the University of
Newcastle's computer science department, the Electronic Frontier
Foundation's censorship archive, and the League for Programming
Freedom at MIT, a group that opposes software patents.
Getgood replied via email: "I'll forward this message to our Internet
Research Supervisor and have her look into the specific sites you
mention..." She said there is a "fair process" for appeals of
unwarranted blocking.
But CyberPatrol doesn't stop at EFF and MIT. It also goes after gun
and Second Amendment pages including http://www.shooters.com/,
http://www.taurususa.com/, http://206.31.73.39/, and
http://www-199.webnexus.com/nra-sv/, according to a recent "Cybernot"
list.
The last site is run by the National Rifle Association (NRA) Members'
Council of Silicon Valley, and bills itself as "the NRA's grass roots
political action and education group for the San Jose, Santa Clara,
Milpitas, and surrounding areas."
Peter Nesbitt, an air-traffic controller who volunteers as part of the
Silicon Valley NRA group, says "it's terrible" that CyberPatrol blocks
gun-rights web sites. "The people who are engaging in censoring gun
rights or gun advocates groups are the opposition who want to censor
us to further their anti-gun agenda."
An unlikely bedfellow, the National Organization of Women (NOW) ain't
too pleased neither. Of course, they're unlikely to feel any other way
-- CyberSitter blocks their web site at www.now.org.
Not to be outdone, NetNanny blocks feminist newsgroups while
CyberSitter slams anything dealing with "bisexual" or "lesbian"
themes." CyberPatrol beats 'em all by going after alt.feminism,
alt.feminism.individualism, soc.feminism, clari.news.women,
soc.support.pregnancy.loss, alt.homosexual.lesbian, and
soc.support.fat-acceptance.
Dispatch reached Kim Gandy, NOW's executive vice president, at home as
she was preparing dinner for her 3-year old daughter. Gandy charged
the companies with "suppressing information" about feminism. She said:
"As a mother myself, I'd like to limit my kids from looking at
pornography but I wouldn't want my teenage daughter [prevented] from
reading and participating in online discussions of important current
issues relating to womens rights."
An indignant NOW? Let 'em rant, says CyberSitter's Brian Milburn. "If
NOW doesn't like it, tough... We have not and will not bow to any
pressure from any organization that disagrees with our philosophy."
Unlike the others, CyberSitter doesn't hide the fact that they're
trying to enforce a moral code. "We don't simply block pornography.
That's not the intention of the product," said Milburn. "The majority
of our customers are strong family-oriented people with traditional
family values. Our product is sold by Focus on the Family because we
allow the parents to select fairly strict guidelines." (Focus on the
Family, of course, is a conservative group that strongly supports the
CDA.)
Dispatch particularly enjoyed CyberSitter's database, which reads like
a fucking how-to of conversations the programmers thought distasteful:
[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy
CyberSitter's Milburn added: "I wouldn't even care to debate the
issues if gay and lesbian issues are suitable for teenagers. If they
[parents] want it they can buy SurfWatch... We filter anything that
has to do with sex. Sexual orientation [is about sex] by virtue of the
fact that it has sex in the name."
That's the rub. It's a bait and switch maneuver. The smut-censors say
they're going after porn, but they quietly restrict political speech.
All this proves is that anyone setting themselves up as a kind of
digital moral compass quickly finds themselves plunged into a kind of
virtual Bermuda Triangle, where vertigo reigns and you hope to hell
you pop out the other side still on course. Technology is never a
substitute for conscience.
And for anyone thinking of making an offer for the disc, forget it.
Like a scene out of Mission Impossible, we came back from a late-night
binge to find the CD-ROM melted and the drive smoldering. Thank God
there's a backup somewhere. Red, get in touch.
Meeks and McCullagh out...
-------------
While Brock N. Meeks ([email protected]) did the heaving drinking for
this article, Declan B. McCullagh ([email protected]) did the heavy
reporting.
------------------------------
Date: Fri, 28 Jun 1996 19:12:18 -0400
From: Bob Palacios <[email protected]>
Subject: File 2--Sen. Crypto Hearing; SAFE Forum Cybercast; CDT on
From: CDT POLICY POST Volume 2, Number 26 June 28, 1996
(1) SENATE ENCRYPTION HEARING ILLUSTRATES SEA CHANGE IN POLICY DEBATE
On Wednesday June 26, 1996 the Senate Commerce Subcommittee on Science,
Space, and Technology held a hearing to consider legislation designed to
encourage the widespread availability of strong, easy-to-use, privacy and
security technologies for the Internet. Wednesday's hearing illustrated
that a sea change has occurred in Congressional attitude towards the
encryption policy debate.
While members of the Subcommittee noted the complex law enforcement issues
raised by the encryption policy debate, the Senators also recognized that
because of the global nature of the Internet, top down regulations such as
export controls and centralized government mandates like the Clipper
schemes will not address the needs of individuals, business, and even law
enforcement in the Information Age.
In addition, several Senators noted that future of electronic commerce,
privacy, and the competitiveness of the US computer industry should not be
held hostage to law enforcement considerations.
This change in Congressional attitude towards encryption policy is
significant and extremely encouraging.
Wednesday's hearing was also significant because it was the first ever
Congressional hearing cybercast live on the Internet. Details on the
Cybercast are attached below.
The hearing, chaired by Senator Conrad Burns (R-MT), was called to consider
the Promotion Of Commerce Online in the Digital Era (Pro-CODE) legislation,
which would relax current regulations restricting the export of strong
encryption.
Witnesses testifying before the panel included:
* Phil Zimmermann, Inventor of PGP
* Whit Diffie, Sun Microsystems, Father of Public-Key Cryptography
* Phil Karn, Qualcomm Inc, Cryptographer
* Marc Rotenberg, Director, Electronic Privacy Information Center
* Jerry Berman, Executive Director, Center for Democracy and Technology
* Matt Blaze, Lucent Technologies Cryptographer,
* Barbara Simons, Chair of US Public Policy Committee, ACM
* And 135 Netizens (http://www.crypto.com)
CDT Executive Director Jerry Berman also testified before the Subcommittee.
Noting that the current US encryption policy has left individual Internet
users without adequate privacy and businesses without necessary security,
Berman urged Congress to instead move forward to reform US policy based on
the following principals:
* THE INTERNET IS NOT LIKE A TELEPHONE SYSTEM: The traditional approach
to wiretapping cannot simply be extended to the Internet. This new
medium encompasses a range of social functions far beyond simple two-
way voice communication. These broad activities demand a heightened
capacity for uses to protect their security and privacy online.
* THE INTERNET IS A GLOBAL, DECENTRALIZED MEDIUM: Efforts to impose
unilateral national policies -- such as export controls or key escrow
proposals -- are unlikely to be accepted widely. Decentralized user
choice solutions to privacy problems are preferable to and more
effective than centralized, governmental mandates (such as the
Clipper proposals).
* ON THE INTERNET, THE BILL OF RIGHTS IS A LOCAL ORDINANCE:
Constitutional guarantees of privacy and free expression to U.S.
Citizens whose communications regularly cross national borders.
Policies should be designed to protect Americans outside the shelter
of U.S. law.
Berman expressed CDT's strong support for Congressional efforts to reform
US Encryption policy, and urged Congress to act quickly to liberalize
export controls and provide American Internet users with the strong
security and privacy they so badly need.
Audio transcripts of the Hearing, copies of the prepared statements of the
witnesses, and other background information is available at CDT's
encryption policy web page: http://www.cdt.org/crypto/
HEARING SHOWS NEW SENSE OF URGENCY AND FOCUS IN CONGRESS
The clearest example of the emerging frustration in Congress with the
current export restrictions came in an exchange between Senator John
Aschroft (R-MO) and Phil Karn, a cryptographer with Qualcomm and a
plaintiff in a case challenging the export restrictions:
Sen. Aschroft: So for all other countries, the world is the market, but
for American companies, America is the only market and
the rest of the world is off limits?
Karn: You've got it.
Sen. Aschroft: Mr. Chairman, I think that's one of the reasons we need
to look very carefully at the bill (Pro-CODE) we are
looking at here today...
Sen. Aschroft: In all our discussions about whether it (cryptography) is
good or bad, we ignore the fact that it's THERE, and it
can be available to Americans by American companies, it
cannot be available to anyone else by American companies,
but it can be available around the world by a company in
any other country.
This exchange, as well as strong statements in support of the Burns
Pro-CODE bill from Senators Patrick Leahy (D-VT), Ron Wyden (D-OR), and
Representative Bob Goodlatte (R-VA), who made the unusual move of coming to
a Senate hearing, show that Congress is finally giving the need to reform
US encryption policy serious support.
A hearing of the full Senate Commerce Committee, chaired by Senator Larry
Pressler (R-SD) is expected in mid July. Representatives from the
Administration and Law Enforcement agencies are expected to testify. CDT
is working with Senator Burns' and Senator Pressler to bring that hearing
live online. Check CDT's "Congress and the Net" Web Page at
http://www.cdt.org/net_congress/
------------------------------
Date: Tue, 25 Jun 1996 07:07:19 -0400 (EDT)
From: Noah <[email protected]>
Subject: File 3--Feds aim low
(Headers removed)
-Noah
==========================================================
From--Rogue Agent :::
Feds aim low on hacker crackdown
by Lewis Z. Koch
Upside Online News, June 21 1996
Nineteen-year-old Christopher Schanot of St. Louis, Mo. has been
languishing in a Federal jail since March 25, 1996, charged with four
counts of computer hacking. He is not allowed to post bond, because
Federal authorities contend he is "a computer genius intent on
infiltrating computer systems of some of the largest companies and
entities in the country," and because a jailhouse snitch claims Schanot
bragged he would run away if he were released. He has never been charged
with a crime or arrested before.
So, why should you be concerned about a young, middle-American kid hacker?
It's comforting to know that government police agencies are combating the
wave of billion-dollar computer thievery. The question is: should Schanot,
and people like him, be their target?
It appears that thousands of Federal hours and hundreds of thousands of
dollars were spent to catch this Wendy's burger-tossing hacker and
charging him with crimes for which he could spend 30 years in jail and owe
a $1.25 million fine -- the kind of fine leveled at international
narco-terrorists. First, however, Schanot will have to cough up the $225
he owed in back rent at the time he was arrested.
Schanot's problems began after he ran away from home on May 30, 1995,
taking some of his disks, a hard drive and personal items. According to a
knowledgeable source close to Schanot, Chris felt his parents, especially
his father Michael, didn't understand or respect him.
Less rocky, it seems, was his relationship with Netta Gilboa, a
38-year-old woman living near Philadelphia. Gilboa is editor-in-chief and
publisher of _Gray Areas_, a slick, text-heavy, irregular magazine that
explores the "grey areas" of "alternative lifestyles and deviant
subcultures."
_Gray Areas_ is concerned with what's happening on the edges of law,
music, technology, popular culture -- who is pushing the envelope and how
they are doing it. Hooker housewives. Hacking. Psychoanalysis and
feminism. Computer crime. Music. Porno film stars. The usual suspects. It
provides interesting, in-depth coverage of these areas, but it ain't quite
_Foreign Affairs_ or _The Public Interest_.
There is no doubt that Schanot and Gilboa had talked on the phone before
Schanot left home. Schanot told her how he was unhappy in St. Louis, that
he didn't have many friends and hated high school. So Gilboa dug into her
purse and bought Schanot a ticket to Philadelphia so he could live with
her.
When he disappeared from home, Schanot's parents did the usual thing --
they called the cops and the FBI. But Schanot didn't attract much police
attention until the feds quizzed one of his friends, who said that Schanot
had been hacking.
According to a government memorandum in the suppressed indictment, Schanot
told one of his buddies what he was doing, where he was running and with
whom he was going to live. He needed to "lie low" because, as his buddy
later told the FBI, Schanot said he had been hacking and feared he was in
trouble with the law.
FBI agents returned to Schanot's home and asked his parents if they could
look through his room. It might give them a clue as to where Schanot could
be. (Didn't anyone want to check the phone bill and ask who Schanot was
talking to in Philadelphia?) The feds left with a computer hard drive,
some disks and some of Schanot's notes.
The feds dug deeply into his hard drive, scanned his disks, and read his
papers. Now comes the tricky part. Follow the bouncing ball . . .
According to the memorandum, the government has evidence that Schanot may
have ties to (are you ready for this?) the long-feared Internet Liberation
Front (ILF). It is important to note that there is absolutely no truth to
the rumor that the ILF has ties with the NLF -- the dreaded North
Vietnamese National Liberation Front, which the U.S. government once said
might be landing black pajama-clad Viet Cong guerillas onto the shore near
San Diego.
The ILF, however, is the group accused of the 1994 vandalizing of service
to Pipeline, an Internet service provider, causing it to go off-line for
several hours, as well as disrupting the electronic mailbox belonging to
General Electric/NBC/Channel 4 in New York. Both Pipeline and GE/NBC
reported they had been hacked.
The government memorandum states it has evidence tying Schanot to the ILF,
including a "typewritten list of questions and answers that correspond to
the ILF interview [with references to Pipeline and GE/NBC] . . . saved to
Schanot's computer on January 22 , 1995, at least three months before the
issue of _Gray Areas_ containing the [ILF] interview was released." That
is hard to explain, but curiously the government has chosen -not- to
indict or charge Chris with any infractions against Pipeline or GE/NBC.
The memorandum also says the Feds found other ILF messages, including the
famous "FEAR US!" ILF manifesto in his hard drive, as well as files
containing "hundreds of passwords to various multinational corporations,
universities, governmental organizations, military contractors and credit
reporting agencies." The computer allegedly also contained a file of
hundreds of credit card numbers and AT&T calling card numbers. But once
again, -no indictment-.
No doubt, Schanot may have to come up with a believeable explanation of
why his computer allegedly had some of ILF quotes in its hard drive three
months before Gilboa published them in her magazine, and why he had all
those passwords. But he probably won't have to offer those explanations
under oath, because there's no indictment stemming from that evidence.
As for those "hundreds of credit card numbers and AT&T calling card
numbers," there is one indictment against Chris pertaining to that
evidence -- illegal use of three Sprint calling card numbers for "an
aggregate value of one thousand ($1,000) or more, said use affecting
interstate commerce."
What is the evidence against Chris? Federal authorities contend that
while Schanot's busy little fingers were typing away at his keyboard he
found a security hole in a computer known as "bigbird" -- belonging to
Southwestern Bell and caused a loss of $1,000 or more during the period
of October 23, 1994 to April 23, 1995. The indictment includes those
stolen card numbers from Sprint and an uninvited visit to Bell
Communications Research and SRI -- no big-bucks damage, and it was all
fixed pretty quickly.
Apparently, Southwestern Bell did not report being hacked. Fact is, it may
not even have known that an unauthorized person had come to visit.
According to sources, the FBI visited Southwestern Bell and asked about
"bigbird," i.e., had there been any damage from illegal and unauthorized
entry? Whaddaya know? Somebody had made an unannounced visit or two!
The FBI wanted to know in dollars and cents what the smart little runaway
had cost the company, because the FBI isn't interested in low-dollar
crimes, and the U.S. Attorney's office has enough prime-time crime on its
hands to keep assistant federal attorneys busy without adding $100 cases
to its inventory.
Kind of hard to figure out, Southwestern Bell responded. Try, said the
FBI. Southwestern Bell huffed and puffed and came up with a figure of
$500,000. Now, that's a figure you can take to the U.S. Attorney and get
an indictment, maybe some headlines, even a promotion to headquarters in
D.C. Only it turns out that Southwestern Bell fudges a bit. There wasn't
$500,000 worth of damage to "bigbird," but $500,000 Southwestern Bell
spent repairing the security hole Schanot uncovered.
Let's be very clear here. The security hole was there. Schanot didn't
create it. He found it.
The Feds were no longer looking for a runaway teen, but rather an
arch-criminal/diabolical mastermind, "a computer genius intent on
infiltrating computer systems of some of the largest companies and
entities in the country, and compromising the security of those systems,
enabling him to seize control of those computers," as the U.S. Attorney's
office put it. What did the Justice Department have in mind, "War Games"?
When arch-criminal/mastermind Schanot was arrested by FBI agents, he was
paying Social Security taxes under his own name, slinging burgers at
Wendy's to earn a living. Considering his reputation with the feds, you
would have thought he'd have been downloading proprietary information
from the Human Genome Project or playing hide-the-billions with some fat
Boston banks.
Schanot was arrested without a struggle. Were you expecting him to go a la
James Cagney, just before he was immolated by the fiery inferno in "White
Heat," screaming out to the cops below, "Top o' the world, Ma! Top o' the
world!"? So Schanot wound up in a Philadelphia jail.
There was a bond hearing, because most people who aren't charged with
first-degree murder, treason or bombing the World Trade Center, can be
freed on bond. But the federal prosecutor wasn't taking any chances with a
burger-slinging, computer break-in demon. If Schanot is freed on bond,
the prosecutor insists, he must not be allowed near a computer, must not
talk about computers on the phone, must not be allowed to even tinker with
a phone, lest he crash every telco in the land . . . or maybe round the
edges on every square Wendy's burger.
Then, according to the feds, just as Schanot was to be released from the
slammer, the cunning, insightful hacker allegedly told one of his new jail
buddies that as soon as he was released, he would run away.
Schanot is probably in jail because he bragged, because he showed off,
because he behaved like a 17-year-old computer genius who is as
emotionally immature as he is bright. In fact, Schanot may be guilty of,
well, acting his age. Federal authorities have a hard time understanding
that young adolescents sometimes behave like adolescents.
It's true, among wanna-know adolescent computer crackers who just want to
break in, look around and learn something without doing any harm there are
others with a degree of criminal intent. But their criminality seems a tad
less serious than selling crack or carrying Uzis as they take part in
drive-by shootings. Some create frightening names for their (four- or
five-member) gangs, such as "Legion of Doom" or "Masters of Destruction."
They pick fear-inspiring pen names such as "Scorpion," "Phiber Optic," "
Zod," "The Wing," "Damage" or "Acid Phreak." (Aren't we having fun!)
They're just thieving hacker kids stealing phone card numbers, credit card
numbers, hassling others, reading other people's e-mail, and sometimes
bringing e-mail systems down.
It's wrong, illegal -- no question. But is it big-time hacker crime?
Even journalists are caught in the game, dubbing schlepper Kevin Mitnick
"the dark side hacker," as if he were accompanied by Satan. In the media,
hackers are often depicted with brimstone wafting over their heads and new
120 MHz Pentium laptops at hand.
The adolescent hacker/cracker's criminality and destructiveness pale in
comparison to their street gang counterparts in the Gangster Disciples,
Vice Lords, Latin Kings or Maniac Latin Disciples, who have an estimated
100,000 members in Chicago alone, according to the Chicago Crime
Commission. These gangs peddle millions of dollars in drugs, murder and
terrorize entire neighborhoods as well as the jails and prisons (And don't
forget about the serious hackers and their yearly billions).
Gilboa says Chris has met a lot of new people in jail -- mafia members,
child molesters, etc. Travel can be so enlightening.
The government, with its limited resources, needs to make a simple
business decision: should it continue harassing and jailing teenage
hackers for specious or petty crimes, or should it concentrate its efforts
on catching true criminal cyberthieves who roam free, stealing their
annual quota of billions of dollars in computer secrets? It's your tax
dollar, your secrets, your kids.
Stay tuned. Keep your bookmark turned to this station.
----------
RA
[email protected] (Rogue Agent/SoD!/TOS/attb) - pgp key on request
------------------------------
Date: Wed, 3 Jul 1996 14:33:07 -0400 (EDT)
From: Eddie Becker <[email protected]>
Subject: File 4--PROFS Case: State E-mail Regulations
Florida, Maryland decide e-mail messages are public records
--A pair of attorney general opinions issued in Maryland
and Florida in May have declared that e-mail messages are public
records subject to disclosure.
In Maryland, Attorney General Joseph Curran responded in late May
to two questions concerning e-mail: first, does the Maryland Open
Meetings Act prohibit e-mail communications among a quorum of members
of a public body, and second, does the Maryland Public Information Act
apply to e-mail communications?
The Attorney General found that the Open Meetings Act does not
apply to e-mail communications among members of a public body, unless
a quorum of a public body is engaged in a simultaneous exchange of e-
mail on a matter of public business.
Curran also found that an e-mail message sent between government
officials "surely falls within [the] definition" of public records
under the Public Information Act. "[E]ven if the message was never
printed, the version of the e-mail message retained in the computer's
storage would also be a `public record,'" Mr. Curran opined.
Florida Attorney General Robert Butterworth issued a similar
opinion in mid-May.
The Sarasota County Property Appraiser had asked for an opinion
on whether e-mail messages made or received by the employees of the
appraiser's office or to other governmental agencies were "public
records" under the law, and whether, and for how long and in what form
such messages must be saved.
Reposting this brief *with permission* from:
NEWS MEDIA UPDATE - Digest version VOL. 2, NO. 9 July 1, 1996
published by the Reporters Committee for Freedom of the Press
Note: Anyone can subscribe *free* to the digest:
send e-mail to [email protected] with "subscribe"
(without quotes) as the subject.
------------------------------
Date: Thu, 21 Mar 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 5--Cu Digest Header Info (unchanged since 7 Apr, 1996)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: [email protected]
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
Brussels: STRATOMIC BBS +32-2-5383119 2:291/[email protected]
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893
UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #8.50
************************************
|
|
